PodCTL – Enterprise Kubernetes

SHOW: 64

SHOW OVERVIEW: Brian talks with Burr Sutter (@BurrSutter, Director Developer Experience @RedHat) about Project Quarkus (@QuarkusIO), Supersonic Subatomic Java for Kubernetes-native application development. 

SHOW NOTES:

• Try OpenShift 4 - http://try.openshift.com
• Learn OpenShift for FREE (Knative, Istio, Operators, etc.) - http://learn.openshift.com
• Burr Sutter YouTube Channel - https://www.youtube.com/user/burrsutter
• Java inside Docker - https://developers.redhat.com/blog/2017/03/14/java-inside-docker/
• Introducing Project Quarkus - https://developers.redhat.com/blog/2019/03/07/quarkus-next-generation-kubernetes-native-java-framework/
• Quarkus Homepage - https://quarkus.io/
• GraalVM - https://www.graalvm.org/
• Burr's Istio Tutorial - http://bit.ly/istio-tutorial
• Burr's Knative Tutorial - http://bit.ly/knative-tutorial
  
  

SHOW TOPICS:

Topic 1 - Welcome to the show. Tell us a little bit about your world and how it intersects Kubernetes, Developers and Cloud-native application development. 

Topic 2 - Today we’re going to talk about Java and containers. Before we get into the new technologies, let’s talk about what the world of Java in containers (and Kubernetes) looks like today - especially the challenges and tradeoffs from the Java EE world to Kubernetes. (see: “Kubernetes as the New Application Server”, Eps.55 on PodCTL)

Topic 3 - Please introduce us to Project Quarkus. 

• Unifies Imperative and Reactive development models
• Involves both GraalVM and HotSpot
• Fast startup times
• Low memory requirements
• Smaller application and container image footprint 

Topic 4 - So for the Kubernetes or container person, how does this change things? It’s still Java/Quarkus in the container, but it is the smaller/faster aspect that’s interesting, or better interaction with the native Kubernetes patterns?

Topic 5 - What does this mean for today’s Java developer in terms of learning new capabilities or reusing any existing stacks or frameworks? (Eclipse MicroProfile, JPA/Hibernate, JAX-RS/RESTEasy, Eclipse Vert.x, Netty, and more.

Topic 6 - What’s the best way for developers to get the technology or engage with other developers/community around questions? 

Feedback?
Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 63

Show Overview: Brian talks with Carlisia Pinto (@carlisia, Sr. Member of Technical Staff at VMware, OSS Maintainer of Project Velero) about Project Velero (formerly “Ark”), and backing up and migrating applications on Kubernetes. 

Show Notes:

• Try OpenShift 4 - http://try.openshift.com
• Project Velero - https://github.com/heptio/velero
• Repository for Velero community meetings - https://github.com/heptio/velero-community
• Slack Group https://kubernetes.slack.com/messages/C6VCGP4MT
• Twitter - https://twitter.com/projectvelero
• Google group - https://groups.google.com/forum/#!forum/projectvelero
• Velero 0.11 released - https://blogs.vmware.com/cloudnative/2019/02/28/velero-v0-11-delivers-an-open-source-tool-to-back-up-and-migrate-kubernetes-clusters/
• [Blog] Velero with Restic and Rook-Ceph - https://blog.kubernauts.io/backup-and-restore-of-kubernetes-applications-using-heptios-velero-with-restic-and-rook-ceph-as-2e8df15b1487

Show Topics:

Topic 1 - Welcome to the show. Tell us about your background and how you got involved in Project Velero.

Topic 2 - Let’s talk about the Velero Project, which was recently renamed from “Ark”. [From GitHub] “Velero gives you tools to backup and restore your Kubernetes cluster resources and persistent volumes.” It got started in 2017 by engineers at Heptio. Help us understand the scope of the project (backup/recovery, disaster recovery, other).

Topic 3 - Tell us about the architecture behind Velero. 

• Take backups of your cluster and restore in case of loss.
• Copy cluster resources to other clusters.
• Replicate your production environment for development and testing environments.

Topic 4 - Right now it appears that all the “Compatible Storage Provider” targets are public cloud storage services. Is there a framework to allow other storage services to be plugged into Velero?  

Topic 5 - If people want to get involved in Velero, is there a roadmap of things that are coming in future releases, or a wishlist of things that the project would like to see people focus on? 

Feedback?
Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 62

Show Overview: Brian talks with Fabian von Feilitzsch (@fabianismus, Sr. Software Engineer at RedHat) and Shawn Hurley (@shawn_hurIey, Sr. Software Engineer at Red Hat) about Ansible Operators, how they work with Ansible Playbook, on-platform and off-platform usage, and examples to help people learn the new Kubernetes technology.

Show Notes:

• Try OpenShift 4 - http://try.openshift.com
• Ansible Operator (GitHub) - https://github.com/operator-framework/operator-sdk/blob/master/doc/proposals/ansible-operator.md
• Ansible Operator - What is it? - https://www.ansible.com/blog/ansible-operator
• An Introduction to Ansible Operators - https://opensource.com/article/18/10/ansible-operators-kubernetes
• Learn Ansible Operators - https://learn.openshift.com/ansibleop/ansible-operator-overview/
• Sample Ansible Operator (from Fabian) - https://github.com/fabianvf/jellyfin-operator

Show Topics:

Topic 1 - There are multiple types of operators: Go, Ansible, Helm. What are the basic things that the Ansible Operator does - in the context of the Operator Framework?

Topic 2 - Are there some basic things that an existing Ansible Playbook should have in order to easily fit into an Ansible Operator? 

Topic 3 - Will Ansible Operator mostly be targeting applications that are automated via Ansible Playbooks, or is it also applicable to infrastructure or security-related playbooks?

Topic 4 - How does an Ansible Operator interact with Ansible Tower, or how due those two worlds co-exist (or not)?

Topic 5 - Are there examples today of Ansible Operators that people can look at or try out? 

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 61

Show Overview: Brian talks with Clayton Coleman (@smarterclayton) and Derek Carr (@derekwaynecarr), Technical Leads of Red Hat OpenShift, about the upcoming architectural changes in version 4.

Show Notes:

• Try OpenShift 4 - http://try.openshift.com
• OpenShift 4 - Features, Functions, Future (Commons Gathering KubeCon 2018) - https://www.youtube.com/watch?v=-xJIvBpvEeE
• The Modern Software Platform - https://blog.openshift.com/the-modern-software-platform/

Topic 1 - Welcome back to the show. Let’s talk about some of the architectural concepts that will exist in OpenShift 4, and why decisions were made.

Topic 2 - OpenShift has always been a flexible/composable/modular platform. How does that evolve in OpenShift 4 (e.g. Operators, Platform + OS, etc.)? 

Topic 3 - OpenShift has evolved since the early 3.x days, when a lot of necessary things weren’t “Kubernetes embedded” (install/upgrade tools, monitoring, scanning, visualization of resources, etc.). OpenShift has been moving to adopt the Kubernetes native elements as they mature (e.g. Prometheus). Can you talk about some of the new Kubernetes native capabilities coming in OpenShift 4 that people should start looking into? (e.g. CRI-O, Cluster-Version-Operator, Machine APIs)

Topic 4 - Let’s come back to the discussion of Operators. We heard alot about Operators for applications (e.g. databases), but are there uses for Operators for things that would be considered more platform-centric (e.g. storage, logging, service mesh, etc.)?

Topic 5 - There are some things happening in the public cloud that make it easier to manage nodes and scaling of nodes. Any interesting stuff coming to OpenShift 4 to help make those elements easier to manage? 

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 60

Show Overview: Brian and new co-host John Osborne (@OpenShiftFed) discuss policies in and around Kubernetes.

Show Notes:

• Try OpenShift 4 - http://try.openshift.com
• OpenShift in Action - https://www.manning.com/books/openshift-in-action
• Kubernetes Policies - https://kubernetes.io/docs/concepts/policy/
• Kubernetes SIGs and Working Groups - https://github.com/kubernetes/community/blob/master/sig-list.md
• Open Policy Agent - https://www.openpolicyagent.org/

Topic 1 - Welcome John Osborne to the show. Let’s talk about your background. 

Topic 2 - We decided to discuss “policy” in Kubernetes. Where do you usually find that discussion begins. If I were to do a Google search, the Kubernetes site highlights “Pod Security Policies” and “Quotas”. 

Topic 3 - What types of tools do you see in production being used to apply and track policy within Kubernetes environments? 

Topic 4 - Grafaes and Kritis are often discussed around policy for “securing Kubernetes software supply chain”. Are these types of projects focused on Kubernetes as a platform, or applications running on Kubernetes, with more of a focus on the CI/CD and Testing pipelines?

Topic 5 - There is a newer framework that’s starting to emerge, called “Open Policy Agent”. What are some of the things that it is focused on? 

Topic 6 - Are there communities within Kubernetes that are focused on policy, if people want to follow discussions or contribute to projects? 

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 59

Overview: Brian Gracely is back as the host of PodCTL for 2019, with some news about changes and improvements to the show.

Show Notes: 

• OpenShift 4 Preview
• PodCTL.com - New PodCTL Website

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://PodCTL.com

Show: 58

Show Overview: Brian and Tyler talk about the announcements, trends and highlights from KubeCon and CloudNativeCon Seattle 2018.

Show Notes: 

• OpenShift 4 Preview
• Etcd Donated to CNCF
• Envoy Graduates in CNCF
• Heptio acquired for $550M
• CNCF Project Health

Trends: 

• From 1500 people (2016) to 8000 people (2018) 
• Less focus on Kubernetes, more focus up the stack (Istio, Knative)
• Many companies focused on developer tools - Atomist, Pulumi, Windmill, Microsoft

Other Tidbits: 

• AWS published an ECS, EKS, Fargate Roadmap - https://github.com/aws/containers-roadmap/

Announcements:

• A list of KubeCon 2018 Seattle Announcements 
• All the Slides and Videos from KubeCon 2018 (Seattle)

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 57

Show Overview: Brian and Tyler talk about a significant security bug in Kubernetes, the recently announced Kubernetes 1.13 release, and the upcoming KubeCon event in Seattle.

