Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. Max Smythe, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week England loses Euro 2020 final It’s Coming Ohm: prediction on power usage Half time power spike Top 20 spikes The Thorn Birds The Superbowl Flush - debunked! Tokyo Olympic Games Opening Ceremonies Hedbanz News of the week APIs being removed in Kubernetes 1.22 ContainIQ launches Postgres Operator 5.0 NetworkServiceMesh 1.0.0 Google Cloud Certificate Authority Service GA and cert-manager integration Platform9 Managed KubeVirt InsightCloudSec from Rapid7 Sophos acquires Capsul8 Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program Links from the interview Brian May Edge of Tomorrow The redemption thereof Chubby Riak Gatekeeper Anthos Config Management Config Sync Policy Controller Episode 101, with Tim Hinrichs and Torin Sandall PodSecurityPolicy is not going GA SIG Auth’s replacement proposal Using ACM constraints to enforce Pod security OPA Constraint framework Policy Controller: Creating constraints Writing a constraint template Structural schemas Design Patterns for Extendable, Scalable K8s Extensions by Rita Zhang and Max Smythe Max Smythe on Twitter

Debugging Kubernetes often involves correlating what happened just before something went bad. Itiel Shwartz is a co-founder of Komodor, a startup who builds a platform to help with exactly that. We talk Hebrew names, Hungarian dogs and German car crashes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Jimmy Moore steps out from behind the scenes Conan O’Brien Needs A Friend Revisionist History Letterman reads out Johnny’s jokes Mythic Quest News of the week Joint US/UK cybersecurity advisory saying Russia is using Kubernetes CNCF and FinOps Foundation survey Canonical Kubernetes usage survey CNCF End User Radar for multi-cluster tools runc 1.0.0 Buoyant Cloud Public Beta Sloth, by Xabier Larrakoetxea Links from the interview Komodor “Itiel” and “ETL” Rookout Forter Ben Ofiri Komodor team photo The Komondor (and image search) Man Who Looks Like His Dog Jack Tramiel, co-founder of Commodore International The story of the name “Commodore” Man Who Looks Like His Dog Single bit-flip renders certificate transparency log invalid $25 million funding with angel investors Itiel Shwartz and Komodor on Twitter

Steve McGhee worked as an SRE at Google for almost 10 years, then took a job outside the company. He was tasked with recreating “Google Production” and SRE practice from first principals, but with three books, modern cloud providers, and the entire Kubernetes ecosystem to help. How did he do? Learn about that which you can and can’t replace. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Dan’s recent work has come up in episodes 136, 142, and 151, to name but a few Episode 39, with Dan Lorenc Tekton CD Sigstore Dan’s Peter Jackson look Sigstore Root Key Ceremony IANA Key Signing Ceremonies and changes in the time of COVID News of the week GKE news: New Tau VMs on Google Cloud and GKE Committed use discounts for GKE Autopilot Cloud Onboard training for GKE with Kaslin Fields, on June 22 Stackrox/Red Hat State of Kubernetes Security blog post and report etcd 3.5 SLSA: Supply chain Levels for Software Artifacts Ensemble, by Tesera Harbor operator 1.0 Weave GitOps Core Episodes 144 and 145, with Alexis Richardson WSO2 launches Choreo and acquires Platformer KubeCon EU 2021 transparency report COVID vaccine required to attend fall 2021 Linux Foundation events Opinions on Knative positioning by Ahmet Alp Balkan Episode 66 Links from the interview LG Chocolate Phone and the Crazy Frog Good SRE is the inverse of the XKCD comic on Standards “Breaking Prod: More than once, I personally made it impossible to use google search from a phone (for a little bit). Like, for everyone on the planet.” San Luis Obispo, California (SLO) GIFEE, coined at CoreOS Rebuilding SRE, from Memory Ben Treynor Sloss Homer Simpson’s Car Postcards from the future and the crystal ball It is against the law to have a sleeping donkey in your bathtub after 7pm How To Avoid Huge Ships Prometheus Canary releases Canary deployments with Istio SLO Math, by Steve McGhee (SLOconf 2021) The SRE I Aspire To Be, by Yaniv Aknin (SREcon 2019) RAID. a Redundant Array of Inexpensive/Independent Disks Deployment Archetypes for Cloud Applications, by Brad Calder and Anna Berenberg Steve McGhee on Twitter

