Kubernetes Podcast from Google

Cloud Code provides everything you need to write, debug, and deploy Kubernetes applications, including extensions to IDEs such as Visual Studio Code and IntelliJ. Joining Craig and Adam are Sarah D'Angelo, a UX Researcher, and Patrick Flynn, an engineering lead, both on the Cloud Code team at Google. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week All-meat diet (do not try this at home) Warmest UK day on record News of the week Happy first birthday Knative! Episode 14, with Oren Teich Episode 47, with Kim Lewandowski Episode 44, with Tracy Miranda Grafana Labs: How a production outage was caused using Kubernetes pod priorities Episode 38 with Henning Jacobs Banzai Cloud: Kafka on Istio performance Docker Enteprise 3.0 is GA, and their new Technology Partner program Tim Hockin on reconcilation Episode 41, with Tim Hockin Fairwinds Polaris Container platform security with Cruise YuniKorn KubeCon China transparency report Kazuhm Kubernetes as a Service Morpheus v4 Links from the interview Cloud Code IntelliJ VS Code Skaffold Episode 6, with Matt Rickard Jib GitHub issues: IntelliJ VS Code Sign up for a Cloud Code research study

Owen Rogers is a Research Vice President at 451 Research, co-leading the cloud team. He gained a PhD in the economics of cloud computing in 2013. Owen joins Craig and Adam to discuss the economics of cloud computing generally, and Kubernetes specifically. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Apollo Guidance Computer Restoration Summary from Wall Street Journal CyberSquirrel1 global threat map Jellyfish attach power station News of the week IBM launches Kabanero Pivotal launches PAS for Kubernetes Weave Flux joins the CNCF Windows Container Unconference on Friday July 26th: Sign up Leave questions if you can't attend Spinnaker for GCP launched Linkerd 2.4 Architecting with GKE course, free for podcast listeners! Deep dive into Virtual Kubelet by Brian Goff SIG Usability forming Google group GitHub Slack Cloud Provider SIGs moving to sub-projects Azure Monitor for containers adds Prometheus support Kubernetes API deprecations in 1.16 Links from the interview Owen Rogers 451 Research Cloud Price Index StackOverflow's old scale-up strategy (2009) Large Scale Complex IT Systems Owen Rogers on Twitter

Back in 2012, CERN announced one of its most important achievements; the discovery of the Higgs boson. This work led to the 2013 Nobel Prize in Physics. Ricardo Rocha, Lukas Heinrich and Clemens Lang of CERN redid the data analysis on top of Kubernetes this year, which Ricardo and Lukas demonstrated at a keynote at KubeCon EU. All three join Adam and Craig for a short physics lesson and a view into computing at the largest scale, for particles at the smallest. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week 50th anniversary of the launch of Apollo 11 by NASA's Astronomy Picture of the Day, and as reported by CBS News in real time LEGO Saturn V - mid-completion 47th annual Seafair Milk Carton Derby Adam's pictures, including the Saturn V rocket News of the week IBM announced it has closed its acquisition of Red Hat Hashicorp Consul 1.6 Benchmarking best practices for Istio by Megan O'Keefe, Mandar Jog and John Howard IPv6 enhancement proposal for Kubernetes Now passing tests! Architecting with Google Kubernetes Engine specialization Weave Ignite Cloud Native CI/CD with OpenShift Pipelines k3v Avoid time-of-measurement bias with Prometheus Prometheus client tracer for Ruby Links from the interview CERN LHC Computing Grid ATLAS experiment CMS experiment Standard model of particle physics Cosmos: A Spacetime Odyssey, with Neil deGrasse Tyson Dark Matter is a misnomer Baryonic matter Dark matter History of computing at CERN Where the web was born Large Hadron Collider Higgs boson Discovery of the Higgs boson Servicing the first web server - Tim Berners-Lee's NeXT cube CERN Program Library (FORTRAN) KubeCon EU keynote: Reperforming a Nobel Prize Discovery on Kubernetes Slides YouTube video CERN openlab partnership ROOT Data Analysis Framework Particle physics is embarassingly parallel Kubeflow Spark Operator on Kubernetes Open Data Initiative Find a Higgs boson in LHC public data Clemens' shirt Our guests on Twitter: Ricardo Rocha Lukas Heinrich Clemens Lange

The Cloud Native Application Bundle is a spec for packaging distributed apps, developed by Microsoft with support from Docker and Pivotal. Jeremy Rickard, a senior software engineer at Microsoft Azure, and Ralph Squillace, principal PM for open source/developer user experience at Microsoft Azure, join Craig and Adam to discuss it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Bloons TD 6 - made in New Zealand! Full Throttle Remastered News of the week Kiali 1.0 (and 1.1!) released Dockerfile best practices by Tibor Vaas Managed CockroachDB on Kubernetes by Josh Imhoff To run or not to run a database on Kubernetes: what to consider, by Benjamin Good Backyards: Istio multi-cluster, the easy way by Banzai Cloud Episode 59 with Janos Matyas KubeCon EU Transparency Report Links from the interview Cloud Native Application Bundles The spec Bundle descriptor The invocation image Chris Crone's "intro to CNAB" talk MSI, aka Windows Installer Duffle (and on GitHub) Example VM driver Libraries cnab-go pycnab by Gareth Rushgrove libcnab-rust Porter (and on GitHub) Docker apps and Application in Docker Enteprise Helm and Helm 3 Deis Labs Unexpected uses: Adding extra verbs by Darren Pulsipher CNAB bundle for WSL distros by Nuno do Carmo Twitter: CNAB Jeremy Rickard Ralph Squillace

Mark Shuttleworth is the founder of Ubuntu and CEO of its parent company Canonical. Ubuntu is the Linux distribution of the Cloud. You can use it inside your containers, or you can use it as your node OS. Canonical packages Kubernetes for both the edge (MicroK8s) and the server (Charmed Kubernetes). Oh, and aside from that, Mark was the first African in space, spending 8 days on the International Space Station in 2002. Craig and Adam ask Mark about how this all happened, and how it has changed his perspective on technology. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Wicked, the musical +LIVE+, the band Craig's video clips: All Over You, Run To The Water, Lightning Crashes News of the week KubeCon + CloudNativeCon China 2019 Linus Torvalds sees hardware headaches ahead DiDi wins Top End User award CKA and courses now in Chinese Introducing Workload Identity for GKE Keyless Entry: Securely Access GCP Services From Kubernetes (Cloud Next '19) Knative 0.7.0 Introducing Deep Learning Containers: Consistent and portable environments Launching Talos Systems Kubernetes Managed Apps from Platform9 Istio CVE in JWT handling AKS now supports Standard Load Balancing Links from the interview Mark Shuttleworth Blog Wikipedia The Shuttleworth Foundation Thawte Soyuz TM-34 mission to the International Space Station Ubuntu Wikipedia no-name-yet.com: Mark announces his intention to launch a Linux distribution at EuroPython 2004 Getting Ubuntu down to 30mb Snaps MicroK8s Charmed Kubernetes for larger-scale deployments OpenEBS, and Episode 56 with Evan Powell Anthos Sunrise and sunset from the ISS Mark Shuttleworth on Twitter

Banzai Cloud is a cloud-native software company that builds Pipeline, a managed Cloud Native application and devops platform, featuring tools for managing multi- and hybrid-cloud Kubernetes deployments. Pipeline is open source, and Banzai Cloud has many other interesting open-source projects, including a Kubernetes distribution, and operators for things like Vault, Kafka and Istio. Adam and Craig talk to its co-founder and CTO, Janos Matyas, who is based in Budapest, but is spiritually of Oahu, Hawaii. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Is this what childrens music has become? Atom and his Package Parry Grip Baby Shark, Trap Remix Koo Koo Kanga Roo Dogs That Look Like Their Owners Runner-up Winner News of the week Kubernetes 1.15 is released Announcing Envoy Mobile kubectl cp vulnerability Kontena Pharos 2.4 Episode 31, with Jari Kolehmainen CNCF announces SIGs Aqua Security 4.2 Mitigating container image vulnerabilities Scytale Enteprise 1.0 Episode 45, with Andrew Jessup Diamanti 2019 Container Survey (PDF) Fast key-value stores: An idea whose time has come and gone Slicer Ringpop Links from the interview Banzai Cloud Pipeline GitHub Cloud pricing info Telescopes Banzai PKE for Azure and AWS Operators: CoreOS' Operator Framework and SDK Bank-Vaults and source Logging Operator and source Kafka Operator and source Istio Operator and source The Banzai Pipeline surf spot Not related to the art of small trees Telescopes surf spot Janos Matyas on Twitter

