PodCTL - Enterprise Kubernetes

By Red Hat OpenShift

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 151
Reviews: 2

 May 27, 2019

 Jan 29, 2019


Red Hat Kubernetes weekly technology podcast hosted by Brian Gracely (@bgracely) and friends from the Kubernetes community. Focused on Containers | Kubernetes | Red Hat OpenShift | Cloud Native Applications | Microservices | PaaS | CaaS | DevOps.

Episode Date
Introduction to GitOps

SHOW: 70

SHOW OVERVIEW: Brian talks with Alexis Richardson (@monadic, CEO @weaveworks) about the emerging concepts and technology behind “GitOps”. 



Topic 1 -
Welcome to the show. Tell us about your background both at Weave and your involvement in the CNCF.

Topic 2 - Weave really started evangelizing this concept of “GitOps”. For anyone that isn’t familiar, walk us through the basics building blocks.  

Topic 3 - Git becomes the CMDB (single source of truth, single source for compliance). Developers push code (Git > CI/CD). CI/CD system builds containers and deploys to Kubernetes. What assumptions does this model make about the underlying infrastructure operations? 

Topic 4 - Let’s talk about the separation of interests between the CI system and the CD system and how this impacts security. 

Topic 5 - Let’s talk about the role of Operators in a GitOps environment. Operators (today) tend to be more focused on stateful applications, so how does this link into developer code? 

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Jun 18, 2019
Reviewing KubeCon Barcelona 2019 - Part I

SHOW: 69

SHOW OVERVIEW: Brian reviews the major project-level news and announcements from KubeCon Barcelona 2019, as well as gives some feedback about the overall show.



  • Kubernetes 5 year anniversary - 7700 people in Barcelona
  • ALL the CNCF announcements during KubeCon
  • Fluentd graduated
  • Helm v3 - no more Tiller
  • OpenTracing + OpenCensus = OpenTelemetry
  • SMI - Service Mesh Interface
  • Rook 1.0 and Rook Operator
  • OpenEBS into CNCF
  • Velero 1.0

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

May 24, 2019
Operators and OperatorHub

SHOW: 68

SHOW OVERVIEW: Brian talks with Rob Szumski (@robszumski, Sr. Manager Product Management @OpenShift) about the evolution of Operators, the emerging capabilities in Kubernetes to support Operators, OperatorHub, Helm Operators and how OpenShift 4 is integrating the Operator experience.



Topic 1 - Welcome to the show. Tell us a little about your background, and how you’re involved in Kubernetes operators. 

Topic 2 - Last year (May 2018) we spoke with Brandon Philips around the launch of Operator Framework. How has the ecosystem around Operators evolved over the last year? 

Topic 3 - We spoke with Clayton Coleman and Derek Carr about how Operators are now core to the architecture of OpenShift 4, but what role do Operators play for applications running on Kubernetes or OpenShift?

Topic 4 - How are complex applications getting turned into Operators? What’s the model to get them engaged with the SDK and Metering frameworks? 

Topic 5 - How is OpenShift 4 interacting with OperatorHub?  

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

May 01, 2019
Ceph Storage with Rook

SHOW: 67

SHOW OVERVIEW: Brian talks with Annette Clewett (@aclewett, Senior Architect @RedHat) and Travis Nielsen (@STravisNielsen, Senior Principal Software Engineer @RedHat) about software-defined storage, managing storage with Kubernetes, and how Rook is bringing the Operator model to storage systems like Ceph.



Topic 1 - Welcome both of you to the show. Before we get into discussing Ceph and Rook, can you tell us about your background around these projects? 

Topic 2 - One of the most frequent requests we get from listeners is to discuss how to integrate (and manage) storage into OpenShift/Kubernetes environments. Let’s talk about storage needs for OpenShift/Kubernetes infrastructure (masters, logging, monitoring, etc.) vs. storage for applications. 

Topic 3 - Help us understand the difference between a storage manager like Rook and a storage system like Ceph. Where does one start and the next one stop? 

Topic 4 - Rook now uses the Operator pattern for managing underlying storage systems. How does the Operator technology help make managing (and lifecycling) storage easier or more robust? 

Topic 5 - As you talk to users of Ceph and Rook, what are some of the best practices that you’re seeing them implement? 

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Apr 24, 2019
Kubernetes Extended Authentication Model

SHOW: 66

SHOW OVERVIEW: Brian talks with Marc Boorshtein (@mlbian, CTO at Tremolo Security) about trends in Kubernetes security, and how to think about the Kubernetes Extended Authentication Model.



Topic 1 - Welcome back to the show. Your focus is on security. What’s one new thing that’s really interesting to your right now, and what’s one “mundane” thing you’re seeing all the time that isn’t getting enough discussion? 

