Kubernetes Podcast from Google

We finally scheduled some time to talk to David Oppenheimer. David, a software engininer at Google, has been working on scheduling there since 2007, including on both Borg and Omega. That experience naturally led to him working on the Kubernetes scheduler, as well as starting SIG Scheduling. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Last week's discussion about ice cream pies Vegemite ice cream, and a friendly reminder that New Zealand is not Australia Mutton ice cream is not a thing A bear in the kiddie pool News of the week Google Traffic Director supports proxyless gRPC New Relic open sources its agents Lyft drops the Clutch Conftest joins the Open Policy Agent project Emissary, from GitHub VS Code Docker extension can now run containers in Azure Container Instances Debugging Incidents in Google's Distributed Systems by Beth Cooper and Charisma Chan Hashicorp Consul Service on Azure is GA Gloo Federation for gloo'ing your Gloos together with gloo The AWS EKS CIS ben chm ark Changes to Aqua Wave and Aqua Enterprise Snyk's developer-first prioritization capabilities Carbonetes launch PR Prevasio launch PR DOMA: domain-oriented microservices architecture at Uber by Adam Gluck Links from the interview Papers co-written by David: Large-scale cluster management at Google with Borg Borg, Omega and Kubernetes SIG Scheduling WG Multi-Tenancy App Engine Interviews with David's colleagues on Borg and Omega: Episode 22, with Dawn Chen Episode 43, with Brian Grant Episode 111, with Wojciech Tyczynski Omega features: The Omlet Pod disruption budgets Taints and Tolerations Optimistic concurrency control Scheduler features Predicates and priorities Labels and selectors Node affinity and anti-affinity Pod affinity and anti-affinity Pod priority and preemption Disruption budgets Taints and tolerations Two level scheduling Mesos optimistic offers Kubernetes scheduler in Bash Firmament and integration in Kubernetes via Poseidon Configuration tools kpt kustomize David Oppenheimer on Twitter

Released on the same day as Kubernetes, cadvisor is a container monitoring daemon that collects metrics and serves them to monitoring tools. It's built into the Kubelet, and underpins many components in Kubernetes, such as eviction and autoscaling. David Ashpole of Google Cloud is TL of Kubernetes SIG Instrumentation, and the maintainer of cadvisor; he joins Adam and Craig this week to explain where instrumentation fits in the stack, and what you should do as a Kubernetes maintainer vs. a cluster administrator. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week In Craig's neighbourhood: Books More books Some less popular items Masks Archie the Mammoth National Ice Cream Day Carmel Caramel News of the week GKE Ingress features: BackendConfig CRD Cloud CDN Backend service timeout Connection draining timeout HTTP access logging Identity-Aware Proxy (IAP) Session affinity User-defined request headers Cloud Armor security policies (Beta) FrontendConfig CRD (Beta) Custom GCLB health checks (Beta) SSL policies (Beta) Exposing services on GKE OpenShift 4.5 OKD4 Spring Cloud Data Flow for Kubernetes from VMware; part of the Spring Runtime package k8spin.cloud is closing and making their code open source Review of k8spin from launch Custom Pod Autoscaler (and docs) by Jamie Thompson Envoy 1.15 round-up from Tetrate; release notes from the team Fluent Bit 1.5 summary at the CNCF k3d v3.0 and new web site Best practices for creating a highly available GKE cluster Recommended alerts for AKS Ingress support added to AWS App Mesh Platform9 adds new apps to their Managed Kubernetes Service Episode 88, with Madhura Maskasky CVE-2020-8557: Node disk DOS by writing to container /etc/hosts CVE-2020-8559: Privilege escalation from compromised node to cluster Alcide write-up Threat Alert: Attacker Building Malicious Images Directly on Your Host from Aqua Security Certified Kubernetes Security Specialist (CKS) coming in November Sign up for a free pass to Virtual KubeCon EU keynotes Diving Into Istio 1.6 Certificate Rotation by Christian Posta Links from the interview SIG Instrumentation inodes Eviction on inodes cgroups cadvisor Launched on the same day as Kubernetes Monitoring metrics with Prometheus Victor Marmol and Vish Kannan Episode 22, with Dawn Chen CRI Resource metrics pipeline Heapster Metrics Server kube-state-metrics Managing Your Costs on Kubernetes by Karl Stoney from Autotrader Episode 52, with Russell Warman and Karl Stoney Metrics Stability Framework Structured logging Distributed tracing in Kubernetes Node out of memory eviction Pod priority David Ashpole on Twitter

An open source license grants rights on copyright and patents, but not trademarks. Chris DiBona has some ideas on how to address that. He has spent his career in open source, including over 15 years running Google's Open Source Programs Office, and is one of the directors of the new Open Usage Commons. It launched last week with three projects - Angular, Gerrit and Istio - transferring their trademarks. Chris joins Adam and Craig to talk about Google's work in open source, and why a new organisation is needed. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Software defined radio POGSAG The fuzz Talking to the International Space Station Breaker breaker News of the week SUSE to acquire Rancher Episode 57, with Darren Shepherd Open Usage Commons: OUC Board announcement Google announcement Istio blog post IBM opinion Governance updates Operator Framework and Contour accepted into the CNCF BigQuery Omni Kubernetes has caught up with YARN according to Datamechanics Kubernetes networking: why is this so dang hard? by Tim Hockin Episode 41 Announcing Kustomize support for Pulumi Cinderella clusters from Soluble Google's Anthos comes to HPE Greenlake AWS: AWS partners with Docker Docker partners with AWS AWS Copilot for ECS cdk8s-plus AKS adds console RBAC and policy integration Kublr adds in-place upgrades and external clusters D2iQ want to teach you Links from the interview Chris DiBona VA Linux San Mehat Google Search Appliance Maintainer of Git Author of Git Ping pong balls on a bus AMP joined OpenJS Foundation and has now graduated WASM became a W3C standard Google Summer of Code Melange Open Usage Commons Apache Software License v2 and GPL v3 Open Source Definition Angular, Gerrit and Istio OUC board members Debian Free Software Guidelines Google Contributor License Agreement Apache Contributor License Agreement Developer Certificate of Origin Istio governance: Steering Committee and TOC Silicon Valley Chris's IMDB page Palo Alto fiber ring (and today) Chris DiBona on Twitter Open Source at Google

Before Kubernetes was launched, it could have at most 25 nodes in a cluster. At 1.0, the target was 100. Meanwhile, Borg, Omega and Mesos were all running away at 10,000. What did it take to get Kubernetes to this number, and above? SIG Scalability and GKE Tech Lead Wojciech Tyczynski tells us. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Follow-up: Chairs, from Episode 107 Christmas trees, from Episode 104 Kids music The duck song The duck joke Autotune the News The duck song goes viral on TikTok Walmart Yodeling Kid News of the week KubeCon US goes virtual PromCon schedule AWS App2Container Episode 48, with Issy Ben-Shaul GKE brings Node Local DNS cache to GA Episode 106, with John Belamaric Update kernel and Kubelet config on GKE nodes AKS brings 1.17 to GA; adds containerd and priority placement group support Diamanti Spektra 3.0 Kubernetes WG Naming Introducing Cloud Native Community Groups Updated CNCF Storage whitepaper Presslabs moves to Kubernetes Presslabs Stack and WordPress Operator Links from the interview Omega Episode 43, with Brian Grant Defining scalability Original SLOs API-responsiveness: 99% of all our API calls return in less than 1 second Pod startup time: 99% of pods (with pre-pulled images) start within 5 seconds Target SLO doc - 25 nodes Borg - ~10,000 nodes Sep 2015, Kubernetes 1.0 - 100 nodes "Kubernetes Has A Ways To Go To Scale Like Google, Mesos" by Timothy Prickett Morgan March 2016, Kubernetes 1.2 - 1,000 nodes July 2016, Kubernetes 1.3 - 2,000 nodes Work by Clayton Coleman, guest of Episode 85 March 2017, Kubernetes 1.6 - 5000 nodes etcd v3 improvements for web scale Scalability Envelope Today's scalability numbers EndpointSlices Episode 104, with Bowei Du JD.com's 10,000 node clusters Alibaba's 10,000 node clusters Episode 95, with Xiang Li Google's 15,000 node GKE clusters Twitter session at the upcoming Google Cloud Next by Reza Motamedi and Maciek Różacki Poseidon and Firmament Wojciech Tyczynski: GitHub LinkedIn

Over the past 20 years, Mirantis has grown from an outsourcing company for semiconductor engineers to a product company that is the new home of Docker Enterprise. Past and present CEO and "co-founder" Adrian Ionel oversaw Mirantis's adoption of OpenStack and purchase of Docker's enterprise business, and he joins the show to discuss them both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Hello Kitty, not a cat The Toys That Made Us Istanbul Not Constantinople News of the week New CNCF projects: Announcement The Future of Sandbox Sandbox project list KUDO Episode 78, with Gerred Dillon Crossplane CNI-Genie Keptn Cloud Custodian Dex Litmus Episode 56, with Evan Powell ArtifactHub Kuma Parsec BFE jFrog ChartCenter KubeCon "EU" schedule Gloo 1.4 Episode 55 with Idit Levine Frigate by Jacob Tomlinson Checkov by Bridgecrew Contour 1.6 ACI and Docker integration now public gRPC-Web for .NET now GA Episode 94, with Richard Belleville HP Ezmeral Codefresh raises $27m Links from the interview Mirantis OpenStack At Mirantis Built by NASA and Rackspace Fuel from Mirantis Adrian leaves Mirantis in 2015 Dorsal Did anyone call John Sculley? Adrian returns in 2018 Infrastructure as Code Mirantis Bring-your-own Kubernetes and Kubernetes as a Service Mirantis acquires Docker Enterprise ..and pledges to keep Docker Swarm alive Docker Enterprise Kontena closes and the team joins Mirantis Mirantis joins Airship project First release of Docker Enterprise from the merged team The Mirantis Bear Adrian Ionel on Twitter

Last week Loodse, the makers of the Kubermatic Kubernetes Platform, made that platform open source, and rebranded their company to match. Co-founder Sebastian Scheele joins us to explain how the company and platform came about, why they've made their changes, and what exactly a Loodse was anyway. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Docker for the new Arm Macs Tick Tock Keep Talking and Nobody Explodes Spaceteam News of the week Kubermatic 2.14 now Open Source HashiCorp Cloud Platform and new versions of Nomad, Terraform and Consul Flagger 1.0 OpenMatch 1.0 Harbor graduates at the CNCF SPIFFE and SPIRE move to incubation level CNCF post GKE goes to 15,000 nodes with Bayer Crop Science Tsunami: extensible network scanning from Google AWS App Mesh controller for Kubernetes is GA Dell announces PowerScale storage Gocker: a mini Docker written in Go by Shuveb Hussain The Kubernetes Goat by Madhu Akula Storpool and Sardina launching Kubernetes-as-a-Service Kubernetes website adopts Docsy Getting started with Oracle 18c on Kubernetes by Ron Ekins Links from the interview Kubermatic (f.k.a. Loodse) SAP HANA Julian Hansert Hamburg and Munich Kubernetes meetups ContainerDays Kubermatic Kubernetes Platform SAP Gardener Leibnitz KubeOne Loodse rebrands to Kubermatic Kubermatic Kubernetes Platform on GitHub Sebastian Scheele on Twitter

Two years ago, Sarah Wells from the Financial Times gave a KubeCon EU keynote about how the company moved from monolith to microservices, and how her Content and Metadata platform team moved to Kubernetes specifically. She joins hosts Adam and Craig to recap that migration, and what life has been like since. As Sarah has moved to a broader role in charge of all observability for The FT, she also invited Dimitar Terziev, the current platform lead for the CM team, to the conversation. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Duck eggs Green onions News of the week kube2hadoop from LinkedIn Kubera from Mayadata Episode 56, with Evan Powell Linkerd 2.8 Multi-cluster with Ambassador Consul 1.8 Intro to Istio Ingress from Banzai Cloud Cloudflow 2.0.0 Not the shoe Google internships go virtual to help Open Source Introducing the CNCF Technology Radar CNCF SIG Observability Episode 37, with Richard Hartmann Loft (and Reddit thread) Jib 2.4 announcement and Jib extensions Zerto for Kubernetes AKS 2020-06-08 adds node image upgrade and application gateway ingress controller Cloudera Data Platform for Private Clouds Cloudbees introduces DoD compliant CI, now with a CtF to deploy into an environment with an ATO, which meets DISA STIG and NIST RMF security guidelines Episode 44, with Tracy Miranda Microsoft discovers cryptojacking in Kubeflow clusters on Azure Gokul Chandra writes up Anthos Links from the interview Financial Times The pink pages Subscriber stats Coronavirus coverage The latest figures John Burn-Murdoch Added 50,000 subscribers since COVID-19 FT Crossword KubeCon EU 2018 keynote: "Switching Horses Midstream: The Challenges of Migrating 150+ Microservices to Kubernetes" by Sarah Wells Schedule Video Slides Monzo microservices graph CoreOS Fleet Innovation tokens: Choose Boring Technology by Dan McKinley Dashing from Shopify Sarah and Dimitar on Twitter