Istio 1.2 has been released. Louis Ryan is a core contributor to Istio and a member of its Technical Oversight Committee, in his role as Principal Engineer at Google Cloud. He talks to Craig and Adam about his history with API infrastructure and the service mesh, and the history and future of the Istio project. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam goes to the Northwest Garlic Festival Anthropomorphic garlic cloves Pineapple Garlic Jelly Craig goes to Fleetwood Mac News of the week Istio 1.2 HAProxy 2.0 New Docker Desktop for Windows with WSL 2 coming Facebook peels the lid off Tupperware Wind River adds Docker and Kubernetes support for the edge Banzai Cloud adds Istio to Pipeline Apple joins the CNCF as a Platinum member Modernize IT 2019 digital conference from Google Cloud Links from the interview Istio service mesh Louis Ryan's talk at QCon gRPC Sidecar pattern Core features of Istio amalgam8 from IBM in 2016 What is a service mesh? Envoy Proxy Istio 1.2 release notes Snow Leopard: 0 new features The original announcement of Istio 0.1 The upcoming Istio operator Common misconceptions: Design goals Community Weekly community meeting Working groups discuss.istio.io Related episodes: SPIFFE, with Andrew Jessup Envoy, with Matt Klein Istio at 1.0, with Dan Ciruli and Jasmine Jaksic Louis Ryan on Twitter

Darren Shepherd builds the Cloud at Rancher Labs, a company making entirely open source Kubernetes tooling, from the enterprise to the edge. This week Craig and Adam will finally learn how to pronounce 'k3s' and 'k3OS'. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Day of the Tentacle at The Digital Antiquarian Remastered, on sale at gog.com Vigil Files (Android) News of the week Reflections on the Fifth Anniversary of Kubernetes Happy birthday from Mum and Dad I'm Tim Hockin, a top level Kubernetes maintainer. AMA! Orka, from MacStadium Introductory video from AltConf Five enterprise takeaways from KubeCon EU by Platform9: number 4, the SOA Tikka Masala, will shock you 11 salary statistics for Kubernetes jobs from The Enterpriser's Project Want to work for Google? E-mail us! Links from the interview Rancher Labs Series A announcement, pre-Kubernetes Original Rancher 1.x beta annoucement Rancher 2.0 announcement RKE Longhorn OpenEBS used to be based on Longhorn Darren's Rancher shirt k3s - "Lightweight Kubernetes. 5 less than k8s." How do you pronounce the "k3s"? k3OS RancherOS Huevos rancheros k3d The Kaiser Chiefs Rio Announcement Knative Knative build templates Dancing on the sand Darren Shepherd on Twitter

Evan Powell is the CEO and chairman of MayaData, the corporate sponsor of OpenEBS, which has just joined the CNCF Sandbox. He talks to Adam and Craig about Cloud Native storage, chaos engineering for stateful workloads, and the stubbornness of hybrid clouds. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Cricket and rugby on the same day Poseidon's Anchor bass Black Mirror and The Rain Don't go out in the pouring rain News of the week Docker bug allows reading/writing host files Advisory by Aleksa Sarai Duo Security writeup Kubernetes bug allows containers to run as root Security advisory GitHub issue GKE security bulletin Palo Alto Networks announces intention to buy Twistlock TechCrunch coverage CVEs found by Twistlock Labs Kubernetes Node.js client library 0.9.0 List of client libraries NVIDIA EGX CKA now valid for 3 years Microsoft news: AKS available in South Africa North OCI types and Helm 3 charts in Azure Container Registry Azure Monitor supports Windows Server nodes Links from the interview OpenEBS On GitHub Now a CNCF Sandbox project TOC issue: Propose OpenEBS into CNCF Sandbox OpenEBS accepted into CNCF and OpenEBS 0.9 released OpenEBS Project Update and whats coming in v1.0 A year later: updating Container Attached Storage by Evan Powell MayaData KUBEMOVE (and on GitHub) NDM, the Node Disk Manager Evan's talk at SDC 2017 with Homer Simpson references New storage technologies: Optane/3D XPoint for DRAM-like storage NVME over Fabrics SPDK Fast fabrics Litmus (and on GitHub) Chaos Monkey and Simian Army Weave Scope The mule logo: OpenEBS, MayaData

Solo.io was founded in 2017 by this week's guest, Idit Levine. She talks to Craig and Adam about API gateways, service meshes, and lots of project names with two O's in them. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Casa Battlo Picasso Museum Dali Museum and Theatre in Figueres MoPOP in Seattle The "Beaker Sane" t-shirt A bottle of Sortilege whisky Gifted to us by Francois LeMessier Shared with the community at KubeCon News of the week Announcing SMI SMI Spec website CNAB and Virtual Kubelet updates from Microsoft Banzai Cloud Kafka Operator Razee: multi-cloud CD from IBM Couchbase Autonomous Kubernetes Operator 1.2 Rio, a MicroPaaS from Rancher Labs Atlassian Software for Kubernetes from Praqma Kyma goes 1.0 Intuit win the CNCF End User Award CapitalOne make their Kubernetes platform available Links from the interview Solo.io Gloo Envoy Proxy SuperGloo SMI GlooShot Service Mesh Hub Flagger by Weaveworks Chaos Debugging talk from KubeCon EU; discussing Loop Knative Using Gloo in Knative Idit Levine on Twitter

Bryan Liles is a Senior Staff Engineer at VMware, the program co-chair for this week's KubeCon EU, a sought-after speaker, and a minority in an industry with few people who look like him. He shares his story with Craig and Adam, who also bring you the week's news from KubeCon EU and beyond. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week KubeCon EU! Fox cubs! News of the week VMware acquires Bitnami and Bitnami is acquired by VMware Bitnami's application catalog Knative 0.6 is out New API proposal GKE Sandbox: bring defense in depth to your pods Stackdriver Kubernetes Monitoring is GA Helm 3 preview Episode 11 with Vic Iglesias GKE announces Release Channels Docs Windows Server containers in Preview: Announced for Azure Kuberntes Service But not in Canada Announced for Google Kubernetes Engine But not for another week or so Bring your own subnet to AKS Lyft bug bounty program Velero 1.0 Digital Ocean Kubernetes is GA Kubernetes apps on GCP Marketplace Terraform Cloud Remote State Management CNCF adds 42 new members Cloud Native Logging with Fluentd OpenTracing + OpenCensus = OpenTelemetry OpenEBS joins the CNCF Lightning round: Harbor 1.8 Supergiant Kubernetes Toolkit 2.1.0 Ambassador 0.7 Mirantis BYOD MiniKF from Arrikto Gravity 6.0 Cloud 66 Maestro k8up from VSHN Links from the interview Early tech: Tandy CoCo 3 Tandy 1000 TL The Sound Blaster CIDR: how big is a /12? The Darker Side of Tech Giving away oscilloscopes Capital One vikings Kubernetes contributions in the last quarter Ksonnet Now archived Joe Beda in Episode 12 Kustomize, with a K Brian Grant on declarative application management Janet Kuo in Episode 29 George Hotz Bryan Liles on Twitter Bryan's blog

Dan Dyer is Senior Vice President of Technical Product Management at Optiva, a provider of business support services to the telecommunications industry. Optiva have been moving services to Kubernetes, and with the help of Kyle Bassett and team from Arctiq, a cloud-native consultancy, kicking the tyres of Anthos and GKE On-Prem. Adam and Craig learn about this journey from Dan and Kyle, and discuss dragons and foxes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Baby foxes Aaron Crickenberger interview on the Kubernetes blog Dragon research News of the week Red Hat: RHEL 8 and the Universal Base Image OpenShift 4 Operators all the way down Microsoft Azure OpenHat US DoJ approves IBM's acqusition of Red Hat F5 closes its acquisition of NGINX Docker CEO Steve Singh steps down Alpine Linux root escalation: CVE-2019-5021 Go Distroless! Introducing GitHub Package Registry VS Code extension for Kubernetes goes 1.0 (changelog) WSL 2 brings Linux to Windows Gravitational: AWS vs Colo? and Hacker News debate k8s.af with Kubernetes failure stories Google Cloud launches GKE in Osaka, Tokyo KubeCon US 2019 CFP opens Railyard: Training ML models on Kubernetes at Stripe KubeOne from Loodse Kubedex: Kubernetes operating systems Akrobateo, a general-purpose load balancer for Kubernetes from Kontena Optimization of etcd at web-scale by Xingyu Chen Links from the interview Optiva Arctiq Kyle Bassett on Twitter

