Kubernetes Podcast from Google Abdel Sghiouar, Kaslin Fields

Jesper Larsson is a Freelance PenTester. Jesper works with a hacker community called Cure53. Co-organizes SecurityFest in Gothenburg, Sweden. Hosts Säkerhetspodcasten or The Security Podcast. Jesper is also a Star on Hackad, a Swedish TV Series about hacking.
 
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
 
News of the week Kubernetes Removals, Deprecations, and Major Changes in Kubernetes 1.29
Introducing SIG etcd
etcd, with Marek Siarkowicz and Wenjia Zhang (The Kubernetes Podcast from Google)
WebAssembly (WASM) and OpenShift: A Powerful Duo for Modern Applications
Linux Foundation Events
Pass the torch in ContribEx #7603
Links from the interview Cure53 Hacker Community
Säkerhetspodcasten
Hackad TV Show on IMDB
SecurityFest Gothenburg
Falco by Sysdig
Wolfi by Chainguard
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
Links from the post-interview chat The Untold Story of NotPetya, the Most Devastating Cyberattack in History

Fabian Kammel is a Security Architect at ControlPlane, where he helps to make the (cloud-native) world a safer place. In his career, he continuously worked to bring hardware security and cloud-native security closer together. His past projects include:
* A cloud-native PKIs for on-road vehicle services secured by enterprise HSMs
* An always-encrypted Kubernetes distribution that harnesses the power of Confidential Computing
* And more recently securing SPIFFE-based machine identities via hardware attestation.
 
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
 
Links from the interview Confidential Computing Blog from kubernetes.io
Confidential Computing Consortium
Confidential Computing Whitepaper
Intel SGX Enclave
Swap Memory with Kubernetes in Beta in 1.28
Hardware Security Modules
Trusted Platform Modules (TPM)
Envelope Encryption
Confidential Computing Concepts - Confidential Virtual Machine
AMD Secure Encrypted Virtualization (AMD SEV)
AMD Secure Encrypted Virtualization - Secure Nested Paging (AMD SEV SNP)
Trusted Computing Base (TCB)
Remote Attestation
Confidentiality, Integrity, and Availability: The CIA Triad
Intel SGX Enclaves
Confidential Containers (CoCo)
Katacontainers
AWS Firecracker
 

Guests are Marek Siarkowicz , Senior Software Engineer in Google Cloud, Tech Lead of SIG-etcd   AND Wenjia Zhang, Engineering Manager in Google Cloud, Co-Chair of SIG-etcd, Google. We spoke about the project, the recent change to become a Special Interest Group and how to learn etcd.
 
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the week Co-host this week is Mofi Rahman [X, LinkedIn]. Cloud Developer Advocate at Google
Karpenter graduated to Beta
The Kubernetes SIG Network announced release 1.0 of the Gateway API
Ingress2gateway new CLI to migrate from Ingress to Gateway
The Call for Proposals for KubeCon EU 2024 will close on Nov 26, 2023
Links from the interview etcd
Meaning of etcd
etcd history from CoreOs
Raft paper
On the Hunt for Etcd Data Inconsistencies by Marek Siarkowicz - [youtube]
Lessons Learned From Etcd the Data Inconsistency Issues by Marek Siarkowicz - [youtube]
The first pancake rule
etcd as a Kubernetes sig
The Case for SIG-ifying etcd
CNCF Contributor License Agreements (CLA)
Kubernetes Prow
Contributor Experience Special Interest Group
Kubernetes Watch
Go Serialization and Deserialization
Cilium with external etcd
Certified Kubernetes Administrator
etcd mentorship program
etcd @kubecon NA 2023
Links from the post-interview chat Kubernetes considerations for large clusters
Operating etcd clusters for Kubernetes
Kueue
etcd on the podcast
The Heartbleed Bug
XKCD meme about dependency
 

WasmCon took place in BELLEVUE, WASHINGTON on Sept 6-7 2023. Kaslin and Mia from our advocacy team went down there and spoke to some folks at the conference to get their impression of the event.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
News of the week Mia Villaseñor:
Twitter/X
LinkedIn
Cilium Graduated
Docker AI apps tools
Kubernetes steering committee election results
CRI-O moved to Kubernetes owned repository
CNCF TOC voted to archive the SMI project
Links from the interview WasmCon 2023
Guests
Dan Wilson
Hood Chatham
Brendan Irvine-Broque
Josh Berkus
Kevin Zheng
Sid Hussmann
Dawn Parzych
Daiki Akasaka
Radu Matei
Dan Mihai Dumitriu
Russell Ashi
Chris Madison
Brooks Townsend
Open Policy Agent
V8
Gapfruit OS
WASI Capabilities
Trusted Compute Group
Trusted Platform Module (TPM)
Jnode
Midokura WASM Runtime
Cosmonic Cloud
CNCF WasmCloud
Wasm Components Model
WASI
WasmTime
SQLite in Wasm talk at WasmCon
AI and Wasm talk at WasmCon
Envoy and Wasm
The WIT format
Cloudflare RU workers
Wasm and Kubernetes
Wasm and Kubernetes case study
Doom on Cloudflare workers with Wasm
Wasm and bosch by Emily Ruppel
Dynamic Linking Python
Dynamic Linking in Wasm from Wasm I/O 23
Links from the post-interview chat Podcast episode#208 with Phil estes
Podcast episode#203 with Justin Cormack