After 5 years at the helm of the CNCF, executive director Dan Kohn is stepping down to launch a new Public Health initiative. The new General Manager of the CNCF is Priyanka Sharma, who joins our show today. Priyanka tells Craig and Adam what to expect, talks about virtual events, and gives some hints on how to rename projects. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Frog Leap Studios Tubthumping (originally by Chumbawamba) Hello (originally by Adele) News of the week Rancher Longhorn is GA Fairwinds Polaris is GA AKS does new networking things Kubecost's cluster-turndown saves you money Solo Developer Portal for Istio CVE-2020-10749: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements CVE-2020-8555: Half-Blind SSRF in kube-controller-manager Write-up from "Reeverzax" and "Hach" Ambassador 1.5 released Microk8s for Windows and Mac Finding your GKE logs by Rami Shalom and Charles Baer Business continuity with Anthos CNCF Cloud Engineer Bootcamp CKA program changes Lessons learned by Noah Kantrowitz of Ridecell Links from the interview Lightstep Ben Sigelman Ben Cronin "Spoons" Dapper Monarch OpenTracing Episode 97, with Yuri Shkuro GitLab Sid Sijbrandij CNCF Charter Governing Board members Priyanka joins as GM Dan Kohn Chris Aniszczyk On 4 years at the Linux Foundation Jim Zemlin End User Community Cheryl Hung Episode 35, with Dan Kohn LF Public Health Events: Cloud Native Summit Online KubeCon EU KubeCon Boston CNCF Technical Oversight Committee Charter Members CNCF Projects Other projects: Ollie Priyanka Sharma on Twitter

In a world where pods (and IP addresses) come and go, DNS is a critical component. John Belamaric is a Senior SWE at Google, a co-chair of Kubernetes SIG Architecture, a Core Maintainer of the CoreDNS project and author of the O'Reilly Media book Learning CoreDNS: Configuring DNS for Cloud Native Environments. He joins Craig and Adam to discuss CoreDNS, the evolution of DNS in Kubernetes, and how name resolution has been made more reliable in recent releases. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Death of George Floyd SpaceX Crew Demo 2 launch Sunniest Spring on record in the UK A small test rocket launch in Scotland UK spaceport (proposed) New Zealand spaceport (active) News of the week Priyanka Sharma replaces Dan Kohn at the CNCF Episode 35, with Dan Kohn Starboard, by Aqua Security Episode 19, with Liz Rice Docker Enterprise 3.1 from Mirantis Docker and Microsoft; Microsoft and Docker Velero v1.4 Agones v1.6 Episode 26, with Mark Mandel and Cyril Tovena Chef adds Windows container migration for GKE Red Hat adds Quarkus to Red Hat Runtimes AWS encrypts Fargate ephemeral disks in v1.4 PlanetScale open sources a Vitess operator Episode 81, with Jiten Vaidya and Sugu Sougoumarane Kubernetes provider for Hashicorp Terraform Google Vulnerability Reporting Program adds GKE Tools for debugging apps on Google Kubernetes Engine by Charles Baer and Xiang Shen How Migrate for Anthos helps modernize Java apps Helm project journey report Episode 102, with Matt Butcher Helm 3: the Good, the Bad and the Ugly by Sandor Guba of BanzaiCloud NIST deployment guidelines for proxy-based Service Mesh by Ramaswamy Chandramouli of NIST and Zack Butcher of Tetrate The World of kubectl Plugins: a YouTube series by Ahmet Alp Balkan Episode 66, with Ahmet Alp Balkan and Luk Burchard Links from the interview Domain Name System Root zone Authoritative name server Recursive and caching name server Infoblox Kubernetes Service DNS for Serivices and Pods Customizing DNS for Kubernetes CoreDNS; the default DNS server for Kubernetes since 1.11 Introduction slides KEP for CoreDNS in Kubernetes SkyDNS Miek Gieben; author of CoreDNS and SkyDNS version 2 Caddy: the HTTP server upon which CoreDNS is based Dnsmasq CoreDNS plugins Rewriting DNS with CoreDNS redisc plugin: enables a networked cache using Redis ens plugin: serve DNS records from Ethereum Name Service Node Local DNS cache and KEP BIND Unbound DNS resolver Explanatory blog posts: Understanding ndots in Kubernetes Racy conntrack and DNS lookup timeouts Learning CoreDNS: Configuring DNS for Cloud Native Environments by John Belamaric and Cricket Liu Cricket Liu and his books Book cover: a Comber fish Policy integration Episode 101, with Tim Hinrichs and Torin Sandall CoreDNS policy plugin coredns-opa SIG Architecture Production Readiness Review and KEP A DNS haiku John Belamaric on Twitter

Over the last 10 years, Cloud Foundry has grown from "open Heroku clone" to "software used at your bank". The Cloud Foundry Foundation and the CNCF launched within a few months of each other in 2015, and the two worlds are now colliding as Cloud Foundry replatforms on top of Kubernetes. Our guest this week is the Executive Director of the Cloud Foundry Foundation, Chip Childers. He talks to Adam and Craig about foundations, the boredom of infrastructure, and the cost of every line of code you write. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Memorial Day Spring Bank Holiday Sundar Day Cracking the Cryptic: Sudoku solving and more 4 million views Craig's favourite: watch Simon's excitement Guardian article cheat3: Lego puzzle boxes News of the week Istio 1.6 released Multiple control planes WorkloadEntry Azure Arc for Kubernetes now in preview New AKS features GKE introduces Container Threat Detection in Beta TriggerMesh makes EveryBridge available to EveryOne in Preview Introducing KES from MinIO Updates to StackRox Kubernetes security platform OPA survey results Styra DAS adds microservices authorization Episode 101, with Tim Hinrichs and Torin Sandall Rancher Academy Understanding Anthos on Bare Metal from Google Cloud Snyk partners with Docker and Docker partners with Snyk Kubernetes Apply vs. Replace vs. Patch by David Dooling from Atomist Links from the interview DMTF and DTMF 17 year old kids asked to use a rotary phone Apache CloudStack Wikipedia, with history Apache Software Foundation Officers and Project VPs Cloud Foundry Announcement of formation GitHub Wikipedia Boeing B-29 plane Pivotal Software Linux Foundation Collaborative Projects Open Container Initiative April 2020: Chip Childers, CFF CTO, becomes Executive Director Episode 98, with Sam Ramji (the founding CEO/Executive Director of the CFF) Project Eirini: announced by IBM in April 2019 Old architecture: Diego and Garden KubeCF Created at SUSE GitHub cf-for-k8s GitHub Chip Childers on Twitter

SIG Network is completely rethinking the way you define groupings of applications (Service) and get traffic sent to them (Ingress) by building the Service APIs, a new set of primitives which are better suited to how different groups of users interact with them. Bowei Du is a Tech Lead on GKE and a member of SIG Network who is leading the design and implementation of these new APIs, as well as working on getting Ingress to GA in Kubernetes 1.19. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Christmas trees Magic Puzzles News of the week Google Cloud Next On Air Sign up now Harbor 2.0 Azure introduces 10c/hr uptime SLA and Kubernetes 1.18 in preview Red Hat announces Amazon Red Hat OpenShift Linode Kubernetes Engine is Generally Available VMware to acquire Octarine Venafi to acquire Jetstack cert-manager 0.15 and beyond Episode 75, with James Munnelly Maesh 1.2 Grafana 7.0 AWS CDK for Kubernetes (cdk8s) Call to participate in CNCF survey Load balancing algorithms in Envoy by Tony Allen Links from the interview Bowei's PhD: CAP theorem TIER project: Technologies and Infrastructure for Emerging Regions Delay-tolerant networking (DTN) Service EndpointSlices Coming to Istio and Knative Health checks: Liveness and readiness at pod level Pod Ready++ Ingress cert-manager ingress-nginx TLS is only on port 443 2018 Ingress survey Conformance profile Episode 41, with Tim Hockin Ingress moving to GA in 1.19 Service APIs Evolving the Kubernetes Ingress API to GA and beyond by Bowei and Christopher Luciano from IBM A sketch of the API GatewayClass and StorageClass KEP for adding L4 Multi-Cluster Services API proposal Bowei Du on Twitter

More gripping than a crime scene in Las Vegas, the Container Storage Interface (CSI) lets vendors interface with Kubernetes. Saad Ali from Google led development of Kubernetes storage, including the CSI and volume subsystem. He joins hosts Adam and Craig for an in-depth look at how storage works in Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam's puzzle How they made The Mandalorian Unreal Engine: Project Spotlight Fraggle Rock: Rock On! Lockdown music videos: Crowded House: Something So Strong Mostar Diving Club: Quiet Hands News of the week IBM Cloud Satellite Google Cloud Buildpacks Anthos for app modernisation via CI/CD and transforming legacy Java applications Azure Container Registry adds dedicated data endpoints Amazon ECR: multi-architecture containers Amazon Cloudwatch adds Prometheus metrics run:AI creates fractional GPU sharing for Kubernetes The State of Cloud Native Development: CNCF survey (PDF) VMware's State of Kubernetes 2020 (PDF) Gatekeeper Policy Management from SIGHUP Episode 101, with Tim Hinrichs and Torin Sandall Datastax Astra on GCP and Sam Ramji's blog Episode 98 with Sam Ramji Introducing PodTopologySpread by Aldo Culquicondor and Wei Huang Pod Security Policies at Square by Jason Price Introduction to OpenTelemetry by Ran Ribenzaft Episode 97, with Yuri Shkuro Kubernetes and Istio on the F-16 jet: CNCF case study GKE logging introduction by Charles Baer and Xiang Shen Helm and Kustomize, better together Helm, with Matt Butcher Kustomize, with Phillip Wittrock Links from the interview SIG Storage KubeCon keynote: Debunking the Myth: Kubernetes Storage is Hard Episode 41 with Tim Hockin Docker: Volumes Volumes Persistent Volumes In-tree volume plugins (deprecated) FlexVolume Container Storage Interface Kubernetes CSI docs Design doc CSI GA announcement CSI sidecar containers Ephemeral CSI volumes (Beta) Secrets Store CSI driver Local persistent volumes Data populators KEP CSI topology Topology-aware volume provisioning CSI for Persistent Memory GKE on AWS CSI TV theme songs The Who: Substitute Saad Ali on Twitter

In celebration of Helm graduating to a top-level CNCF project, Adam and Craig. talk to its creator and primary architect, Matt Butcher of the Deis Labs team at Microsoft Azure. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam talks about these baby wipes Craig talks about these baby wipes News of the week Red Hat Virtual Summit news: OpenShift 4.4 OpenShift Serverless OpenShift Virtualization Advanced Cluster Management for Kubernetes Azure Red Hat OpenShift upgraded to v4 OpenShift 4.3 on IBM Power Red Hat Marketplace More ways Red Hat are here to help Azure Kubernetes Service: Windows Server Containers, Private Clusters and Managed Identities now GA Windows Server Containers are GA on GKE too Episode 70, with Patrick Lang Ingress for Anthos Kaggle writes about using it for gRPC Explore Anthos with a sample deployment Celebrating Helm's graduation The Safety Boat: Kubernetes and Rust by Taylor Thomas from Deis Labs Announcing Vitess 6 Couchbase Autonomous Operator 2.0 Kong for Kubernetes 0.8 Tern 2.0 KubeCon + CloudNativeCon Europe 2020 Alcide look at Kubernetes as a Service Anthos Service Mesh deep-dive GigaOm Radars, by Enrico Signoretti Data Storage for Kubernetes Hosted Kubernetes solutions Federated Kubernetes Links from the interview Matt Butcher Doctor of Philosphy Why One Philosopher Left Academia Celebrating Helm's graduation Helm A floppy disk History of Helm Introducing Helm Why Kubernetes Needs Helm Deis In 2016 The Illustrated Childrens Guide to Kubernetes k8splace Deployment Manager for Kubernetes Skippbox Bitnami Helm 3 transition by Matt Fisher Upgrading from Windows 1.0 to 8.0 Helm charts and Helm Hub TUF and in-toto Is there a Helm and Operators showdown? Operators blog by Brandon Philips First Helm Summit Episode 43, with Brian Grant Swag Helm coffee cup Deis socks Printed copy of The Illustrated Childrens Guide Deis gift satchel Tide pen Deis acquired by Microsoft, 3 years ago CNAB, Brigade and Krustlet Techne and Sophia Matt Butcher on Twitter

Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. Adam and Craig discuss OPA with Tim and Torin after the news of the week. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The cupboard was bare Marmite is not a satisfactory substitute for baking yeast 4D jigsaw puzzles (or a picture, if not for sale in your location) News of the week Anthos for AWS is now Generally Available TechCrunch coverage Eurosys '20: Autopilot paper Borg: The Next Generation paper Cluster traces Cloud Foundry becomes more Kubernetes-native with cf-for-k8s Paketo Buildpacks Everything you need to know about them How they fit into the Cloud Native landscape Changes to Kubernetes release cycles for 2020 Aqua Security announces Dynamic Threat Analysis RHEL 8.2 adds new container tools Red Hat product life cycle changes Flatcar Linux now supported on VSphere Episode 79 with Chris Kühl sKan from Alcide kubeletctl from CyberArk xls-kubectl by Daniele Polencic of Learnk8s Microsoft's new reverse proxy YARP Running decades-old games in containers by Misha Brukman TorchServe and TorchElastic for Kubernetes by Facebook and AWS Controller code Project Astra from NetApp Launch video Styra adds mutating webhooks to Declarative Authorization Service Simulating clock skew by PingCAP Links from the interview Open Policy Agent Styra Episode 42 with John Murray Plate smashing OASIS XACML OPA is… "easier" The origin of Open Policy Agent and Rego Founded in 2015: first commit Donated to the CNCF Sandbox in 2018 and moved to incubation in 2019 Rego configuration language Running as a Go API Bundles Admission controllers in Kubernetes Existing Kubernetes policies NetworkPolicy LimitRange OPA Gatekeeper: Policy and Governance for Kubernetes OPA and WebAssembly Hooli examples Tim Hinrichs and Torin Sandall on Twitter

To celebrate our 100th episode we welcome back our first ever guest, Paris Pittman, open source program manager at Google Cloud and member of the Kubernetes steering committee - among many other roles. Along with hosts Adam and Craig, Paris looks at how the community has changed and how it has stayed the same, and how other projects are able to adopt learnings from Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week 100 episodes! Our introductory blog Our introductory KubeCon keynote News of the week New Tanzu announcements Surge upgrades for GKE Spot and system/user node pools on Azure Kubernetes Service Portworx Essentials OpenShift Container Storage 4.3 Magicpak by Hiromi Ogawa Pluto from Fairwinds Trow featured in the New Stack Using Apache SkyWalking to fix the blind spot of distributed tracing Lyft takes Envoy Mobile to production gRPC and Kotlin Episode 94 with Richard Belleville Gloo 1.3 Envoy Wasm filters at Banzai Cloud faasd by Alex Ellis Kubernetes Fury Distribution 1.1 NeuVector adds Vulnerability and Compliance Explorer Infra.app adds Linux support Node Local DNS cache by Povilas Versockas Cheeky Monkey by Rich Stokes Anthos: Under The Hood by the Google Cloud Developer Advocacy team Kubernetes Operators by Jason Dobies and Joshua Wood of Red Hat Cloud Foundry Platform Certification includes Kubernetes Announcing the Kubernetes Contributor Communications team How to join Lachlan Evenson joins the Kubernetes steering committee CFP opens for KubeCon US Fluentd project journey report Seven CNCF interns graduate the CommunityBridge program with more to come Links from the interview Episode 1, also with Paris Pittman! Kubernetes Slack Guidelines and Code of Conduct Moderator team SIGs and Working Groups Code of Conduct Committee Product Security Committee SIG Working Group Lifecycle doc SIG PM retirement Chairs and TL roles Not much love to go round? Subprojects - they rule everything around Paris CNCF Contributor Strategy SIG CNCF Observability SIG Kubernetes Community communication guidelines Zoom guidelines Kubernetes upstream marketing - Contributor Communications team YouTube PE Charter: Ethos and guidelines API conventions doc The Art of Community by Jono Bacon O'Reilly Linux Pocket Guide by Daniel Barrett Oh, The Places You'll Go! by Dr Seuss Episode 74, with Jorge Castro Animal Crossing: New Horizons Find the games on Twitter Paris Pittman on Twitter

kpt ("kept") is a new open-source tool for Kubernetes packaging built by Google Cloud. Morten Torkildsen is an engineer at Google, focusing on configuration management and the workloads APIs, and he worked on Kpt. He explains it to Adam, while Craig fills his mind with penguins. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The Easter Bunny is an Essential Worker in New Zealand From the archives: Dragon research (discussed in Episode 53) Keepers are letting the penguins run loose at Oregon Zoo Visiting the Beluga Whale at Shedd Aquarium News of the week CNCF projects: Volcano joins the Sandbox Dragonfly moves to incubation Argo moves to incubation Argo CVEs by Matt Hamilton of Soluble Docker announces Compose specification Nautilus: a tool for visualising Docker Compose files Show HN post Deis Labs introduces Krustlet: Introduction Why Rust? The Microsoft take Tekton now in Beta Episode 44, with Tracy Miranda Episode 47, with Kim Lewandowski Microsoft publishes attack matrix for Kubernetes Detecting a large-scale cryptocurrency mining attack Huawei announces Mindspore deep learning framework Service Mesh Hub from Solo Technical overview Mixerless Telemetry in Istio by Zsolt Varga of Banzai Cloud Amazon launches Fargate platform v1.4.0 Version primer Data plane, under the hood Elastic File Server (NFS) support Rook 1.3 Write-up by Vanilla Kola Red Hat: OpenShift Commons Gathering, April 27 Istio on OpenShift in 2020 Be careful when pulling images by short name Canonical launches managed apps When to use Helm and when to use Operators by Matt Butcher Controlling outbound traffic from Kubernetes by Jack Kleeman and Chongyang Shi at Monzo API Priority and Fairness Alpha by Min Kim, Mike Spreitzer and Daniel Smith Hubspot moves Zookeeper to Kubernetes Graceful shutdown in Kubernetes is not always trivial by Ilya Andreev from Flant Open Container Initiative icons Kubernetes Workshop in a Box by Pascal Widdershoven Links from the interview kpt Announcement What does it stand for? Kubernetes Resource Model helm template command kpt apply vs kubectl apply Configuration as Code Brian Grant Twitter thread on kpt kpt Setters Domain-specific languages Examples and Kubernetes examples you can use with kpt kpt functions Installing kpt kpt on GitHub Morten Torkildsen on Twitter

Apache Cassandra, a scale-out datastore, is becoming more Kubernetes-native. Sam Ramji is Chief Strategy Officer at DataStax, a company that builds Cassandra-based products. He explains how DataStax has pivoted back towards supporting upstream Cassandra, and how they're making it easier to manage on Kubernetes. As always, we also cover the news of the week, and we look at what is and is not a dinosaur. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The return of the brontosaurus We're going on a bear hunt News of the week kpt: Announcement Site Contributors: Episode 7, with Phillip Wittrock Episode 11, with Vic Iglesias Episode 29, with Janet Kuo Episode 43, with Brian Grant Possible meanings, thanks to Daniel Roth and Blender Fox What does it really stand for? Please tweet us at @kubernetespod. Wrong answers only! Kubernetes 1.18 deep-dives: Topology Manager Server-side Apply Ingress CSI: Redmond New GitLab features Episode 89, with Marin Jankovski Rancher 2.4 Episode 57, with Darren Shepherd Sidekick, from Minio Cortex 1.0 Kubernetes CVE-2019-11254 Kubernetes Kapsule: managed clusters from Scaleway Build your own Kubernetes controller by Nicolas Fränkel Kubie, by Simon Bernier St-Pierre Serving repository move from Google to community control mkit from Darkbit oneinfra by Rafael Fernández López Cost savings with Kubernetes by Henning Jacobs Episode 38 Planetscale goes multi-cloud Episode 81, with Jiten Vaidya and Sugu Sougoumarane 30 days of free training from Google Cloud Critical vulnerabilty in HAProxy Well-being tips from the CNCF Links from the interview Chief Strategy Officer Sam at Microsoft The West Wing Apache Cassandra Based on the Bigtable paper Created at Facebook in 2008 Paper published in 2009 A top-level Apache project since 2010 Wide columnar data store and NoSQL CAP theorem - Cassandra is AP, eventually consistent ACID and BASE NewSQL The road to Cassandra 4.0 by Patrick McFadin DataStax Riptano raising money becoming DataStax and losing the rhino DataStax Enterprise Cassandra Operator and Management API Announcement blog DataStax Astra 501c3 and 501c6 US organizations Cloud Foundry Foundation Cassandra Enhancement Proposals (CEP) Pluggable storage engines Instagram's "Rocksandra" Cassandra fork and Amazon's Rocksandra fork Sam Ramji on Twitter

Jaeger is a distributed tracing platform built at Uber, and open-sourced in 2016. It traces its evolution from a Google paper on distributed tracing, the OpenZipkin project, and the OpenTracing libraries. Yuri Shkuro, creator of Jaeger and author of Mastering Distributed Tracing, joins Craig and Adam to tell the story, and explain the hows and whys of distributed tracing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Music from Home: Brian May Neil Finn You Don't Know Jack Galaxy Trucker Free books from the Sesame Workshop Google Play Amazon Barnes and Noble Kobo The Monster At The End Of This Book News of the week Update on the update on the update on KubeCon EU: now 13 to 16 August, and possibly online. Virtual Rejekts on 1 April Datastax Cassandra Operator and Management API Announcement blog PromCat: Prometheus Catalog from Sysdig Evaluating Predictive Autoscaling in Kubernetes by Jamie Thompson Provision a certificate and key for an application without Istio sidecars by Lei Wang How to Secure Your Kubernetes Cluster on GKE by Lewis Marshall Upcoming changes to IP assignment for EKS Managed Node Groups and De-mystifying EKS networking by Nathan Taber Updated EKS SLA Ops tips by Ciro S. Costa: Quality of Service and OOM, and Kubernetes Secrets Google upgrades to Platinum membership of Cloud Foundry Foundation CNCF Case Study: Vodafone Links from the interview Yuri Shkuro Open Source at Uber Episode 84: Monitoring, Metrics and M3, with Martin Mao and Rob Skillington - another open source project from Uber Mastering Distributed Tracing - Yuri's book Service-Oriented Architecture: Scaling the Uber Engineering Codebase As We Grow by Einas Haddad What is Distributed Tracing? Evolving Distributed Tracing at Uber Engineering - Yuri's blog post OpenZipkin TChannel OpenTracing Towards Turnkey Distributed Tracing by Ben Sigelman Jaeger Get started in one container Deploying to Kubernetes gRPC OpenTracing library Jaeger agent and collectors Storage backends Jaeger in Istio and trace context propagation OpenTelemetry: merging OpenTracing and OpenCensus A Brief History of Tracing (So Far) by Ben Sigelman and Morgan McLean Jaeger and OpenTelemetry Now officially in Beta! Google Dapper paper OpenTracing joined CNCF in 2016 What is a jaeger? The logo Red Hat Hawkular Jaeger joins the CNCF in 2017 and graduates in 2019 Jaeger Analytics Yuri Shkuro on Twitter

Kubernetes 1.18 is out - almost! A bug has pushed it back a day. While you're waiting, release team lead Jorge Alarcon will tell you all about the fit and finish you can expect in the release when it's out tomorrow. Adam and Craig bring you the other community news of the week, as well as some podcast follow-up. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Shoe Dog What the fox really says News of the week Kubernetes 1.18 is out! Well, not quite yet: this regression is being fixed Enhancement tracker Windows features: containerd kubeadm RuntimeClass GMSA Ingress API kubectl diff and APIServer dry-run kubectl debug CNCF SIG Contributor Strategy Kong ingress controller and Istio service mesh by Kevin Chen KubeCF becomes a Cloud Foundry Foundation incubation project Platform9 adds two new tiers And adds free JFrog Private Container Registry Backyards 1.2 Red Hat adds support for installing OpenShift on top of RHV Google Cloud Game Servers Kubei, a new open source runtime vulnerabilty scanner by Portshift Azure Container Registry adds customer managed keys AKS adds Ubuntu 18.04 Kubernetes security announcements CVE-2020-8551 - kublet CVE-2020-8552 - API server Using Inspektor Gadget to add network policies okteto push D2iQ changes CEOs Spectro Cloud comes out of stealth Links from the interview Kubernetes 1.18 release blog 1.18.0 announcement e-mail Computational biology and folding proteins Data for Democracy Kubernetes Up and Running by Joe Beda, Kelsey Hightower, and "the other guy" The Kubernetes Slack Searchable.ai A bit about them Home slice Episode 72, with Lachlan Evenson Emeritus Adviser Release logo Sidecar containers Tim Hockin's thoughts on Sidecar Containers not making 1.18 1.19 release lead: Taylor Dolezal Jorge on Twitter and alejandrox1 on the Kubernetes Slack