AutoTrader UK were an early adopter of Istio. Adopting it to meet GDPR requirements for encrypted traffic, Head of Infrastructure and Operations Russell Warman and lead engineer Karl Stoney have gone on to use it to reduce resource usage, and thus cost, as well as uncover bugs in their applications. They talk to Craig about it, while Adam serves his country. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Microsoft and Red Hat announce KEDA ZDNet coverage Updates from Microsoft: AKS virtual nodes GA, DevSpaces GA, Policy in Preview AKS 1.9 end-of-life Banzai Cloud: PKE on Azure Banzai's Chart Repository Service Remote development with VS Code DockerCon: Docker Enterprise 3.0 Docker Foundation Monzo Response: GitHub Chris Evans presenting at DevOps Exchange London Music: Response Velero v1.0.0-beta.1 is out Grafana dashboards for Kubernetes administrators by Povilas Versockas KubeCon EU Diversity Lunch and Hack Red Hat Quay v3 Rook 1.0 Episode 36 with Jared Watts 5G Depends on Kubernetes in the Cloud, according to Steven J. Vaughan-Nichols He also says Airship 1.0 marries Kubernetes and OpenStack for 5G's good Airship 1.0 release notes Links from the interview Autotrader UK Craig, Russell and Karl in the studio Craig's 1993 Vauxhall Cavalier GCP Case study Auto Trader UK cuts IT resource use through Google Cloud, Kubernetes and Istio adoption How Auto Trader UK, the UK's largest automotive marketplace, uses Istio and Google Kubernetes Engine to drive change Russell on theCUBE at Google Cloud Next Mutual TLS encryption in Istio Onramp to Istio: An Adoption Story Google Cloud Next session with Dan Ciruli, Russell Warman and Karl Stoney Managing your costs on Kubernetes: Karl's blog post Istio 1.1 feature: Sidecar resources Reduced CPU cycles by 90% 15,000 releases per year Russell Warman and Karl Stoney on Twitter

Gabe Jaynes is a DevOps Architect at KeyBank, an American retail bank. KeyBank were an early adopter of containers, and Gabe talks about the reasons they undertook this transformation. Craig and Adam also celebrate our first birthday and spoil the concept of spoilers. Please say hello and 🎂🎁! twitter: @kubernetespod mail: [email protected] Chatter of the week Avengers: Endgame easter egg in Google search (no spoilers) The spoilers that Craig beeped out Throne of Games (no spoilers) Gorogoa "I desire a conversation. Will you talk to me?" News of the week DockerHub breached: change your password k3os, the Kubernetes Operating System Rancher OS Multi-cluster service mesh overview by Andrew Jenkins Containing our enthusiasm: All the Kubernetes security news from Google Cloud Next '19 by Maya Kaczorowski and Anne Bertucio Episode 008 How You Can Help Localize Kubernetes Docs by Zach Corleissen Episode 005 Hardware Accelerated SSL/TLS Termination in Ingress Controllers using Kubernetes Device Plugins and RuntimeClass by Mikko Ylinen EmpowHER Reception Renamed EmpowerUs For KubeCon + CloudNativeCon Europe 2019 Links from the interview KeyBank Cleveland, OH GKE On-Prem Anthos

Spotify were early adopters of Docker, and wrote their own deployment tool to run it in production. David Xia from the Spotify platform team talks about Spotify's engineering, challenges, how Helios worked, and migrating from it to Kubernetes. Adam and Craig also give a round up of the week's news, in the form of a question. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week James Holzhauer cleans the board on Jeopardy! Chihuly at Kew Gardens News of the week Introducing GKE Advanced Managed certs on GKE Ingress Linkerd 2.3 PodSecurityPolicy support on AKS Berglas from Google Cloud Platform kubernetes-external-secrets from GoDaddy Platform9 open-sources KlusterKit CNCF and Alibaba offer free Cloud Native training to Chinese developers Tinder's move to Kubernetes kube-iptables-tailer The future of Cloud Providers in Kubernetes Pod priority and preemption Istio observability with Go and gRPC/protobuf microservices Beating JSON performance with protobuf Links from the interview Spotify This podcast on Spotify Spotify open source utilities on GitHub Helios 2014 introduction video with Rohan Singh Apollo: Java libraries for microservices GKE Usage Metering: Whose line item is it anyway? with Madhu Yennamani and Yang Guan from Google, and David Xia from Spotify Episode 40 with Madhu Yennamani GCP Firewall Enforcer David Xia on Twitter

Live from Google Cloud Next '19 the KPfG team presents a fireside chat with Eric Brewer, our first guest with their own Wikipedia page. Eric devised the CAP theorem for distributed systems, based on his work at early search company Inktomi and UC Berkeley. He was the person who announced Kubernetes to the world almost 5 years ago, and has been working on Google's cluster and compute infrastructure since 2011. How did you like the live show format? Please let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Anthos: Everything You Want To Know About Anthos - Google's Hybrid And Multi-Cloud Platform by Janakiram MSV New Google Cloud Service's Key Selling Point: It Works Great With AWS and Azure by Jonathan Vanian Google Cloud makes some strong moves to differentiate itself from AWS and Microsoft by Ron Miller Fluentd graduates to top level project in CNCF Speakers for KubeCon China '19 announced AKS to South Central, South and Central The Fargate Illusion, by Lee Briggs Fargate and EKS roadmap OpenStack Stein launches with improved Kubernetes support New GKE features from Next session videos: GKE Sandbox Workload Identity GCP Config Connector Process ID limiting for stability improvements in Kubernetes 1.14 Links from the interview Eric Brewer: Wikipedia Twitter UCB Inktomi DEC SRC, working on AltaVista Inktomi's wild ride: A Personal View of the Internet Bubble - Eric presenting at the Computer History Museum in 2008 CAP theorem Cat theorem Spanner, TrueTime and the CAP theorem Application Modernization and the Decoupling of Infrastructure, Services and Teams Our revised title President Clinton with Eric Eric's interview on theCUBE at Next

Anthos (previously known as Cloud Services Platform) has just gone GA at Google Cloud Next. One of its new features is Anthos Migrate, a tool for migrating monolithic apps directly to containers. Issy Ben-Shaul is a Director of Software Engineering at Google Cloud and led the team building Anthos Migrate. He talks to Craig and Adam about it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam enjoyed: Umbrella Academy on TV Hearthstone on the computers Jarrod Alonge in his ears Death metal in water wings Craig enjoyed: Saturday 2/3 of "On The Basis Of Sex" News of the week Anthos from Google Cloud Launch announcement Launch keynote What's in the box? Cloud Run and Cloud Run on GKE Project Eirini updates bring Kubernetes to Cloud Foundry OPA graduates to the CNCF incubator CRI-O joins the CNCF incubator Buildpacks: defense against the Docker arts Local persistent volumes in Kubernetes - PVC pipes! Istio 1.1.2 out for the Envoy CVEs: NUL parsing bug Path normalisation bug Why Rainforest moved from Heroku to GKE Enabling RBAC for Groups in GKE Metalkube 🤘 Krew moves to SIG-CLI New gVisor website Links from the interview Anthos Migrate & Velostrata Next sessions: Anthos Migrate: On-Prem to Cloud-Native on GKE Real World Customer Migration with Cardinal Health and Atos Anthos Issy Ben-Shaul on Twitter

Tekton brings Kubernetes-style resources for declaring CI/CD-style pipelines. Kim Lewandowski is the Google Cloud product manager who recently announced it. She talks to Adam about the project while Craig sneaks in some vacation at the cafes of New Zealand. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Register for the Kubernetes Podcast from Google Cloud Live session! Craig has a lovely afternoon at the Cable Bay Cafe Auckland Kubernetes Meetup - thanks everyone! Adam reads Origin by Dan Brown Renowned Author Dan Brown, one of Craig's favourite newspaper columns of all time News of the week Minikube releases v1.0.0 Episode 39, with Dan Lorenc Running Kubernetes locally on Linux with Minikube by Ihor Dvoretski Uber open-sources Peloton Square build a service mesh with Envoy and gRPC AWS App Mesh is GA Tetrate Q Star Trek Q The Service Mesh Era: Istio's role in hybrid and multi-cloud by Megan O'Keefe Merging OpenTracing and OpenCensus kubectl cp vulnerability and CSI portmap vulnerability Brigade 1.0 from Deis & Microsoft Debugging an intermittent connection reset in kube-proxy by Yongkun Gui Register for the Kubernetes 1.14 webinar Meet the Ambassador: Paris Pittman Four key tips on how to do massive scale with Kubernetes by Reda Benzair Links from the interview Tekton Open Source Leadership Summit A tektōn is a Greek artisan or craftsman Formerly known as Knative Pipeline GitHub repo Triggermesh Aktion In Defense of YAML Continuous Delivery Foundation Contributing to Tekton Kim Lewandowski on Twitter

