Weaveworks (part 2), with Alexis Richardson

Mike Coleman is a developer advocate at Sysdig focused on open source software and spends a lot of time working on the Falco project. We’ll explore how Falco enables runtime security, and celebrate its recent graduation!

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

Falco Graduation announcement

Google Gemma Open Model

GitOps Associate Certification (CGOA)

Certified GitOps Associate (CGOA) Exam

Linkerd 2.15 announcement

Linkerd 2.15 stable release announcement

Crossplane 1.15 announcement

Open Source Summit North America Schedule

Cloud Native Security Con North American

Cloud Native Security Con America CFP

Links from the interview

Mike Coleman

• LinkedIn

• Twitter

"Docker?!?! But, I’m a sysadmin" - Mike Coleman

Mike Colemane and Bill Gates in an Earthquake

Falco project

• LinkedIn

• Twitter

• Slack

KubeCon NA 2019 CTF

Cryptomining Detection Using Falco

Navigating Open Source Project Hurdles to Achieve Community Enpowerments Aizhamal Nurmamat kyzy & Bob Killen

Wrangle your alerts with open source Falco and the gcpaudit plugin

Falcosidekick

Practical Cloud Native Security with Falco

Certified Kubernetes Security (CKS) exam

Lucas Käldström is a CNCF Ambassador, Kubernetes contributor and expert. Lucas Co-led SIG cluster lifecycle, ported Kubernetes to ARM and shepherded kubeadm from inception to GA. Today Lucas runs three meetup groups in Finland, studies at Aalto University, and, when time allows, contributes to cloud native software as a contractor.

We chatted about Kubernetes API machinery, Chaos, Entropy, and Dishwashers.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

Weaveworks shutdown their operations

Weavwork CEO Alexis Richardson post on Linkedin

kubetrain.io

Bytedance KubeAdmiral on GitHub

Bytedance KubeAdmiral Announcement on InfoQ

Strimzi joins the CNCF Incubator

Microsoft new Cost Management tools for Azure

Links from the interview

Lucas Käldström

• LinkedIn

• Twitter/X

Kubernetes as a dishwasher

Understanding Kubernetes Through Real-World Phenomena and Analogies - Lucas Käldström

Lucas research thesis

Paper - Large-scale cluster management at Google with Borg

API Machinery

Dr. Stefan Schimanski

KCP - Kubernetes-Like Control Plane

Kubernetes API Conventions

SIG Architecture

Ingress2gateway - Ingress to Gateway Migrator

Promise Theory: Principles and Applications (Mark Burgess, Jan Bergstra)

In Search of Certainty: The Science of Our Information Infrastructure (Mark Burgess)

Sweden Finns

Links from the post-interview chat

Keynote: Reperforming a Nobel Prize Discovery on Kubernetes - Ricardo Rocha & Lukas Heinrich

Why Service Is the Worst API in Kubernetes, & What We’re Doing About It - Tim Hockin

Gateway API TCP Routes

Community-Powered Kubernetes LTS: Ensuring Stability and Compatibility While Driving Innovation Jeremy Rickard

https://github.com/yannh/kubeconform

Madhav Jivrajani is an engineer at VMware, a tech lead in SIG Contributor Experience and a GitHub Admin for the Kubernetes project. He also contributes to the storage layer of Kubernetes, focusing on reliability and scalability.

In this episode we talked with Madhav about a recent post on social media about a very interesting stale reads issue in Kubernetes, and what the community is doing about it.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

Chatter of the week

Mofi Rahman co-host this episode with Kaslin

• Twitter/X

• LinkedIn

Kubernetes Podcast episode 211

News of the week

Google announced a new partnership with Hugging Face

RedHat self-managed offering of Ansible Automation Platform on Microsoft Azure

The schedule for KubeCon CloudNativeCon EU 2024 is out

CNCF Ambassador applications are open

The CNCF Hackathon at KubeCon CloudNativeCon EU 2024 CFP is open now

The annual Cloud Native Computing Foundation report for 2023

CNCF's certification expiration period will change to 24 months starting April 1st, 2024.