If you're running Kubernetes, you're running etcd. The distributed key-value store was started as an intern project at CoreOS by Xiang Li, who is still maintaining it but now working on infrastructure at Alibaba. Xiang joins your hosts to discuss. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Getting toilet paper be like So, stay at home and play with free synth apps! Korg Kaossilator: download for Android or iOS MiniMoog Model D: download for iOS iSongs on YouTube News of the week vSphere 7 and VMware Tanzu announcements Docker announces new strategy and roadmap Hitachi Vantara acquires Containership's assets Containership's since-removed "goodbye" post Lens, now from Lakend Labs KEDA and SMI join the CNCF Sandbox AWS Bottlerocket blog post and GitHub repo Enable encryption on App Mesh with custom or ACM certs EKS supports Kubernetes 1.15 Firecracker thread by Micah Hausler gVisor thread by Ian Lewis Kublr adds rolling upgrades Google Cloud moves to its own ACME certificate provider GKE Workload Identity is GA Analysis of Redis operators by Flant Bank Vaults 1.0 and HSM support by Banzai Cloud CNCF joins Google Summer of Code Lifemiles case study Rancher Labs raises $40m Episode 57, with Darren Shepherd Links from the interview etcd etcd on GitHub How Kubernetes uses etcd The history of etcd, including the famous garage Built to handle upgrading CoreOS Container Linux nodes Prior art: Zookeeper: too much JVM Doozer: not enough community Chubby: too private to Google Paxos The paper Paxos Made Live - An Engineering Perspective Multi-Paxos raft The paper Announcing etcd Ben and Blake etcd3 moved from a tree keyspace to flat keyspace Latest version: etcd 3.4 etcd and Kubernetes at Alibaba: Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters Performance optimization of etcd in web scale data scenario The first etcd operator created by Xiang Jepsen tests of 0.4.1 and 3.4.3 CNCF to host etcd in December 2018 etcd roadmap Xiang Li on GitHub Xiang Li on Twitter

Richard Belleville works at Google on gRPC, a high-performance, universal RPC framework. Richard used gRPC before joining Google to work on it; he talks to the hosts about its history and derivation from Google's internal Stubby, how it works, and how it differs from other RPC and messaging systems. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Castlevania series 3 on Netflix Discussed in Episode 27 Bad video game adaptations Pac-Man (TV series) Super Mario Bros (film) Doom (film) Hitchhiker's Guide to the Galaxy - 42nd anniversary Upcoming Hulu TV series News of the week Istio 1.5: Release announcement 2020 roadmap Extensibility through WebAssembly in Envoy and the Proxy-Wasm ABI Solo.io's WebAssemblyHub Google Cloud's new strategy for the telecommunications industry Managed Kubernetes pricing comparison HPE Container Platform is Generally Available Contour 1.2 and Velero 1.3 Case studies: HelloFresh running Istio in production Kudos on moving to Kubernetes A survey of Istio's network security features by Jack Leadford at NCC Group TIKV security audit Adrian Colyer looks at the Firecracker paper EKS adds AWS Encryption Provider 2019 CNCF Survey results Sidecar containers not in 1.19 after all KubeCon EU not on in Mar/Apr after all Links from the interview gRPC What is gRPC? gRPC Basics meetup video: a recent presentation by Richard at the Orchestructure meetup RPC vs messaging What does the G stand for? NASA Robotic Mining Challenge Protocol Buffers Stubby became gRPC Abseil: an open source collection of C++ libraries drawn from the most fundamental pieces of Google's internal codebase Chubby lock services (the inspiration for etcd) Bidirectional streaming Head-of-line blocking Polling engines Swagger/OpenAPI gRPC + JSON by Carl Mastrangelo HTTP/2 Supported languages gRPC Core gRPC-web HTTP/2 trailers Users Graduating the CNCF Richard Belleville on Twitter

Kubeflow, the Machine Learning toolkit for Kubernetes, has hit 1.0. Google software engineer Jeremy Lewi is a core contributor to Kubeflow and was a founder of the project. He joins the show to discuss what Kubeflow does, and what it means to have hit 1.0. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Over the Road Over The Top and its amazing poster 13 Minutes to the Moon With soundtrack by Hans Zimmer We love our theme music, but its composer has fewer Academy Awards. News of the week KubeCon Novel Coronavirus update Schedules announced for day 0 events Kubeflow 1.0 is out Google Cloud blog Kubernetes 1.18-beta.1 1.18 features list Poor unloved Sidecar Containers Screwdriver joins CD Foundation Episode 44, with Tracy Miranda Introducing Arkade by Alistair Hey Install Kubernetes to your Raspberry Pi in 15 minutes by Alex Ellis Weathervane 2.0 from VMware AKS: Spot node pools and container scanning Vulnerable Containers API by Jerry Gamblin Advanced Persistence Threats: The Future of Kubernetes Attacks by Ian Coldwater and Brad Geesaman Episode 65, with Ian Coldwater Everyone might be Cluster Admin in your Kubernetes cluster by Jeff Geerling Mirantis acquires Kontena Episode 31, with Jari Kolehmainen CSI driver for Google Cloud Storage by Ofek Lev Bring your ideas to the world with kubectl plugins by Cornelius Weig Optimizing I/O intensive containers by Jay Huang Links from the interview Kubeflow Episode 2, with David Aronchick About Use cases Jupyter and its use in Kubeflow kfserving 1.0 release Enabling GPUs and TPUs Community Member organisations MNIST tutorial Kubeflow on GitHub and on Twitter Jeremy Lewi on Twitter

GPUs do more than move shapes on a gamer's screen - they increasingly move self-driving cars and 5G packets, running on Kubernetes. Pramod Ramarao is a Product Manager at NVIDIA, and joins your hosts to talk about accelerators, containers, drivers, machine learning and more. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Printer networking HP JetDirect USB Type B The mess that is USB Type-C The solution Adam wants software-defined faucets Glowing LED faucet - where does the electricity come from? Faucet, a SDN controller News of the week Google Cloud launches Application Manager for GKE in Beta GKE Surge Upgrades GA GKE Node Locations GA Anthos Ready Storage qualification Kafka disaster recovery with Supertubes from Banzai Cloud Episode 59, with Janos Matyas StackRox's State of Container and Kubernetes Security report Cilium 1.7 Last week's ode to eBPF, with Leonardo Di Donato Convox launches multi-cloud Pangolin, an experimental Kubernetes autoscaler by Damian Peckett Damian's Reddit post Bang-bang control theory Bang-bang chicken Dell/EMC rack-in-a-box Jack-in-the-box The Hooli Box Platform9 now distributed by Promark But not Primark Episode 88, with Madhura Maskasky GKE security updates & defense-in-depth strategies Best practices for enterprise multi-tenancy with GKE Andrew Allbright contributes to Minikube Kubernetes Contributor Summit schedule announced That discount code again again again: KCEUGKP15 Links from the interview NVIDIA Graphics Processing Unit (GPU) Differences between CPU and GPU The math co-processor General-purpose computing on GPUs (commonly known as GPGPU) CUDA, with a C NVIDIA CUDA Zone CUDA C++ OpenGL and Vulkan, with a K Kubernetes on NVIDIA GPUs NVIDIA on Google Cloud Platform Device plugins for Kubernetes and scheduling GPUs NVIDIA device plugin Kubernetes on NVIDIA GPU documentation NDC Hub for drivers and containers NVIDIA EGX for Edge computing with Kubernetes Pramod's announcement blog Deep Learning Training vs Inferencing NVIDIA GPU operator Pramod Ramarao

We dive into the Linux kernel this week with guest Leonardo Di Donato, Open Source engineer at Sysdig. Leonardo works full-time on the Falco project, a runtime security engine that listens to the Linux kernel using eBPF - the extended Berkeley Packet Filter. Leonardo tells the hosts about the architecture of eBPF, how he has used it before and now, and what's coming up for Falco. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week University Challenge: can you guess the computer? Golf Peaks (Google Play, App Store) Desert Golfing News of the week Apache Flink v1.10 Linkerd v2.7 Azure Container Registry to require TLS 1.2 CPU limits and aggressive throttling in Kubernetes - Omio Engineering by Fayiz Musthafa from Omio Kiosk Reddit thread with Lukas Gentele Docker donates the cnab-to-oci library to cnab.io How-to Guide: Debugging a Kubernetes Application Nutanix Karbon 2.0 Childcare and COVID-19 at KubeCon EU That discount code again again: KCEUGKP15 Red Hat OpenShift is now available for IBM Z and LinuxONE Why Kubernetes on VMs? by Chip Zoller Securely Access AWS Services from Google Kubernetes Engine (GKE) Carbon Relay raises $63 million Links from the interview Traditional Linux tracing tools: perf and strace BPF and eBPF BPF paper by Steven McCanne and Van Jacobson eBPF: Alexei Starovoitov added the 'e' Express Data Path (XDP) bpftrace InfluxDB Cloud kubectl-trace The IO Visor project Sysdig Loris Degioanni, co-founder, CTO, and author of Wireshark Falco Sysdig and Falco now powered by eBPF Falco joins CNCF Sandbox and moves to incubation Upcoming KubeCon EU talks by Leonardo: Going beyond CI/CD with Prow Designing a gRPC interface for kernel tracing with eBPF Falco community: GitHub Docs Mailing list Notes about community calls Community call recordings Slack Leonardo Di Donato on Twitter

Peter Mattis is a creator of the CockroachDB open source database and co-founder and CTO of Cockroach Labs. His history in open source goes back to the creation of the GIMP image editor and UI toolkit Gtk at university in 1995, and his history at Google saw him work on storage and build systems. Hosts Craig and Adam ask him about all of the above. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Storm Ciara: Trampoline Leaves Big jets News of the week Docker Index Apache Aurora: Proposal to archive Summary from Stephan Erb New GitHub repo announcement containerd Project Journey Report Episode 71, with Derek McGowan CoreOS End-of-Life Fedora CoreOS Flatcar Linux Episode 79, with Chris Kühl Developing in Production by Will Sargent at Terse Systems Thanos Operator from BanzaiCloud Kubernetes sidecars in 1.18 Clear Linux OS now Certified Kubernetes Helm 3 in Real Life by Dawid Ziolkowski Kubernetes storage patterns by Nitish Tiwari Integrate Cloud Foundry with Kubernetes using the cf-operator and kubecf kubecf Deploying External OpenStack Cloud Provider with Kubeadm Frame.io Falco case study Supporting developers as they scale: a free Kubernetes eBook from DigitalOcean Register Now: KubeCon + CloudNativeCon EU Day Zero Events That discount code again again: KCEUGKP15 Links from the interview GIMP, the GNU Image Manipulation Program Pre-history GTK, the GIMP Toolkit Inktomi Episode 49, with Eric Brewer Colossus Bazel Square Acquires Ex-Googler Team Behind Viewfinder To Help Grow Its NYC Presence CockroachDB article Spanner and F1 papers CAP theorem Google Cloud Spanner Ticktock Networks and the HUYGENS paper Cockroach Labs Orchestration with Kubernetes Relicensing CockroachDB Business Source License Geospatial indexing CockroachDB on GitHub Peter Mattis on Twitter

GitLab is a single application DevOps platform, including source code management and CI/CD tools for targets including Kubernetes. The application itself runs on Kubernetes, including in its largest installation, the SaaS version at gitlab.com. Marin Jankovski is an Engineering Manager at GitLab, where he was Employee #1. He joins Craig and Adam to talk about migrating to Kubernetes, remaining a monolith, and the company value of radical transparency. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Little Free Libraries Original discussion Simon Weckert's Google Maps hack The canonical hand-cart Google responds News of the week CNCF TOC election results HPE acquires Scytale Episode 45, with Andrew Jessup CNCF announces KubeCon EU schedule The actual schedule That discount code again: KCEUGKP15 Run Windows Server Containers on GKE Episode 70, with Patrick Lang New Google Cloud certifications address the cloud skills gap Cisco Hyper-Accelerates Applications in a Hybrid Multicloud Hyper-World Updates to Google's partnership with Cisco AKS 2020-01-27 release AWS Container Security Survey by Michael Hausenblas Infra.app A bit of Istio before tea-time by Alex Ellis Loan a cloud IP to your minikube cluster Building containers without Docker Building a Linux Desktop for Cloud Native Development The Long Dark Tea-Time of the Soul etcd blog on being tested by Jepsen Jepsen blog on testing etcd How Fluentd collects Kubernetes metadata by Brady Zuo Troubleshooting Kubernetes OOM by Carlos Arilla DNS Lookups in Kubernetes by Karan Sharma Community collaboration on Notary v2 by Justin Cormack CNCF Speaker's Bureau: a great resource MayaData raises $26m Episode 56, with Evan Powell Links from the interview Marin Jankovski's README GitLab Product features All remote company Radical transparency Postmortem of 2017 database outage Advantages of a single application Community and Enterprise Editions GitLab Open Source GitLab's unconventional journey to CI/CD and Kubernetes Deployment to Kubernetes added in 2016 GitLab's journey to GCP GitLab Serverless Tanuki logo The old logo was.. "threatening" Crossplane integration with GitLab Marin on GitLab