Kubernetes 1.14 is out! Your hosts talk to release manager Aaron Crickenberger of Google Cloud about the release process, working with Kubernetes Enhancement Proposals (KEPs), cat t-shirts, and being bearded on face vs. at heart. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week MySpace "loses" 12 years of music Peel Forest and The Green Man Cafe Kubernetes Podcast from Google Cloud Next Live Eric Brewer DockerCon 2014 keynote Sign up for free tickets to Google Cloud Next! News of the week Kubernetes 1.14 released Maybe you don't need Kubernetes? (Spoiler: you do.) Gravity 5.5 with Helm chart support How a cryptocurrency miner made its way onto Kubernetes clusters at JW Player A guide to Kubernetes admission controllers Automated testing for Helm charts with Terratest Kubernetes End-to-End Testing for Everyone To Russia with Love: deploying Kubernetes in foreign locations Links from the interview Aaron Crickenberger Co-founder of SIG Testing Member of the Kubernetes steering committee Blackhawk flight simulator but it's in a container Aaron's soundcloud page Hugh Pagdham Release lead CI Signal playbook 1.13 release shadow Groundhog Day Aaron's podcast recording cat t-shirt Episode 10, with Josh Berkus and Tim Pepper New in 1.14: Kubernetes Enhancement Proposals (KEPs) Code slush removed Windows containers GA Runtime gates GA Pod priority and preemption GA Durable local volumes GA LTS Working Group Cryptonomicon by Neal Stephenson: the suit and the beard Aaron Crickenberger on Twitter

SPIFFE is the Secure Production Identity Framework for Everyone. Craig hates the name. Andrew Jessup, co-founder and VP of Product at Scytale (with a C) tells him and Adam why they should look past that and how Jason Bourne fits into the world of Cloud Native. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Victim Support Official Page: Christchurch Shooting Victims' Fund The Small Screw Phenomenon from The Book of Ultimate Truths by Robert Rankin News of the week Istio 1.1 is out! NGINX acquired by F5 Tetrate raises $12.1 million Buoyant raises less KubeCon EU schedule is live Rancher releases Submariner Takeaways from the Google Cloud Security Summit CNCF hits 375 members CNCF TOC for 2019 Kubernetes: AWS vs GCP vs Azure vs DigitalOcean VS Code updates for Kubernetes NetEase: 30,000 nodes in a cluster Music in Ancient Greece Links from the interview SPIFFE Scytale The scytale Joe Beda's Gluecon talk Application Layer Transport Security, which Andrew and Joe refer to as "LOAS" The Bourne Identity Istio Citadel Scytale Enterprise Andrew Jessup on Twitter

Today Google and CloudBees, along with 20 other companies, launch the Continuous Delivery Foundation (CDF). Tracy Miranda is the Director of Open Source Community at CloudBees, who coordinated donating Jenkins and Jenkins X to the CDF. She talks to Adam and Craig about why it the CDF been formed, and what to expect in this space in the future. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week John Wilkes' series of simulations Kubernetes Podcast from Google Cloud Next - live show at Google Cloud Next! News of the week Continuous Delivery Foundation Tekton Red Hat introduces Quarkus Web site and GitHub GraalVM Give-me-Gin-and-Tonic The service mesh era: Using Istio and Stackdriver to build an SRE service How Red Hat are changing deployment topology in OpenShift 4 Quickfire container security news: StackRox won an award for Best Emerging Technology from SC Media Alcide won the Breakout Cloud Security infosec award from Cyber Defense Magazine Capsule8 made it into the RSA innovation sandbox Aqua 4.0 now does function vulnerability scanning Twistlock 19.03 adds host forensics and runtime self-protection functionality for VMs SSH.com extended their tech to manage SSH keys for containers CNCF joins Google Summer of Code Fill out the State of DevOps Report Read last year's results Links from the interview CloudBees Kohsuke Kawaguchi The population of Greece Jenkins Jenkins X Throwing an X Throwing an axe Tekton Spinnaker Continuous Delivery Summit at KubeCon EU in May CDF members Fastlane, continuous delivery for mobile, is on Tracy's wishlist Tracy Miranda on Twitter or at tracymiranda.com

Brian Grant joined the Borg team in 2009, and went on to co-found both Omega and Kubernetes. He is co-Technical Lead of Google Kubernetes Engine, co-Chair of Kubernetes SIG Architecture, a Kubernetes API approver, a Kubernetes Steering Committee member, and a CNCF Technical Oversight Committee member, where he's sponsored 11 CNCF projects. Your hosts talk to him about all those things. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Sunset from Mauao (Mount Maunganui) Russian Doll on Netflix Edge of Tomorrow sequel back on News of the week Rancher introduces k3s Didn't they launch it 5 months ago? k3s.io VMware launches VMware Essential PKS Istio Operator from BanzaiCloud CVE-2019-1002100 containerd graduates at the CNCF Scytale announces $5m funding and Scytale Enterprise SPIFFE and SPIRE Automate operations on your cluster with OperatorHub.io OperatorHub website RightScale State of the Cloud 2019 Links from the interview Borg, Omega and Kubernetes Borg paper Omega paper Issue 831: implement Image volumes and container volumes in Kubernetes Chubby key-value store paper IP per Pod LMCTFY CNCF TOC Updated 2018 mission for the CNCF SIG and Working Group List Devstats PR 1325: create kubectl Brian Grant on Twitter PR 607

Kubernetes has a number of mechanisms to enforce policy: some built-in, like quota and NetworkPolicy; some extensions or add-ons like OPA. John Murray, a product manager at Google Cloud, joins Craig and Adam to talk about policy and configuration, and introduce the new CSP Config Management tool launched to Beta along with the new Cloud Services Platform. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam is in the news! Cat Lady Craig's Oscar prediction and Rami Malek's incident News of the week Google brings Cloud Services Platform to Beta Application Modernization and the Decoupling of Infrastructure Services and Teams by Eric Brewer and Jennifer Lin Developer preview of OpenShift v4 Knative v0.4 Update to Azure DevOps Projects support for Azure Kubernetes Service The service mesh era: Securing your environment with Istio by Samrat Ray of Google Cloud Cloud Native DevOps with Kubernetes by John Arundel and Justin Domingus Get it free* from NGINX All new Reddit services run on Kubernetes Breaking Docker via runC by Yuval Avrahami of Twistlock Secure Kubernetes with Vault by Bjorn Wenzel Migrating from Heroku to GKE How to prepare for a Kubernetes interview Adding "containers" to Linux Links from the interview ResourceQuota, PodSecurityPolicy and NetworkPolicy Open Policy Agent Kubernetes integration CSP Config Management Take control of your clusters with CSP Config Management (blog post) John Murray on Twitter

The history of Borg influences the history of Kubernetes in many ways: Google has different teams handle "get traffic to a cluster" and "serve traffic", so Kubernetes has a conceptual split here too. Tim Hockin, Kubernetes co-founder, Google principal engineer and former Borg/Omega team leader, joins Adam and Craig to explain the history and future of the Ingress API, why it's taken so long to get to v1, and how it might evolve in the future. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Intelligence Squared: Can an AI change your mind? Robot or Not: Is your AI a robot? News of the Week Arm joins the CNCF Cilium 1.4 is released Installing on GKE Lightboard: week Managed Knative on IBM Kubernetes Service Brendan Burns' videos for Microsoft Azure New EKS regions New EKS CNI plugin Kubernetes Day India schedule announced Liz Rice on episode 19 The Information on Kubernetes (subscription or e-mail address required) Links from the interview Hello, my name is Tim Hockin, and I pronounce "kubectl" as "kubectl" lmctfy, Google's open source container tool Episode 22 with Dawn Chen Kubernetes network concepts: Service and Ingress Annotations NGINX ingress Google Cloud BackendConfig Heptio Contour IngressRoute Istio v1alpha3 API KEP to move Ingress to v1 (GA) T-shirt logos Tim's favourites: Brushstrokes and Pixels Craig's favourite is the paint splash Tim Hockin on Twitter