Topic 2 - A few weeks ago we talked with John Osbourne about “Kubernetes Policy”. This is very different than “Authentication” or “Authorization”. For people that don’t live around security, can you help us understand the difference between policy and the things that make up AAA (Authentication, Authorization and Accounting)?

Topic 3 - You and I were talking a few months ago at OpenShift Commons Gathering in London about “the Kubernetes extended authorization model”, and I wonder if you could elaborate on that a little bit. 

Topic 4 - What are some of the areas where you feel like there isn’t enough awareness, especially for production environments, between policy and AAA models (e.g. Kubernetes elements vs. user-level elements)?

Topic 5 - Give us a quick set of thoughts on how any of this changes if we start doing multi-cluster or Federation. 

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Apr 05, 2019
Multi-Cluster and Federation v2

SHOW: 65

SHOW OVERVIEW: Brian talks with Paul Morie (@cheddarmint, Sr. Principal Software Engineer @RedHat, Reviewer/Approver of Federation v2) about the evolution of multi-cluster and Federation v2 in Kubernetes.   



Topic 1 - Let’s start with some basics. The differences between “Federation” and “Multi-Cluster”?

Topic 2 - What are the basic functionality that needs to be in place to federate more than 1 cluster together (authentication, registry, cluster registry, network routing, etc.)

Topic 3 - What are some of the mechanisms that help determine which cluster a container should run?

Topic 4 - Is the current design intended to handle applications that span clusters, or is the expectation that apps live in a single cluster? What about deploying the same app to multiple clusters?

Topic 5 - For more advanced capabilities, such as intelligence to know where to dynamically place an application, would that be something that’s within Kubernetes, or any external service?

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Mar 29, 2019
Project Quarkus, Kubernetes-native Java

SHOW: 64

SHOW OVERVIEW: Brian talks with Burr Sutter (@BurrSutter, Director Developer Experience @RedHat) about Project Quarkus (@QuarkusIO), Supersonic Subatomic Java for Kubernetes-native application development. 



Topic 1 - Welcome to the show. Tell us a little bit about your world and how it intersects Kubernetes, Developers and Cloud-native application development. 

Topic 2 - Today we’re going to talk about Java and containers. Before we get into the new technologies, let’s talk about what the world of Java in containers (and Kubernetes) looks like today - especially the challenges and tradeoffs from the Java EE world to Kubernetes. (see: “Kubernetes as the New Application Server”, Eps.55 on PodCTL)

Topic 3 - Please introduce us to Project Quarkus. 

  • Unifies Imperative and Reactive development models
  • Involves both GraalVM and HotSpot
  • Fast startup times
  • Low memory requirements
  • Smaller application and container image footprint 

Topic 4 - So for the Kubernetes or container person, how does this change things? It’s still Java/Quarkus in the container, but it is the smaller/faster aspect that’s interesting, or better interaction with the native Kubernetes patterns?

Topic 5 - What does this mean for today’s Java developer in terms of learning new capabilities or reusing any existing stacks or frameworks? (Eclipse MicroProfile, JPA/Hibernate, JAX-RS/RESTEasy, Eclipse Vert.x, Netty, and more.

Topic 6 - What’s the best way for developers to get the technology or engage with other developers/community around questions? 

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Mar 19, 2019
Understanding Project Velero (formerly Ark)

Show: 63

Show Overview: Brian talks with Carlisia Pinto (@carlisia, Sr. Member of Technical Staff at VMware, OSS Maintainer of Project Velero) about Project Velero (formerly “Ark”), and backing up and migrating applications on Kubernetes. 

Show Notes:

Show Topics:

Topic 1 - Welcome to the show. Tell us about your background and how you got involved in Project Velero.

Topic 2 - Let’s talk about the Velero Project, which was recently renamed from “Ark”. [From GitHub] “Velero gives you tools to backup and restore your Kubernetes cluster resources and persistent volumes.” It got started in 2017 by engineers at Heptio. Help us understand the scope of the project (backup/recovery, disaster recovery, other).

Topic 3 - Tell us about the architecture behind Velero. 

  • Take backups of your cluster and restore in case of loss.
  • Copy cluster resources to other clusters.
  • Replicate your production environment for development and testing environments.

Topic 4 - Right now it appears that all the “Compatible Storage Provider” targets are public cloud storage services. Is there a framework to allow other storage services to be plugged into Velero?  

Topic 5 - If people want to get involved in Velero, is there a roadmap of things that are coming in future releases, or a wishlist of things that the project would like to see people focus on? 

Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Mar 08, 2019
Ansible Operators

Show: 62

Show Overview: Brian talks with Fabian von Feilitzsch (@fabianismus, Sr. Software Engineer at RedHat) and Shawn Hurley (@shawn_hurIey, Sr. Software Engineer at Red Hat) about Ansible Operators, how they work with Ansible Playbook, on-platform and off-platform usage, and examples to help people learn the new Kubernetes technology.