Madhura Maskasky is co-founder and VP of Product at Platform9, a company who manage both OpenStack and Kubernetes. She talks to Adam and Craig about the transition from VMs to containers, why OpenStack is still relevant, and what they have to do to be able to offer a 99.9% SLA on cloud-native applications. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Bad news from both Australia Day and Chinese New Year Schitt's Creek News of the week VMware: Introducing Project Nautilus VMware Fusion on GitHub Google Cloud Config Connector Octarine open-sources the Kubernetes Common Configuration Scoring System (KCCSS) and kube-scan KubeNav, by Rico Berger Permission Manager by SIGHUP KubeInvaders: gamified chaos engineering Whack-a-Pod Kubernetes DOOM CSI inline ephemeral volumes Reviewing 2019 in Kubernetes docs Episode 5, with Zach Corleissen and Jared Bhatti CSI driver support for Dell/EMC Isilon CNCF annual report Sign up for KubeCon EU and get 15% off with discount code KCEUGKP15 TriggerMesh receives $3m seed funding Episode 28, with Sebastien Goasguen AWS lowers EKS price Links from the interview Platform9 Managed Kubernetes Managed OpenStack kubevirt Webinar recording: KubeVirt – Beyond Containers: Coming full circle back to VMs! OpenStack Ironic Cluster API Thick Edge and thin Edge Managed Apps with 99.9% SLA Kubernetes in Production: Operating etcd with etcdadm etcdadm etcd Operator 6 Enterprise Kubernetes Takeaways from KubeCon 2019, San Diego, and 5 from Barcelona before it Platform 9 and 3/4 Platform9 on Twitter Madhura Maskasky on Twitter

Self-driving cars need self-driving backend infrastructure. Karl Isenberg is the tech lead & manager of the platform team at Cruise, a self-driving car company backed by GM and Honda. He joins hosts Craig and Adam to discuss two years of running multitenant Kubernetes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Patch Critical Cryptographic Vulnerability in Microsoft Windows Clients and Servers Interpretive meme version Support for Windows 7 has ended: don't use it for internet banking Stefanie Stuber's uncommon The Voice performance News of the week Kubernetes bug bounty announcement, funded by the CNCF GKE CIS Benchmarks deliver security best practices Octopus: how Kyma does integration testing in Kubernetes Elastic Cloud on Kubernetes (ECK) now GA Red Hat OpenShift v4.3 now almost GA Fedora CoreOS now GA Istio as an Example of When Not to Do Microservices by Christian Posta Backyards 1.1 from Banzai Cloud k3c from Darren Shepherd at Rancher Labs Episode 57, with Darren Shepherd Continuous GitOps by Arun Ramakani Werf 1.0 by Flant New Anthos training from Google Cloud Dauntless case study KubeDR by Catalogic Kubernetes on MIPS by Inspur Links from the interview Cruise We Need To Move Beyond The Car, by CEO Dan Ammann Lombard St Karl's KubeCon talk Slides Video Managing Kubernetes RBAC Groups by Stephen Day RBACSync on GitHub Open-Sourcing Isopod: An Expressive DSL Framework for Kubernetes Configuration by Charles Xu and Dmitry Ilyevskiy Isopod on GitHub Building a container platform at Cruise: Part 1: Overview by Karl Part 2: Security by Karl and Mike Ruth Part 3: Networking by Karl and Buck Wallander Cruise's blog Karl Isenberg on Twitter

What do you do next when you have over 150 patents to your name? Write a book, of course! Lin Sun is a Senior Technical Staff Member and Master Inventor at IBM, where she has spent the past 14 years doing software engineering in areas including cloud and open technologies. She has worked on the Istio service mesh since 2017, and is on the Istio steering and technical oversight committees. Lin joins Adam and Craig to discuss invention, making Istio easier to use, and how being a mother has impacted both. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Snow in Seattle News of the week Tanka, from Grafana Hacker News commentary Jsonnet ksonnet archived Configula, from Brendan Burns Caligula, from Rome Falco moves to the CNCF incubator Falco's biggest hit, Rock Me Amadeus CKAD is now valid for 3 years Contour 1.1.0 Getting serious about open-source security by Dan Lorenc Episode 39, with Dan Lorenc Designing and Building HA Kubernetes on Bare-Metal AKS Latency and performance/availability issues due to IO saturation and throttling under load Kubernetes Networking Demystified by Karen Bruner at StackRox How to Give Developers Access to Kubernetes During Development by Daniel Thiry How to deal with computing resource cost for Kubernetes-based development Key metrics for monitoring Istio from Datadog Deploying multiple Istio Ingress Gateways by Peter Jausovec Big Prometheus by Clay Smith from Monitoring Monitoring Breaking Changes in Helm 3 (and How to Fix Them) by Jack Morris Security advantages of pull-based CD pipelines by Alex Kaskasoli Zero touch authentication on Kubernetes by Peter Wilcsinszky at BanzaiCloud Vault replication across multiple datacenters on Kubernetes by Nandor Kracser OpenStack's Complicated Kubernetes Relationship by Mike Vizard of ContainerJournal Kubernetes 1.15 security changes in GKE KubeCon + CloudNativeCon NA 2019 Transparency Report Zendesk case study Links from the interview IBM Master Inventor Lin's patents Her favorites: Analyzing email content to determine potential intended recipients Ensuring a desired distribution of content in a multimedia document for different demographic groups utilizing demographic information Istio announcement blog and GlueCon talk from 2017 Lin at the IBM Cloud CTO Office IBM Research IBM Cloud, formerly known as Bluemix Bluemix Service Proxy Amalgam8 Envoy Istio 1.1, the "9 months" release The Sidecar resource, which lets you scope which services are known by a given sidecar to reduce resource usage Release cadence Istio 1.4 Mutual TLS New 1.4 features: Auto-mutual TLS client-go library istioctl analyze Requirement to declare containerPort removed in 1.3, automatic protocol selection added User Experience working group istioctl add-to-mesh istioctl describe-pod istioctl install Steering committee Technical oversight committee istiod Istio as an Example of When Not to Do Microservices by Christian Posta Minion cluster mode Istio Explained, by Lin and Dan Berg kui and iter8 Lin Sun on Twitter

Five years ago, Clayton Coleman took a bet on a new open source project that Google was about to announce. He became the first external contributor to Kubernetes, and the architect of Red Hat's reinvention of OpenShift from PaaS to "enterprise Kubernetes". Hosts Adam Glick and Craig Box return for 2020 with the story of OpenShift, and their picks for Game of the Holidays. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Arrods Minesweeper Kaboom Simon Tatham's Mines Snake NIBBLES.BAS AI playing Snake News of the week Google describe its BeyondProd cloud native security paradigm: BeyondProd: How Google moved from perimeter-based to cloud-native security BeyondProd whitepaper Protecting programmatic access to user data with Binary Authorization for Borg Binary Authorization for Borg whitepaper Episode 8 with Maya Kaczorowski VMware completes acquisition of Pivotal Coverage at SiliconAngle and ContainerJournal Chaos Mesh from PingCap Episode 82 with Ana Medina Global access for internal load balancers now available on GKE Calico 3.11 CrunchyData Postgres Operator 4.2 kubectl tree Episode 66 with Ahmet Alp Balkan and Luk Burchard kubelive Consistent OIDC authentication across multiple EKS clusters Operating your BBQ meat smoker or your Christmas tree with Kubernetes Vendors make a splash in 2019 service mesh implementation rush 2019 Kubernetes certificate outage by Victor Adossi The poor state of Kubernetes horizontal pod autoscaling according to Wander Hillen Predictions and looks-back: opensource.com: 5 predictions for Kubernetes in 2020 SDXCentral: Kubernetes Opportunities, Challenges Escalated in 2019 DataCenterKnowledge: A Hyperconvergence Progress Report: Has Kubernetes Stolen the Show? IDG Connect: Kubernetes: the tech to take centre stage in 2020 SiliconAngle: Predictions 2020: Cloud, Kubernetes and cybersecurity will rule Forbes contributor: What Do Customers Want From The Kubernetes Ecosystem In 2020 The Enterprisers' Project: 5 Kubernetes trends to watch in 2020 TechRepublic: Cloud computing in 2020: Predictions about security, AI, Kubernetes, more Christopher Tozzi: 4 ways Kubernetes could be improved Farewell from Kontena Links from the interview Red Hat OpenShift Why Red Hat chose Kubenretes for OpenShift by Joe Fernandes Early history of OpenShift Comparing OpenShift v2 and v3 Health checks OpenShift differences from Kubernetes: DeploymentConfig Builds Docker registry Routes Don't turn off SELinux! CoreOS Clayton in his CoreOS t-shirt Tectonic The Operator model CoreOS acquired by Red Hat What's new in OpenShift v4 Operator Framework and operator-lifecycle-manager Red Hat acquired by IBM Linux at IBM in the 90s The blonde kid PowerLinux PodDisruptionBudget Clayton Coleman on Twitter

Martin Mao and Rob Skillington are co-founders of Chronosphere; CEO and CTO respectively. They both worked on the monitoring team at Uber, where they created M3: a metrics platform with an open source time-series database built for scale. They join Craig and Adam to talk about monitoring, metrics and M3 on the last episode of 2019. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Test message from Delta Airlines News of the week CSI migration and CSI volume snapshots AKS Private Clusters in preview GKE maintenance Windows and exclusions is GA Google Cloud E2 VMs: introduction and understanding dynamic resource management New features in Cloud Run for Anthos Best practices for performing forensics on containers Infrastructure at Cliqz, and introducing Hydra Envoy CVEs Istio security bulletin The Top 3 Service Mesh Developments in 2019 by Zack Jory Istio Service Mesh Explained in 5 Minutes by Ram Vennam Ambassador Edge Stack Solo.io WebAssembly Hub Episode 55, with Idit Levine Kafka Envoy Protocol Filter Talos 0.3 beta AutoTiKV tuning OpenPolicyAgent's KubeCon recap Episode 42, with John Murray A first look at Antrea from Alex Brand TODO: read this article by Patrick DeVivo Does Testing Kubernetes Conformance Leave You in the Dark? Get Progress Updates as Tests Run by John Schnake Demystifying Kubernetes as a Service – How Alibaba Cloud Manages 10,000s of Kubernetes Clusters How Jaeger Helped Grafana Labs Improve Query Performance and Root Out Tough Bugs Adopting Kubernetes at Quora by Taylor Barrella, CNCF announces schedule for Bengaluru/Delhi Forums Links from the interview M3 website M3: Uber's Open Source, Large-scale Metrics Platform for Prometheus Before: Graphite and its Whisper database Prometheus Why pull rather than push? AlertManager PromQL RRDtool M3 on GitHub: open source from the start Chronosphere Rob's 2019 KubeCon's talks: EU: M3 and Prometheus, Monitoring at Planet Scale for Everyone NA: Deep Linking Metrics and Traces with OpenTelemetry, OpenMetrics and M3 Twitter: Rob Skillington Martin Mao M3 Chronosphere

Hop on the release train for the fourth and final Kubernetes release for 2019. Release manager Guinevere Saenger joins Adam and Craig. to discuss how a classically trained pianist has a second act as a Kubernetes release team lead. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Craig plays the Oculus Quest: Superhot Epic Roller Coasters Beat Saber Keep Talking and Nobody Explodes Adam sees a play Six News of the week Kubernetes 1.17 is out! Volume snapshot in Beta EKS on Fargate now generally available Tech thread from Onur Filiz Interview with AWS CEO Andy Jassy CNCF DevStats Azure Application Gateway ingress controller launched CloudBees CI/CD SaaS in preview Anthos is CRN's Hybrid Cloud product of the year Troubleshooting Deployments by Daniele Polencic UNIVAC schematics Building large Kubernetes clusters at LINE CNCF TOC structure and elections uSwitch case study Making audit logging a viable practice again by Nitzan Niv Links from the interview Collaborative piano Ada Developers Academy (The LSAT is the Law School Admission Test) Ruby on Rails Samsung SDS Cloud Native Computing Team Kubernetes at GitHub GitHub Metal Cloud #hugops SIG Contributor Experience Episode 46, with Aaron Crickenberger Guinevere speaking at KubeCon about new contributions "Complaning about how hard it was to contribute" led to the Contributors Guide Episode 10, with Josh Berkus and Tim Pepper Kubernetes 1.17 enhancement tracking sheet Dual-stack IPv4 and IPv6 What happened to IPv5? Poor old sidecar containers slipped again KubeCon 2019 NA Contributors' Summit Hats 1.17 release team 1.18 leads have been announced Release team shadow program Release engineering Guinevere Saenger on Twitter