Sysdig 2024 Cloud Native Security and Usage Report

Links from the interview

Madhav Jivrajani

• Twitter/X

• LinkedIn

Priyanka Saggu Interview

Stale reads Twitter/X thread by Madhav

"Kubernetes is vulnerable to stale reads, violating critical pod safety guarantees" - GitHub Issue tracking the stale reads CAP Theorem issue

CMU Wasm Research Center

"A CAP tradeoff in the wild" blog by Lindsey Kuper

"Reasoning about modern datacenter infrastructures using partial histories" research paper

The Kubernetes Storage Layer: Peeling the Onion Minus the Tears - Madhav Jivrajani, VMware

KEP-3157: allow informers for getting a stream of data instead of chunking.

KEP 2340: Consistent Reads from Cache

Journey Through Time: Understanding Etcd Revisions and Resource Versions in Kubernetes - Priyanka Saggu, KubeCon NA 2023

Kubernetes API Resource Versions documentation

Guest is Bill Mulligan. Bill is Community Pollinator at Isovalent working on Cilium and eBPF. We learned how to properly pronounce Isovalent and what it actually means. We also spoke in depth about eBPF, Cilium, network function in Kubernetes and more.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

The Kubernetes legacy Linux package repositories are going away in January 2024

Kubernetes 1.29 is now available on GKE in the Rapid Channel

The Vmware Tanzu Application Catalog is fully compliant with the SLSA Level 3

AWS extended support for Kubernetes minor versions pricing update

The Kubernetes Contributor Summit Paris CFP is Open, closes Feb 4th

KubeCon and CloudNativeCon EU 2024 co-located events agenda is live

The Cloud Native Glossary is now available in French

Blixt a new experimental LoadBalancer based on the Gateway API and eBPF

Links from the interview

Bill Mulligan:

• LinkedIn

• Twitter/X

Covalent bonds on Wikipedia

Isovalent Hybridization on Wikipedia

Isovalent company site

BPF - Berkeley Packet Filtering

eBPF project site

Fast by Friday: Why eBPF is Essential - Brendan Gregg

GKE Dataplane V2

Cilium project site

Hubble documentation

Cilium Service Mesh

Cilium annual report

Cilium Certified Associate (CCA)

CCA Study Guide from Isovalent on GitHub

Istio Certified Associate (ICA)

Certified Kubernetes Administrator (CKA)

Certified Kubernetes Application Developer (CKAD)

Kubernetes and Cloud Native Associate (KCNA)

Resources to prepare for the CCA certification

Isovalent library

The World of Cilium

Cisco acquired Isovalent

Developing eBPF Apps in Java

BGP in eBPF

This week’s guests are Johnny Horvi and Frode Sundby from NAVs (Norwegian Labour and Welfare Administration) platform team. We talked about NAIS. A kubernetes-based team centric platform aiming at providing the tools needed to deploy and operate apps easily.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

 

News of the week

Kubernetes 1.29 features:

• https://kubernetes.io/blog/2023/12/14/cloud-provider-integration-changes/

• https://kubernetes.io/blog/2023/12/20/contextual-logging-in-kubernetes-1-29/

• https://kubernetes.io/blog/2023/12/19/pod-ready-to-start-containers-condition-now-in-beta/

• https://kubernetes.io/blog/2023/12/19/kubernetes-1-29-taint-eviction-controller/

• https://kubernetes.io/blog/2023/12/18/read-write-once-pod-access-mode-ga/

• https://kubernetes.io/blog/2023/12/18/kubernetes-1-29-feature-loadbalancer-ip-mode-alpha/

• https://kubernetes.io/blog/2023/12/15/kubernetes-1-29-volume-attributes-class/

• https://kubernetes.io/blog/2023/12/15/csi-node-expand-secret-support-ga/

Kubernetes 1.29 release lead Interview

Cisco acquired Isovalent

Cilium 2023 Annual report

KubeCon and CloudNativeCon Paris 2024 Hackathon

• https://www.cncf.io/blog/2023/12/20/kubecon-cloudnativecon-europe-hackathon-challenges-brought-to-you-by-the-united-nations/ 

• https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/

• https://unite.un.org/ 

• https://sdgs.un.org/goals

OpenFeature incubated as a CNCF project

 

Links from the interview

Guests:

• Johnny Horvi

• Frode Sundby

Nais

• Nais.io

• Twitter/X

• Github

NAV

JBoss

IBM Websphere

Apache Mesos

 

Links from the post-interview chat

Nais on GitHub

 