Show Notes:

Show Topics:

Topic 1 - There are multiple types of operators: Go, Ansible, Helm. What are the basic things that the Ansible Operator does - in the context of the Operator Framework?

Topic 2 - Are there some basic things that an existing Ansible Playbook should have in order to easily fit into an Ansible Operator? 

Topic 3 - Will Ansible Operator mostly be targeting applications that are automated via Ansible Playbooks, or is it also applicable to infrastructure or security-related playbooks?

Topic 4 - How does an Ansible Operator interact with Ansible Tower, or how due those two worlds co-exist (or not)?

Topic 5 - Are there examples today of Ansible Operators that people can look at or try out? 


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Feb 27, 2019
OpenShift 4 Architecture Overview

Show: 61

Show Overview: Brian talks with Clayton Coleman (@smarterclayton) and Derek Carr (@derekwaynecarr), Technical Leads of Red Hat OpenShift, about the upcoming architectural changes in version 4.

Show Notes:

Topic 1 - Welcome back to the show. Let’s talk about some of the architectural concepts that will exist in OpenShift 4, and why decisions were made.

Topic 2 - OpenShift has always been a flexible/composable/modular platform. How does that evolve in OpenShift 4 (e.g. Operators, Platform + OS, etc.)? 

Topic 3 - OpenShift has evolved since the early 3.x days, when a lot of necessary things weren’t “Kubernetes embedded” (install/upgrade tools, monitoring, scanning, visualization of resources, etc.). OpenShift has been moving to adopt the Kubernetes native elements as they mature (e.g. Prometheus). Can you talk about some of the new Kubernetes native capabilities coming in OpenShift 4 that people should start looking into? (e.g. CRI-O, Cluster-Version-Operator, Machine APIs)

Topic 4 - Let’s come back to the discussion of Operators. We heard alot about Operators for applications (e.g. databases), but are there uses for Operators for things that would be considered more platform-centric (e.g. storage, logging, service mesh, etc.)?

Topic 5 - There are some things happening in the public cloud that make it easier to manage nodes and scaling of nodes. Any interesting stuff coming to OpenShift 4 to help make those elements easier to manage? 


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Feb 20, 2019
Kubernetes Policies

Show: 60

Show Overview: Brian and new co-host John Osborne (@OpenShiftFed) discuss policies in and around Kubernetes.

Show Notes:

Topic 1 - Welcome John Osborne to the show. Let’s talk about your background. 

Topic 2 - We decided to discuss “policy” in Kubernetes. Where do you usually find that discussion begins. If I were to do a Google search, the Kubernetes site highlights “Pod Security Policies” and “Quotas”. 

Topic 3 - What types of tools do you see in production being used to apply and track policy within Kubernetes environments? 

Topic 4 - Grafaes and Kritis are often discussed around policy for “securing Kubernetes software supply chain”. Are these types of projects focused on Kubernetes as a platform, or applications running on Kubernetes, with more of a focus on the CI/CD and Testing pipelines?

Topic 5 - There is a newer framework that’s starting to emerge, called “Open Policy Agent”. What are some of the things that it is focused on? 

Topic 6 - Are there communities within Kubernetes that are focused on policy, if people want to follow discussions or contribute to projects? 


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Feb 15, 2019
The Show is Back, 2019 style!

Show: 59

Overview: Brian Gracely is back as the host of PodCTL for 2019, with some news about changes and improvements to the show.

Show Notes: 


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://PodCTL.com

Feb 07, 2019
Reviewing KubeCon 2018 Seattle

Show: 58

Show Overview: Brian and Tyler talk about the announcements, trends and highlights from KubeCon and CloudNativeCon Seattle 2018.

Show Notes: 


  • From 1500 people (2016) to 8000 people (2018) 
  • Less focus on Kubernetes, more focus up the stack (Istio, Knative)
  • Many companies focused on developer tools - Atomist, Pulumi, Windmill, Microsoft

Other Tidbits: 



Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Dec 20, 2018
Kube Security, Kube 1.13 and KubeCon

Show: 57

Show Overview: Brian and Tyler talk about a significant security bug in Kubernetes, the recently announced Kubernetes 1.13 release, and the upcoming KubeCon event in Seattle.

Show Notes: 

Kubernetes 1.13 Features

  • Kubeadm is now GA
  • CSI (Container Storage Interface) is now GA
  • Core-DNS is now GA, replacing kube-dns (as default)
  • Alpha - support for device monitoring plugins
  • Stable - Kubelet Device Plugin Registration
  • Stable - Topology Aware Volume Scheduling
  • Beta - APIServer DryRun
  • Beta - Kubectl Diff
  • Beta - Raw Block Device with Persistent Volume


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Dec 07, 2018
Windows Containers with Microsoft

Show: 56

Show Overview: Brian and Tyler talk with Mike Kostersitz, (@huskyat, Principal Program Manager (@huskyat) in Core Networking for Microsoft) about the basics of Windows containers, the differences between Linux and Windows containers, considerations for deployments, commons questions about Windows containers and the interaction between Red Hat and Microsoft Kubernetes engineering.  