Chaos Engineering is the discipline of experimenting in identifying potential areas of failure before they express themselves in outages. Ana Margarita Medina is a Chaos Engineer and Developer Advocate at Gremlin, a chaos-as-a-service vendor that recently added Kubernetes support. She talks to Adam and Craig about the discipline, and her journey to it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Shopify's Black Friday Craig's Black Friday News of the week AWS announcements: Managed node groups EventBridge support in ECR Sagemaker operators for Kubernetes Eirini 1.0 is here Security considerations for GKE by Maya Kaczorowski Episode 8. with Maya Kaczorowski Managing a multi-site Cassandra cluster on multiple Kubernetes with CassKop / MultiCassKop by Seb Allamand Run Ansible Tower or AWX in Kubernetes or OpenShift with the Tower Operator by Jeff Geerling Everything I know about Kubernetes I learned from a cluster of Raspberry Pis by Jeff Geerling Prometheus OpenMetrics Integration Develop a Kubernetes controller in Java by Min Kim and Tony Ado Running Kubernetes locally on Linux with Microk8s by Ihor Dvoretskyi and Carmine Rimi Episode 21, with Ihor Dvoretski Episode 60, with Mark Shuttleworth Linux Foundation Cyber Monday sale Barrons says Kubernetes is the future of computing by Tae Kim Links from the interview Chaos Engineering Chaos Engineering: the history, principles, and practice Chaos Monkey Netflix Simian Army Fuzzing Site reliability engineering Google DiRT testing Video: 10 years of crashing Google by Kripa Krishnan Ana's re:Invent talk Reggaetón #hugops Chaos Engineering Slack Gremlin Gremlin Free What is a Gremlin? The Gremlins (Roald Dahl book) Gremlins (1984 film) Ana Margarita Medina on Twitter

Vitess is a cloud native database clustering system for horizontal scaling of MySQL. It was built for YouTube, open sourced, and has recently graduated from the CNCF. Two members of the team who wrote and ran Vitess at YouTube, Jiten Vaidya and Sugu Sougoumarane, are CEO and CTO of PlanetScale; a company they founded to support Vitess commercially. They join Craig and Adam to talk databases. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Our meetup at KubeCon The WeWork booth at KubeCon You Must Build A Boat You Have To Win The Game News of the week Anthos news from Next UK Multi-cluster management with Anthos GitLab Serverless with Cloud Run for Anthos Project Antrea from VMware Managed Istio GA on IBM Kubernetes Service IBM open sources developer tools Kui and iter8 Episode 47 with Kim Lewandowski Solo.io introduces Autopilot Hubble, from Cilium ByteBuilders introduces Kubeform Cloudbees adds Jenkins X UI to their community distribution Juniper updates Contrail Slack Vitess case study Debugging network stalls on Kubernetes by Theo Julienne at GitHub Volterra's control plane for distributed PaaS Gravitational takes $25m investment Datadog's 2019 container report Aqua Security acquires Cloudsploit CNCF 2019 award winners Episode 72 with Lachlan Evenson Episode 77 with Katharine Berry Links from the interview Vitess About Jiten and Sugu Graduated from the CNCF Database shards Vitess history YouTube acquired by Google in 2006 Go; 10 years old Google storage systems: Bigtable Colossus Scaling MySQL in the cloud with Vitess and Kubernetes and Cloud Native MySQL Sharding with Vitess and Kubernetes by Anthony Yeh, Google Cloud Case studies: Stich Labs, Hubspot, JD.com Vitess at KubeCon: Vitess: Stateless Storage in the Cloud by Sugu Sougoumarane Geo-partitioning with Vitess by Deepthi Sigireddi and Jiten Vaidya How to Migrate a MySQL Database to Vitess by Sugu Sougoumarane & Morgan Tocker Gone in 60 Minutes: Migrating 20 TB from AKS to GKE in an Hour with Vitess by Derek Perkins from Nozzle Postgres support PlanetScale Announcing PlanetScale's CNDb The name Voltron Strong Bad's advice on naming things Jiten Vaidya and Sugu Sougoumarane on Twitter

Catch all the news (and there is a lot of it!) from KubeCon NA 2019 in this week's show. We then talk to Vicki Cheung, the conference co-chair, and an Engineering Manager running Kubernetes infrastructure at Lyft. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Docker sells its enterprise business: Mirantis press release Docker press release New Google Kubernetes Engine features: Preemptible VMs support is GA Node auto-provisioning is GA Vertical Pod Autoscaling is GA Batch on GKE is in Beta Surge upgrades are in Beta Google Cloud Run is GA Microsoft news: Secure enclave support in AKS Engine Azure Container Registry adds repository scoped permissions Kubernetes Event-Driven Autoscaling (KEDA) is 1.0 GitHub Actions for CNAB bundles & CNAB controller for Kubernetes Episode 61, with Jeremy Rickard and Ralph Squillace Helm 3 released, for real! Istio 1.4 released GitHub Octoverse Top and Trending Projects Kubernetes Security Announcement: CSI sidecar vulnerability Red Hat open-sources Quay and launches CodeReady Workspaces v2 VMware launches Crash Recovery and Enterprise PKS v1.6 CNCF announcements: 500 members New Platinum members: Arm, NetApp and Palo Alto Networks New Gold members: Equinix and Fidelity Investments Over 100 certified Kubernetes distributions Announcement of CNCF jobs board Datadog: Introducing Network Performance Monitoring 2019 Container Report What's next for monitoring in Kubernetes? Gremlin launches chaos engineering for Kubernetes O'Reilly acquires Katacoda Kubernetes.io interactive training Mayadata adds Mayastor engine to OpenEBS PlanetScale launches CNDb Rancher announces k3s GA and Rio is in Beta Episode 57, with Darren Shepherd Cloud Native Security Hub from Sysdig Pipeline 2.0 Tech Preview from Banzai Cloud Episode 59, with Janos Matyas Clustered Microk8s from Ubuntu Episode 60, with Mark Shuttleworth Weave Flux and Argo CD join forces Portworx launches PX-Backup and PX-Autopilot Pulumi launches Crosswalk for Kubernetes, kx and .NET Core support Episode 76, with Joe Duffy Snyk Container Gloo 1.0 from Solo.io Episode 55, with Idit Levine Clusterman from Yelp adds Kubernetes Building Secure Reliable Systems book, new from Google Cloud A-Z Round: A10 Networks announced a Blueprint for automation of the Polynimbus secure application service Agile Stacks announced KubeFlex to aid in deploying and managing Kubernetes clusters in data centers and at the edge Alibaba Cloud released version alpha2 of the Open App Model Altinity announced their production-ready Kubernetes operator for ClickHouse data warehouses Aporeto launched new identity federation capabilities for Kubernetes and Istio Arrikto announced that MiniKF is now available on the GCP Marketplace Amazon has published a cost optimization guide for Kubernetes on AWS Buoyant launched Dive, a SaaS "team control plane" for Kubernetes clusters Chronosphere added tracing capabilities Containous launched a new Ambassador Program to reward and support Traefik community members Datawire announced a tool for automatic HTTPS for Kubernetes Ingress in Ambassador DeployHub announced the release of version 9.0 of their publishing and configuration offering DigitalOcean announced a Container Registry and a Kubernetes section in their 1-click apps market Fairwinds launched a new open source-as-a-service platform Insights, and Astro, a product for managing monitors in a dynamic environment Hammerspace announced a persistent data protection offering for Kubernetes Humio added streaming log management capabilities to their IBM Cloud Pak Hyscale has announced the open-sourcing of their app deployment tool Instana added support for Rancher Kublr announced Multi-Site Orchestration in Kublr 2.0 is now in Private Preview LINBIT announced Piraeus Datastore, a Software-Defined Storage offering for Kubernetes Maestro, from Cloud66, released a Kubernetes management tool for multi-cluster management Mattermost introduced ChatOps, an open source projects for real-time DevOps NetFoundry announced a programmable networking platform for apps at the edge NeuVector announced a Security Policy as Code tool for Kubernetes NS1 expanded their suite of integrations Opsani AI announced precision tuning for autoscalers Oracle announced Oracle API Gateway, Oracle Logging, and Kafka Compatibility for Oracle Streaming Redis Labs introduced RedisInsight Rookout announced a hybrid Kubernetes debugger for DevOps teams SignalFX announced Kubernetes Navigator to provide AI-driven insights StorageOS announced the release of version 1.5 Styra announced new features for their Compliance for Kubernetes tool Trilio announced support for TrilioVault on OpenShift Turbonomic announced Lemur, a New, Free, Observability Tool for developers Wallarm launched support for Envoy proxy and Envoy API protection with their SaaS Security product WhiteSource announced native integ

Due to overwhelming submission numbers, 85% of talks proposed to KubeCon are rejected. Cloud Native Rejekts, a two-day community conference immediately before KubeCon, gives a second chance to some of those talks. Chris Kühl is CEO and co-founder of Kinvolk, a Berlin-based Linux company, who organise events including Cloud Native Rejekts. Hosts Adam and Craig ask him about this, and somehow the discussion includes both Pearl Jam and Mötley Crüe. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Listener meetup at KubeCon: 1.30pm at the Google Cloud Lounge Pineapple Lumps and Jaffas Adam's TV recommendation of the week: The Expanse News of the week Skaffold is now GA Episode 6 with Matt Rickard VMware Tanzu updates from VMworld Europe Chronosphere founded with $11m investment to commercialise M3 Vitess graduates CNCF and releases v4.0 Azure Monitor Prometheus integration is now GA Quarkus 1.0rc Knative v0.10 Pachyderm Hub: 'Kubernetes as a Service' as a Service D2iQ Kommander Cruise releases security tool k-rail Kasten K10 v2.0 Helm security audit results Kubernetes: Grokkin' the Docs Rancher releases container industry survey results Prometheus: CNCF project journey report Tim Hockin draws the kube-proxy iptables stack (direct link) Episode 41, with Tim Hockin Monzo builds network isolation for 1,500 services CFP for Google Cloud Next Links from the interview GNOME Planet GNOME gnome-system-monitor Kinvolk rkt CoreOS Container Linux Flatcar Container Linux Kinvolk announcement CoreOS acquired by Red Hat Kinvolk offer support for Flatcar Container Linux Omaha and Nebraska CoreRoller Cloud Native Rejekts B-side conferences Rejects.JS A- and B-side Yellow Ledbetter A look back at the first Cloud Native Rejekts in Barcelona All Systems Go conference 40 talks at this week's Cloud Native Rejekts Get a ticket See Tim Hockin's talk: "We've Made Quite a Mesh" Rock dots Chris Kühl on Twitter

KUDO is the Kubernetes Universal Declarative Operator, a toolkit for writing operators for Kubernetes. Gerred Dillon works on KUDO at D2IQ, formerly Mesosphere, and joins Craig and Adam to discuss KUDO, how Mesos frameworks relate to Kubernetes operators, and taking care of chickens. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Little Free Libraries Top moments of 50 years of the Internet by Vint Cert Television network news in NZ 50 years old History of TV in NZ News of the week Sysdig container usage report Longhorn donates to the CNCF Crossplane 0.4 Helm v3.0.0-rc.2 Episode 11 with Vic Iglesias CloudEvents reaches 1.0 Data Center Knowledge: What service meshes are, and why Istio is leading the pack Backyards 1.0 Contour 1.0 Envoy 1.12 New encryption options for Google Kubernetes Engine Azure services now run anywhere with new hybrid capabilities: Announcing Azure Arc ZDNet and TechCrunch coverage Brendan Burns' explainer videos CNCF news: AlphaSense case study TiKV on building a distributed storage system CNCF meetup program SIG Docs survey results Better Kubernetes networking with Knative by Ahmet Alp Balkan Episode 66, with Luk Burchard and Ahmet Alp Balkan Why you don't have to be afraid of Kubernetes by Scott McCarty Brad Childs has passed away Links from the interview D2IQ (formerly Mesosphere) Apache Mesos Mesos frameworks Marathon DC/OS DC/OS Commons KUDO Controllers Operator pattern Kubebuilder Operator SDK Omakase: Japanese for "I will leave that up to you" Tasks Getting started with KUDO Metacontroller Proposal to move under Kubebuilder Vitess operator Tekton Helm D2IQ's Konvoy distribution of Kubernetes Operators using KUDO: Kafka Cassandra Spark OpenEBS operator Lightbend templates for Akka KUDO proposed to the CNCF CNCF SIG Application Delivery Gerred's KUDO webinar for the CNCF Contributing to KUDO KUDO Slack Gerred's bio Dry brining a chicken Gerred Dillon on GitHub