The new GKE Usage Metering feature lets you find out how much your tenants or applications cost to run. Your hosts talk to Madhu Yennamani, product manager at Google Cloud, about usage metering, and how new GKE features are implemented. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the Week Weather in Seattle Weather in London News of the week runc vulnerability: Open source disclosure Write up from the patch author GKE bulletin Kubernetes blog post Infoworld names Kubernetes a Technology of the Year Encrypting GKE secrets with Google Cloud KMS Build containers faster with Google Cloud Build and Kaniko Jib 1.0.0 GA Red Hat CodeReady Workspaces Heptio open source project changes Platform9 VMware Kubernetes managed service ClearDATA launches Kubernetes solution for healthcare KubeCon diversity scholarships Poseidon Firmament scheduler Firmanent Links from the interview GKE usage metering: Whose line item is it anyway? Enable GKE usage metering BigQuery Google Data Studio Madhu Yennamani on LinkedIn

Minikube is a tool that makes it easy to run Kubernetes locally, by running a single-node Kubernetes cluster inside a VM on your desktop or laptop. Craig and Adam talk to author and maintainer Dan Lorenc from Google Cloud, and in the wake of the Super Bowl, discuss how "football" means something different to each of them. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam watched the Super Bowl Craig watched some Superb Owls Outside the UK, you can watch them here You can watch some ads But not the ad for Blue Origin, which was pulled Snow day in Seattle! Jeff Bezos at the Super Bowl The Daily Mail is not really news Jeff Bezos's earnings per minute News of the week Spark Operator for Kubernetes now in Beta IBM Cloud Databases report on the Operator Pattern New members in the CNCF TOC Alexis Richardson from Weaveworks Brendan Burns from Microsoft Joe Beda from VMware Matt Klein from Lyft Xiang Li from Alibaba Kelsey Hightower from Google Google Kubernetes Engine usage metering Advanced application deployments and traffic management with Istio on GKE GitHub repo Megan's development workflow for Kubernetes Ambassador 0.5.0 API Gateways are going through an identity crisis Kubernetes as an API standard; looking toward a Rust implementation Links from the interview Dan leads a team working on: Minikube Skaffold Kaniko Knative Build Minikube was helped in the early days by Localkube from RedSpread, who were acquired by CoreOS (who were acquired by Red Hat, who were acquired by IBM) There was also Boot2docker, but Kubernetes didn't like Docker-in-Docker much back then Guide for developing Minikube Other similar projects: Microk8s Docker Desktop Things it was hard to get working: Load balancers; solved via tunneling Persistent volume provisioning, solved with a custom hostpath provisioner Minikube Roadmap Dan Lorenc on GitHub and on the web

You learn so much more from failure than success. Henning Jacobs, head of Developer Productivity at Zalando, joins Adam and Craig to share his own stories of failure, and talk about what he has learned by reading stories from others. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week A Normal Lost Phone Neil and Liam Finn News of the week CoreDNS graduates Intel introduces Nauta; enterprise Kubeflow Interview with David Aronchick in Episode 2 Ian Lewis's blog posts on container runtimes Istio blog intro by Megan O'Keefe Interview with Dan Ciruli and Jasmine Jaksic in Episode 15 Kubinception: Using Kubernetes to run Kubernetes at OVH Why OVH Managed Kubernetes Giant Swarm and SAP GKE Jenkins Plugin and source code Deploying to Kubernetes from GitHub Actions Mortar; the manifest shooter for Kubernetes It's a good time to be working in Kubernetes Links from the interview Kubernetes Failure Stories blog post GitHub repo Hacker News post Zalando A Million Ways to Crash Your Cluster Original version of the talk from the Dusseldorf meetup Tacoma Narrows Bridge collapse Nordstrom talk at KubeCon NA 2017 Serverless Failure Stories Startup scripts used to just kill the Docker daemon 90 days of EKS in production: configuration options you need to set CPU throttling Facebook oomd John Wilkes: only make new mistakes Henning Jacobs on Twitter

Richard Hartmann is a member of the Prometheus Team and the founder of the OpenMetrics project, which aims to replace SNMP with a modern format for transmitting metrics. He joins your hosts to discuss both projects, and how Cloud Native technology can improve the datacenter. No soup for you! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Lego collecting delivers huge and uncorrelated market returns News of the week Knative 0.3 released Service Mesh Day; March 28-29, San Francisco FoundationDB Record Layer Tumblr open sources Kubernetes tools gVisor presentation by Adin Scannel Aleksa Sarai on tar in oci Detect overspending by measuring idle Kubernetes resources Karl Stoney's post on managing costs on Kubernetes SQL Server on GKE and AlwaysOn Availability Groups Namely's Crash Course in Running Istio Kubernetes failure stories Zalando Target 9 security best practices Google remains the top contributor to CNCF projects, even if you were to remove Kubernetes! Links from the interview Space.net Swiss Army Chainsaw Prometheus Built by ex-Googlers at Soundcloud Better than MRTG and rrdtool Cortex, Thanos, InfluxData for persisting Prometheus data long-term Manage multiple DCs Grafana for visualising data Variables for templating PromQL OpenMetrics A new Lingua Franca for monitoring and tracing that isn't SNMP Export SNMP to Prometheus format Transforming the Prometheus Exposition Format into a Global Standard; Richard's PromCon talk End goal: write an RFC GitHub repo Prometheus 2.5 has experimental OpenMetrics support QUIC becomes HTTP/3 Get involved with the Prometheus community Richard Hartmann on Twitter

Rook is a cloud native storage orchestrator and a controller for storage systems such as Ceph. Jared Watts has been working on Rook since the start, first at Quantum, and then at Upbound. He talks to Craig and Adam about storage, chess, and premium-rate telephone numbers. Does anyone actually read the show notes? Turns out a few of you do. Thank you for listening and reading! web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Tabletop Simulator (a computer game) Happy (a televisual programme) News of the week Kubernetes Day India from the CNCF Vertical Pod Autoscaling in GKE in Beta Vertical Pod Autoscaler in OSS Announcing TriggerMesh Knative Lambda Runtime (KLR) Episode 28 with Sebastien Goasguen krew, the package manager for kubectl plugins Monitoring Kubernetes, by Sean Porter of Sensu on the CNCF Blog Istio 1.1 update Episode 15 with Jasmine Jaksic and Dan Ciruli Kubernetes authorization via Open Policy Agent by Stefan Bueringer Links from the interview Symform; Jared's first startup, peer-to-peer cloud storage Totally unlike KaZaA Where Jared first met open source, through the Mono project Acquired by Quantum Craig explicitly remembers owning a Quantum Bigfoot (though that one wasn't his first hard drive) Rook, a cloud native storage orcestrator SIG Storage and the Volume abstraction Started with support for Ceph Also now supports CockroachDB, Minio, NFS, Apache Cassandra But not Gluster - for now at least Added to the CNCF Sandbox in January 2018, and moved to incubating in August Upbound; founded by Bassam Tabbara Container Storage Interface 1.0.0 Rook on GitHub Queen Storage Jared Watts on Twitter and the Rook blog Why you might have had to pay 90c per minute to tweet Jared

The Cloud Native Computing Foundation was formed to create a vendor-neutral home for Kubernetes. Now with over 30 projects, we kick off 2019 by talking to Dan Kohn, Executive Director of the CNCF, and hearing his views on projects, licenses and conferences. Please reach out and say hello: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Platform9's KubeCon survey Security notices: Dashboard custom certificates API server proxying Links from the interview Cloud Native Computing Foundation Dan Kohn Linux Foundation Jim Zemlin Other projects: Lets Encrypt, Hyperledger, Node.js Foundation Fellows: Linus Torvalds and Greg Kroah-Hartman CNCF members and Governing Board Getting people on board with Open Source Crossing the Chasm (a book by Geoffrey A. Moore) Why Software Is Eating The World (an article by Marc Andreessen) CNCF projects Project list Interactive landscape and trail map Licenses Why Dan (& the CNCF) Recommnds Apache 2.0 "Shared source": Redis and the Commons Clause; MongoDB and the Server Side Public Licence What would Dan like to see in the CNCF? Istio and Knative Technical Oversight Committee Principles say it's OK for overlapping projects Certification For people: Certified Kubernetes Administrator and Certified Kubernetes Application Developer; curriculum For distributions: Software Conformance KubeCon + CloudNativeCon China Based on the End User Conference in 2017 Co-hosted with the Open Source Summit in 2019 US 27 co-located events Dan Kohn on Twitter