Show Notes: 

Topic 1 - From a Windows perspective (OS, Application), talk us through how you typically explain Windows Containers to other people? What are some of the important technologies, or changes to Windows?

Topic 2 - If someone has a Windows (.NET) application today, how would they go about getting into a Container/Kubernetes environment today, and in the near future?

Topic 3 - What are you finding is different between Kubernetes with Linux containers, and Kubernetes with Windows containers?

Topic 4 - You're in the process of writing a series of blogs about OpenShift + Windows containers. You've been working with both the Microsoft and Red Hat teams in getting this supported with OpenShift. What are some of the things you're seeing either Developer Preview customers? 

Topic 5 - What are some of the questions that you're getting from people interested in Windows Containers and Kubernetes? (normal and unusual)


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Nov 29, 2018
Kubernetes as the New Application Server

Show: 55

Overview: Brian and Tyler talk about how existing application developers and PlatformOps teams can map existing applications and framework services into a more distributed set of services that run in containers on Kubernetes and OpenShift. 

Show Notes: 

We mentioned last week that we’re moving into the 3rd Era of Kubernetes (automated ops, automated apps), with the 2nd Era being about getting a broader set of applications on Kubernetes. Today we thought we’d talk about some design patterns, especially for anyone that’s transitioning from existing applications, and how some of those concepts map to the evolving Kubernetes eco-system.

Topic 1 - At the core of this statement about “Kubernetes is the New Application Server” is three things: 

  1. Some explanation about why containers are a useful packaging mechanism to avoid the difference between developer environments and production environments (package dependencies, etc.)
  2. How to mentally map between the more monolithic frameworks that are widely used today, and more distributed concepts that align more with Kubernetes and containers.
  3. Even within a language like Java, there are now variants (JakartaEE, Microprofile, Node, SpringBoot, etc.) and developers might not want to embed all functionality within the application, if it can be offloaded to platform services.

Topic 2 - It walks through the 10 elements that either map to Kubernetes, an OpenShift service, or emerging functionality in Istio (or maybe Knative)

  1. Discover (Service Discovery)
  2. Invocation of the Application
  3. Elasticity / Scaling
  4. Resilience
  5. CI/CD Pipeline Integration
  6. Authentication
  7. Logging
  8. API Mgmt and Integrations


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Nov 15, 2018
Have We Reached Kubernetes-Native Yet

Show: 54

Overview: Brian and Tyler talk about how well the industry has created or evolved Kubernetes-Native platforms and services. 

Show Notes:

Topic 1 - We’re more than 3yrs into Kubernetes, and almost at the 2yr anniversary of the 1st big CloudNativeCon / KubeCon in Seattle (we’ll be back again this year). So let’s ask a big question - how has the industry evolved to actually deliver Kubernetes-Native?

Topic 2 - What is Kubernetes-Native? 

  • Is it specific to containers?
  • Is it specific to Kubernetes scheduling?
  • Is it specific to Kubernetes extensibility?

Topic 3 - Was reading a report recently that separated the concepts of DevOps from PlatformOps. We know Developers experiences and expectations are never the same and always evolving. But should the PlatformOps side of things be standardizing on something Kubernetes-native? 

Topic 4 - What are some of the common things you’ve seen in the Kubernetes community (products, platforms, services) that have gained some traction, but aren’t really aligned to Kubernetes? 

  • Most Developer Frameworks
  • CI/CD Pipelines
  • Storage (CSI framework)
  • ITIL Processes


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://podctl.com

Nov 09, 2018
The Internal Build vs Buy Discussion

Show: 53

Show Overview: Brian and Tyler talk about how companies rationalize a Buy (or consume) vs Build decision for a Kubernetes platform or service.

Show Notes:

This show is somewhat free form, but it ultimately started with a listener question that asked:

"We run an internal Kubernetes platform in our centralized IT group, but some other developer groups also run their own Kubernetes platform. How do we convince them, or our management team, to bring other groups onto our platform to be both more cost effective and more collaborative with developers?"

  • How do we rationalize having one vs multiple platforms (cost, support, feature differences)?
  • How do we communicate to internal groups about the capabilities of an internal platform?
  • How do we stop thinking like an IT group and start thinking like a product team?
  • How do we measure success of the platform?