NVIDIA and Google have teamed up to bring the new Multi-Instance GPU feature, launched with the NVIDIA A100, to GKE. We speak to Kevin Klues from NVIDIA and Pradeep Venkatachalam from Google Cloud on how and why people use GPUs, optimising instance shapes for machine learning, and why less is often more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64, with Sarah D’Angelo and Patrick Flynn Catching up with Patrick in Episode 148 Winthrop, Washington Blackdown Hills, Devon News of the week Azure App Services now available for Azure Arc Azure Arc and App Service blog posts Other new AKS capbilities Virtualization Review coverage ECS Anywhere made GA by press release AWS App Runner Integrating Google Cloud DNS with GKE Istio 1.10 Terraform 1.0 Grafana 8.0 and Tempo 1.0 Argo Rollouts 1.0 Kubesphere 3.1.0 Cilium 1.10 OpenSLO spec launched at SLOConf Episode 147, with Brian Singer and Kit Merker Envoy GA on Windows Chaos Experimentation Framework for Envoy El Carro operator for Oracle Database from Google Cloud Moco operator for MySQL from Kintone PlanetScale GA Episode 81, with Jiten Vaidya and Sugu Sougoumarane FoundationDB paper from ACM SIG MOD DockerCon announcements Coverage of Development Environments from The Register Deps: Open Source Insights project from Google Graph for Kubernetes 1.0.0 Graph for Kubernetes 1.22.0-alpha.2 Verifiable Supply Chain Metadata with Tekton Chains Kubernetes CVEs: CVE-2021-25736 CVE-2021-25737 CVE-2021-25738 runc CVE-2021-30465 VS Code Plugin for Kubernetes CVE-2021-31938 Steve Smith says “GitOps is a placebo” in a blog post and Twitter thread Follow up from Vic Iglesias GitOpsDays Styra raises $40m Series B round Episode 101, with Tim Hinrichs and Torin Sandall Cloud Native community goes live with 10 shows on something called Twitch YouTube playlist for KubeCon EU 2021 Links from the interview Episode 92, with Pramod Ramarao Dogecoin Training and inference 12 things that prove Doom will run on literally anything “It runs Doom” subreddit CUDA vGPUs Multi-Instance GPUs GKE now supports multi-instance GPUs 7 core MacBook Air GPUs A100 GPU 16 A100 GPUs on a Google Cloud VM Running GPUs on GKE Node taints for scheduling NVIDIA Container Toolkit GCP NVIDIA GPU device plugin Kubernetes NVIDIA device plugin GTC 2021 talks: A Deep Dive on Supporting Multi-Instance GPUs in Containers and Kubernetes by Kevin and Pradeep Gain Competitive Advantage using ML Ops: Kubeflow and NVIDIA Merlin and Google Cloud by Andrew Stein and Maulin Patel (Google) and Davide Onofrio (NVIDIA) Kevin’s KubeCon talk and slides Kevin Klues on Twitter

Pixie Labs built an observabiity platform for Kubernetes, which uses eBPF to get telemetry without user intervention. They were recently acquired by New Relic, who open sourced the Pixie software. Co-founders Zain Asgar and Ishan Mukherjee join Craig Box to tell the story and talk about what’s next. Guest host Alex Ellis tends his garden. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 116, with Alex Ellis GrowLab Announcement blog Alex’s talk at the GIFEE Day Monty Don OpenFaaS in the RISC-V keynote New Kubernetes on Edge training course News of the week eBPF for Windows GKE Dataplane V2 is GA Confluent for Kubernetes GA VMware Tanzu SQL, with MySQL, for Kubernetes, 1.0 VMware Modern Apps Connectivity Solution Do the State of DevOps survey! Links from the interview Pixie Labs What is Pixie overview slides presented to CNCF Public beta launch and announcement of Series A funding TechCrunch coverage Pixie Labs acquired by New Relic; New Relic acquires Pixie Labs A day in the life of a Kiva robot Recognition for Google Lens clothing recognition Dog or blueberry muffin? Episode 125, with Ramiro Berrelleza How Pixie Works New Relic goes all-in on OpenTelemetry and Open Source Pixie on GitHub Pixienauts community New Relic upgrades to Platinum member at CNCF Zain Asgar and Ishan Mukherjee on Twitter

