Kubernetes Podcast from Google


ADAM GLICK: Woohoo! And you can come and visit us.

CRAIG BOX: Yes. We didn't get to go to KubeCon US last year, but we were both in Europe for the Barcelona show, and we had a meetup at the Google Cloud Lounge. And that was such a success, we thought we would do it all over again.

ADAM GLICK: Indeed. It was great to meet you all, and we'll be available at 1:30 on Tuesday at the Google Cloud Lounge.

CRAIG BOX: And the good news is, I've brought some snacks. Flying back from New Zealand, I thought, well, I should bring some of the chocolaty treats that are available in the fine country over there. And so I have some Pineapple Lumps and some Jaffas, which really, it's best that you just come along and sample them, rather than I try and explain them.

ADAM GLICK: It's a kiwi candy, which I hear is far better than candied kiwis.

CRAIG BOX: Are you going to bring along anything from Washington?

ADAM GLICK: I'm going to see if I can bring along some of the local sweets that we have here. So we may have a selection from around the world for people to try.

CRAIG BOX: Great. So do make sure you come by and see us. We will be at the Google Cloud Lounge. That is Tuesday, the first day of the conference, at 1:30 PM. Hopefully, you've had a chance to listen to this beforehand. If not, then you should definitely follow us on Twitter @KubernetesPod so you don't miss out on timely tidbits like this one.

ADAM GLICK: As you're planning your trips and getting ready, for anyone that has a love of science fiction and is looking for something to watch on your way there, if you haven't already, I just finished up watching "The Expanse," which is both a series of books and was a sci-fi series. It's now been picked up by Amazon, who will be carrying it forward from season four forward, and that starts in December. But it is a really good sci-fi TV show. So if you enjoy sci-fi and you want to dig into another universe, so to speak, in terms of races, and peoples, and all that's going on, check out "The Expanse." Download a couple, watch it on the plane. It's definitely a fun ride.

CRAIG BOX: Let's get to the news.

[MUSIC PLAYING]

ADAM GLICK: Google Cloud has announced that the Skaffold project is now GA. Skaffold is an open-source project that monitors source repos and automatically rebuilds and helps deploy artifacts in real time to speed up development. Skaffold works with CI/CD pipelines to automate the build and deployment parts of software development so developers don't have to spend their time updating artifact repositories. Skaffold also works directly with Google Cloud's free Cloud Code tools to help developers be more productive within their IDE. Learn more about Skaffold in episode six.

CRAIG BOX: VMware announced updates to their Tanzu product line last week at VMworld Europe. Alongside a new cloud-native services competency for VMware partners, they announced the opening of the Project Pacific beta program. Project Pacific enables vSphere users to create Kubernetes clusters and manage them from the vSphere interface. No release date was provided for the new features, which will be part of the beta rollout.

ADAM GLICK: The open-source monitoring tool M3 is getting a company to help commercialize it, founded by two of the engineers who helped create the project at Uber. The new company is called Chronosphere and has received $11 million in venture capital from Greylock Partners. The engineers are aiming to help fill a number of the product gaps that customers were asking for but didn't make sense to work on while they were at Uber. They say the main difference between their project and other projects like Prometheus is M3's ability to meet cloud-scale needs. The product is currently in private beta and is expected to be in public beta in early 2020.

CRAIG BOX: The CNCF has announced that Vitess has graduated, making it the eighth project to reach that milestone. Vitess is a horizontally-scalable, cloud-native database system that came out of Google's YouTube in 2010 as a means of storing large amounts of data with a MySQL-compatible interface. Along with the announcement, the CNCF have also announced that Vitess had reached version 4.0 with increases in SQL query performance and updates to ease users getting started with the project.

ADAM GLICK: Microsoft Azure announced their monitoring product, conveniently called Azure Monitor, has made its Prometheus integration generally available. Thus service scrapes your Prometheus metrics and stores them for you. Azure also provides a Grafana template for visualizing these metrics.

CRAIG BOX: Quarkus, a Kubernetes-native open source stack for running Java applications, has released a 1.0 release candidate. Built by Red Hat, Quarkus includes the GraalVM and OpenJDK hotspot projects to run smaller JVMs and build prepackaged containers for quicker startup. It supports a laundry list of your favorite things if you haven't changed programming language since 1996, including Hibernate, JAX-RS, Eclipse Vert.x, Apache Camel, and Spring API compatibility.