Adam and Craig end the year by talking to Jordan Liggitt, the member of the Kubernetes Product Security Team who fixed the recent critical security vulnerability in the Kubernetes API server. We also take a look at the news from KubeCon. This is our last episode for 2018. Thank you for your support this year, and we'll be back on the 8th of January! Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week etcd donated to the CNCF Chubby paper Raft paper Blog post on the relationship between Kubernetes and etcd by Gyuho Lee and Joe Betz Istio: Geekwire: Has Istio become the new cloud-native darling? Google launches Istio on GKE VMware NSX Service Mesh Aspen Mesh open beta In other service mesh news: A10 Secure Service Mesh Knative: Knative: bringing serverless to Kubernetes everywhere SAP: Extensibility on cloud-native stack Red Hat to deliver hybrid serverless workloads to the enterprise Pivotal launches Function Service GitLab and TriggerMesh announce GitLab Serverless Oracle Cloud Native Framework Microsoft: Osiris Azure Monitor for Containers is GA Phippy Goes To The Zoo Phippy, Captain Kube and friends now in the CNCF Digital Ocean Kubernetes now open to everyone Linode Kubernetes CLI Terraform scripts VMware closes its acquisition of Heptio For $550M Dell will go public again Quickfire Kubernetes security news NeuVector announced containerd and CRI-O runtime support in their container firewall Aqua's Container Security Platform is now certified to cover the Kubernetes CIS benchmarks Lacework announced their configuration scanning platform covers Kubernetes Sysdig released Sysdig Secure 2.2, which adds Kubernetes audit events, and the ability to block deployments using Kubernetes admission controllers Twistlock released 18.11, which "introduces security visualization for Kubernetes, and compliance and security configuration checks for Istio, including new alerting integrations with PagerDuty, and cloud services Grafana Loki Thanos: Prometheus at scale Maestro – A declarative, no-code approach to Kubernetes Day 2 Operators rbacsync PlanetScale announces funding TechCrunch article Links from the interview Jordan's suggested KubeCon talks to watch: Kelsey Hightower's keynote, "Kubernetes and the path to serverless" Julia Evans' keynote, "High Reliability Infrastructure Migrations" OpenShift before Kubernetes in 2014 Kubernetes Product Security Team CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Listing in the National Vulnerability Database Originally filed as a bug against Rancher Rancher blog post How to report a vulnerability Proof of concept (third party) How it was fixed Distributor's list Client certificate vulnerability in Kubernetes in 2016 Answering questions on Stack Overflow Jordan Liggitt on Twitter, GitHub, Slack or Stack Overflow

The Envoy proxy, a universal data plane for Cloud Native, has just graduated as the third top-level project in the CNCF. Craig and Adam talk to its author, Matt Klein from Lyft, about modern load balancing for microservices and pragmatically avoiding "second system" syndrome. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week CVE-2018-1002105: proxy request handling in kube-apiserver can leave vulnerable TCP connections Gravitational write up Proof of concept More cryptocurrency mining with exploited Kubernetes clusters Microsoft Connect(); AKS virtual nodes are in preview Virtual Kubelet joins CNCF GPU support for ACI ACS to be retired in favour of AKS Cloud Native Application Bundle Microsoft and Docker introduce Cloud Native Application Bundle CNAB spec Duffle DockerCon EU 2018: Docker releases Compose operator for Kubernetes Available on GitHub Docker Desktop Enterprise Hashicorp Vault 1.0 Upbound introduce Crossplane Available on GitHub GitLab moving to GKE Rook 0.9.0 — available you-guessed-where MicroK8s from Canonical: Announc4t Project p2e Available on G5b Links from the interview Envoy Recently graduated to top-level project at the CNCF Built at Lyft Replaces libraries like Finagle and Hystrix Introduction to modern network load balancing and proxying Envoy contributors Istio, built on Envoy Turning down the VC money: Why Matt isn't starting an Envoy company Service mesh data plane vs. control plane Matt Klein on Twitter Matt's blog

If you're running on-prem, and you say set up a Service type=LoadBalancer, what happens? Does your cluster call your NOC and have them order you a Juniper router? MetalLB is a popular answer to that question. Your hosts discuss load balancing with MetalLB's author, Google Cloud SRE David Anderson. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Kubernetes 1.13 released Critical vulnerability in all Kubernetes versions Kubernetes is the most popular skill in tech, according to Indeed's Hiring Lab Envoy graduates to a full CNCF project AWS re:Invent Firecracker MicroVM Integration with containerd Instructions for running on GCE with nested virtualisation AWS App Mesh In-place EKS upgrades! Windows support! (Citation needed) Istio on GKE released Agones 0.6.0 released Episode 26 with Mark Mandel and Cyril Tovena Links from the interview MetalLB BGP and OSPF Katran, a load balancer from Facebook David Anderson on Twitter

Kontena Pharos is a Kubernetes distribution which "just works", even on bare metal. Adam and Craig talk to Kontena's CTO, Jari Kolehmainen on the decisions required to distribute Kubernetes and heating your house with bare metal. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Wayne The Batman of China Dive Weave Scope releases 1.10 KubeCon US waitlist containerd Beta in GKE Cyber Monday savings on Kubernetes courses and certification from the Linux Foundation Links from the interview Kontena About Kontena Pharos 2.0 release announcement CoreOS Matchbox for PXE boot Heating houses with nerd power Jari Kolehmainen on Twitter

In some ways, China has a parallel Internet to the West. Is that Internet powered by Kubernetes? Of course! Joe Zou, PaaS Product Center Director at Tencent Cloud, talks to Craig and Adam about Kubernetes in China. Thanks to our translator, Rae Wang. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Container Storage Interface 1.0.0 Harbor moves to Incubator in CNCF JD.com wins CNCF Top End User award Google Cloud introduces Kubeflow Pipelines Submit a proposal to KubeCon EU 2019 Episode 19 with 2018 co-chair Liz Rice Episode 29 with 2019 co-chair Janet Kuo Rookout debugging for Kubernetes Stackdriver Debugger Scalyr adds more Kubernetes logging support CNCF Asia usage survey Links from the interview Tencent Products and Services Tencent Open Source TARS RPC framework Tencent Cloud Tencent Kubernetes Engine PUBG

On the eve of the first KubeCon in China, your hosts talk to co-chair and Google software engineer Janet Kuo about the program, and her work with SIG Apps. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week VMware acquires Heptio: VMware blog Heptio blog Madrona blog (one of their investors) Pivotal blog Cisco integrates on-prem Kubernetes with Amazon Web Services Kontena launches Pharos 2.0 Nabla Containers v0.2 The Kubernetes API Server by Dominik Tornow and Andrew Chen CNI Plugins for Kubernetes by Steven Acreman The Beginners Guide to the CNCF Landscape IceCubeCon from Mesosphere Tweet us your puns! Links from the interview SIG Apps Workloads API goes GA Garbage collection Application CRD KubeCon China 2018 Episode 19 with co-chair Liz Rice Talks on genetics and bicycles Janet Kuo on Twitter

TriggerMesh is a new serverless management platform built on top of Knative. Co-founder Sebastien Goasguen joins Adam and Craig to discuss serverless, and potential trips to space. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week James Acaster: Live or on Netflix Card game Gloom PC game Grim Fandango We're on Spotify! Peter Benjamin's list of Kubernetes resources News of the week TriggerMesh announced Istio 1.0.3 Contour 0.7.0 Peloton from Uber GSoC 2018: Building a Conditional Name Server Identifier for CoreDNS Azure news: Azure retiring old Kubernetes versions Azure launches OPA controller Kubernetes Dashboard via Azure Cloud Shell AKS now available in UK West, South India and East Asia are next Links from the interview Sebastien's books: CloudStack, Docker, and Kubernetes Cookbooks Background: Computational science and Maxwell's Equations Grid computing and Beowulf clusters Cloudstack European astronaut selection Kubeless, built with Nguyen Anh-Tu Other projects: Fission, Riff, Nuclio Knative Knative Build system Istio TriggerMesh The Triggerfish tm Knative client Runtime for OpenFaaS functions Runtime for Azure Functions Early Access Program signup Sebastien Goasguen on Twitter