Show Notes: 

• Kubernetes Privilege Escalation Flaw  - https://www.redhat.com/en/blog/kubernetes-privilege-escalation-flaw-innovation-still-needs-it-security-expertise
• Kubernetes 1.13 Release Announcement - https://kubernetes.io/blog/2018/12/03/kubernetes-1-13-release-announcement/
• What’s new in Kubernetes 1.13 - https://coreos.com/blog/whats-new-kubernetes-113
• OpenShift Commons Gathering Seattle (preview)- https://blog.openshift.com/openshift-commons-gathering-preview-your-personal-prelude-to-kubecon-seattle/

Kubernetes 1.13 Features

• Kubeadm is now GA
• CSI (Container Storage Interface) is now GA
• Core-DNS is now GA, replacing kube-dns (as default)
• Alpha - support for device monitoring plugins
• Stable - Kubelet Device Plugin Registration
• Stable - Topology Aware Volume Scheduling
• Beta - APIServer DryRun
• Beta - Kubectl Diff
• Beta - Raw Block Device with Persistent Volume

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 56

Show Overview: Brian and Tyler talk with Mike Kostersitz, (@huskyat, Principal Program Manager (@huskyat) in Core Networking for Microsoft) about the basics of Windows containers, the differences between Linux and Windows containers, considerations for deployments, commons questions about Windows containers and the interaction between Red Hat and Microsoft Kubernetes engineering.  

Show Notes: 

• Managing Windows containers with Red Hat OpenShift Container Platform - Part I of Blog Series
• About Windows Containers 
• OpenShift in Azure
• Why Red Hat and Microsoft are Bringing Managed OpenShift to Azure

Topic 1 - From a Windows perspective (OS, Application), talk us through how you typically explain Windows Containers to other people? What are some of the important technologies, or changes to Windows?

Topic 2 - If someone has a Windows (.NET) application today, how would they go about getting into a Container/Kubernetes environment today, and in the near future?

Topic 3 - What are you finding is different between Kubernetes with Linux containers, and Kubernetes with Windows containers?

Topic 4 - You're in the process of writing a series of blogs about OpenShift + Windows containers. You've been working with both the Microsoft and Red Hat teams in getting this supported with OpenShift. What are some of the things you're seeing either Developer Preview customers? 

Topic 5 - What are some of the questions that you're getting from people interested in Windows Containers and Kubernetes? (normal and unusual)

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 55

Overview: Brian and Tyler talk about how existing application developers and PlatformOps teams can map existing applications and framework services into a more distributed set of services that run in containers on Kubernetes and OpenShift. 

Show Notes: 

• Why Kubernetes is the New Application Server (blog)
• Kubernetes: Your Next Java Application Server (video and demo from @burrsutter)

We mentioned last week that we’re moving into the 3rd Era of Kubernetes (automated ops, automated apps), with the 2nd Era being about getting a broader set of applications on Kubernetes. Today we thought we’d talk about some design patterns, especially for anyone that’s transitioning from existing applications, and how some of those concepts map to the evolving Kubernetes eco-system.

Topic 1 - At the core of this statement about “Kubernetes is the New Application Server” is three things: 

1. Some explanation about why containers are a useful packaging mechanism to avoid the difference between developer environments and production environments (package dependencies, etc.)
2. How to mentally map between the more monolithic frameworks that are widely used today, and more distributed concepts that align more with Kubernetes and containers.
3. Even within a language like Java, there are now variants (JakartaEE, Microprofile, Node, SpringBoot, etc.) and developers might not want to embed all functionality within the application, if it can be offloaded to platform services.

Topic 2 - It walks through the 10 elements that either map to Kubernetes, an OpenShift service, or emerging functionality in Istio (or maybe Knative)

1. Discover (Service Discovery)
2. Invocation of the Application
3. Elasticity / Scaling
4. Resilience
5. CI/CD Pipeline Integration
6. Authentication
7. Logging
8. API Mgmt and Integrations

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 54

Overview: Brian and Tyler talk about how well the industry has created or evolved Kubernetes-Native platforms and services. 

Show Notes:

Topic 1 - We’re more than 3yrs into Kubernetes, and almost at the 2yr anniversary of the 1st big CloudNativeCon / KubeCon in Seattle (we’ll be back again this year). So let’s ask a big question - how has the industry evolved to actually deliver Kubernetes-Native?

Topic 2 - What is Kubernetes-Native? 

• Is it specific to containers?
• Is it specific to Kubernetes scheduling?
• Is it specific to Kubernetes extensibility?

Topic 3 - Was reading a report recently that separated the concepts of DevOps from PlatformOps. We know Developers experiences and expectations are never the same and always evolving. But should the PlatformOps side of things be standardizing on something Kubernetes-native? 

Topic 4 - What are some of the common things you’ve seen in the Kubernetes community (products, platforms, services) that have gained some traction, but aren’t really aligned to Kubernetes? 

• Most Developer Frameworks
• CI/CD Pipelines
• Storage (CSI framework)
• ITIL Processes

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Show: 53

Show Overview: Brian and Tyler talk about how companies rationalize a Buy (or consume) vs Build decision for a Kubernetes platform or service.

Show Notes:

This show is somewhat free form, but it ultimately started with a listener question that asked:

"We run an internal Kubernetes platform in our centralized IT group, but some other developer groups also run their own Kubernetes platform. How do we convince them, or our management team, to bring other groups onto our platform to be both more cost effective and more collaborative with developers?"

• How do we rationalize having one vs multiple platforms (cost, support, feature differences)?
• How do we communicate to internal groups about the capabilities of an internal platform?
• How do we stop thinking like an IT group and start thinking like a product team?
• How do we measure success of the platform?

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://blog.openshift.com, search #PodCTL

Show: 52

Overview: Brian and Tyler talk about updates to OpenShift 3.11, including new Operations Console, integrated Prometheus monitoring and Grafana graphing and supported Operators on OpenShift. They also discuss the introduction of OpenShift Container Engine (OCE)

Show Notes:

• Red Hat OpenShift Container Platform 3.11 is GA
• OpenShift Container Engine (announcement)
• Kubernetes Operators & Operator Framework
• Kubernetes Operators with Helm
• 3.11 - Cluster Monitoring, dashboards, alerting
• 3.11 - Event Feeds, Node & object introspection
• 3.11 - Access Control, auditing, Role impersonation

Topic 1 - CoreOS integration into OpenShift (admin dash, operators, etc)
Topic 2 - New Cluster Console and Administrator Dashboard
Topic 3 - Integrated Prometheus Metrics and Alerts
Topic 4 - Kubernetes Operator Previews and ISV Operators
Topic 5 - A discussion of OpenShift Container Engine (OCE)

Feedback?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://blog.openshift.com, search #PodCTL

Show: 51

Show Overview: Brian and Tyler talk about updates to Kubernetes v1.12
 
Show Notes:

• Kubernetes 1.12 Updates (Official Kubernetes blog)
• What’s new in Kubernetes 1.12 (Red Hat CoreOS blog)
• OpenShift Commons Briefing on October 4 at 9 AM PT to discuss Kubernetes 1.12
• Operator Framework

Topic 1 - Kubelet TLS Bootstrap moves to GA - simplify how nodes are securely added/removed into a cluster. As an add-on,  server certificate rotation functionality moves into beta, and this will be tied in with Cluster Operators and Application Operators.

Topic 2 - Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is Now Stable

Topic 3 - On the network security front, two NetworkPolicy components graduate to GA: egress and ipBlock.

Topic 4 - Multi-Tenancy: In this release comes the ability to support priority on the various resource quotas via the new ResourceQuotaScopeSelector feature. This enhances the existing priority and preemption feature that was delivered in Kubernetes 1.11.

Topic 5 - CSI now supports the notion of topology awareness and this functionality moves to beta in Kubernetes 1.12. What this means is that stateful workloads can now have a conceptual understanding of where storage resources live, whether it be a rack, datacenter, availability zone, or region.

Topic 6 - Kubectl Plugins: With kubectl plugins, developers can engineer extensions to kubectl, which accommodate their administration scenarios, while not being baked into the core kubectl codebase. This is going to allow teams to develop and deliver kubectl functionality faster and in a more consistent manner. (example: OpenShift “oc commands”) Topic 7 - Let’s discuss the upgrading process of Kubernetes (again).

Other noteworthy features:

• Snapshot / restore functionality for Kubernetes and CSI is being introduced as an alpha feature. This provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers. 
• Improvements that will allow the Horizontal Pod Autoscaler to reach proper size faster are moving to beta. 
• Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create). 
• Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd.

 Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 50

Show Overview: Brian and Tyler answer questions from podcast listeners, about big data and analytics, application deployments, routing security, and storage deployment models.

Show Notes:

• Spark and Analytics
• Jupyter Notebooks
• Packaging Applications on Kubernetes (PodCTL #37)

Topic 1 - From David - Is it possible to do a show about running Spark, Jupyter notebooks and analytical workloads on k8s?

Topic 2 - From Matthew - it would be interesting to hear your thoughts for how apps will be deployed and maintained in the future of OpenShift/kubernetes (covered in Eps.37 in late May).

Topic 3 - From Will - One thing I would still like to know about is how people secure their running kubernetes deployments.  Are people generally just exposing their ingress nodes to the open internet, or is it more complicated than that? I'm familiar with Nginx/Apache and modsecurity, and saw that OpenShift recently started supporting Nginx as ingress, and would like to know if anybody is using that as a WAF.

Topic 4 - From Walid - What storage available options are available for production use cases? and what diverse use cases are out there? e.g. stateful mostly,  how about trends in machine learning/AI, Big Data workloads not the conventional K8s workloads!

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 49

Show Overview: In a joint show between The Cloudcast and PodCTL, Brian and Tyler talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments.
 
Show Notes:

• Twistlock Website
• Securing Istio and Kubernetes
• Making Istio Security Layer Easier to Monitor
• Service Mesh Tutorials

Topic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company.

Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does.

Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture.

Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod?

Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 48

Show Overview: Brian and Tyler try and clarify some confusion about how much patching is still involved when moving from Virtualization to Containers.
 
Show Notes:

Lots of confusion about how to manage patching of VMs vs. Containers.

Topic 1 - What do I have to patch in a VM-centric environment? Who is typically responsible for that patching?

• Host OS 
• Hypervisor
• Guest OS 
• Application Stack

Topic 2 - What do I have to patch in a Container-centric environment? Who is typically responsible for that patching?

• Host OS 
• Container Layer
• Application Stack

Topic 3 - Is it possible to quantify the difference between the amount of patching that’s needed?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 47

Show Overview: Brian and Tyler talk about how the day-to-day tasks of a VM Admin would change if they adopted Containers in their environment.
 