ADAM GLICK: The Knative project has announced version 0.10. The release is mostly bug fixes and feature improvements as the project approaches GA and includes support for the CloudEvents 1.0 spec announced recently. Changes to the way Knative uses CRDs now requires it to be installed on a minimum Kubernetes version of 1.14.

CRAIG BOX: Pachyderm has been building their data-as-a-service platform on top of Kubernetes but wants to provide it to people who aren't yet running Kubernetes. Thus, for their new Pachyderm hub, they built a "Kubernetes-as-a-service"-as-a-service model, allocating customers to GKE clusters that they create and manage on their behalf. Kevin Delgado reflects on the challenges of building this product in a blog post, which walks through their decision process, some of the findings, and their future plans.

ADAM GLICK: D2iQ has announced Kommander, with a K. First hinted at in August, Kommander provides federated multi-cluster management across on-prem and cloud Kubernetes clusters. The key focus areas are multi-cluster management, lifecycle management, configuration and policy management, and governance. D2iQ also announced a new CI/CD product called Dispatch that will be released in the future.

CRAIG BOX: Self-driving car company Cruise continues to describe their Kubernetes platform, this week focusing on security. They released K-rail, a workload policy enforcement tool for Kubernetes, which allows them to audit a variety of common misconfigurations and politely ask their engineers to remediate them. It does this at pod admission time which minimizes the risk of reducing availability or engineering morale.

ADAM GLICK: Kasten, with a K, has released an update to their K10 data protection software for Kubernetes. The new 2.0 release of the software brings support for Kubernetes authentication, RBAC, and OpenID Connect-based roles for use with AWS IAM. It also provides customer-managed encryption keys and integrated encryption, both at rest and in transit.

CRAIG BOX: Security researchers have completed a third-party audit of the Helm project, which it passed with only one noteworthy finding. The vendor, Cure53, says that they find that the Helm project projects the impression of being highly mature. The post points out that the security audit is a requirement for graduating the CNCF, so the bookmakers have slashed the odds on that being announced alongside its upcoming 3.0 release.

ADAM GLICK: Are you thinking of becoming a Kubernetes contributor but are not sure where to start? As we talked about in episode five, helping with the Kubernetes docs is a great way to get started. Aimee Ukasick has written up her experiences and suggestions to others who want to help with the docs. She provides 10 main takeaways, and it's a great read if you want to find a good way to do your first contribution to Kubernetes.

CRAIG BOX: Rancher has released the results of the industry survey of over 1,100 IT pros in the US and EU. Key findings are that 85% of organizations are using containers in production, with 90% of the orchestration done by Kubernetes. Hybrid use is quite prevalent, with 67% of respondents doing multi-cloud and 71% doing hybrid with on-prem clusters. Additionally, 15% of those surveyed are using Kubernetes in edge scenarios.

ADAM GLICK: The CNCF has released their latest project journey report, this time for Prometheus. Prometheus is the metrics-based monitoring and alerting project that joined the CNCF in May of 2016. As usual, there's a list of stats that shows the strength and growth of Prometheus since it joined the CNCF. These include over 6,300 contributors, more than 13,500 code commits, leading to over 113,000 total contributions from 723 different companies. This makes Prometheus one of the top three CNCF projects based on project velocity. Congratulations to all of you out there who have helped make Prometheus such a success.

CRAIG BOX: Tim Hockin, our guest in episode 41, has combined his joint passions of art and Kubernetes networking into a flowchart explaining how Kubernetes routes and translates packets if you're using iptables. It's simple enough for anyone to understand, yet complicated enough to make you think "I should really look at using IPVS or eBPF".

ADAM GLICK: Ever wonder what it would take to move your Kubernetes microservices environment into a zero-trust network design? The folks at Monzo, a UK bank, have done exactly that. They've posted a blog detailing how they went about the setup, testing, and deployment of this environment containing 1,500 services. The blog also notes their lessons learned and is a good read if you're interested in setting up a highly compartmentalized network security environment for your microservices and Kubernetes.