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://blog.openshift.com, search #PodCTL

Oct 31, 2018
OpenShift 3.11 and OpenShift Container Engine

Show: 52

Overview: Brian and Tyler talk about updates to OpenShift 3.11, including new Operations Console, integrated Prometheus monitoring and Grafana graphing and supported Operators on OpenShift. They also discuss the introduction of OpenShift Container Engine (OCE)

Show Notes:

Topic 1 - CoreOS integration into OpenShift (admin dash, operators, etc)
Topic 2 - New Cluster Console and Administrator Dashboard
Topic 3 - Integrated Prometheus Metrics and Alerts
Topic 4 - Kubernetes Operator Previews and ISV Operators
Topic 5 - A discussion of OpenShift Container Engine (OCE)


Email: PodCTL at gmail dot com
Twitter: @PodCTL
Web: http://blog.openshift.com, search #PodCTL

Oct 17, 2018
Reviewing Kubernetes 1.12 Updates

Show: 51

Show Overview:
Brian and Tyler talk about updates to Kubernetes v1.12
Show Notes:

Topic 1 - Kubelet TLS Bootstrap moves to GA - simplify how nodes are securely added/removed into a cluster. As an add-on,  server certificate rotation functionality moves into beta, and this will be tied in with Cluster Operators and Application Operators.

Topic 2 - Azure Virtual Machine Scale Sets (VMSS) and Cluster-Autoscaler is Now Stable

Topic 3 - On the network security front, two NetworkPolicy components graduate to GA: egress and ipBlock.

Topic 4 - Multi-Tenancy: In this release comes the ability to support priority on the various resource quotas via the new ResourceQuotaScopeSelector feature. This enhances the existing priority and preemption feature that was delivered in Kubernetes 1.11.

Topic 5 - CSI now supports the notion of topology awareness and this functionality moves to beta in Kubernetes 1.12. What this means is that stateful workloads can now have a conceptual understanding of where storage resources live, whether it be a rack, datacenter, availability zone, or region.

Topic 6 - Kubectl Plugins: With kubectl plugins, developers can engineer extensions to kubectl, which accommodate their administration scenarios, while not being baked into the core kubectl codebase. This is going to allow teams to develop and deliver kubectl functionality faster and in a more consistent manner. (example: OpenShift “oc commands”) Topic 7 - Let’s discuss the upgrading process of Kubernetes (again).

Other noteworthy features:

  • Snapshot / restore functionality for Kubernetes and CSI is being introduced as an alpha feature. This provides standardized APIs design (CRDs) and adds PV snapshot/restore support for CSI volume drivers. 
  • Improvements that will allow the Horizontal Pod Autoscaler to reach proper size faster are moving to beta. 
  • Vertical Scaling of Pods is now in beta, which makes it possible to vary the resource limits on a pod over its lifetime. In particular, this is valuable for pets (i.e., pods that are very costly to destroy and re-create). 
  • Encryption at rest via KMS is now in beta. This adds multiple encryption providers, including Google Cloud KMS, Azure Key Vault, AWS KMS, and Hashicorp Vault, that will encrypt data as it is stored to etcd.


Oct 03, 2018
Listener Mailbag Questions

Show: 50

Show Overview:
Brian and Tyler answer questions from podcast listeners, about big data and analytics, application deployments, routing security, and storage deployment models.

Show Notes:

Topic 1 - From David - Is it possible to do a show about running Spark, Jupyter notebooks and analytical workloads on k8s?

Topic 2 - From Matthew - it would be interesting to hear your thoughts for how apps will be deployed and maintained in the future of OpenShift/kubernetes (covered in Eps.37 in late May).

Topic 3 - From Will - One thing I would still like to know about is how people secure their running kubernetes deployments.  Are people generally just exposing their ingress nodes to the open internet, or is it more complicated than that? I'm familiar with Nginx/Apache and modsecurity, and saw that OpenShift recently started supporting Nginx as ingress, and would like to know if anybody is using that as a WAF.

Topic 4 - From Walid - What storage available options are available for production use cases? and what diverse use cases are out there? e.g. stateful mostly,  how about trends in machine learning/AI, Big Data workloads not the conventional K8s workloads!


Sep 19, 2018
Security & Service Meshes

Show: 49

Show Overview: In a joint show between The Cloudcast and PodCTL, Brian and Tyler talk with John Morello (@morellonet, CTO at @TwistlockTeam) about how Service Mesh technologies, such as Istio, can be used for more advanced security of containerized applications and Kubernetes environments.
Show Notes:

Topic 1 - Welcome to the show. Tell us about your background, and introduce us to Twistlock for anyone that isn’t familiar with the company.

Topic 2 - One of the most popular concepts in the world of containers and Kubernetes is “Service Mesh” (projects like Istio). Let’s talk about the basics of what a service mesh does.

Topic 3 - Service mesh provides routing capabilities, so let’s talk about where security comes into the picture.