Show Notes:

Let’s put ourselves in the shoes of a virtualization admin. How would we transition their day-to-day activities from VMs to Containers?

Topic 1 - What does the virtualization infrastructure/platform vs. container infrastructure/platform consist of?

• Control Plane 
• Content Repository
• Data Plane (Hosts, OS, Apps) 
• Networking, Storage, Management, Logging, Monitoring

Topic 2 - How do we get an application onto each platform, and how are resources provisioned?

• Network 
• Storage  
• Security 
• Backups 
• What is automated (by default vs. tooling) 
• Availability (models)

Topic 3 - Who is responsible for the different aspects of the application once it’s running?

Topic 4 - What are the biggest differences or misperceptions between the environments?

• Stateful vs. Stateless apps 
• Automated (integrated) vs. Manual tasks 
• Patching

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 46

Show Overview: Brian and Tyler talk with Steve Gordon (@xsgrodon, Principal Product Manager @RedHat) about the intersection of containers, Kubernetes and virtual machines with the KubeVirt project and Container Native Virtualization.

Show Notes:

• KubeVirt - Building a Virtualized API for Kubernetes
• Kubevirt-dev Google Group
• #virtualization on Slack
• #kubevirt on IRC
• Intro to Container Native Virtualization (CNV)
• CNV Demo - Red Hat Summit

Topic 1 - Welcome to the show. Tell us about some of the areas you’re focused on these days.

Topic 2 - Let’s talk about some of the basics of KubeVirt. How does it work? What problem is this trying to solve?

Topic 3 - What are some of the technical challenges that have to be overcome for Kubernetes to understand how to deal with virtual machines?

Topic 4 - Looking at the project today, what are some of the things that are possible, and what are some of the goals to add over the next 6 or 12 months?

Topic 5 - What has been the feedback you’ve heard from companies as you’ve introduced them to KubeVirt and CNV?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 45

Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects.
 
Show Notes:

• Twistlock $33M in Funding - Container Security
• Project Clair - Vulnerability Scanning
• Quay Container Registry
• Red Hat OpenShift Registry

Topic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?

• Serves and stores container images 
• Has a storage backend that should be replicated (somewhere) - usually Object or NFS 
• May have the ability to scan images for vulnerabilities or digitally sign image

Topic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?

Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?

Topic 4 - What sort of design considerations should architects consider for the container registry?

• Where is it physically located? 
• How to handle redundancy or replication? 
• How to scope out performance? 
• Multi-Tenancy or Groups?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 44

Show Overview: Brian and Tyler talk about how Kubernetes has evolved over the last three years, from the community to the technology to new things coming down the road.

Show Notes:

Kubernetes 3rd Anniversary

Topic 1 - Let’s start with people and community. How have you seen the Kubernetes community evolve over the past 3 years? What’s working well, and where have there been struggles?
Topic 2 - Technology-wise, where would you place the highlights for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.
Topic 3 - Technology-wise, where would you place the challenges for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.
Topic 4 - There seems to be a new chorus of pushback on Kubernetes, around the complexity of managing complex environments (e.g. DR for Stateful apps) and the serverless fans. Do you see this as a problem, a distraction, or valid criticisms?
Topic 5 - What do you see making a lot of headlines vs. being the important things for end-users to focus on for the next year?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 43

Show Overview: Brian and Tyler talk about Kubernetes 3rd Anniversary, Istio, Knative, and the Kubernetes-related announcements from GoogleNEXT2018.

Show Notes:

Kubernetes 3rd Anniversary 

Google Cloud Services Platform (GCSP) - Hybrid and Multi-cloud application development stack, built on Kubernetes and Istio - custom-configured, enterprise-hardened, and delivered by Google.

GKE On-Prem - A core component of CSP, with GKE On-Prem, customers get the Google Kubernetes Engine (GKE) experience in their data center.  The first private cloud option for deployment is vSphere 6.5 in alpha release this fall and Google will continue to look at the hardware and other virtualization environments.  In a parallel statement, Cisco Hybrid Cloud for Google Cloud will be the first GKE-certified hybrid cloud platform, although any direct relationship to GKE On-prem is unclear.

Project Knative - (Knative on Github) it provides fundamental building blocks for serverless workloads in Kubernetes, empowering the creation of modern, container-based and cloud-native applications which can be deployed anywhere on Kubernetes. OpenShift + Knative (blog).

Istio 1.0 - Istio service mesh is now version 1.0, and available as a managed add-on to GKE, as well as being integrated into Google Stackdriver. PodCTL #23 - Microservices with Istio

Google Cloud Platform Marketplace (pre-announced) - Marketplace of packaged applications to run on GCP and Google Cloud services (e.g. Kubernetes) 

GKE Serverless Containers Add-On - Similar to AWS Fargate, Google announced an early-trial serverless infrastructure option to GKE , simplifying infrastructure operations management. 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 41

Show Overview: Brian and Tyler talk about the new Kubernetes 1.11 release, the new features and capabilities.
 
Show Notes:

• Kubernetes 1.11 Release
• Kubernetes 1.11 - Custom Resources, Pod Priority & Preemption, and more
• Kubernetes Ramps Up Custom Resource Definitions

Topic 1 - Let’s review for anybody that’s a new listener how the Kubernetes community identifies the maturity level of features and how they should consider interpreting those classifications.

Topic 2 - Kubernetes release usually have a few new GA features, and then lots of Beta or Tech Preview features. What were the highlights of this release for you, or some of the core areas you suggest people focus on?

Topic 3 - Let’s walk through some of the most mentioned capabilities:

• IPVS-Based In-Cluster Service Load Balancing Graduates to General Availability 
• CoreDNS Promoted to General Availability
• Dynamic Kubelet Configuration Moves to Beta 
• Custom Resource Definitions Can Now Define Multiple Versions 
• Resizing Persistent Volumes using Kubernetes

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 41

Show Overview: Brian and Tyler talk about a number of data surveys that have recently been published about container usage, Kubernetes usage, and several other cloud trends.

Show Notes:

• Cloudability “State of Cloud (2018)”
• DataDog - “Surprising Facts about Real Docker Adoption”
• Digital Ocean “Currents” (June 2018)
• CNCF Survey (June 2018)

Topic 1 - Lots of differences between these surveys, both in methodology and results:

• Does the data come from surveys or actual monitoring? 
• How do they classify various technologies (by project, by vendor, by cloud service, by both)? 
• Do they include usage-based details?

Topic 2 - Would you prefer to see more vendor-usage data in these reports, or is it OK to just have generic usage data? Right now it’s sort of a mixed bag

Topic 3 - It’s (usually) never clear who is running these container environments. We see some survey data targeting developers, but not all of them explain (or know) which groups are running the container environments vs. consuming services.

Topic 4 - It’s interesting that none of these surveys highlight the location of companies/customers/users, since we know that certain geographic pockets of the world have very different usage behaviors than others.

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 40

Show Overview: Brian and Tyler talk with Erik Jacobs (@ErikonOpen, Principal Technical Marketing Manager, Red Hat OpenShift) about designing, deploying and teaching the OpenShift/Kubernetes roadshows for Developers and Operators.
 
Show Notes:

• Red Hat OpenShift Roadshow
• Labs (source code)
• OpenShift Guides (source code)
• Workshops in Katacoda
• Infrastructure/Ops Labs

Topic 1 - Welcome to the show. Tell us a little bit about your background, as well as some of your focus areas at Red Hat.

Topic 2 - You work on lots of different things, but today we wanted to talk about the technical roadshows. They are hands-on environments, which cater to both Developers and Operators. Give us some of the background of how these get pulled together.

Topic 3 - Are there ways that people could replicate these environments, or the labs/trainings on their own?

Topic 4 - What types of things can you teach developers in a day?

Topic 5 - What types of things can you teach operators in a day?

Topic 6 - What other resources do you suggest people use outside of these events?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 39

Show Overview: Brian and Tyler talk about the latest news from the Kubernetes community, the difference between CI and CD, and various considerations for integrating CI/CD environments with Kubernetes.

Show Notes:

• OpenShift Pipeines
• Jenkins Kubernetes
• Jenkins X
• Spinnaker
• CircleCI
• TravisCI
• GitOps - Operations by Pull Request
• Cloud Native Landscape 2.0 (Interactive)

Topic 1 - One of our listeners asked if we would CI / CD in the content of Kubernetes, so we thought we’d go through some of the basics and some of the options. First of all, we always say ‘CI/CD’ but what is Continuous Integration, what is Continuous Delivery and what’s the difference?

Topic 2 - What do all these different tools do?

Topic 3 - Is there an approved Kubernetes CI/CD tool, or model? 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 38

Show Overview: Brian and Tyler talk some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes.
 
Show Notes:

• Learn Kubernetes
• Learn OpenShift
• Learn Containers (with Docker)
• Learn Containers (without Docker)
• Learn Prometheus

Show Premise:
Kubernetes community now has 10 releases (2.5yrs) of software and experience. We just finished KubeCon and Red Hat Summit and we heard lots of companies talk about their deployments and journeys. But many of them took a while (12-18) months to get to where they are today. This feels like the “early adopters” and we’re beginning to get to the “crossing the chasm” part of the market. So thought we’d discuss some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes.
 
Topic 1 - What are the core skills needed for a team that manages/runs/interacts with a Kubernetes environment?

• Ops Skills 
• Dev Skills 
• Compliance Skills / Security Skills

Topic 2 - What has significantly changed in the Kubernetes world since 2015/16 to today that people should consider taking advantage of?

• Persistence 
• Immutability 
• Operators 
• Native tools vs. Config Mgmt tools 
• Storage

Topic 3 - What do you consider “still hard” and should probably justify more early effort?

• Security? 
• Storage? 
• Monitoring? 
• Being overly precise about capacity planning?

Topic 4 - What patterns have you seen from successful deployments and customer behaviors?
 
Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 37

Show Overview: Brian and Tyler talk about the many ways to deploy an application onto a Kubernetes cluster, from the perspective of Devs and Ops.
 