Sarah Novotny is Head of Open Source Strategy at Google Cloud and a board member of the Linux Foundation (the parent of the CNCF). She joins Craig and Adam to talk about the evolution of the Kubernetes community, governance models and Codes of Conduct, and how nascent open source communities can learn from it. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Cake! Lord's Cricket Ground Tour The Play That Goes Wrong Bohemian Rhapsody Mr Robot (no link provided!) Castlevania and its video game News of the week IBM enters into agreement to acquire Red Hat: Joint press release IBM blog post Red Hat blog post OpenShift Container Platform 3.11 Introducing Red Hat OpenShift Container Engine IBM Container Service now available in Milan, Italy Mirantis Cloud Platform Edge Mesosphere Kubernetes Engine Kubedex On-Prem and Dolos gRPC-Web has gone GA Whose Pod Is It Anyway? FoundationDB Summit announced CNCF planning "Global South" outreach Links from the interview OSCON Announcement of Kubernetes 1.0 Announcement of the CNCF Raven Rock - a book Sarah read while setting up the CNCF Conway's Law Paxos and Byzantine Generals CNCF Code of Conduct We Don't Do That Here by Aja Hammerly Sarah's 2017 KubeCon NA talk Hiding behind a Viewmaster Julian Cash, photographer Find Sarah: at KubeCon China or Kubecon NA as sarahnovotny on Twitter or LinkedIn

Ubisoft and Google Cloud have extended Kubernetes to support dedicated game servers. Cyril Tovena, a Technical Lead from Ubisoft in Montreal, and Mark Mandel a Developer Advocate at Google Cloud, lead the project. They talk to Adam and Craig about what they had to do, the Agones community, and how you can apply it to your Enterprise Software. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Pub quiz success News of the week Kubernetes v2 Provider for Spinnaker Episode 23: Spinnaker, with Steven Kim Episode 24: Continuous Integration and Continuous Delivery, with Andrew Philips and Lars Wander Spinnaker 1.10 Codelab: Continuous Delivery to Kubernetes Using Spinnaker KubeCon NA Contributor Summit The Forrester New Wave™: Enterprise Container Platform Software Suites, Q4 2018 Kubernetes Steering Committee election resutls Kubernetes High Availability, by Dominik Tornow from SAP and Andrew Chen from Google Cloud Kubernetes Deep Dive by Nigel Poulton on A Cloud Guru, from listener mail 1.12 Release Retrospective by Tim Pepper from VMware Admiralty's Multicluster Controller The Lord High Admiral Best practices for building Kubernetes Operators and stateful apps by Palak Bhatia and Jun Xiang Tee from Google Cloud Pulumi raises $15M Links from the interview Agones website Agones on Twitter Ubisoft Montreal Mark's blog Proper pronunciation Elbow Kubernetes Cluster Registry OpenMatch Joe Beda's TGIK on writing a controller Mark and Cyril on Twitter

GKE container-native load balancing enables Google Cloud load balancers to target Pods directly, rather than the VMs that host them, and to evenly distribute their traffic. Product manager Ines Envid and staff software engineer Neha Pattan explain how. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Adam meets Orlando Craig meets a Banksy News of the week GKE Private Clusters are GA Announcing Cloud NAT and Container-Native Load Balancing Amazon Elastic Container Service for Kubernetes now supports dynamic admission controllers Fast Kubernetes development with Skaffold 0.16.0 New Cloud Foundry support for Kubernetes Managing Kubernetes from O'Reilly; sign up for a free e-book version courtesy of Heptio Days of Kubernetes 1.12 Past: Volume snapshots, RuntimeClass and topology-aware volume provisioning Kubedex: GKE vs EKS vs AKS vs IKS vs ACCSK New Relic acquires Coscale Links from the interview GKE container-native load balancing: Launch blog post Documentation Configuring services with an annotation to preserve source IP VPC-native clusters with Alias IPs Network Endpoint Groups

Steven Kim is an engineering manager at Google, based in New York City, working on the Spinnaker project. In a companion piece to last week's episode about CI and CD, Steven talks to Craig and Adam about how Spinnaker evolved from VMs to Kubernetes and support for other cloud native technologies. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Evoland 2 Stickers on the fridge Seat entertainment on Air New Zealand Link Last Week Tonight on the NZ flag Craig and Sir John Key News of the week Kubernetes for personal projects For - Caleb Doxsey and Hacker News discussion Against - Carlos Rodriguez and Hacker News discussion A developer onramp to Kubernetes with GKE Cloud Native Buildpacks enter the CNCF Sandbox AWS Service Operator for Kubernetes Limited availability of DigitalOcean Kubernetes etcdadm from Platform9 Introducing the Kubernetes Non-Code Contributors Guide Episode 21 interview with author Ihor Dvoretskyi Episode 5 on writing documentation Episode 11 on releases Pulumi explores how Kubernetes deployments work Health checking gRPC services in Kubernetes with grpc-health-probe Teleport v3 adds Kubernetes support Links from the interview Steven Kim on Twitter Spinnaker Slack Forums, please don't troll Spinnaker Summit

Andrew Phillips (PM) and Lars Wander (Software Engineer) from Google Cloud talk to Adam and Craig about the difference between CI and CD, and how to apply these processes to your release and rollout processes. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Scott Pilgrim vs. the World News of the week Kubernetes 1.12 released Google's summary blog Kubecon NA 2018 schedule announced Rook moves to CNCF Incubator GSoC: Extending fuzzing coverage of Envoy News from Microsoft Ignite: Kubernetes support as the #1 networking feature of the upcoming Windows Server 2019 SQL Server 2019 Preview for Helm charts in Azure Container Registry Preview for OCI image formats Links from the interview The New Stack suggests the best CI/CD tool for Kubernetes doesn't exist Weaveworks named the category of GitOps Jenkins X; Kubernetes-friendly Jenkins Spinnaker Kubernetes v2: Manifest support Spinnaker Slack Lars Wander Andrew Phillips

Dawn Chen, TL for SIG-Node and the Google Kubernetes Engine node team, joins Craig and Adam this week. She has worked on containers and container schedulers since 2007 - not a typo. We also bring you the news, in part from the echo chamber of Google Cloud Summit in Sydney. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter of the week Stickers! Google Cloud Summit in Hong Kong Google Cloud Next in London Gartner Symposium Orlando KubeCon Shanghai News of the week NetApp acquires StackPointCloud Cloud news: Sandbox pods on GKE Signup form Kubernetes tools for Azure Stack EKS can generate kubeconfig files! GSoC: katacontainer support in containerd, by Jian Liu linkerd 2.0 is GA Thomas Rampelberg tells you how to use it Cortex added to the CNCF sandbox Red Hat OpenShift Service Mesh, based on Istio Microservice observability with Istio at Trulia Contour 0.6 from Heptio Links from the interview Dawn Chen on GitHub The Borg paper Process containers (later 'cgroups'): The first submission of containers to the Linux kernel Early coverage of process containers Paul Menage's 2007 paper "Adding Generic Process Containers to the Linux Kernel" Dawn's first job: tracking processes. Each job had its own GID - she would use netlink connection tracking to map processes and threads to GIDs, and, using procfs, figure out CPU and memory usage. Dawn's second job: adjusting CPU usage using nice Today we just use memcg Fake NUMA - cut a machine into big chunks and assign them to groups of processes. Linux Plumbers Conference Tim Hockin's presentation at the Linux Plumbers Conference in 2011, talking about the work Dawn's team were doing lmctfy - Let Me Contain That For You In case you don't get the joke It's like runc and containerd SIG Node Node and lifecycle management Application management Container runtimes and kubelet Node problem detection Resource management GPU & TPU Security isolation gVisor and Sandbox Pods Logging and monitoring Was SIG Node the first SIG? Tied with SIG API Machinery How did we get to CRI? rktnetes was released with Kubernetes 1.3 Hyper_ containers (now Kata Containers) LXC and LXD kubevirt for running VMs instead of containers OCI CRI was released with Kubernetes 1.5 containerd and CRI-O Container RuntimeHandler, so some pods can run with one runtime and some with another