Topic 4 - Service mesh introduces a concept in Kubernetes where you deploy multiple containers in a pod, one the application and one the service-mesh proxy. Does security introduce yet another container/agent into a pod?

Topic 5 - What sort of tools are available today for security professionals are service meshes are introduced into a container environment? 


Sep 12, 2018
Patching VMs, OS, Containers

Show: 48

Show Overview:
Brian and Tyler try and clarify some confusion about how much patching is still involved when moving from Virtualization to Containers.
Show Notes:

Lots of confusion about how to manage patching of VMs vs. Containers.

Topic 1 - What do I have to patch in a VM-centric environment? Who is typically responsible for that patching?

  • Host OS 
  • Hypervisor
  • Guest OS 
  • Application Stack

Topic 2 - What do I have to patch in a Container-centric environment? Who is typically responsible for that patching?

  • Host OS 
  • Container Layer
  • Application Stack

Topic 3 - Is it possible to quantify the difference between the amount of patching that’s needed?


Sep 05, 2018
VM Admin vs Container Admin

Show: 47

Show Overview: Brian and Tyler talk about how the day-to-day tasks of a VM Admin would change if they adopted Containers in their environment.
Show Notes:

Let’s put ourselves in the shoes of a virtualization admin. How would we transition their day-to-day activities from VMs to Containers?

Topic 1 - What does the virtualization infrastructure/platform vs. container infrastructure/platform consist of?

  • Control Plane 
  • Content Repository
  • Data Plane (Hosts, OS, Apps) 
  • Networking, Storage, Management, Logging, Monitoring

Topic 2 - How do we get an application onto each platform, and how are resources provisioned?

  • Network 
  • Storage  
  • Security 
  • Backups 
  • What is automated (by default vs. tooling) 
  • Availability (models)

Topic 3 - Who is responsible for the different aspects of the application once it’s running?

Topic 4 - What are the biggest differences or misperceptions between the environments?

  • Stateful vs. Stateless apps 
  • Automated (integrated) vs. Manual tasks 
  • Patching


Aug 30, 2018
KubeVirt and Container Native Virtualization

Show: 46

Show Overview: Brian and Tyler talk with Steve Gordon (@xsgrodon, Principal Product Manager @RedHat) about the intersection of containers, Kubernetes and virtual machines with the KubeVirt project and Container Native Virtualization.

Show Notes:

Topic 1 - Welcome to the show. Tell us about some of the areas you’re focused on these days.

Topic 2 - Let’s talk about some of the basics of KubeVirt. How does it work? What problem is this trying to solve?

Topic 3 - What are some of the technical challenges that have to be overcome for Kubernetes to understand how to deal with virtual machines?

Topic 4 - Looking at the project today, what are some of the things that are possible, and what are some of the goals to add over the next 6 or 12 months?

Topic 5 - What has been the feedback you’ve heard from companies as you’ve introduced them to KubeVirt and CNV?


Aug 23, 2018
Container Registries

Show: 45

Show Overview: Brian and Tyler talk about the core capabilities of container registries, how they interact with Kubernetes and CI/CD pipelines, and some design and security considerations for architects.
Show Notes:

Topic 1 - Let’s start with the basics. What does a container registry do? Is it just a glorified FTP server?

  • Serves and stores container images 
  • Has a storage backend that should be replicated (somewhere) - usually Object or NFS 
  • May have the ability to scan images for vulnerabilities or digitally sign image

Topic 2 - What are the typical interactions that a container registry has with elements of Kubernetes (e.g. Deployments, Kubernetes masters) and elements around Kubernetes (e.g. CI/CD pipeline)?

Topic 3 - How do things like scanning and signing fit into container registries? Or should that function reside somewhere else?

Topic 4 - What sort of design considerations should architects consider for the container registry?

  • Where is it physically located? 
  • How to handle redundancy or replication? 
  • How to scope out performance? 
  • Multi-Tenancy or Groups?


Aug 15, 2018
Looking Forwards and Backwards at 3yrs of Kubernetes

Show: 44

Show Overview: Brian and Tyler talk about how Kubernetes has evolved over the last three years, from the community to the technology to new things coming down the road.

Show Notes:

Kubernetes 3rd Anniversary

Topic 1 - Let’s start with people and community. How have you seen the Kubernetes community evolve over the past 3 years? What’s working well, and where have there been struggles?
Topic 2 - Technology-wise, where would you place the highlights for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.
Topic 3 - Technology-wise, where would you place the challenges for Kubernetes? This could be the technology itself, or how it’s been adopted, or maybe just the overall architecture.
Topic 4 - There seems to be a new chorus of pushback on Kubernetes, around the complexity of managing complex environments (e.g. DR for Stateful apps) and the serverless fans. Do you see this as a problem, a distraction, or valid criticisms?
Topic 5 - What do you see making a lot of headlines vs. being the important things for end-users to focus on for the next year?