Listener Question (Matthew):
"I was interested to know if you guys could talk a little more about the relationship between":

• OpenShift templates 
• Helm templates 
• CoreOS Operators

Show Notes:

• PodCTL Basics - How to Containerize an Application
• PodCTL #10 - Service Broker all the Things
• PodCTL #22 - Highway to Helm
• PodCTL #33 - Operator Framework
• PodCTL #28 - Roles & Personas
• PodCTL #24 - Blurred Lines between Applications and Containers 
• CNCF 2020 Vision (Alexis Richardson)
• Draft vs. GitKube vs ksonnet vs Metaparticle vs. Skaffold
• Kubernetes: Where Helm and Related Tools Sit

Topic 1 - Let’s start with the basics. Can you please briefly tell the audience how to deploy an application to Kubernetes?

Topic 2 - Let’s discuss that complexity in the context of this specific question, as I believe it’ll help us frame out the rest of the conversation.

Topic 3 - Why do we have so many different ways to deploy things to Kubernetes, and also from Kubernetes?

• Developer Requirements 
• Operations Requirements 
• On-Platform Requirements 
• Off-Platform Requirements

Topic 4 - Let’s talk about where the Developer experience should exist and why that’s likely not one specific place.

• Brigade
• Draft 
• GitKube 
• Ksonnet 
• OpenShift ODO
• Skaffold 
• Many others... 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 36

Show Overview: Brian and Tyler talk about the role (pros & cons) of VMs in isolation and security, as well as the broader context of security for containerized applications.

Show Notes:

• [Red Hat] 10 Layers of Container Security
• [Google] Exploring Container Security - An Overview
• [Google] Exploring Container Security Isolation at Different Layers
• [Google] gVisor
• Jess Frazelle “Hard Multi-Tenancy in Kubernetes”
• Jess Frazelle “Security and Echo Chambers”
• Kubevirt and Container-native Virtualization

Topic 1 - Let’s start with the basics. Can you please tell the audience the one command to run to make all containers secure?

Topic 2 - This past week (or 2 weeks) has been a good reminder that there are certain patterns that repeat themselves in emerging technologies and open source:  hype (cool demo), binary claims of market dominance and destruction of previous technology (containers vs. VMs), buzzwords of simplicity which go against decades of experience, and then the realities of production environments.

Topic 3 - Let’s talk about where VMs provide value in a container environment, and realities of VMs that people should be aware of in production and in multi-cloud environments.

Topic 4 - Let’s talk briefly about a few of the recent announcements in this space (e.g. gVisor, CNV, etc.)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 35

Show Overview: Brian and Tyler review the Kubernetes news coming out of Cloud Foundry Summit, KubeCon and Red Hat Summit. Lots of things to talk about.
 
Cloud Foundry Summit

• Attendance: 1500
• Fragmentation of the Container Orchestrator within the Cloud Foundry community - SUSE, IBM and SAP endorse Kubernetes, Pivotal still supporting Diego

KubeCon / CloudNativeCon (all videos)

• Attendance: 4300
• PaaS is now “GitOps” 
• Don’t run containers as root 
• Operator Framework
• Serverless v0.1 events spec is updated
• Many new container runtimes options - Google gVisor 
  
  

Red Hat Summit (all videos)

• OpenShift Commons Gathering (Attendance: 700+ - all videos)
• Attendance: 7000+ 
• CoreOS + OpenShift Converged Kubernetes platform (PodCTL#34)
• OpenShift + Istio 
• OpenShift + Cloud Functions (via OpenWhisk) 
• Red Hat + IBM announcement
• Red Hat + Microsoft announcement

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 34

Show Overview: Brian and Tyler talk with Joe Fernandes (@joefern1, Sr. Director Product Management @OpenShift) and Reza Shafii (@rezaloo, Sr. Director Product Management @OpenShift, formerly @CoreOS) about the CoreOS acquisition and transition, how CoreOS technologies are being integrated into Red Hat platforms, new capabilities for OpenShift, updates on Operators, updates on Container Linux and updates on Quay.

Show Notes:

• Red Hat Unveils Roadmap for CoreOS Integration with Red Hat OpenShift
• Red Hat Brings Cloud-Native Capabilities to Software Partner Ecosystem with Kubernetes Operators
• http://podctl.comBringing CoreOS technology to Red Hat OpenShift to deliver a next-generation automated Kubernetes platform
• PodCTL #33 - Operators Framework

Topic 1 - Welcome to the show, both of you. Before we get to the announcements and roadmap, let’s do quick introductions and maybe tell us how things have been going since the acquisition of CoreOS was announced at the end of January.

Topic 2 - What have been the core focus areas since the acquisition, both near-term and longer-term? Both in terms of Platforms (OpenShift/Tectonic) and OS (RHEL/Atomic/Container Linux)

Topic 3 - What are the announcements coming out this week, related to the Kubernetes platform? What timelines are important for these announcements?

• Operators as a community project (also see PodCTL #33)
• Operators for OpenShift 
• Operators for ISVs 
• Full Stack Automation (New Installer, New Admin Console)

Topic 4 - What are the announcements coming this week, related to the Linux OS platform? What timelines are important for these announcements?

• Red Hat CoreOS  
• Red Hat Quay

Topic 5 - If you’re a customer (new or existing), or an ISV partner of Red Hat, what are you hoping will be the top few takeaways that they understand after hearing these announcements and seeing the demonstrations?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 33

Show Overview: Brian and Tyler talk with Brandon Philips (@brandonphilips, Founder/CTO at @CoreOS, Member of Technical Staff at @RedHat) about the announcement of the Operators Framework, how the Operator SDK and Lifecycle Manager will help companies, as well as his experience at CoreOS of developing etcd, Prometheus and Vault operators. We also discussed how the broader ISV ecosystem is beginning to embrace the concept of Operators.
 
Show Notes:

• Introducing Operator Framework - Building Apps on Kubernetes
• Operator Framework (GitHub)
• CoreOS introduces Operators
• Operators Homepage and Overview
• Kubernetes Application Operator Basics
• Vault Operator
• Couchbase Operator
• List of Existing Operators (many companies and software)

Topic 1 - Welcome to the show. Tell us about your role within the Kubernetes community, as well as your new role within Red Hat. 

Topic 2 - Back at the original KubeCon in Seattle, you introduced the concept of Operators, as “human operational knowledge in software, to reliably manage an application”. Give us the basics of your original thinking behind Operators.

Topic 3 - What is being announced today at KubeCon with the Operator Framework? 

Topic 4 - Let’s walk through the 3 core pieces of the Operator Framework

• Operator SDK 
• Operator Lifecycle Management 
• Operator Metering 

Topic 5 - How will the broader community plan a role in Operator Framework?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 32

Show Overview:Tyler and Aaron Delp talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @TheCloudcastNet podcast.

Show Notes:

• Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”
• Use code CLOUD to get 20% off Velocity or OSCON tickets
• Aqua Security Homepage
• Liz Rice’s Blog
• [Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)

Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.

Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?

Topic 3 - Is it up to the CI/CD system or  host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?

Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?

Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show Overview: Brian and Tyler discuss the basics of Microsoft Windows Containers and their integration into Kubernetes.
 
Show Notes:

• Kubernetes Sig-Windows
• Windows Containers (Microsoft)
• Getting Started with Windows Containers (CNCF)
• Red Hat OpenShift + Windows Containers
• PodCTL Basics - Linux Containers 
• Windows Server 2019 (preview) - Kubernetes

Topic 1 - Containers on Windows

• History of Containers & Windows
• How Windows Containers differ from Linux Containers

Topic 2 - Running Windows Containers on Kubernetes

• Requirements
• Limitations
• Development

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 31

Show Overview: Brian and Tyler talk about the Kubernetes v1.10 release, new features and how they can apply to a broad set of application, security and infrastructure use-cases.
 
Show Notes:

• (CNCF) Kubernetes 1.10: Stabilizing Storage, Security, and Networking
• (Red Hat / CoreOS) Kubernetes 1.10 is Here! 
• (OpenShift Commons) OpenShift Commons Briefing: Kubernetes 1.10 Release Update with Cole Mickens and Stefan Schimanski (Red Hat)
• OpenShift 3.9 Released to GA
• How to use GPUs with Device Plugin in OpenShift 3.9 (Now Tech Preview!)

We discussed some of the new features (Stable, Beta and Alpha) from the Kubernetes 1.10 release. We don't cover every new feature, but we tried to hit the highlights.
 
Topic 1 - API aggregation is stable

Topic 2 - Container Storage Interface (CSI) - Standardized Storage Support

Topic 3 - A replacement for kube-dns

Topic 4 - GPUs and Expanded support for Performance-Sensitive Workloads

Topic 5 - Pod Security Policy

Topic 6 - Adding Identity to Containers (not just pods)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 30

Show Overview:Brian and Tyler talk about the biggest trends that will shape the Kubernetes community in 2018, with a focus on five critical areas of stability, innovation and experimentation.

Show Notes:

Topic 1 - Open Service Brokers - who is delivering them, who maintains them, how are they evolving, etc.
Topic 2 - Improved Ops Experiences - Operators, Fargate, Container Instances
Topic 3 - Virtualization + Containers - KubeVirt, Kata Containers, does Network Policy overlap SDN/Security
Topic 4 - Developer Experiences - big area of evolution (Istio, Draft, SpringCloud-Kubernetes, Helm v3, Source-to-Image like capabilities)
Topic 5 - Breadth of Supported Applications - Databases, Windows Containers, Serverless,

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 29

Show Overview: Brian and Tyler talk with Marc Curry (@redhatmarc, OpenShift Principal Product Manager, Container Infrastructure) about the basics of Kubernetes networking, CNI plugins, managing Network Policy, granular ingress and egress routing, and how CaaS/PaaS and IaaS are being integrated.

Show News:

• Kubernetes becomes a “Graduated Project” in CNCF

Show Notes:

• Kubernetes Network Plugins
• Kubernetes Cluster Networking
• Kubernetes Network Policy
• Kubernetes Ingress
• Kubernetes Container Network Interface (CNI)

Topic 1 - Welcome to the show. Tell us about your background and some of the areas you focus on now?

Topic 2 - Let’s talk about the basics of Kubernetes networking. Walk us through the core elements from container addressing, pod/cluster networking, and things like ingress/egress routing (direct or through proxies).

Topic 3 - Kubernetes has a standard called “CNI” (Container Networking Interface). What does this do, and how does it interact with various SDN projects/products?

Topic 4 - A recent enhancement to Kubernetes was “Network Policy”. What does this provide, and where does it overlap with some commercial SDN capabilities?

Topic 5 - Let’s talk about inbound and outbound routing of traffic. What are some of the biggest issues that people need to take into consideration (proxies, traffic sources, protocols supported, etc.)?