Katharine Berry works in the Engineering Productivity team at Google Cloud, and works in SIG Testing on the Kubernetes project. She joins Adam and Craig to discuss Prow, Pebble and ponies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week SkyCity Convention Centre Fire A nice dinner out after a conference England knock NZ out of the Rugby World Cup Cards Against Humanity to open a restaurant The Holiday Hole News of the week GKE Release Channels are in Beta GKE usage metering is GA: use it to combat over-provisioning Episode 40 with Madhu Yennamani A new guide for PCI-DSS compliance on GKE Exploring container security: Vulnerability management in open-source Kubernetes Episode 34 with Jordan Liggitt Episode 17 with Jon Pulsifer HPE are set to deliver a Kubernetes platform for data analytics and ML How to bulid a kubectl plugin by Jonas-Taha El Sesiy Episode 66, with Luk Burchard and Ahmet Alp Balkan NVIDIA Aerial framework Red Hat partnership GPU Operator Red Hat releases OpenShift Container Storage 4.2 Kontena Lens 2.3 released New Octant.dev website and v0.8.0 Zoho Catalyst and coverage from Container Journal Links from the interview Pebble smartwatch Original $10m Kickstarter Sold to Fitbit Rebble Web Services and the Rebble Alliance What Rebble replaces How Pebble Users Are Keeping the Smartwatch Alive 3 Years After It Supposedly Died Google Engineering Productivity Kubernetes SIG Testing Prow The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience by Aaron Crickenberger and Ben Elder Prow: Keeping Kubernetes CI/CD Above Water Now in Jenkins-X Tests are moving to kind Episode 69 with Ben Elder The Kubernetes Prow instance Spyglass Flaky tests Automating away the test-infra role Episode 72 with Lachlan Evenson Testgrid Automating Slack Episode 74 with Jorge Castro Closed due to attacks Tempelis SIG Testing on Slack The pink pony Generative adversarial network AI generated ponies Katharine Berry on Twitter Katharine's web site

Joe Duffy is the founder and CEO of Pulumi, an open-source cloud development platform. He joins Adam and Craig to explain why a general purpose programming language is a better tool for cloud infrastructure than a domain-specific language (or YAML), and how you can use Pulumi to provision cloud infrastructure and Kubernetes resources alike. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week DevOpsDays Auckland Craig's talk In which 32 bit apps don't work on macOS Catalina News of the week Dapr, OAM and Rudr Announcing Dapr, the Distributed Application Runtime Dapr homepage Announcing the Open Application Model Open App Model Ship without a Rudr's like a ship without a Rudr's like a ship without a Rudr Red Hat introduces OpenShift 4.2 Goldilocks from Fairwinds Ubuntu 19.10 Episode 60 with Mark Shuttleworth Introducing SPIRE 0.8.2 Episode 45 with Andrew Jessup Istio performance improvements noted by Pablo Moncada Isla Graboid: first cryptojacking worm for Docker found by Unit42 Analysis of two Kubernetes vulnerabiltiies by Palo Alto Networks Harbor 1.9 CNCF announces schedules for Forums in Seoul and Sydney Container Platform Networking at Cruise by Karl Isenberg and Buck Wallander Sugarkube and cattle clusters Links from the interview Pulumi Joe Duffy's blog: Hello, Pulumi! Journey to Pulumi 1.0 WPF (Avalon) and WCF 10 Years of DevOpsDays Comparisons of Pulumi vs other platforms TypeScript Dark programming language Three business models of Open Source by Peter Levine and Jennifer Li $ for enterprises and free community edition AWS and Elasticsearch Inc. Pulumi on GitHub Joe Duffy and Pulumi on Twitter

cert-manager is a certificate management toolkit for Kubernetes, commonly used to get TLS certificates from Let's Encrypt. Project founder James Munnelly of Jetstack joins hosts Craig and Adam to explain how how certificates are issued and managed, and how cert-manager automates it all. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Fast food-themed entertainment: Wendy's Feast of Legends role-playing game KFC dating simulator Burger King Games M.C. Kids Taco Bell's Tasty Temple Challenge The McDonalds board game KFC virtual escape room training Soda-themed entertainment: Cool Spot Pepsi Invaders Mad Mix: The Pepsi Challenge Stranger Things 3: The Game News of the week Rancher 2.3 released Episode 57, with Darren Shepherd Windows container support and Rancher 2.3 Amazon EKS now has Windows containers generally available Episode 70, with Patrick Lang New on DigitalOcean Kubernetes Service: cluster autoscaling Elastic Cloud on Kubernetes v1.0.0-beta1 released MuleSoft releases AnyPoint Service Mesh Container Journal interview Linkerd 2.6 A guide to distributed tracing with Linkerd Trackman, open source step-workflow tool from Cloud 66 Puppet announces public beta of Project Nebula KubeCon NA 2019 contributor summit schedule announced Kubernetes patterns for capacity planning by Mohamed Ahmed How Booz Allen Hamilton is helping modernize the Federal Government with Kubernetes Flant.com compares 11 ingress controllers for Kubernetes How Zalando manages over 140 Kubernetes clusters by Henning Jacobs Cluster API Simplifies Execution and Powers Projet Pacific at VMware Grant Shipley moves from Red Hat/IBM to VMware Kubernetes Wild West video game SUSE moves on from OpenStack and doubles down on Kubernetes SAP to make HANA database available on Kubernetes Links from the interview Jetstack The two Matts: founders Matt Bates and Matt Barker James's Jetstack bio cert-manager Docs Co-evolved with kube-lego by Christian Simon How TLS encryption works: x509 for public key certificates Chains of trust Certificate authorities and root certificates Episode 60, with Mark Shuttleworth, founder of Thawte LetsEncrypt How it works ACME protocol HTTP-01 and DNS-01 validation cert-manager concepts: Issuers and Certificates Self-signing issuers Kubernetes and webhooks: Validating webhooks require TLS Kubebuilder supports cert-manager Chicken-and-egg problem for validating webhooks Conversion webhooks Mirror/static pods Kubernetes ingress quick-start tutorial Different solver types The ingress-shim controller Other issuer options: Vault, internal CA, CertificateRequests Lets Encrypt is blocking old cert-manager versions Edge cases where retry looping would start v0.11 release notes Upgrading to v0.11 Getting involved: cert-manager and cert-manager-dev Slack channel Bi-weekly community call cert-manager on GitHub James Munnelly on Twitter

Jorge Castro is a community manager employed by VMware to help keep the Kubernetes project running smoothly. He joins Adam and Craig to talk about the programs run by SIG Contributor Experience, the difference between supporting contributors and end users, and the recent steering committee election. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The Jordan Luck Band The Exponents Snippets from Who Loves Who The Most, Victoria and Why Does Love Do This To Me News of the week Kubernetes Steering Committee election results Envoy proxy journey report October updates to the StackRox Security Platform Protecting Kubernetes against a Billion Laughs attack by Stackrox Billion laughs attack on Wikipedia Open Source in VMware Tanzu Project Contour moves IngressRoute to HTTPProxy Sloop from Salesforce Kontena Lens: free desktop app GKE master on-prem routing AKS managed identity Envoy proxy perforamcne on Kubernetes by Ambassador Announcing Kubernetes Community Days WeaveWorks GitOps Manager and WKSctl Transmogrify Kubernetes APIs by David Young Links from the interview About Jorge Castro 11th Armored Cavalry Regiment John Wick horse scene (Ok, Bradley Fighting Vehicles, not horses) From Ubuntu to Heptio Community episodes & community managers: Episode 27 with Sarah Novotny Episode 1 with Paris Pittman Kubernetes Slack bot Contributor Experience properties: YouTube Office hours (and calendar) Meet our Contributors Kubernetes subreddit Kubernetes Users mailing list - now archived discuss.kubernetes.io Ask Ubuntu SIG Contributor Experience End user content: KEP for setting up discuss.kubernetes.io Proposal with steering for end user committee Kubernetes Failure Stories Kubernetes tag on Stack Overflow Bots fixing bugs, merging and celebrating with no humans needed Humans Need Not Apply WG Kubernetes Infrastructure Kubernetes Steering Committee 2019 Steering committee election Election process: no electioneering Condorcet method Three "chop wood/carry water" winners were elected Jorge himself was also a recipient! Self-organised community: "Kubeyland" Disneyland trip Cloud Native Rejekts Jorge and his many friends all hang out on #sig-contribex on Slack and the kubernetes-sig-contribex mailing list Jorge Castro on Twitter

Daniel Smith is co-Chair and co-TL of SIG API Machinery, as well as TL of the corresponding Google team. Daniel has been working on Kubernetes since before it was open sourced, and is one of the top overall contributors to the codebase. He joins Adam and Craig to discuss CRDs and extensibility. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Old Man's Journey Rocketman Funeral For A Friend/Love Lies Bleeding Aladdin (2019) Aladdin (1992) News of the week Kubevirt joins the CNCF KubeCon San Diego Contributor Summit ServiceMeshCon 2019 schedule announced GKE Intranode Visibility #KUBE100; hosted k3s from Civo k8s vs k3s by Andy Jeffries Docker: Designing your first application on Kubernetes Docker raising funds IBM launches Apache CouchDB operator 90% of all PaaS and SaaS on IBM Cloud is on Kubernetes Kubecost: Requests and Limits by Webb Brown Kubeadvisor 1.0 from Magalix Kubernetes Liveness Probes are Dangerous! by Henning Jacobs Links from the interview DevStats says Daniel is number 2 or number 3 contributor to Kubernetes, in either case just behind Tim Hockin from Episode 41 Either way, someone is wrong on the Internet! Carina star constellation and having to rename it from that The Kubernetes API API Machinery First proposal for API plugins - issue 991! Third party resources (deprecated in 1.7) Operator packaging Custom Resources Moving TPRs to CRDs by Nikhita Raghunath API Aggregator Extension via webhooks 1.15 release blog talks about CRD extensibility Daniel's KubeCon talks: Life of an API Request (slides) The hand-drawn trilogy: Kubernetes-Style APIs of the Future (slides) A Vision For API Machinery: Coming to Terms with the Platform We Built (slides) The Kubernetes Control Plane for Busy People Who Like Pictures (slides) The Nut That Ties Everything Together Daniel Smith on Twitter