CRAIG BOX: Finally, Google Cloud Next is coming up in April next year, and the call for proposals goes live this week. If you have a session idea, please feel free to submit it. Talk submissions will be accepted until December 13.

ADAM GLICK: And that's the news,

[MUSIC PLAYING]

Chris Kühl, with a K, is the CEO and co-founder of Kinvolk, as well as the co-organizer of the Cloud Native Rejekts, with a K, conference. Welcome to the show, Chris.

CHRIS KUHL: Hi, happy to be here.

CRAIG BOX: You have a long background in open source, and I understand that started back with the GNOME Project.

CHRIS KUHL: Oh, I was just an open source enthusiast following GNOME Planet for years. And then I think it was the Ubuntu project that got started, and I started following forums and answering questions. And then I eventually became a maintainer of GNOME System Monitor. So if you go into the About box there, you'll see my name. Oh, that's been a while now, but yes, I did that as a kind of enthusiast for years.

CRAIG BOX: Is it the year of Linux on the desktop yet?

CHRIS KUHL: I don't think that's happened yet.

ADAM GLICK: What is Kinvolk, and why did you start it?

CHRIS KUHL: We started Kinvolk back in 2015. Our founding project was working on the rkt project with the CoreOS folks, and we did that for about two years in total. We wanted to have a company where we could really focus on doing contributions to open source projects. And at first, we were doing that, and we continue doing that as consultants. But we also have started rolling out our own products like Flatcar Container Linux. And that's a fork of CoreOS Container Linux after they got acquired by Red Hat.

CRAIG BOX: You've carried the torch for two CoreOS projects. You mentioned there Flatcar Linux, which is a fork of CoreOS' Container Linux, and you were also involved with the rkt project before it was archived. Let's work backwards through those. How did you get involved with rkt?

CHRIS KUHL: rkt was interesting. That basically came through they were looking for people to help with some of their projects, and I think we got a recommendation from Lennart Poettering, who's a friend of ours, and he started the systemd project. And so really quickly, actually, right, from the beginning, we got started on that project. And actually, if you look at the contributors, we have three of the top four contributors to rkt. And so we basically did that in the context of our consulting work, and we did a bit after we stopped consulting with CoreOS just in maintenance mode.

But the thing that we're really focused on right now, and what we've been doing in the last 18 months, is Flatcar Linux. So when CoreOS got acquired by Red Hat, we kind of had this feeling, for obvious reasons, that some things were going to be changed with CoreOS Container Linux, because Red Hat has its way of doing operating systems, and it makes perfect sense for Red Hat. But we thought that this was a really good project. It was a very healthy project. And the only reason that this would be unmaintained or not carried forward is simply because of the acquisition. And we thought that there was an opportunity to pick that up, and we've done that. And we just announced last week that we're offering full commercial support.

ADAM GLICK: Not all of Container Linux was open sourced. There was an updater service which had to be reverse-engineered. Can you talk a little bit about what Omaha and Nebraska are?

CHRIS KUHL: The Omaha protocol is a protocol that was started in the Chromium OS project from Google. And so that handles the updates for things like Chrome, Chromium, the OS-- you know, like Chromebooks, but it's also the mechanism that CoreOS Container Linux used to do the updates. So that was the secret sauce, I guess, that Core OS wanted to keep for themselves, and that has never been open sourced.

So what we did is, there was a project that kind of supported the functionality that one needs for this because that was missing, and that was project was called CoreRoller. But that was really stagnant, and it was about two years since contributions had been happening. So we picked that up and we modernized the front end, updated things, and yeah, last week, we released that as an open source project. So now all the components of Flatcar Linux are completely open source.

CRAIG BOX: Do you see a pattern in who uses these technologies? rkt, for example, I know there are a couple of big users in Europe. Kinvolk are a company based in Berlin. Do you think that they ended up with more usage in one area versus another?

CHRIS KUHL: Actually most of our clients in the most of the folks we interact with were, actually, US-based I would say for Flatcar, for example, most of the usage comes from North America. So one of those is UpGuard, who was a CoreOS user, and now they've come to Flatcar. And they were part of the announcement last week as well. So I don't know if it's really geographically based. A lot of the software development does takes place in the US. There's a lot more funding with the startup scene. But yes, we do have partners and things in Europe that also use the products.