 
This week we explore what’s new in Istio with core maintainers John Howard and Keith Mattix
 
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
 
News of the week Announcing Linkerd 2.14: Improved enterprise multi-cluster, Gateway API conformance, and more!
Amazon to invest up to $4 billion in AI startup Anthropic
KubeCon EU 2024 CFP is open until November 26th
CNCF Security Slam
NEW Certification: Istio Certified Associate (ICA)
npm packages caught exfiltrating Kubernetes config, SSH keys
Links from the interview Kubernetes Native Sidecars in Istio (Blog from Istio)
Kubernetes v1.28: Introducing native sidecar containers
Argo Workflows
Apache Airflow
Envoy Proxy
Istio Ambient Mesh
Introducing Rust-Based Ztunnel for Istio Ambient Service Mesh
eBPF
Kernel TLS
HTTP Based Overlay Network Environment (HBONE)
KubeCon EU 2023: “Future of Service Mesh - Sidecar or Sidecarless or Proxyless?” - Idit Levine & Yuval Kohavi, Solo.io; Keith Mattix II, Microsoft; Eric Van Norman, IBM; John Howard, Google
Istio Ambient Waypoint Proxy Made Simple
kiali.io
Kubernetes Gateway API (Istio)
Getting Started with Istio and Kubernetes Gateway API
Istio Desitination Rule
Announcing Istio's graduation within the CNCF
Istio sails into the Cloud Native Computing Foundation (CNCF Blog)

This week we explore the history of containers, particularly containerd, with Phil Estes.
 
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
 
News of the week Notary Project announces a major release! (Blog) 
Kubernetes Legacy Package Repositories Will Be Frozen On September 13, 2023 (Blog)
Gateway API v0.8.0: Introducing Service Mesh Support (Blog)
Amazon VPC CNI now supports Kubernetes Network Policies (Blog)
Introducing VMware Tanzu Developer Portal: Empowering Developers with Enterprise-Grade Backstage
Google Cloud Next page
Google Cloud Next Blogs
Google Cloud Post-Next Videos
KubeCon NA 2023 Schedule
Rig.dev startup (Blog)
 
Links from the interview Docker
Containerd
Chroot (archlinux wiki)
Linux namespaces (Linux man page)
runC announcement (2015)
runC on Github
Containerd project creation announcement (2016)
Containerd donation to CNCF announcement (2017)
Containerd graduation announcement (2019)
Container Runtime Interface (CRI)
Kubernetes SIG Node
Dockershim debacle (kubernetes.io blog)
Dockershim deprecation FAQ (kubernetes.io blog)
Mirantis-owned cri-dockershim on Github
Open Container Initiative (OCI)
Cloud Native Computing Foundation (CNCF)
CoreOS (“What was CoreOS” blog by RedHat)
Rkt (“What is Rkt” blog by RedHat)
Kinvolk
BlaBlaCar
BlaBlaCar Case Study on Google Cloud
gRPC
gVisor
Kata Containers
Docker && WASM with Justin Cormack (Docker CTO) on the Kubernetes Podcast from Google
WasmEdge (A Wasm runtime)
CRI-O (lightweight container runtime for Kubernetes)
Containerd scope and principles
nerdctl: Docker-compatible CLI for containerd
Docker Buildkit
github.com/container-image, github.com/container-storage
Podman
Skopeo
Firecracker microvms
Intel Clear Containers
Hyper.sh
Open Infrastructure Foundation
OpenStack
Cloud Native Rejekts
“Face off: VMs vs. Containers vs Firecracker” by Alex Ellis at Cloud Native Rejekts EU 2023
 
Links from the post-interview chat  
Keynote: Reperforming a Nobel Prize Discovery on Kubernetes - Ricardo Rocha & Lukas Heinrich
Keynote: CERN Experiences - Ricardo Rocha & Clenimar Filemon
Jesse Frazelle’s container escape challenge used to be at contained.af, but it doesn’t seem to exist anymore.
Containers from Scratch - Liz Rice at GOTO 2018 (there are a bunch of recordings of this talk)
Mirantis-owned cri-dockershim on Github