In this episode we interviewed Priyanka Saggu, Kubernetes v1.29 release lead and SIG ContribEx Tech Lead. We spoke about the release, the new features and enhancements, and more.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

 

News of the week

Kyverno completes third-party security audit

Google Deepmind Introduction to Gemini

Google launches Gemini - The Verge

Linux Foundation Newsletter: November 2023

• High Performance Software Foundation (HPSF) Founding Announcement

• App Defense Alliance joins Joint Development Foundation under the Linux Foundation

Open Source Summit North America 2023 CFP (closes January 14, 2024)

Links from the interview

Kubernetes v1.29 release information page on k8s.dev

Removals, Deprecations, and Major Changes in Kubernetes 1.29

Release Blog - Kubernetes v1.29: Mandala

Breaking changes

• KEP 2395: Removing In-Tree Cloud Providers
  (SIG Cloud Provider, Beta)

• Kubernetes v1.28 on the Kubernetes Podcast from Google - discussion of removal of in-tree storage plug-ins

Major Changes

• KEP 1287: In-Place Update of Pod Resources
  (SIG Node, Alpha)

• Support in-place Pod vertical scaling in VPA

• KEP 753: Sidecar Containers
  (SIG Node, Beta)

 

Stable

• KEP 3299: KMS v2 Improvements OR KMSv2
  (SIG Auth)

• SIG Etcd on the Kubernetes Podcast from Google

• KEP 2485: ReadWriteOncePod PersistentVolume Access Mode
  (SIG Storage, SIG Scheduling)

• KEP 727: Kubelet Resource Metrics Endpoint
  (SIG Instrumentation)

• “The Kubelet Summary API is a source of both Resource and Monitoring Metrics. Because of it’s dual purpose, it does a poor job of both.”

Beta

• KEP 2799: Reduction of Secret-based Service Account Tokens
  (SIG Auth)

Alpha

• KEP 3866: nftables kube-proxy backend
  (SIG Network)

• [KCSNA 2023] Iptables the end of an era - Dan Winship, Antonio Ojea

 

Links from the post-interview chat

 

Kaslin’s blog about “Out of Tree” Kubernetes

In this episode we interviewed Priyanka Saggu, Kubernetes v1.29 release lead and SIG ContribEx Tech Lead. We spoke about the release, the new features and enhancements, and more.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

 

News of the week

Kyverno completes third-party security audit

Google Deepmind Introduction to Gemini

Google launches Gemini - The Verge

Linux Foundation Newsletter: November 2023

• High Performance Software Foundation (HPSF) Founding Announcement

• App Defense Alliance joins Joint Development Foundation under the Linux Foundation

Open Source Summit North America 2023 CFP (closes January 14, 2024)

Links from the interview

Kubernetes v1.29 release information page on k8s.dev

Removals, Deprecations, and Major Changes in Kubernetes 1.29

Release Blog - Kubernetes v1.29: Mandala

Breaking changes

• KEP 2395: Removing In-Tree Cloud Providers
  (SIG Cloud Provider, Beta)

• Kubernetes v1.28 on the Kubernetes Podcast from Google - discussion of removal of in-tree storage plug-ins

Major Changes

• KEP 1287: In-Place Update of Pod Resources
  (SIG Node, Alpha)

• Support in-place Pod vertical scaling in VPA

• KEP 753: Sidecar Containers
  (SIG Node, Beta)

 

Stable

• KEP 3299: KMS v2 Improvements OR KMSv2
  (SIG Auth)

• SIG Etcd on the Kubernetes Podcast from Google

• KEP 2485: ReadWriteOncePod PersistentVolume Access Mode
  (SIG Storage, SIG Scheduling)

• KEP 727: Kubelet Resource Metrics Endpoint
  (SIG Instrumentation)

• “The Kubelet Summary API is a source of both Resource and Monitoring Metrics. Because of it’s dual purpose, it does a poor job of both.”

Beta

• KEP 2799: Reduction of Secret-based Service Account Tokens
  (SIG Auth)

Alpha

• KEP 3866: nftables kube-proxy backend
  (SIG Network)

• [KCSNA 2023] Iptables the end of an era - Dan Winship, Antonio Ojea

 

Links from the post-interview chat

Kaslin’s blog about “Out of Tree” Kubernetes

This episode Kaslin went to KubeCon North America In Chicago. She spoke to folks on the ground, asked them about their impressions of the conference, and collected a bunch of cool responses.