ADAM GLICK: You're an organizer of the Cloud Native Rejekts conference, which is having its second instance this week. The conference is described as a B-side conference. What is a B-side conference?

CHRIS KUHL: We got the idea for the Rejekts conference because there was a JSConf happened in Berlin, I think, in 2015, and then there was a Rejects.JS conference that was done. And I followed that at the time, and I thought that was really interesting. I mean, we've been to every KubeCon, except for the very first one in San Francisco. And at first, it was quite easy to get talks accepted. And then there was, of course, as it became very popular, because in London, there were 500 people at KubeCon. Within only a few months, there were thousands-- i mean, now it's, like, 10,000-plus.

And so it became increasingly difficult to get talks accepted. So the idea is from this Rejects.JS conference. And I think there are some B-side conferences around, I think, some of the RSA Security conferences and things. So there's simply a lot of interesting ideas. Not all of them can happen at one conference, and so we try to pick up a few of those.

CRAIG BOX: Some of our audience will be younger than the last time vinyl records were in use. Can you explain to those people what a B-side is?

CHRIS KUHL: Those are the kind of discarded-- maybe they didn't make it onto the main record. And so they released either-- what they call them? EPs, short-form records, where they released some of these songs that were-- kind of didn't make them in, but were still good. I mean, one of my favorite B-sides, I think, is "Yellow Ledbetter" from Pearl Jam. That's an amazing song, but it just didn't make it on the final record.

CRAIG BOX: Yeah, and for those who are completely unfamiliar, you actually had to pick the record up, take it off, and flip it over from what they called the A side to what they called the B side to hear these songs.

ADAM GLICK: They were also, typically, ways to sell singles. Because you could buy the single, which would have the hit song you wanted, and then, the B-side, the back side, was some other song.

CRAIG BOX: But we digress.

ADAM GLICK: [LAUGHS] Yeah.

CRAIG BOX: We have the B-Sides conference to the DEFCON series. We have Rejects.JS conf, and now we have the Cloud Native Rejekts conference. Again, for someone with no experience in the space, just hearing that name, how would you describe the Cloud Native Rejekts conference?

CHRIS KUHL: Well, it's obviously tongue-in-cheek, right? It's embracing the fact that you got rejected, and it's just playing with that. And it's kind of how we want the conference to feel when you actually get there. It's not a trade show. It's very much an engineer's conference.

When you go there, we have tables to sit and talk. There are no booths, even though this is-- this new instance in San Diego, we will have some tables for some of the sponsors. But we kind of have this feeling that KubeCon is the trade show. We don't need to do that. And so really, we want to have that feeling that this is a conference that doesn't take itself too seriously. You can really come there, share your ideas, and just talk to other Rejekts and people who want to come and share their ideas, and listen to those ideas.

ADAM GLICK: You get some amazing speakers at the conference, including people like Tim Hockin. Do you have to have submitted a talk and have been rejected from KubeCon in order to participate, or can people just submit talks to the Rejekts conference directly?

CHRIS KUHL: We have two main criteria. Obviously, it's called the Rejekts, so yes, ideally, it should be a rejected talk. And we actually-- our proposal period is only one, maybe two weeks, because we assume that it's just a copy-and-paste to present that proposal. But we do also expressly say that we would like to take new ideas, because the KubeCon deadline is way before KubeCon actually happens. So we take new things that couldn't make it in that deadline, and we also reserve a few spots, really, at the end where we can invite some people who are really working on some really interesting stuff. And maybe it's just got released a week or two before.

CRAIG BOX: The first event was in Europe this year, in Barcelona. What encouraged you to start this year?

CHRIS KUHL: Just building frustration with 80% of the talks being rejected I think it came to that point. I remember proposing the idea at I think it was Open Source Summit in Edinburgh when I was working at the CNCF booth. People were like, OK, that's interesting. But then, we actually decided to pull the trigger in about January. So it was really quickly put together, a timeline from January to May. And so I think it was just the right time when you have to have a good amount of rejected talks before you can actually have such a conference.

CRAIG BOX: And what was the feedback from the first event?