A small army of community volunteers is necessary to host a KubeCon, but behind them is a professional events team. Colleen Mickey is Director of Event Services at the Linux Foundation and is responsible for KubeCon + CloudNativeCon, as well as other events like Hyperledger Global Forum and cdCon. She talks to us about hosting, feeding and watering 10,000 people, as well as the change to virtual events. We also bring the round-up of the KubeCon news, including our famous Lightning Round. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 29, with Janet Kuo Looking back at KubeCon Shanghai 2018 News of the week New Relic and Pixie Labs blogs on Pixie being open sourced New Relic joins CNCF as a Platinum Member Red Hat launches the Stackrox community at stackrox.io OpenShift GitOps and OpenShift Pipelines Snyk’s State of Cloud Native Application Security report announcement and results OCI Distribution Specification reaches 1.0 Prometheus to launch conformance program New CNCF sandbox projects: Vineyard, an in-memory immutable data manager WasmEdge Runtime, a WebAssembly Virtual Machine for cloud, AI, and blockchain applications ChaosBlade, an open-source version of Alibaba’s chaos tools Fluid, a data and storage abstraction for AI and cloud-native applications Submariner, a cross-cluster overlay of overlay networks Antrea, a Kubernetes CNI plugin Episode 128, with Antonin Bas CNCF Edge survey results and free Kubernetes on Edge Training Episode 116, with Alex Ellis Inclusive Naming Initiative receives Honorable Mention at Fast Company’s 2021 World Changing Ideas Awards ‘Master,’ ‘Slave’ and the Fight Over Offensive Terms in Computing by Kate Conger of the New York Times Episode 130, with Stephen Augustus Spotify wins CNCF Top End User Award Episode 50, with David Xia Episode 136, with Lee Mills and Matt Clarke. Lightning round Accuknox secured $4.6m in seed funding Accurics announced Terrascan integrates with Argo CD Ambassador introduced a Developer Control Plane Armory introduced mini-Spinnaker installation Minnaker, built on k3s Arrikto announced MiniKF 1.3 and Eenterprise Kubeflow for Azure Avesha launched Smart Application Cloud Framework Bridgecrew published security trends from analyzing Helm charts CAST AI announced Amazon EKS cost optimizer Civo launched K3s-as-a service to early adopters Cloudical introduced version 1.8 of VanillaStack DataStax announced that k8ssandra supports all distributions Dynatrace added the ability to ingest OpenTelemetry traces HAProxy launched version 1.6 Kubernetes ingress controller Kasten added ransomware protection with v4.0 of K10 Kubermatic Kubernetes Platform 2.17 Kubernative says that KubeOps is now a full-fledged Managed Kubernetes Framework Netdata has added Kubernetes monitoring features to their Cloud service Nirmata announced Nirmata Policy Manager, based on Kyverno OpenNebula released a new K3s Virtual Appliance for running Edge Clouds Portainer raised $6M in a Series A round to Accelerate their global expansion Portworx pre-announced PX-Backup 2.0 with support for external auth services Rancher launched a new Rancher Desktop tool in Alpha for Windows and Mac Rafay launched new features to its Kubernetes Management Cloud Splunk announced their Observability Cloud is Generally Available StackPulse announced a Kubernetes-centric operations center StorageOS version 2.4 brings encryption at rest and rapid application recovery StormForge introduced automatic scanning of in-cluster resources StreamNative open sourced Function Mesh for running Apache Pulsar functions Sysdig added runtime detection and response for AWS Fargate Tigera released Calico Enterprise 3.5 with Dynamic Service Graph and eBPF data plane Timescale raised $40m Series B for Postgres-based TSDB and Prometheus cloud Trilio announced Kubernetes Backup Monitoring for Velero users Vitess launched version 10, with support for the Ruby on Rails framework Wanclouds launched multi-cloud Disaster Recovery as a Service Weaveworks launched Weave Kubernetes Platform 2.5 with multi cluster observability platform Zebrium now automatically perform Root Cause Analysis with integration into Opsgenie Links from the interview The first KubeCon in 2015 KubeCon donated to the CNCF CNCF presents CloudNativeCon and hosts future KubeCon events (2016) Dreamforce brings in cruise ships KubeCon NA 2017 in Austin, TX Linux Foundation Climate Finance Foundation Diamond sponsor lottery Diversity and inclusion at KubeCon EU Sponsorship open for KubeCon NA 2021 Event platforms: Intrado MeetingPlay KubeCon + CloudNativeCon Europe 2021 KubeCon + CloudNativeCon North America 2021 GopherCon EU 2018 in Iceland Colleen Mickey on LinkedIn