Kubernetes 1.16 is out, and our guest this week is its release manager, Lachlan Evenson. Lachie is a Principal Program Manager at Microsoft and an Australian living in the US; Craig and Adam are therefore method-interviewing, being this week in those two countries respectively. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week New Zealand: man brings clown to redundancy meeting Cloud Summit Sydney and APIdays Melbourne News of the week Kubernetes 1.16 is released Traefik 2.0 Announcing .NET Core 3.0 gRPC on .NET Core GKE Container Native Load Balancing now GA Google makes €3 billion of data center investment CloudARK's 5 takeaways from the Helm Summit Crossplane 0.3 Agones 1.0.0 Episode 26 with Cyril Tovena and Mark Mandel Spire TPM plugin from Bloomberg Episode 45 with Andrew Jessup Azure: EKS now GA in Government regions Egress lockdown now GA AKS Periscope open source released Monitor your Google Anthos clusters with the Sumo Logic Istio app Google Cloud Build named a Leader for Continuous Integration in the Forrester Wave Banzai Cloud updates Logging Operator and Istio Operator The problem with Cloud Native by Quentin Hardy of Google Cloud Citrix integrates its ADC portfolio with Istio ContainerShip shuts down Links from the interview Prison England Lithium Technologies Kubernetes 1.0 launch roster CrashLoopBackOff Helm Classic Deis acquired by Microsoft Deis Labs Episode 61, with Jeremy Rickard and Ralph Squillace Phippy and Captain Kube Childrens Illustrated Guide to Kubernetes 1.16 release blog What Lachie is excited about: Dual stack IPv4/IPv6 Endpoint slices What he's looking at in Alpha: Ephemeral containers Distroless What slipped: Sidecar containers Breaking old APIs in Kubernetes 1.16 Deprecation policy 1.16 release team Emeritus Advisors KubeCon San Diego session on shadowing in releases Kubernetes 1.17: run by women Removing the Test-Infra release role Release notes from annotated PRs Community retrospective Release mascots: 1.16 Release patch 1.11 1.14 Olive Garden When you're here, you're family History of the breadstick Cutting people off from unlimited breadsticks 2019 Steering Committee elections are happening Lachlan Evenson on Twitter

containerd was born from community desire for a core, standalone runtime to act as a piece of plumbing that applications like Kubernetes could use. It sits between command line tools like Docker, which it was spun out from, and lower-level runtimes like runC or gVisor, which execute the container's code. This week's guest is Derek McGowan, a Software Engineer at Docker and a containerd maintainer-d. Along with the news of the week, Adam and Craig discuss the many Vancouvers. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Vancouver, Vancouver, and George Vancouver South Bend, North Bend, and Bend Cosmpolis "50 Year Sensation: the Dave McMacken Retrospective" (album art show in Astoria, Oregon) News of the week Istio 1.3 is out Google's Anthos now incudes Anthos Service Mesh, Cloud Run for Anthos and more Cloud Native Application Bundles hit 1.0 Episode 61 with Ralph Squillace and Jeremy Rickard Nominations for the annual CNCF Community Awards Bloomberg hits 90% utilization with Kubernetes Mistakes that "cost" thousands by Gajus Kuizinas Kubernetes Edge working group publishes whitepaper Isopod, by Cruise Pulumi 1.0 5 RBAC mistakes you must avoid (number 4 will shock you) OpenShift 4.2 disconnected install Red Hat Quay 3.1 Microsoft AKS brings Scale Sets and Standard LB to GA Upstream kernel bugs Amazom EKS adds cluster tagging and IAM roles for service accounts Deep dive into AWS Fargate by Abhisheck Ray from Amazon Kong introduces Kuma, "universal service mesh" Google introduces Cloud Dataproc for Kubernetes Apache Flink operator from Google Cloud Container runtime security bypasses on Falco by Mark "Antitree" Manning Rafay Systems lands $8m in Series A funding Links from the interview containerd Original announcement The many meanings of 'container runtime' kubelet and Container Runtime Interfaces runC, gVisor, Kata Containers, and the Windows Host Compute Service (HCS) ctr debug tool containerd's graduation from the CNCF containerd shim API gVisor shim Firecracker containerd integration Kata Containers shim Windows Container shim rkt announced in 2014 with appC spec Open Container Initiative libcontainer, which became runC Web Assembly (WASM) BuildKit 1.3.0 releases are coming Contribution opportunities: Reporting issues Plugin ecosystem Derek McGowan and containerd on Twitter

Patrick Lang is the co-chair of the Kubernetes Windows SIG. He is a Senior Software Engineer at Microsoft, developing Kubernetes and related open-source projects supporting Windows Server Containers. Patrick joins Adam and Craig to tell the story of how containers came to Windows. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Getting to the Peak Tram News of the week KubeCon 2019 schedule Tim Hockin and Kal Henidak on dual stack IPv4 Building a 5G network live on stage GKE Shielded VM Nodes Mæsh Project Contour 0.15 Contour on Kind TechCrunch video: How Kubernetes Changed Everything Aaron Roydhouse reverse engineers release schedules as 1.15 hits Preview on Azure and Rapid Channel on GKE GKE Scalability best practices The Kubernetes scalability hypercube Cloud Foundry Networking Team Update Building a Continuous Delivery Pipeline for Symphony by Ivan Babenko The Cult of Kubernetes and Hacker News discussion Links from the interview Windows Server containers Windows Server Core and Nano Server Sessions on Windows Docker and Windows partnership announced in 2014 Active Directory Group Managed Service Accounts (GMSA) GMSAs for Windows containers Windows network namespaces Host Networking Service and Virtual Filtering Platform GMSA integration with Kubernetes GPU acceleration in Windows Containers Batch files! Patching: Patch Tuesday Windows base OS images on Docker Hub Windows container version compatibility Hyper-V isolation Docker for Windows Get started with Windows containers Windows Server Containers in preview on AKS, EKS or GKE SIG Windows and their Slack channel Patrick Lang on GitHub

kind stands for Kubernetes in Docker. Originally built for continuous integration (CI) and testing of Kubernetes itself, kind has found many uses, including acting as a cluster for bootstrapping other clusters. Original author Ben Elder from Google Cloud joins Craig and Adam to talk about it. Want to see Adam's puzzles? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam's new Seattle office building Example Quick Cryptic from The Times Example USA Today crossword New York Times crossword puzzle case study The NYT mini crossword Craig's record is 13 seconds! Times for the Times solver blog A puzzle in a tweet The answer Code Golf News of the week Introducing Kubernetes Academy Brought To You By VMware Kubernetes Academy Brought To You By VMware Knative serverless Kubernetes bypasses FaaS to revive PaaS Helm 3 Beta To Helm or not to Helm? by Stepan Stipl Announcing etcd 3.4 by Gyuho Lee and Jingyi Hu Blocking old Cert Manager versions from Lets Encrypt Linux Namespaces by Ifeanyi Ubah How kubectl exec works by Erkan Erol Announcing the CNCF Kubernetes Project Journey Report The report Adopting Istio for a multi-tenant kubernetes cluster in Production by Vishal Banthia StackRox 2.5 Platform9 raises $25m in Series D The first managed Kubernetes service on VMware? Dell previews data protection software for Kubernetes DNS spoofing in Kubernetes clusters by Daniel Sagi Dynamic Kubernetes informers by Robert Ross What's next for Vault and Kubernetes? Consul 1.6 is now GA Kubernetes security audit: What GKE and Anthos users need to know Managed AD now in Beta on Google Cloud Introducing Red Hat OpenShift 4.2 in Developer Preview; releasing nightly builds Developer Preview now available on GCP Operational Insights for Containers and Containerized Applications Deploying GitOps with Weave Flux and Amazon EKS Links from the interview Ben's GSoC proposal and first Kubernetes project: use iptables for proxying instead of userspace kind webpage Documentation kind on GitHub Privileged containers kubernetes CI Cluster API IPv6 on kind End to end testing Running Kubernetes in a CI pipeline by Loodse Cluster API logo - it's turtles all the way down kubeadm cluster-api-provider-docker Other tools: kinder kindest Shoutouts to: Antonio Ojea from SUSE James Munnelly from JetStack SIG Cluster Lifecycle Ben Elder on Twitter

Container Camp is a series of independent conferences, spanning three continents and in their fifth year. "Camp mother" Angie Maguire is the co-organiser, and is also the founder of Ladies of Code. She joins Adam, who is yet to attend a Camp, but actually goes camping, and Craig, who has spoken at Camps in London and Sydney, and prefers hotels. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week The mound is moving The traffic isn't News of the week VMware buys: Pivotal Carbon Black Intrinsic Greenland VMworld news: Introducing Project Pacific Project Pacific technical overview Reintroducing Project Bonneville? Joe Beda's take Tanzu, VMware's approach to modern applications Tanzu Mission Control Splunk acquires SignalFX 2019 Accelerate State of DevOps report Red Hat OpenShift Service Mesh is GA Maistra, the upstream of the operators Cilium 1.6 is out E2E Kubernetes testing with GitHub Actions Why does developing on Kubernetes suck? Hacker News says it doesn't CNCF Google Summer of Code projects Links from the interview Container Camp Ladies of Code Women Who Code Black Girls Code Container Camp videos on YouTube Craig's talk from London in 2016 Kaggle talk from San Francisco in 2016 IPFS Camp Digital nomads Angie's Netflix recommendations: Blown Away Mindhunter When They See Us Ava DuVernay Container Camp and Angie Maguire on Twitter

Kubernetes and Docker might not seem the obvious choice for managing virtual macOS instances on hosted Apple hardware. Learn how they were used to build Orka - Orchestration for Kubernetes on Apple - a virtualisation layer for Mac build infrastructure offered by hosting company MacStadium. Craig and Adam ask MacStadium SVP of Software Chris Chapman about Orka, and how Kubernetes is useful in places you might not expect. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Letterboxing Geocaching Orienteering News of the week HTTP/2 security bulletin from Netflix New releases for: Kubernetes Istio Envoy gRPC NGINX And others CNCF archives the rkt project GitHub Actions is now a CI/CD service Announcing preview of GitHub Actions for Azure Kubernetes web UIs in 2019 and Kubernetes Web View by Henning Jacobs Episode 38: Kubernetes Failure Stories, with Henning Jacobs k3sup by Alex Ellis Episode 57: Rancher Labs, with Darren Shepherd Evolving Istio's APIs, by Sandeep Parikh and Louis Ryan Episode 58: Istio 1.2, with Louis Ryan Istio 1.3 release branch cut Intel GPU Plugin for Kubernetes by Brian Carey Kubernetes Gated Deployments at GoDaddy CNCF now has 100 end user members VMware, Pivotal and Dell: VMware in talks to acquire Pivotal Pivotal CTO: Kubernetes means we're all distributed systems programmers now Kubernetes is set to take over VMworld 2019 AT&T brings Dell into the Airship program Helm Summit EU 2019 Links from the interview MacStadium Orka Conference presentation videos from Chris: macOS in a Docker container for development - MacADUK 2019 Announcing Orka - AltConf 2019 Mac OS X Lion supports running additional OS X instances (up to two) 10.7 EULA (PDF) Device test labs Docker for Mac Virtual Command, Chris's prior company acquired by MacStadium The orca kubevirt Mac hardware: Mac Pro (2013) - the "trashcan" The MacStadium sled Mac Pro 2019 - the return of the "cheesegrater" T2 security chip MacStadium in WWDC 2018 keynote Inside the MacStadium data center JenkinsWorld 2019 Orka plugin for Jenkins Docker for Mac in macOS on Docker Yo dawg, I hear you like Docker Spinning top Turducken MacStadium on Twitter

No matter how you say it, you probably use kubectl all the time. Did you know you can extend it with plugins? Did you know you can find and install those plugins using krew, a plugin manager for kubectl? krew was built by Luk Burchard, a student at TUBerlin, as an intern project. He was supervised by Ahmet Alp Balkan at Google Cloud, and they both join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Pluots Fox evidence News of the week "Open sourcing" the Kubernetes security audit CyberArk's penetration testing methodology Docker reverse shells and making it rain shells in Kubernetes by Rory McCune Google Cloud Security Scanner: web application vulnerability scanner for GKE Knative 0.8 release notes Building a Kubernetes platform at Pinterest Octant by VMware Call to participate in the CNCF Survey Direct link Reannouncing the Kubernetes Forum Links from the interview kubectl overview Extend kubectl with plugins Sample CLI plugin Write your own kubectl subcommands and The case for a kubectl plugin manager by Ahmet Alp Balkan kustomize becoming a kubectl sub-command kubectl access-matrix (a.k.a. rakkess, as a stand-alone binary) krew krew plugin index Ahmet's recruitment tweet Luk's first day at Google Ahmet Alp Balkan: Web Twitter Luk Burchard: Web Twitter

Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Black Hat USA DEFCON Scavenger hunts An example of Spot the Fed An example of the Mystery Challenge News of the week Mesosphere becomes D2iQ Google Cloud launches Migrate for Anthos in Beta Google Cloud Game Servers coming soon Episode 26: Agones, with Mark Mandel and Cyril Tovena Announcing Kubernetes Summits in Seoul and Sydney Security updates of the week CVE-2019-11247: API server allows access to custom resources via wrong scope CVE-2019-11249: kubectl cp (round 3!) IBM and Red Hat: OpenShift on IBM Cloud OpenShift coming to Z Series and LinuxONE Cloud Paks and services Cisco Container Platform now supports Microsoft AKS Helm deployments at the Kubedex How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud Announcing CloudBees Jenkins X Distribution Episode 44, Continuous Delivery Foundation, with Tracy Miranda TiDB Operator now Generally Available Links from the interview Red teams and penetration testing Fuzzing Attacking Helm's Tiller Black-box and white-box testing DevSecOps: guard rails, not gates OWASP - the Open Web Application Security Project The math behind calculating security risk CVSS score etcd: encrypt it at rest! Admission control Technologies for isolation: AppArmor Seccomp gVisor Firecracker (not yet supported with Kubernetes) "Kubernetes is powerful, and it's insecure by design" Ian and Duffie Cooley's BlackHat talk Cloud doesn't make it better! Threat modelling hostpath - "a powerful escape hatch" Trail of Bits blog: understanding Docker container escapes Recommended watching: Ship of Fools by Ian Coldwater (slides) Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides) A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training) DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19) Ian Coldwater on Twitter