CHRIS KUHL: Great. I think people liked the feeling of it. We kind of were using that as a test bed to see if it were something that would be useful. And the reception of the idea was exceptional. I think one of our problems with that one is you have to communicate that very early, because people often set their travel very early. And so it always takes place the two days on the weekend before the KubeCon conference. And so people have to actually calculate that into their travel. So that's the thing where getting the message out very early and just letting people know about Rejekts is the first hurdle we have to get over, so they that make it a part of their travel plans.

ADAM GLICK: What do you feel makes the Cloud Native Rejekts conference unique?

CHRIS KUHL: I think we're the only one that really focuses on the rejected talks. I mean, that's kind of the obvious one. I think the fact that we focus on purely open source projects, this is kind of in line with what we do it Kinvolk. It's not a trade show. Obviously, some speakers are talking about things they're working on in the context of their company, but the conference itself is not set up like that and doesn't focus on that. And I think in general, we do other conferences, too, and we really focus on making an engineering conference. It should be really focused on the open source projects, the engineering behind that, and connecting people.

CRAIG BOX: What does the CNCF think of the show?

CHRIS KUHL: We've got really good feedback, all the way up to Dan Kohn. They think it's a fun idea. It's definitely not infringing on anything. We couldn't call it Kubernetes Conference or something, but "Cloud Native" is a very general term. We've never had anything but positive feedback from them. Like I said, I think these kind of conferences that really are about, we're just a community member who decided to do this on our own. It was not in collaboration with the CNCF at all. So I think these kind of events are especially interesting and something the CNCF would actually promote.

CRAIG BOX: What are the logistics required in putting on an event like this? How do you know how many people will attend, given that you've said that people need to change their travel plans and they may not necessarily know about it in advance? And how do you decide how many talks you can allocate based on the space is available to you?

CHRIS KUHL: Last, time we basically had a mostly a single track. We did have two rooms for a couple of the slots This year, we have two to four rooms. So you kind of know how many-- if it's a 30-minute talk with a 5- or 10-minute gap between those, you know how many talks you have. And we already could project that we were going to have enough talks submitted to cover that. In fact, this year, we had-- I think about at least 40% of the talks from Rejekts were rejected. So we have a good number of rejected Rejekts.

And I think, yeah, the other part of the question is just general event logistics. And we've been doing this for a while. We do another conference call All Systems Go in Berlin. We've been doing that for three years. And that conference is about the layer of Linux between the kernel and the application. So it's this common layer between cloud, and embedded, and desktop that doesn't really matter what area it's used. And so from that experience, from doing meetups, we kind of have an idea of how many people we can expect. But yeah, definitely, one thing we need to do better is early outreach, and that's something we're going to focus on for the next one in Amsterdam.

CRAIG BOX: As these events become more successful, do you see them growing to be many more tracks?

CHRIS KUHL: No, I think it would be detrimental to the spirit of the conference if it went more than two tracks, actually. So we don't want it to be a big conference. It should really be this conference that you go to, and it has a really good feeling, and people just enjoy being there. So we don't mind at all if we sell out the tickets. If we say we want to cap it at 300, or 250, then we'll just cap it at that.

ADAM GLICK: Cloud Native Rejekts is a worldwide set of events at this point. Do you see yourself expanding to cover every place that there is a KubeCon, say, for instance, KubeCon China? And what about things like the CNCF forums that they've started to announce?

CHRIS KUHL: Right now, no. I think we're focused on the European and the North American KubeCons. The one in China is just difficult for a company like ours-- or, actually, even larger companies-- to do logistically. I think you have to form a company in China to actually back it or get a company to sign off on it That's there. And that's not something we really want to deal with now.

So I think the effort we need to put in to do both the North America and the European versions of KubeCon are enough for us right now. In fact, we're expanding the Events team at Kinvolk right now just to take care of that.

CRAIG BOX: This week's event is the second Cloud Native Rejekts conference in San Diego ahead of KubeCon in San Diego. How many talks have been accepted for this event, and how many people will be able to attend?