Topic 6 - What are some of the things you’re working on to bridge the networking between CaaS/PaaS layers and IaaS layers?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 28

Show Overview: Brian and Tyler talk about Joe Beda's "More Usable Kubernetes" presentation at KubeCon focused on Roles and Personas of Kubernetes environments. They look at how Cluster and Applications are separated, and how Operators and Developers distribute roles, as well as the intersection of those four areas.

Show Notes:

• Kubernetes Personas (via Joe Beda, KubeCon 2017 Austin)
• Spring Cloud for Microservices Compared to Kubernetes (by Bilgin Ibryam)

Topics - On today's show, we looked at the four quadrants outlined by Joe Beda in his talk "More Usable Kubernetes" at KubeCon 2017 Austin. He looked at each role and how well the Kubernetes community has addressed that functional area in both tooling and clear definition of the tasks required. We explored where areas are doing well (green) and where there are still areas that need improvement (yellow or red). 

 Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 27

Show Overview: Brian and Tyler talk about the new Serverless working group and whitepaper from CNCF, the 4 elements of serverless, the difference between serverless and FaaS, and the on-going role of Ops teams in a serverless world.
 
Show Notes:

• CNCF Serverless Whitepaper
• Serverless Working Group in the CNCF
• Event Specification
• Innovate Summit - State of Serverless 
• Serverless Landscape (via Redpoint VC)
• Kubernetes/Serverless Frameworks - Fission, Fn, Kubeless, Nuclio, OpenWhisk, OpenFaaS, Riff (and several others emerging)
• Serverless isn’t Simpler
• A Twitter Rant about Serverless and Ops
• Ansible for Serverless

Topic 1 - Let’s talk about the history of serverless within the CNCF, and maybe within the context of PaaS and Kubernetes.

Topic 2 - When talking about Serverless, there seem to be 4 areas to dissect:

• The thing that executes the function (is this a container orchestrator)
• The data sources that can be on either side of the function execution 
• The developer experience (or lack of experience)
• Billing/Usage/Metering

Topic 3 - What were your key takeaways from reading the CNCF Serverless whitepaper?

Topic 4 - What about Operations? Do those jobs go away? Are there Ops uses for serverless?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 26

Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, Kubernetes architecture, compatibility, and OSS stats.

Show Notes:

• This is Part 2 of a 2-part series. Part 1 was focused on the platform elements of Kubernetes, what applications are good for containers, the scale of microservices, and stateful vs. stateless apps.
• Myths & Misperceptions - Part 1 - https://blog.openshift.com/podctl-25-kubernetes-myths-misperceptions-part-i/
• Kubernetes Operations (with Brian "Redbeard" Harrington, CoreOS) - https://softwareengineeringdaily.com/2018/01/16/kubernetes-operations-with-brian-redbeard/

Myth/Misunderstanding 1 - Architecture - Kubernetes Multi-Tenancy
Myth/Misunderstanding 2 - Architecture - Kubernetes is only for Operators
Myth/Misunderstanding 3 - What does "GKE Compatible" mean?
Myth/Misunderstanding 4 - Enterprises should run Kubernetes as trunk version
Myth/Misunderstanding 5 - Are OSS stats important? How to interpret them?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 25
Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, and which applications are a good fit for container platforms.

Show Notes:

• This is Part 1 of a 2-part series. Part 2 will focus on Kubernetes architecture, operations, Kubernetes compatibility and updates, open source communities.

Myth/Misunderstanding 1 - Kubernetes is a platform.
Myth/Misunderstanding 2 - Containers are only for microservices
Myth/Misunderstanding 3 - Microservices are always “micro” (small in size)
Myth/Misunderstanding 4 - Kubernetes is only for stateful app

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 24

Show Overview: Brian and Tyler talk about the differences between a container and an application, and where the lines are blurred at the platform later. What should developers care about? Should Kubernetes be the only platform technology?

Show Notes:

• Kelsey Hightower’s Keynote at KubeCon
• Serverless is the new PaaS (via Redmonk)

News of the Week:

• Red Hat acquires CoreOS 
• Cisco Container Platform  
• Heptio Kubernetes Subscription (HKS)

Topic 1 - What’s the most common “basic” question you get about containers? How often is it about either [a] what should developers care about?, or [b] what applications can go into a container?

Topic 2 - As we’ve seen from various survey data (both from CNCF and analyst firms), there is still some amount of “mixed orchestration” in usage. Have you seen specific applications that really require different orchestrators these days?

Topic 3 - Are the orchestrators similar enough that Ops teams can learn multiple? What else is required to operator multiple orchestrators?

Topic 4 - What is the line between a CaaS and a PaaS? Are those even the right distinctions anymore? What’s different for each for a developer?

Topic 5 - As we’re seeing more “serverless / FaaS” projects created for Kubernetes (OpenFaaS, Kubeless, Fission, OpenWhisk, Nuclio, Fn, etc.), where developers just deal with functions and event-sources, won’t this blur the line more? 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 23

Show Overview: Brian and Tyler talk with Christian Posta (@christianposta, Chief Architect, Cloud Application Development at Red Hat) about the evolution of SOA and Microservices, Envoy Proxy and Istio Service Mesh, emerging application patterns, and how Kubernetes and Istio are the future of microservices.

Show Notes:

• Istio Homepage
• Envoy Proxy
• Introduction to Modern Load-Balancing and Proxying
• Microservices: From NetFlix OSS to Istio
• Microservic’ing Like a Unicorn
• Christian’s Blog (lots of Microservices stuff)

Topic 1 - Welcome to the show. Give us a little bit of your background as a developer and history of working with various development frameworks/languages/concepts.

Topic 2 - Let’s start with some basics - as a development paradigm, why are we now seeing technologies like Istio and Envoy? The premise of service mesh “reliably connecting services across the network” sounds eerily similar to what we heard about ESB technology. Can you say some words about why this service mesh concept idea is different? Or is it?

Topic 3 - So we’re seeing a need to decouple the application code from the routing-level logic and control. Walk us through the types of things that Istio and Envoy are providing for applications? What are the performance implications of the service mesh? How is this related to API management? 

Topic 4 - Architecturally, where are you seeing some of the advantages of Istio / Envoy vs. either previous approaches, or some other service-mesh like projects in the market? (e.g. linkerd, Netflix OSS projects) 

Topic 5 - What are some specific problem examples that people run into that should make them think “maybe I need Istio”?

Topic 6 - Where is Istio in its maturity to run in production?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 22

Show Overview: Brian talks with Taylor Thomas (@_oftaylor, Software Engineer at Nike, @HelmPack Maintainer) about the architecture of Helm, how developers interact with it to deploy applications, how Helm manages ALM, Helm Summit, and the future plans for Helm v3.

Show Notes:

• Helm (homepage)
• Helm - Kubernetes Package Manager
• Helm Charts - https://github.com/kubernetes/charts
• KubeApps - Online Repository of Helm Charts
• Getting Started with Helm on OpenShift
• Helm Summit
• Helm Emeritus Core Maintainers
• “Highway to Helm” (Introduction video)

Topic 1 - Welcome to the show. Let’s talk about your background prior to getting involved in the Helm community, as well as where you’re focused on with Helm these days.

Topic 2 - For someone that might only be familiar with docker containers (e.g. a DockerFile), give us the basics of what Helm does and the various pieces involved with using Helm (e.g. Helm, Helm Charts, Tiller, Kubernetes).

Topic 3 - Helm is like a blueprint of how you want your containers / application to run. Can you walk us through what else is built into Helm to give it the ability to do Application Lifecycle Management? (versioning, updates, rollback, deletion, etc.)

Topic 4 - Kubernetes can have a lot of different deployment models (stateful, stateless, jobs, batch, custom-resources, etc.). Does Helm have awareness of all of these models?

Topic 5 - What are some of the common tools and patterns you’re seeing around using Helm (CI/CD pipelines, multicloud deployments, etc.)?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 21

Show Overview: Brian and Tyler talk about how Role-Based Access Control (RBAC) is implemented for Kubernetes.

Show Notes:

• Effective RBAC (video) from KubeCon
• Using RBAC Authorization
• Audit2RBAC Tool

Topic 1 - The concept of RBAC is best described as “Can ______ (noun) ______ (verb) on ______ (object) at ______ (location)?” where “noun” is a person/service, “verb” is an action, “object” is a function of the API, and “location” is proximity to a Kubernetes cluster.

Topic 2 - RBAC operates on the concept of Roles and RoleBindings, which map actors to actions, and those actors and actions are defined either globally or locally, and the actions are also defined globally or locally.

Topic 3 - RBAC can be manually defined, or enabled (by default) by an installer or distribution. It comes with a default set of Roles. Everything is done within the scope of a cluster.

Topic 4 - By default, the kube-scheduler, kube-controller-manager, and kube-proxy all have RBAC roles defined. Kubelets (node-level) don’t use RBAC by default, but have their own authorizer, which can then be combined with an RBAC authorizer.

Topic 5 - “Add-ons” (networking, monitoring, logging, etc.) can have RBAC defined in their manifests, or you can grant them access to their service account.

Topic 6 - “If the element needs to be something other than those default roles, or using default authorizer services, then CustomRoles can be created. Can use audit logs to track the needs of a specific add-on. Can use “audit2rbac” tool to views the logs and create custom RBAC roles. 

Topic 7 - “Aggregate Roles” are now available in Kubernetes 1.9.

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 20

Show Overview: Brian and Tyler talk with Diane Mueller (@pythondj, ‎Director, Community Development Red Hat, OpenShift Commons) about OpenShift Commons the Open Source community that’s grown up around OpenShift Origin and the OpenShift ecosystem.
 
 Show Notes:

• OpenShift Commons
• OpenShift Commons “Interest Groups”
• OpenShift Commons Gatherings (videos)
• Upcoming London OpenShift Commons Gathering Jan 31
• Upcoming OpenShift Commons Briefings

Topic 1 - Welcome to the show. Tell us a little bit about your background, as you’ve been through many of the transitions in the application/developer platform market. 

Topic 2 - With the breadth of the Kubernetes community today, why does the OpenShift Commons community exist? Don’t they overlap, or are they different types of goals?

Topic 3 - We wanted to talk about the bridge between really wide open communities and customers aligning around common interests. Can you tell us how OpenShift Commons is helping to facilitate those connections? What are some of the “interests” that are growing?