Aug 02, 2018
Istio, Knative and GoogleNEXT

Show: 43

Show Overview: Brian and Tyler talk about Kubernetes 3rd Anniversary, Istio, Knative, and the Kubernetes-related announcements from GoogleNEXT2018.

Show Notes:

Kubernetes 3rd Anniversary 

Google Cloud Services Platform (GCSP) - Hybrid and Multi-cloud application development stack, built on Kubernetes and Istio - custom-configured, enterprise-hardened, and delivered by Google.

GKE On-Prem - A core component of CSP, with GKE On-Prem, customers get the Google Kubernetes Engine (GKE) experience in their data center.  The first private cloud option for deployment is vSphere 6.5 in alpha release this fall and Google will continue to look at the hardware and other virtualization environments.  In a parallel statement, Cisco Hybrid Cloud for Google Cloud will be the first GKE-certified hybrid cloud platform, although any direct relationship to GKE On-prem is unclear.

Project Knative - (Knative on Github) it provides fundamental building blocks for serverless workloads in Kubernetes, empowering the creation of modern, container-based and cloud-native applications which can be deployed anywhere on Kubernetes. OpenShift + Knative (blog).

Istio 1.0 - Istio service mesh is now version 1.0, and available as a managed add-on to GKE, as well as being integrated into Google Stackdriver. PodCTL #23 - Microservices with Istio

Google Cloud Platform Marketplace (pre-announced) - Marketplace of packaged applications to run on GCP and Google Cloud services (e.g. Kubernetes) 

GKE Serverless Containers Add-On - Similar to AWS Fargate, Google announced an early-trial serverless infrastructure option to GKE , simplifying infrastructure operations management. 


Jul 27, 2018
Kubernetes 1.11 Released

Show: 41

Show Overview: Brian and Tyler talk about the new Kubernetes 1.11 release, the new features and capabilities.
Show Notes:

Topic 1 - Let’s review for anybody that’s a new listener how the Kubernetes community identifies the maturity level of features and how they should consider interpreting those classifications.

Topic 2 - Kubernetes release usually have a few new GA features, and then lots of Beta or Tech Preview features. What were the highlights of this release for you, or some of the core areas you suggest people focus on?

Topic 3 - Let’s walk through some of the most mentioned capabilities:


Jul 16, 2018
Dissecting Kubernetes Survey Data

Show: 41

Show Overview: Brian and Tyler talk about a number of data surveys that have recently been published about container usage, Kubernetes usage, and several other cloud trends.

Show Notes:

Topic 1 - Lots of differences between these surveys, both in methodology and results:

  • Does the data come from surveys or actual monitoring? 
  • How do they classify various technologies (by project, by vendor, by cloud service, by both)? 
  • Do they include usage-based details?

Topic 2 - Would you prefer to see more vendor-usage data in these reports, or is it OK to just have generic usage data? Right now it’s sort of a mixed bag

Topic 3 - It’s (usually) never clear who is running these container environments. We see some survey data targeting developers, but not all of them explain (or know) which groups are running the container environments vs. consuming services.

Topic 4 - It’s interesting that none of these surveys highlight the location of companies/customers/users, since we know that certain geographic pockets of the world have very different usage behaviors than others.


Jul 10, 2018
Scaling OpenShift Roadshows

Show: 40

Show Overview: Brian and Tyler talk with Erik Jacobs (@ErikonOpen, Principal Technical Marketing Manager, Red Hat OpenShift) about designing, deploying and teaching the OpenShift/Kubernetes roadshows for Developers and Operators.
Show Notes:

Topic 1 - Welcome to the show. Tell us a little bit about your background, as well as some of your focus areas at Red Hat.

Topic 2 - You work on lots of different things, but today we wanted to talk about the technical roadshows. They are hands-on environments, which cater to both Developers and Operators. Give us some of the background of how these get pulled together.

Topic 3 - Are there ways that people could replicate these environments, or the labs/trainings on their own?

Topic 4 - What types of things can you teach developers in a day?

Topic 5 - What types of things can you teach operators in a day?

Topic 6
- What other resources do you suggest people use outside of these events?


Jun 25, 2018
CI/CD and Kubernetes

Show: 39

Show Overview: Brian and Tyler talk about the latest news from the Kubernetes community, the difference between CI and CD, and various considerations for integrating CI/CD environments with Kubernetes.

Show Notes:

Topic 1 - One of our listeners asked if we would CI / CD in the content of Kubernetes, so we thought we’d go through some of the basics and some of the options. First of all, we always say ‘CI/CD’ but what is Continuous Integration, what is Continuous Delivery and what’s the difference?

Topic 2 - What do all these different tools do?