This week, your hosts talk to Ihor Dvoretskyi, Developer Advocate at the Cloud Native Computing Foundation, about SIG-PM, the Special Interest Group for Kubernetes Program, Product and Project Management. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter The Toto Washlet "Africa", by Toto "Africa", by Weezer feat. Weird Al Yankovic News of the week Tensor Processing Units (TPUs for short) are now available in Beta from Google Kubernetes Engine Tom Gallacher's heart rate admission controller CNCF case study on Northwest Mutual Bank Pulumi released their Cloud Native SDK Join the Kubernetes 1.13 release team! Episode 10, on what the release team does Run Akka Cluster in Kubernetes Antony is trading in his Chevy for a Cadillac-ac-ac-ac-ac Elliot Forbes' See-CAD notes Advanced health check patterns by Ahmet Alp Balkan Was Craig was referring to this, or this? Sysdig raises $68.5M Links from the interview Ihor Dvoretskyi on Twitter or GitHub SIG-PM - Program, Product and Project Management SIG-PM Intro Talk from KubeCon EU 2018

Justin Garrison is both a student and a teacher. A senior systems engineer in the media industry, he has boiled his experience and wisdom, as well as that of his co-author Kris Nova, into the book Cloud Native Infrastructure. He talks to Craig and Adam about the Kubernetes community and the process of writing. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter KubeCon NA '17 keynote: Your Philips Hue Light Bulbs Are Turned On By Kubernetes by Mark van Straten Philips Lighting case study on Google Cloud News of the week Cisco Hybrid Cloud Platform for Google Cloud is now generally available Enter the Cisco & Google Cloud Challenge! Win things! Consul + Kubernetes from Hashicorp Open Match announced by Google Cloud and Unity Agones 0.4.0 released Couchbase Autonomous Operator Amazon EKS now available in Ireland Google Cloud now available in Finland Platform9 introduces spot instance arbitrage External DNS 0.5.6 released Red Hat on Kubernetes and application servers Links from the interview mintCast, which featured Justin a long time ago Cloud Native Infrastructure book: website and O'Reilly The Economics of Writing a Technical Book Justin's last KubeCon talk: Let's Build Kubernetes, With a Spreadsheet and Volunteers! Justin Garrison on Twitter and GitHub Dashiell, rothgar/v2 Justin's blog

Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

What does it take to support Kubernetes for other users? Kenneth Massada, a lead for GKE support at Google Cloud, tells Craig and Adam his story. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter Adam lives in Seattle, which is on fire Craig baked some tasty cookies Using this recipe But not using Vegemite, British Marmite or New Zealand Marmite, which are three totally separate things. Only one of which is nice. Hint: it's the last one News of the week 2018 Kubernetes Steering Committee Elections Binary Authorization on Google Kubernetes Engine kube-hunter from Aqua Security Video Blog Kubernetes issues and solutions from Alexander Lukyanchenko at Avito Cilium 1.2 released Accelerating Envoy with the Linux Kernel James Lee's blogs on Kubernetes networking Amazon EKS supports GPU-Enabled EC2 instances Links from the interview etcd is hard: Configuration flags OpenAI suggestions on scaling Kubernetes to 2,500 nodes includes a separate events database Kubernetes docs on configuring and upgrading etcd Tina and Fred from Google SRE also discussed etcd on Episode 9 (Or use GKE, where we do it all for you) Other hard concepts: apiVersion: is hard spec: is hard Liveliness and readiness probes - don't make them the same! Joe Beda thinks of YAML as machine code in Episode 12 What would Ken like to see changed in Kubernetes? Affinity and anti-affinity rules and topology keys Kenneth Massada on Twitter Or summon him with a GCP support case!

Jon Pulsifer is a Production Security Engineer at Shopify, and Canada's biggest Kubernetes fan. Adam and Craig dig into why, and what Adam's new mode of transport is going to be. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod Chatter Sling TV using Kubernetes Tesla using Kubernetes? MITMproxy, Charles and Fiddler Intercept HTTP traffic exiting a docker container Adam has a lot of EconoLodge points Not as many as Software Defined Talk hosts Matt Ray and Michael Coté Craig thinks he should spend them on the Pepsi jet as seen in this wonderful video News of the week Service Networking in a Hybrid Infrastructure by Praveen Shukla from GoJek KubeCon and CloudNativeCon China Craig's session 7 best practices for operating containers by Théo Chamley from Google Cloud kustomize on Homebrew for macOS Understanding the Container Storage Interface (CSI) by Anoop Vijayan Maniankara The Istio 1.0 Release Stream or jump straight to the part with Dan Ciruli from episode 15 Links from the interview Royal Canadian Navy - Canadian Forces NOC SANS institute and instructors Jon Pulsifer is a Production Security Engineer at Shopify Why Shopify Moved to The Production Engineering Model Production Engineering from Facebook SRE from Google They're hiring! Shopify's adopting Kubernetes and Google Cloud The evolution of Kubernetes security Before RBAC, you used to have to mount an empty directory over the service account to disable access to it seccomp and AppArmor RBAC PodSecurityPolicy gVisor and Kata Containers Planning for Secure Container Isolation in Kubernetes RuntimeClass enhancement proposal Binary Authorization Launch blog post Kritis - open source reference implementation of Binary Authorization (the judge) Grafaes - API spec for Container Analysis API Shopify Voucher, a tool that creates attestations for Binary Authorization and prevents the deployment of images that don't meet Shopify's security requirements. Jon's talk on Binary Authorization at Google Cloud Next: Securing the Software Supply Chain Shopify's $25,000 Kubernetes bug bounty payout What is a server-side request forgery? Getting started with security by reading kubesec.io Around Ottawa Kubernetes Ottawa meetup GDG Cloud Ottawa Jon's car Jon Pulsifer on Twitter

Tim Kelton is co-founder and cloud architect for Descartes Labs. Prior to starting Descartes Labs, he was a R&D engineer for 15 years at Los Alamos National Laboratory, working on problem areas such as deep learning, space systems, nuclear non-proliferation, and counterterrorism. Tim talks to Craig and Adam about the use of Kubernetes and Istio in geopolitics, machine learning and food supply. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Cloud Native Computing Foundation Announces Prometheus Graduation OpenMetrics project accepted into CNCF Sandbox An Exciting New Direction for the Kubic project Demystifying RBAC in Kubernetes Kubebuilder 1.0 scaffolds (with a C) Kubernetes APIs and operators Getting Started GitHub Operator Lifecycle Management - it's operators all the way down Links from the interview Descartes Labs Climate Change and Rising Food Prices Heightened Arab Spring Why DARPA Funded a Farm Tech Startup Announcing our $30M Series B Global-scale water monitoring in the cloud Beowulf clusters (a Slashdot meme) Omega and Borg papers Mountain biking in Sedona Descartes Labs Python client SRE books: Site Reliability Engineering The Site Reliability Workbook - free until August 23 Descartes Labs talks from Cloud Next '18: SRE Quality Operations for Your Services Using the Istio Service Mesh & Stackdriver - with Tim Kelton and Jay Judkowitz from Stackdriver Service Monitoring How Computers See the Earth: A ML Approach to Understanding Satellite Imagery with Kyle Story Building Multi-Tenancy ML Applications with GKE and Istio to Better Understand the Earth with Tim Kelton and Sam Skillman Descartes Labs GeoVisual Search - find the squares on the globe that look most like a given square Tim Kelton on Twitter

Istio has hit 1.0, and there's no-one better to tell you about it than Jasmine Jaksic and Dan Ciruli from Google Cloud. Adam and Craig bring you this, as well as the news from the ecosystem. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: [email protected] twitter: @kubernetespod News of the week Kubernetes now in Docker Desktop Harbor enters the CNCF sandbox Azure Metrics Adapter CloudBees Core GA on AKS Red Hat OpenShift Container Platform 3.10 3.11 Codefresh Enterprise Synchronizing Kubernetes secrets with LastPass at Upside Istio nightly on EKS at Tetrate Links from the interview Announcing Istio 1.0 SRE Quality Operations for Your Services Using the Istio Service Mesh and Google Stackdriver, featuring Tim Kelton from Descartes Labs (who presented at the Toronto event two years ago, and has been using Istio in production since 0.2) Google's Cloud Services Platform Kubernetes Podcast episode 13 on Cloud Services Platform with Aparna Sinha (It's Dan's favorite episode so far) Istio à la carte; a presentation by Dan Istio and the future of service meshes; an article by Jasmine The Istio project: The URL (The IP address is 104.198.14.52) Community page, listing Google Groups Rocket Chat for users Twitter Jasmine Jaksic and Dan Ciruli on Twitter