Topic 4 - Almost every week you host at least one video webinar that highlight new technologies. Why do you spend all this time on non-Red Hat technologies and vendors? Have you had any recently that really jumped out at you? 

Topic 5 - Around each KubeCon and Red Hat Summit, you host an event called OpenShift Commons Gathering. Can you tell us what these events are, who typically attends, and how these have co-existed with the KubeCon events?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show Overview: Brian and Tyler discuss the basics of Service Meshes, such as Istio, Envoy and Linkerd.

Show Notes:

• Istio Homepage
• Envoy Homepage
• Linkerd Homepage
• Introduction to modern network load balancing and proxying
• OpenShift Commons Briefing #103: Microservices and Istio on OpenShift
• Sidecars and a Microservices Mesh
• Videos from CNCF / KubeCon

Service Mesh is a layer that manages the communication between apps (or between parts of the same app, e.g. microservices)

Just as applications shouldn’t be writing their own TCP stack, they also shouldn’t be managing their own load balancing logic, or their own service discovery management, or their own retry and timeout logic. - link

Mesh: A group of hosts that coordinate to provide a consistent network topology. In this documentation, an “Envoy mesh” is a group of Envoy proxies that form a message passing substrate for a distributed system comprised of many different services and application platforms. - link

Topic 1 - What is a Service Mesh?

• Service Discovery 
• Routing 
• Load-Balancing 
• Fault Injection 
• Circuit Breaking 
• A/B Deployments 
• Blue/Green Deployments 
• Canary Deployments 
• Traffic Limiting 
• Tracing 
• Security Services (e.g. Mutual TLS)

Topic 2 - Didn’t developers build Microservices before Service Meshes?

Topic 3 - How does a Container or Kubernetes interact with a Service Mesh?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 19

Show Overview: Brian and Tyler talk how the Kubernetes community and technology have evolved in 2017, and make a few predictions for 2018
 
Show Notes:

• OpenShift Commons Gathering (videos): bit.ly/2BB3weV
• KubeCon (videos): bit.ly/2jczyn1

Topic 1 - GETTING STARTED: People said that getting started w/ Docker Swarm was easier than Kubernetes. Kubernetes community created tools like Minikube & Minishift to run locally on the laptop, automation playbooks in Ansible, Katacoda have made it simple to have online tutorials, multiple cloud offerings (GKE, AKS, EKS, OpenShift Dedicated) make it simple to get a working Kubernetes cluster.

Topic 2 - ENSURING PORTABILITY: Enterprise customers wants Hybrid Cloud environment. they need to understand how multiple cloud environments will impact this decision. The CNCF’s Kubernetes Conformance model is the only container-centric framework that can ensure customers that Kubernetes will be consistent between clouds.

Topic 3 - INFRASTRUCTURE BREADTH: Other container orchestrators had ways to integrate storage and networking, but only Kubernetes created standards (e.g. CNI, CSI) that have gained mainstream adoption to create dozens of vendors/cloud options.

Topic 4 - APPLICATION BREADTH: The community has evolved from supporting stateless apps to supporting stateful applications (and containerized storage), serverless applications, batch jobs, and custom resources definitions for vertical-specific application profiles. 

Topic 5 - SECURITY: There were concerns about K8S security. the community has responded with better encryption and management of secrets, and improved Kubernetes-specific container capabilities like CRI-O and OCI standardization.

Topic 6 - PERFORMANCE: Red Hat (and others) have started the Performance SIG to focus on high-performance applications (HPC, Oil & Gas, HFT, etc) and profiling the required performance characteristics of these applications in containerized environments.

Topic 7 - DEVELOPER EXPERIENCE: One of the themes of KubeCon was focusing on developer experience, and in just a few months we’re seeing standardization around the Helm format (for application packaging), Draft to streamline application development, Kubeapps to simplify getting started with apps from a self-service catalog. We also seen security model of non-root containers (vs. the Docker model of root-enabled containers).

Topic 8 - APPLICATION EXTENSIBILITY: Kubernetes community decided not to reinvent the wheel, instead working with the Cloud Foundry Foundation to create the Open Service Broker API. Within a year, we’re now seeing implementations that have not only ported all the functionality to Kubernetes, but have extended it beyond Cloud Foundry’s previous capabilities to include support for external clouds (e.g. AWS, Azure, GCP), as well as additional services such as Ansible playbooks and other 3rd-party capabilities.

Topic 9 - IMPROVING OPERATIONAL EXPERIENCE: As Clayton Coleman (Red Hat) discussed in his KubeCon keynote, companies like Red Hat are using their online environments to improve their operational experience and ultimate feed this knowledge back into the upstream products.

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 18

Show Overview: Brian and Tyler talk with Gabe Monroy (@gabrtv, Lead Product Manager Containers @ Azure, CNCF Board Member) about a wide variety of projects and services that Microsoft is working on in the Kubernetes and CNCF communities - from Windows containers to Container orchestration to making it simpler for application developers.

Show Notes:

• Azure Container Service (AKS)
• Azure Container Instances (ACI)
• Azure Draft (OSS project)
• Helm - Kubernetes Package Manager (OSS project)
• Azure Service Broker
• Virtual Kublet (OSS project)
• Gabe Monroy’s Azure Blog

Topic 1 - Welcome to the show. You joined Microsoft via the Deis acquisition. Let’s talk about some of the work you’ve been focused on since joining Microsoft.

Topic 2 - Microsoft Azure offers several options to use containers and container services (ACS, AKS, ACI). Can we dig into each of those services?

Topic 3 - Working on hybrid environments is becoming more important. Let’s dig into how Microsoft is expanding the capabilities of the Open Service Broker.

Topic 4 - Help us understand what the Helm project and Draft project enable for developers.

Topic 5 - One of the most frequent questions we get is around Windows-based containers. When will they be available, and what is Microsoft doing to make them easier to use? 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 17

Show Overview: Brian and Tyler talk about the containers and Kubernetes news coming out of AWS re:Invent, as well as a look ahead to KubeCon in Austin.

Show Notes:

• Amazon announced its much-anticipated Kubernetes service Amazon Elastic Container Service for Kubernetes
• Amazon announced AWS Fargate “a technology that enables you to use containers as a fundamental compute primitive without having to manage the underlying instances.”

Topic 1 - AWS re:Invent happened last week. Any news about Kubernetes?

Topic 2 - The concept of “Bring Your Own Container” is evolving to “Bring A Workload that Runs in a Container” (Fargate, Microsoft ACI, etc.)

Topic 3 - What can we expect at KubeCon this week?  What new trends are you seeing emerge, or are you looking to see if they have momentum?

• Evolution of User-Experience
• Serverless standards?
• Adjacent projects to Kubernetes (backups, CI/CD, etc.)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 17

Show Overview: Brian and Tyler talk about CNCF Kubernetes Conformance, OpenShift 3.7 GA, and some common questions about day-to-day operations with Kubernetes.

Show Notes:

• Cloud Native Computing Foundation Launches Certified Kubernetes Program with 32 Conformant Distributions and Platforms
• Red Hat OpenShift Container Platform v3.7 goes GA
• Kubernetes and OpenShift: Community, Standards and Certifications

Topic 1 - How do you deploy the underlying compute resources that are used as Nodes in a Kubernetes cluster?

Topic 2 - If a Kubernetes environment has to scale, how do you grow out the computing (or other) resources?

Topic 3 - When a new version of Kubernetes comes out, how do you manage to upgrade the environment?

Topic 4 - What are the common things that the Ops team is tracking, monitoring, measuring in a Kubernetes environment? 

Topic 5 - What are some things that have changed, from an operational perspective, because a Container/Kubernetes environment and previous technologies (e.g. VMs)?
 
Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 15

Show Overview: Brian and Tyler continue their focus on Security with Marc Boorshtein (@mlbiam, CTO of @tremolosecurity), discussing Identity Management, Container and Kubernetes Authorization and Authentication, RBAC, and how IT teams evolve to manage security in more agile environments.
 
Show Notes:

• PodCTL #14 - Security: Hosts, Registries, Content and Pipelines
• [Video] Identity Management and Compliance
• [Video] DevOps Identity Management
• [Website] Tremolo Security
• 10 Layers of Container Security
• Open Source k8s SSO project
• Open Source OpenShift Identity Manager project

Topic 1 - Let’s talk about User authentication in Kubernetes>

• Certificate Authentication 
• OpenID Connect 
• Reverse Proxy

Topic 2 - Let’s dig into the various types of Authorizations

• Overview of RBAC (Role-Based Access Control)
•  Mapping of Roles to Users and Groups 
• Organizational Challenges

Topic 3 - Given that various people (Devs & Ops) interact with dashboards, how do we manage that Authentication?

Topic 4 - How are organizations evolving to keep up with this more agile form of software development and the associated security challenges?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 14

Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
 
 Show Notes and News:

• 10 Layers of Container Security
• Google, VMware and Pivotal announced a Hybrid Cloud partnership with Kubernetes
• Google and Cisco announced a Hybrid Cloud partnership with Kubernetes (and more)
• Docker adds support for Kubernetes to DockerEE
• Rancher makes Kubernetes the primary orchestrator
• Microsoft announces new Azure Container Service, AKS
• Oracle announced Kubernetes on Oracle Linux (and some installers)
• Heptio announces new tools

Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.

• Linux namespaces - isolation 
• Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls 
• SELinux (or AppArmor) - mandatory access controls 
• cGroups - resource management

Topic 2 - Next in the stack, or outside the stack, is the sources of container content.

• Trusted sources (known registries vs. public registries (e.g. DockerHub) 
• Scanning the content of containers 
• Managing the versions, patches of container content

Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.

• Making a registry highly-available 
• Who manages and audits the registry? 
• How to scan container within a container? 
• How to cryptographically sign images? 
• Identifying known registries 
• Process for managing the content in a registry (tagging, versioning/naming, etc) 
• Automated policies (patch management, getting new content, etc.) 

Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.

• Does a platform require containers, or can it accept code? Can it manage secure builds? 
• How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)? 
• How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.) 
• How to promote images to a platform? (automated, manual promotion, etc.)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 12

Show Overview: Brian and Tyler talk with Dan Walsh (@rhatdan, Consulting Engineer at Red Hat, container team lead) and Mrunal Patel (@mrunalp, Principal Engineer at Red Hat, OCI/runc maintainer) about the evolution of containers with Kubernetes, the creation of CRI-O, and the focus on container security and stability. We also discussed emerging projects like Skopeo, Buildah, Intel Clear Containers and Grafeas.
 