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

Google researchers discover 'Reptar,’ a new CPU vulnerability

Reptar by Tavis Ormandy

Tim Hockin: Kubernetes Needs a Complexity Budget

Kubernetes' Tim Hockin on a decade of dominance and the future of AI in open source 

Keynote: A Vision for Vision - Kubernetes in Its Second Decade - Tim Hockin

Open and Secure: A Manual for Practicing Thread Modeling to Assess and Fortify Open Source and Security

Announcing our latest book release: a comprehensive security guide to assess and fortify open source security

Links from the interview

CNCF LLM Starter Pack

Crossplane

Web Assembly

Intro to Kubernetes Gateway API

Links from the post-interview chat

 SIG ContribEx Comms Team Rap by Bart Farrell

Jesper Larsson is a Freelance PenTester. Jesper works with a hacker community called Cure53. Co-organizes SecurityFest in Gothenburg, Sweden. Hosts Säkerhetspodcasten or The Security Podcast. Jesper is also a Star on Hackad, a Swedish TV Series about hacking.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

 

News of the week

Kubernetes Removals, Deprecations, and Major Changes in Kubernetes 1.29

Introducing SIG etcd

etcd, with Marek Siarkowicz and Wenjia Zhang (The Kubernetes Podcast from Google)

WebAssembly (WASM) and OpenShift: A Powerful Duo for Modern Applications

Linux Foundation Events

Pass the torch in ContribEx #7603

Links from the interview

Cure53 Hacker Community

Säkerhetspodcasten

Hackad TV Show on IMDB

SecurityFest Gothenburg

Falco by Sysdig

Wolfi by Chainguard

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Links from the post-interview chat

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:

* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs

* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing

* And more recently securing SPIFFE-based machine identities via hardware attestation.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

 

Links from the interview

Confidential Computing Blog from kubernetes.io

Confidential Computing Consortium

Confidential Computing Whitepaper

Intel SGX Enclave

Swap Memory with Kubernetes in Beta in 1.28

Hardware Security Modules

Trusted Platform Modules (TPM)

Envelope Encryption

Confidential Computing Concepts - Confidential Virtual Machine

AMD Secure Encrypted Virtualization (AMD SEV)

AMD Secure Encrypted Virtualization - Secure Nested Paging (AMD SEV SNP)

Trusted Computing Base (TCB)

Remote Attestation

Confidentiality, Integrity, and Availability: The CIA Triad

Intel SGX Enclaves

Confidential Containers (CoCo)

Katacontainers

AWS Firecracker

 

Guests are Marek Siarkowicz , Senior Software Engineer in Google Cloud, Tech Lead of SIG-etcd   AND Wenjia Zhang, Engineering Manager in Google Cloud, Co-Chair of SIG-etcd, Google. We spoke about the project, the recent change to become a Special Interest Group and how to learn etcd.

 

Do you have something cool to share? Some questions? Let us know:

- web: kubernetespodcast.com

- mail: kubernetespodcast@google.com

- twitter: @kubernetespod

News of the week

Co-host this week is Mofi Rahman [X, LinkedIn]. Cloud Developer Advocate at Google

Karpenter graduated to Beta

The Kubernetes SIG Network announced release 1.0 of the Gateway API

Ingress2gateway new CLI to migrate from Ingress to Gateway

The Call for Proposals for KubeCon EU 2024 will close on Nov 26, 2023

Links from the interview

etcd

Meaning of etcd

etcd history from CoreOs

Raft paper

On the Hunt for Etcd Data Inconsistencies by Marek Siarkowicz - [youtube]

Lessons Learned From Etcd the Data Inconsistency Issues by Marek Siarkowicz - [youtube]

The first pancake rule

etcd as a Kubernetes sig

The Case for SIG-ifying etcd

CNCF Contributor License Agreements (CLA)

Kubernetes Prow

Contributor Experience Special Interest Group

Kubernetes Watch

Go Serialization and Deserialization

Cilium with external etcd

Certified Kubernetes Administrator

etcd mentorship program

etcd @kubecon NA 2023

Links from the post-interview chat

Kubernetes considerations for large clusters

Operating etcd clusters for Kubernetes

Kueue

etcd on the podcast

The Heartbleed Bug

XKCD meme about dependency