CHRIS KUHL: There's a little over 40 talks in total, and like you said, from some of the people who are pretty well-known in the community. And we also like to give a chance to all the folks who are submitting talks. And so we're projecting up to 200. That's what we have space for. And it's taking place at a really great venue called the San Diego History Center in Balboa Park. So this is that really wonderful area in San Diego with an avenue of museums, and theaters, and things like that. And so we're right in the middle of that. So a great venue, and yeah, we have size for about 200 people.

CRAIG BOX: Are tickets still available?

CHRIS KUHL: Oh, yes.

ADAM GLICK: Will tickets be available day of?

CHRIS KUHL: Sure, yeah, as long as there is still capacity, then you can grab a ticket. And you can do that on the day of the conference, or the second day of the conference.

CRAIG BOX: Since you've been doing this, you've seen a number of ideas. What do you think is most exciting about this year's Cloud Native Rejekts conference?

CHRIS KUHL: For us, logistically, doing it in North America, that's our first North America event. And so that's been a bit of a challenge. We've done the other events mostly in Berlin and then, of course, in Barcelona. So that's exciting for us as organizers. I think the other aspect of that is that the quality of talks, as you get more submission, goes up. And so we're really excited about the speakers we have there and, basically, the forum that we're able to enable.

CRAIG BOX: Are there any talks that you're particularly interested in seeing, either at Rejekts or at next week's KubeCon itself?

CHRIS KUHL: For Rejekts, there's a few that I'm really excited about. There's several talks about Service Mesh, which is, of course, a hot topic. The talk from Tim Hockin will be quite interesting. I think it's called "We've Made Quite a Mesh"-- so play on words there. We have a couple talks about storage from the MayaData folks, which is something that I think everybody tries to deal with. And so, yeah, there's a lot of interesting talks coming up.

CRAIG BOX: At the end of an event like this, how do you personally determine if it has been a success?

CHRIS KUHL: Mainly the feedback, but we, actually, also send out a feedback form to quantify that, to try to find out what we can improve. But the feedback that we get, whether it's somebody reaching out to us personally, or on Twitter and things like that, that's really what we're looking for, because that really gives an indication of the vibe that people took away after visiting.

ADAM GLICK: One of the things about being someone who's putting together a conference is you get to see all the things that are proposed to you as well as what actually ends up in the show. Are you seeing any trends in terms of the technologies or are the areas where people are tending to shift their focus? If I take a look back a couple of KubeCons ago, Service Mesh was something that was really exciting, there was a lot of focus on. And you see different technologies go through that. What do you see as the next cresting technology. We saw serverless was another one that went through.

CHRIS KUHL: Yeah, those are still hot. Those people are discovering new frustrations and new solutions to things like service mesh and serverless. So we got quite a number of those. But people are still figuring out how to deploy Kubernetes and how to operate things, how to deal with stateful containers, and things like that. So I think there are, obviously, new ideas coming up. Maybe it's a bit disconcerting, but people are still dealing with some of the issues they were dealing with a year or a year and a half ago.

CRAIG BOX: Yeah.

ADAM GLICK: Chris, no pun intended, but you have a very cool last name. How did you get such a cool name?

CHRIS KUHL: I actually got that from my wife. So I took her name. I was an American living in Germany, and if an American is able to get an umlaut on their name-- the umlaut being the two dots--

CRAIG BOX: They call them the "rock dots".

CHRIS KUHL: Yeah, the Motley Crue dots, basically. They're kindred spirits, I guess. You definitely have to take that opportunity. And so my wife had a very cool name. She says I pronounce it slightly wrong, but you know, I think it sounds much cooler when you just say "cool," so!

ADAM GLICK: Chris, thank you very much for joining us today.

CHRIS KUHL: Yeah, thank you.

CRAIG BOX: You can find Chris Kühl on Twitter @blixtra, and you can find the Cloud Native Rejekts conference at rejekts.io, also with a K.

[MUSIC PLAYING]

ADAM GLICK: Thanks for listening. As always, if you've enjoyed the show, please help us spread the word and tell a friend. If you have any feedback for us, you can find us on Twitter @kubernetespod, or reach us by email at kubernetespodcast@google.com

CRAIG BOX: You can also check out our website at kubernetespodcast.com, where you will find transcripts and show notes. Also, don't forget to come say hi to us at KubeCon. Until next time, take care.

ADAM GLICK: Catch you next week.

[THEME MUSIC]