Show Notes:

• CRI-O Homepage
• CRI-O Blog
• Introducing CRI-O v1.0 (blog)
• Containers Project (Image, Storage)
• Project Buildah - A tool which facilitates building OCI images
• Project Skopeo - Work with remote images and registries
• Project Grafeas - An open artifact metadata API to audit and govern your software supply chain
• Intel Clear Containers

Topic 1 - Welcome to the show. Why don’t you both introduce yourselves and tell us what areas you focus on.

Topic 2 In past episodes, we’ve talked about the CRI-* concept in Kubernetes. We’ve also talked about the OCI standard for containers. So what is CRI-O?

Topic 3 What problems does CRI-O attempt to solve for the container ecosystem?

Topic 4 - How does CRI-O different from containerd and CRI-containerd?

Topic 5 - How can people get CRI-O today? What are some of the things people can expect with CRI-O beyond v1.0?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 11

Show Overview: Brian and Tyler talk Julius Volz (@juliusvolz, @PrometheusIO co-founder, promcon.io founder) about the challenges that Prometheus solves, how it does monitoring and interacts with other systems, how it works with Kubernetes, and common-use cases and patterns.
 
Show Notes

• Prometheus (homepage)
• Part II - Evolution of Prometheus, v2.0 (via The Cloudcast)
• PromCon and PromCon Videos
• Prometheus v1.0 on The Cloudcast (v1.0 launch)
• WeaveWorks Managed Prometheus
• Robust Perception Blog (Prometheus consulting)

• What can it monitor?
• What can it trigger other systems to do? 

Topic 3 - Prometheus is now part of CNCF. Is it a native Kubernetes service, or a sidecar application for containers, or a broad service that just runs on Kubernetes?

Topic 4 - What are the basic things that most people use Prometheus to monitor for?  What are a few complex use-cases?  (application types, application frameworks, usage-patterns, etc.)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podtl.com

Show: 10

Show Overview: Brian and Tyler talk with Paul Morie (@cheddarmint, Principal Software Engineer @RedHat, Lead of Kubernetes Service Catalog SIG) about the evolution of the Open Service Broker API, integrating with external services, the role of Service Brokers, and use-cases to expand Kubernetes applications.

Show Notes

• Kubernetes Service Catalog SIG
• OpenShift Commons - Kubernetes Service Catalog Deep Dive
• Kubernetes Service Catalog SIG (meetings, demos)
• Open Service Broker API

Topic 1 - Welcome to the show. Before you got involved in the Service Catalog SIG, you worked on several other aspects of Kubernetes (security, etc.). Tell us about some of the things you’re been involved with?

Topic 2 - Let’s go back to when the Open Service Broker API was announced. What was the purpose and how did it evolve to where it is now?

Topic 3 - What are the basics of how the Service Broker / Service Catalog interacts with applications on Kubernetes and 3rd-party services? 

• Example: How do we think about user/password/security credentials to a database?
• Example: Is the Service Broker in the data path as well as the control path? 
• Example: Where would traffic auditing functions happen?

Topic 4 - We saw a demo of the Service Catalog/Broker at Red Hat summit during an announcement with AWS, where is showed AWS services as part of the catalog. Previously, we’ve seen the CF Service Broker interact with Google or Azure services. Is the relationship between the broker and cloud-services “cloud specific”, or will things be interchangeable at all?

Topic 5 - Beyond public cloud services, what other types of things might be interconnected or managed via the Service Broker?
 
 Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl..com

Show: 9

Show Overview: Brian and Tyler talk about Kubernetes Networking and Kubernetes Storage.

Show Notes:

• Kubernetes Network Plugins
• Kubernetes and Storage
• Container Native Storage

Topic 1 - Let’s talk about the challenges of networking with containers and some of the ways that Kubernetes addresses these challenges.

• There’s lots of different ways to network containers together. Kubernetes does some basic networking (by default), and then there are add-on options for more complex, secure scenarios.
• The role of DNS in Kubernetes networking (services, etc.) 
• Kubernetes network plugins (CNI: container network interface) 
• Ingress and Egress Routes, Services, Load Balancing 
• Network Policy (fine-grained traffic control)  

Topic 2 - Let’s talk about the challenges of storage with containers and some of the ways that Kubernetes addresses these challenges.

• There’s definitely a misperception that containers should only be used for stateless applications. 
• Containers are (primarily) Linux, and Linux has well known concepts about how to interact with persistent storage. 
• Containers need a way to interact with persistent storage in a model where it can be dynamically allocated. 
• Kubernetes storage plugin proposal (CSI: container storage interface)

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 8

Show Overview: Brian and Tyler talk with Jeremy Eder (@jeremyeder, Senior Principal Software Engineer at Red Hat) about the Kubernetes Resource Management Working Group, scaling Kubernetes environments, extending Kubernetes for high-performance workloads (HPC, HFT, Animation, GPUs, etc.), testing at scale and how companies can get involved.
 
Show Notes:

• KubeCon 2017 (Austin) Schedule
• OpenShift Commons Gathering (Austin, Dec.5th)
• Kubernetes Resource Management Working Group
• Contact the Resource Management Working Group
• Deploying 1000 Nodes of Kubernetes/OpenShift (Part I)
• Deploying 2048 Nodes of Kubernetes/OpenShift (Part II)

Topic 1 - Welcome to the show. You recently introduced the Resource Management Working Group within Kubernetes. Tell us a little bit about the group.

Topic 2 - The group’s prioritized list of features for increasing workload coverage on Kubernetes enumerated in the charter of the Resource Management Working group includes (below). Let’s talk about some of the types of use-cases you’re hearing that drive these priorities.

• Support for performance sensitive workloads (exclusive cores, cpu pinning strategies, NUMA) 
• Integrating new hardware devices (GPUs, FPGAs, Infiniband, etc.)  
• Improving resource isolation (local storage, hugepages, caches, etc.)  
• Improving Quality of Service (performance SLOs) 
• Performance benchmarking 
• APIs and extensions related to the features mentioned above 

Topic 3 - This is a broad list of areas to focus on. How do you determine what things should be kernel-level focus, Kubernetes-level focus, or application-level focus?
 
Topic 4 - How do you go about testing these areas? Are there lab environments available? How will you publish methodologies and results?
 
Topic 5 - As you talk to different companies, do you feel like they are holding back on deploying higher-performance applications on Kubernetes now, or they are looking for more optimizations?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 7

Show Overview: Brian and Tyler talk with Clayton Coleman (@smarterclayton, Lead Kubernetes Architect) and Derek Carr (@derekwaynecarr, Kubernetes Lead Engineer) about the Kubernetes development process, the role of SIGs, the process for deciding what gets included in a release, as well as an in-depth discussion about the extensibility of Kubernetes 1.8

Show Notes:

• The early days of Kubernetes
• Contributing to Kubernetes
• Kubernetes 1.8 features
• Kubernetes 1.8 features (tracking spreadsheet)
• An Overview of Project "Istio"

Topic 1 - Welcome to the show. Both of you are top contributors to Kubernetes, both also lead (or co-lead) some of the SIG/Working group. Can you give us a sense of your community involvement from a contributor and leader perspective?

Topic 2 - Derek, you're on the nomination list for the Kubernetes Steering Committee. Chris Aniszczyk mentioned it a couple weeks ago, but what does that group do that’s different than SIGs?

Topic 3 - When there are 100s of contributors and many different focus areas, what is the process for deciding what’s included or prioritized or dropped from a specific release?
 
Topic 4  - Kubernetes 1.8 has a mix of Alpha, Beta and Stable features. What do you see as the key focus areas in this release? (e.g. RBAC, CRI-O, etc.)
 
Topic 5 - How does Kubernetes look at the explosion of “tools” around core Kubernetes (deployers, application templates, application frameworks) and when to make those parts of the project or keep them separate?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 6

Show Overview: Brian and Tyler talk about the technologies in “core” Kubernetes and the additional elements needed to evolve it into a more complete application platform.
 
Show Notes:

• [TRANSCRIPTION] - coming soon 
• PodCTL #4 - All the Tools in the Kubernetes Toolbox 
• PodCTL #3 - Making sense of container standards (including OCI)
• Kubernetes by Example

News of the Week:

• Oracle joins the CNCF
• Heptio takes Series B round of VC funding
• Jaeger (@JaegerTracing) and Envoy (@EnvoyProxy) become official CNCF projects.

Topics 1 - What's included in Kubernetes (by default)?
We’ve seen quite a bit of survey data recently that shows usage of Kubernetes is growing quite rapidly. If somebody says they are “using Kubernetes”, by default, what functionality do they have available to them?

Topic 2 -  What core “platform” elements aren’t included with Kubernetes?

• Container Runtime (e.g. docker, rkt, oci)
• Container Registry
• Advanced Networking
• Persistent Storage
• Monitoring, Logging
• Backup tools for Kubernetes or the applications running in Pods.

Topic 3 - What are some of the standard ways to plug in those pieces?

• Container Runtime - CRI (Container Runtime Interface)
• Registry - Many 3rd-party options
• Networking - CNI (Container Network Interface) 
• Storage - CSI (Container Storage Interface)
• Logging / Monitoring - Sidecar Containers

Topic 4 - What does a company get with a "distribution" vs. "platform" vs. "public cloud service"?

• Tectonic (example)
• OpenShift (example)
• Google Container Engine (example)

Question of the Week:

Q: What is "pure" Kubernetes?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show Overview: Brian and Tyler discuss the basics of how an application gets into a container, how to layer OS + applications + dependencies, how a container interacts with a container registry, and how container files different from Kubernetes manifests.
 
Show Notes:

• [TRANSCRIPTION] PodCTL Basics - How to Containerize an Application
• Setting up a Dockerfile
• Building an OCI-compliant container with "Buildah"
• Deploying with Kubernetes Manifests

Topic 1 - How does a Container know what application to run?

• Metadata
• Image Layers

Topic 2 - Can any Application run in a Container? Does it have to be modified?

• User namespace vs. Root
• Resource requirements

Topic 3 - How does a Container interact with a Container Registry?

Topic 4 - How does a Container tell Kubernetes about it’s Application needs (HA, Static IP, Storage, etc.)?

• Pods and Manifests

Topic 5 - Can a Containerized Application interact with other applications? How?