Liqo is short for Liquid Computing. It’s a tool for extending Kubernetes onto others clusters, developed at the Polytechnic University of Turin. Research assistant and Liqo co-creator Alex Palesandro is our guest this week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 64 with Sarah D’Angelo and Patrick Flynn Three years ago today James Strachan, James Rawlings and Dan Lorenc Jib reCAPTCHA News of the week Microsoft to acquire Kinvolk, Kinvolk to be acquired by Microsoft Episode 79 with Chris Kühl Red Hat Virtual Summit announcements Red Hat OpenShift Platform Plus Rackspace and Platform9 announce partnership Episode 88, with Madhura Maskasky Lens 5 Beta HYCU joins the Kubernetes backup party Sysdig joins the cloud security unicorns Episode 91, with Leonardo Di Donato GKE adds multi-instance GPUs and a new Gateway controller Kubernetes moves to three releases per year Links from the interview Alex Palesandro Politecnico di Torino Alex’s thesis Episode 141, with Daniel Mangum Episode 142, with Gianluca Arbezzano Fiat and Stellantis DAUIN, Department of Control and Computer Engineering Netgroup Crown Labs Blender Liqo Virtual Kubelet mDNS Kubernetes TLS bootstrapping Vint Cerf at 6UK launch in 2010 kubefed Liqo roadmap Liqo on GitHub Alex Palesandro on Twitter

Brian Singer co-founded Orbitera, which was acquired by Google in 2016. During that process he met Kit Merker, who was a PM on GKE and the GCP Marketplace, and the two are now working togther on relability engineering startup Nobl9. We talk about migrating Orbitera to GKE and Google’s SRE platform, and how many 9s are too many. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 94, with Richard Belleville The G in gRPC stands for: Gilded Guadalupe River Park Conservancy The Great British Bake Off? Not grey, just backlit! Much improved here News of the week Grafana relicensing to AGPLv3 Q&A on relicensing Google’s public ban on AGPL Amazon introduces OpenSerarch Pulumi v3.0 Episode 76, with Joe Duffy k8ssandra v1.1 Cassandra Kubernetes SIG picks Cass Operator Docker Desktop for Apple Silicon Macs is GA Zerto for Kubernetes Three different multi-tenancy models Loft Labs open sources Vcluster CVE-2021-20291 in CRI-O and Podman Kubernetes blog updates: Volume health monitoring Indexed Jobs Graceful node shutdown Defining Network Policy conformance for CNI providers Evolving Kubernetes networking with the Gateway API Links from the interview Orbitera in 2016 - acquired by Google Why Orbitera was migrated to GKE Site Reliability Engineering Service level objectives Error budgets and risk Being too reliable SLOs, SLAs, SLIs SLOs explained in 90 seconds video by Kit Merker Nobl9 SLO Platform SLOconf Fly to SLO Fly to Oslo Beyond Seattle SRE meetup Slash at Wembley Arena Brian Singer on Twitter Kit Merker on Twitter