• Within a Cluster
• DNS Services / Networking
• Kubernetes Services
• Service Discovery frameworks

 Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 5

Show Overview: Brian and Tyler talk with Chris Aniszczyk (@cra, CTO/COO of CNCF, Executive Director of OCI) about the Cloud-Native Ecosystem, if there is a CNCF "stack", the CNCF process for project acceptance, and the growth vs. hype of Kubernetes.
 
 Show Notes:

• [TRANSCRIPTION] PodCTL #5 - Understanding the Cloud-Native Ecosystem
• Cloud Native Computing Foundation (CNCF) Homepage
• CNCF Landscape
• Open Containers Initiative (OCI) Homepage
• KubeCon & CloudNativeCon - Austin, TX (Dec.6-8)

 News of the Week 

• Mesosphere adds Kubernetes support to DC/OS
• Mirantis claims that Kubernetes is OpenStack 2.0

 Interview with Chris Aniszczyk
Topic 1 - Welcome to the show. What hats do you wear at both the CNCF and OCI?
Topic 2 - How do the CNCF projects and OCI projects work together? (example: why is rkt or containerd in the CNCF and not OCI?)
Topic 3 - What is the role of the CNCF? 

Is there a CNCF stack?

Can you talk about how projects get engaged with CNCF and the process of “official” vs. “incubation”, etc?

Will it ever make sense to have a “certification” program for CNCF-associated offerings, or does that create too much overhead?

Topic 4 - With so many projects being created, in different parts of the stack, where do you potentially see the next “official” projects coming from?
Topic 5 - Can you give us your perspective on some of the noise recently around Kubernetes?

Community Question of the Week:
 Q: My company runs mostly pre-packed Windows applications. Is there anything that we can do with Containers or Kubernetes to help them?

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show Overview: Brian and Tyler discuss the basics of Linux containers.

Show Notes:

• [TRANSCRIPTION] PodCTL Basics - Linux Containers
• An Introduction to Container Terminology
• Architecting Containers: User Space vs. Kernel Space

 Segment 1 - What is a Linux Container?

• Filesystem + Metadata (JSON) 

Segment 2 - How do Linux hosts interact (and isolate) Linux Containers?

• Host OS vs. Container OS
• Container isolation 
• Container security 101

Segment 3 - How does a container interact with Networking and Storage?

• Pass-thru host details
• CNI - Container Native Interface
• Native container networking
• Storage Volumes (static & dynamic)

Segment 4 - Can any Application run in a Linux Container? Does it have to be modified?

• User namespace vs root
• Resource requirements 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl..com

Show: 4

Show Description: Brian and Tyler discuss the broad range of tools that are available to deploy, operate and manage Kubernetes environments. There are lots of options...

Show Notes:

• PodCTL #4 - Transcribed
• Kubernetes: A Little Guide to Install Options
• Monitoring OpenShift: Three Tools for Simplification
• Rolling Updates to Kubernetes - At MacQuarie Bank [video]

Segment 1 - [News of the Week]

• VMware, Google and Pivotal announced a packaged version of the Kubo project, called Pivotal Container Service (PKS). 
• CNCF continues to be the center of Enterprise IT with VMware, Pivotal joining

Segment 2 - Why do Open Source Projects often end up with so many installers?

Segment 3 - What are some of the common types of tools for kubernetes installations?

• Install on your laptop (e.g. Minikube, Minishift, etc.)  
• Public Services (OpenShift Online, GKE, Azure Container Service, etc)
• Quickstart installer on a public cloud (e.g. Heptio, DO, kops, etc.)
• Kubernetes-specific installers (kubeadm, kubicorn, kargo, etc.)  
• Deployment scripts and variations on “runbooks” (e.g. Ansible, Chef, Puppet, etc.)

Segment 4 - What are some of the Day 2 tools that are used with Kubernetes?

• Upgrade tools (e.g. 1-click, Operators, etc.) 
• Monitoring & Management (e.g. Prometheus, Datadog, New Relic, Zabbix, SysDig, CoScale) - https://blog.openshift.com/monitoring-openshift-three-tools/ 
• Logging  (e.g. EFK, Loggly, etc.) 
• Application Frameworks - Save that for future shows!

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL
• Web: http://podctl.com

Show: 3

Show Description: Brian and Tyler talk with Vincent Batts (@vbatts, Principle Software Engineer in the Office of Technology for Container Architecture at Red Hat) about the state of container standards - OCI, containerd, Moby, Linux vs. Windows containers, etc.

Show Notes:

• Vincent Batts on GitHub
• Open Container Initiative (OCI)
• CRI-O: Container Runtime Interface
• Relevant XKCD
• A Comparison of Linux Container Images

 Segment 1 - News of the Week

• Red Hat and Microsoft announce partnership around Windows Containers and OpenShift and Azure, plus much more. 

Segment 2 - An Interview with Vincent Batts

• Topic 1 - Welcome to the show Vincent. Tell us what types of things you work on in the container community.
• Topic 2 - 2yrs ago, there was docker and rkt arguing about container standards, and the OCI emerged. Can you give us an update on where container standards are today? 
• Topic 3 - What is this new concept called CRI-O, and how does it relate to Kubernetes? 
• Topic 4 - Containers always used to be Linux-specific, but we’re starting to hear more noise around Windows containers. Is this Microsoft specific, or are standards groups working on this too?

Segment 3 - Question(s) of the Week

• Q1: What’s the difference between the Host OS and the Container OS, and do they need to be the same? 
• A1: A Comparison of Linux Container Images

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://PodCTL.com

Show Description: Brian and Tyler discuss some of the use-cases that businesses have for using Kubernetes. They review several public examples of Kubernetes uses, both in web scale and Enterprise environments.
 
Show Notes:

• GitHub Goes All-In on Kubernetes (via TheNewStack)
• KubeCon / CloudNativeCon CFP is Due August 21st

Segment 1 - Thank you for the great response to the initial show. Response has been very positive and we’ve already had like 8-10 people ask to be guests on the show. The challenge is to figure out what to do on show #2 or #3 since there is so much happening. So we’ve decided that for a while, we’re going to make sure that we cover all the fundamentals of containers and Kubernetes.

Segment 2 - News of the Week

• GitHub announces details of how they use Kubernetes 
• AWS does not announce a Kubernetes services at AWS Summit in NYC 
• KubeCon CFP is due by August 21st

Segment 3 - How are companies using Kubernetes?

• daemonSets (instance on each node), replicaSets (specific # is always running), jobs (run to completion), statefulSets (stateful apps) vs persistent Volumes (stateful storage) 
• Kubernetes Job Openings 
• Customer sessions at Red Hat Summit 
• OpenShift Commons Gathering (videos)  
• Kubernetes Case-Studies 

Segment 4 - How to Learn More

• Free Kubernetes Training from CNCF  
• Kubernetes by Example (Michael Hausenblas) 
• How does the Kubernetes scheduler work? (Julia Evans) 
• Kubernetes the Hard Way (Kelsey Hightower)

 Segment 5 - Question(s) of the Week 

• Q1: What’s the right way to install Kubernetes? There seem like too many options. 
• A1: Kubernetes: A Little Guide to Install Options 

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://PodCTL.com

Show: PodCTL Basics #1

Show Overview: The basics of Kubernetes.

Show Notes:

• Kubernetes Concepts
• Kubernetes Code on GitHub

 Segment 1 - What is Kubernetes?

• Technology that spawned from Google’s internal “Borg” system for running application in containers. 
• Open source project donated to the CNCF in 2015. 
• Open source community of 1500+ engineers working on various sub-projects that make up the Kubernetes system. 

 Segment 2 - How does Kubernetes work?

• etcd 
• Kubernetes API 
• Kubernetes scheduler 
• Kubelet on each worker machine
• Controllers

 Segment 3 - What’s the relationship between Kubernetes and Containers?

• Containers describe what application bits run on a machine 
• Kubernetes is the framework that places containers on machines and ensures that the containers run in a well-defined manner (start/stop, highly available, load-balanced, etc.) 

 Segment 4 - Are there alternative technologies that work similar to Kubernetes?

• Kubernetes is ultimately a framework that schedules containers 
• Mesos Marathon 
• Docker Swarm 
• Nomad from Hashicorp 
• Lots of homegrown, DIY systems, mostly based on scripting

 Segment 5 - How can a company get Kubernetes or use Kubernetes?

• Use the Open source software from the Kubernetes community 
• Use commercially available distributions of Kubernetes from multiple vendors 
• Consume Kubernetes-as-a-Service from multiple cloud providers

Feedback?

• Email: PodCTL at gmail dot com
• Twitter: @PodCTL 
• Web: http://podctl.com

Show: 1

Show Overview: Brian Gracely (@bgracely) and Tyler Britten (@vmtyler) introduce the PodCTL podcast, discuss the latest news in the Kubernetes community, highlight the OpenShift 3.6 launch, and answers some frequently asked questions about Linux containers.
 
 Show Links:

• [announcement] OpenShift 3.6 GA
• [blog] OpenShift 3.6 - PCI Product Applicability
• [blog] OpenShift 3.6 - Improved Developer Experience
• [blog] OpenShift 3.6 - Enhanced User/Operator Experience
• [blog] OpenShift 3.6 - What’s New in Cluster Management
• [blog] OpenShift 3.6 - Service Catalog & Brokers (Tech Preview)
• [deadlines] CNCF Call for Papers due August 21st
• [trends and data] 2017 - Bitnami Container Trends
• [news announcement] Packet provides On-Demand Lab Resources
• [news announcement] AWS Joins the CNCF
• Bitnami creates non-root containers for OpenShift

Show Notes

• Topic 1: An Introduction to the new podcast and our hosts.
• Topic 2: News and Updates from the Kubernetes and CNCF Communities
• Topic 3: What's new in OpenShift 3.6 with this week's launch?
• Topic 4: How can people learn more about OpenShift, or get hands-on experience?- Self-Paced Online Learning: 

Learning Links:

• Free Self-Pace Online Learning - learn.openshift.com
• Free Cloud Tier: OpenShift Online
• Locally on your laptop: MiniShift Topic 5: The hosts answer some frequently asked questions about Containers, Kubernetes and OpenShift - Question 1: Can you run a 3rd-party Container Registry with OpenShift? - Question 2: How should you run your containers (privileged, non-privileged)?

Feedback?

• Email: podctl at gmail dot com
• Twitter: @PodCTL
• Homepage: PodCTL.com