Celebrate the release of Kubernetes 1.21 with release team lead Nabarun Pal from VMware. Nabarun talks about choosing between “hardware” and software, additions and removals from Kubernetes 1.21, and how the Kubernetes project has become more welcoming to people outside the USA. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Moscone Center vaccination site Monday morning weather in London Before and after haircut World record barbering News of the week Kubernetes 1.21 CronJobs are GA Local Storage features go Beta Suspended Jobs in Alpha kube-state-metrics v2.0 emissary-ingress joins the CNCF Shell Operator v1 for Kubernetes operators kubesploit, from CyberArk CVE-2021-25735: Validating Admission Webhook does not observe some previous fields on Node objects Kubegres Minio adds Kubernetes operator and console Scaling Kubernetes with assurance at Pinterest by Anson Qian SUSE sponsors 300 scholarships in cloud native education A reprieve for Apache Mesos Links from the interview Nabarun Pal IIT Roorkee Logo ABU Robocon Models and Robotics Section, IIT Roorkee Rorodata/Algoshelf PyCon India Building microservices with Firefly at PyCon India 2017 Conference talks Linux Users’ Group of Durgapur (DGPLUG) and FOSS training Kubernetes Bangalore meetup Nabarun’s journey in the Kubernetes release team Applications for Kubernetes 1.21 release team are open Episode 130 with Stephen Augustus Kubernetes 1.21 release blog Kubernetes Enhancement Proposals (KEPs) 1.21 release page PodSecurityPolicy deprecation and KEP Making sure features don’t languish in Beta Volume health monitoring Command metadata in kubectl headers Tweet from @dims bribing people to test Release Candidate builds Savitha Raghunathan is release lead for 1.21 Lewis Hamilton tied with Michael Schumacher Mick Schumacher joins F1 Nabarun Pal on Twitter

We conclude our two-part conversation with Weaveworks co-founder Alexis Richardson, picking up when the company received Series A investment in December 2014. Since then, they built projects like Scope, Cortex and Flux as well as SaaS offerings based on them. We also look at Alexis’s role in the founding of the CNCF. Please be sure to listen to the first part before this one! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Educational YouTubers: Film Riot Mental Floss Animator Island Infrastructure for Entertainment by Justin Garrison at KubeCon NA 2020 Episode 20, with Justin Garrison News of the week Kubernetes 1.21 PodSecurityPolicy deprecation KubeVela 1.0 Argo Workflows 3.0 and Argo CD 2.0 Cilium launches NetworkPolicy site IBM Cloud Code Engine is GA Tanzu Cloud Native Runtimes public beta New security offerings from Tanzu Cisco Intersight Kubernetes Service is GA Tetrate Service Bridge is also GA Updates to Azure Arc enabled Kubernetes and OpenServiceMesh add-on for Azure in Preview etcd project journey report published Single sign-on guide for Kubernetes by Ben Dixon Apache Mesos moving to the Attic Links from the interview Last week’s episode Weaveworks Weaveworks takes a $5m Series A round Weave Scope and its annoucement Cortex Flux CD and its announcement as a service routing layer Weave Cloud Docker Swarm Mode kubernetes-anywhere kubeadm How we made kubeadm Brandon Philips’ newsletter Launching eksctl The August 2017 post introducing GitOps Peter Bourgon and Michael Bridgen Kelsey Hightower talk at GitOpsDays Guide to GitOps Steam engine centrifugal governor Flux joins the CNCF Flagger Announcement about Argo and Flux joining forces Weaveworks is a founding member of the CNCF Alexis elected as TOC chair Battlestar Galactica Weave Kubernetes Platform Series C funding Alexis Richardson on Twitter