Topic 3 - Is there an approved Kubernetes CI/CD tool, or model? 


Jun 18, 2018
A Beginners Guide to Kubernetes

Show: 38

Show Overview:
Brian and Tyler talk some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes.
Show Notes:

Show Premise:
Kubernetes community now has 10 releases (2.5yrs) of software and experience. We just finished KubeCon and Red Hat Summit and we heard lots of companies talk about their deployments and journeys. But many of them took a while (12-18) months to get to where they are today. This feels like the “early adopters” and we’re beginning to get to the “crossing the chasm” part of the market. So thought we’d discuss some of the basics, lessons learned and other things people could use to “fast-track” what they need to be successful with Kubernetes.
Topic 1 - What are the core skills needed for a team that manages/runs/interacts with a Kubernetes environment?

  • Ops Skills 
  • Dev Skills 
  • Compliance Skills / Security Skills

Topic 2 - What has significantly changed in the Kubernetes world since 2015/16 to today that people should consider taking advantage of?

  • Persistence 
  • Immutability 
  • Operators 
  • Native tools vs. Config Mgmt tools 
  • Storage

Topic 3 - What do you consider “still hard” and should probably justify more early effort?

  • Security? 
  • Storage? 
  • Monitoring? 
  • Being overly precise about capacity planning?

Topic 4 - What patterns have you seen from successful deployments and customer behaviors?

Jun 04, 2018
How to Deploy Applications to Kubernetes

Show: 37

Show Overview: Brian and Tyler talk about the many ways to deploy an application onto a Kubernetes cluster, from the perspective of Devs and Ops.
Listener Question (Matthew):
"I was interested to know if you guys could talk a little more about the relationship between":

  • OpenShift templates 
  • Helm templates 
  • CoreOS Operators

Show Notes:

Topic 1
- Let’s start with the basics. Can you please briefly tell the audience how to deploy an application to Kubernetes?

Topic 2 - Let’s discuss that complexity in the context of this specific question, as I believe it’ll help us frame out the rest of the conversation.

Topic 3 - Why do we have so many different ways to deploy things to Kubernetes, and also from Kubernetes?

  • Developer Requirements 
  • Operations Requirements 
  • On-Platform Requirements 
  • Off-Platform Requirements

Topic 4 - Let’s talk about where the Developer experience should exist and why that’s likely not one specific place.


May 28, 2018
VMs for Infrastructure or Isolation?

Show: 36

Show Overview: Brian and Tyler talk about the role (pros & cons) of VMs in isolation and security, as well as the broader context of security for containerized applications.

Show Notes:

Topic 1 - Let’s start with the basics. Can you please tell the audience the one command to run to make all containers secure?

Topic 2 - This past week (or 2 weeks) has been a good reminder that there are certain patterns that repeat themselves in emerging technologies and open source:  hype (cool demo), binary claims of market dominance and destruction of previous technology (containers vs. VMs), buzzwords of simplicity which go against decades of experience, and then the realities of production environments.

Topic 3 - Let’s talk about where VMs provide value in a container environment, and realities of VMs that people should be aware of in production and in multi-cloud environments.

Topic 4 - Let’s talk briefly about a few of the recent announcements in this space (e.g. gVisor, CNV, etc.)


May 22, 2018
Kubernetes News & Events

Show: 35

Show Overview: Brian and Tyler review the Kubernetes news coming out of Cloud Foundry Summit, KubeCon and Red Hat Summit. Lots of things to talk about.
Cloud Foundry Summit

  • Attendance: 1500
  • Fragmentation of the Container Orchestrator within the Cloud Foundry community - SUSE, IBM and SAP endorse Kubernetes, Pivotal still supporting Diego

KubeCon / CloudNativeCon (all videos)

Red Hat Summit (all videos)


May 14, 2018
Unifying CoreOS and OpenShift

Show: 34

Show Overview: Brian and Tyler talk with Joe Fernandes (@joefern1, Sr. Director Product Management @OpenShift) and Reza Shafii (@rezaloo, Sr. Director Product Management @OpenShift, formerly @CoreOS) about the CoreOS acquisition and transition, how CoreOS technologies are being integrated into Red Hat platforms, new capabilities for OpenShift, updates on Operators, updates on Container Linux and updates on Quay.

Show Notes:

Topic 1 - Welcome to the show, both of you. Before we get to the announcements and roadmap, let’s do quick introductions and maybe tell us how things have been going since the acquisition of CoreOS was announced at the end of January.

Topic 2 - What have been the core focus areas since the acquisition, both near-term and longer-term? Both in terms of Platforms (OpenShift/Tectonic) and OS (RHEL/Atomic/Container Linux)

Topic 3 - What are the announcements coming out this week, related to the Kubernetes platform? What timelines are important for these announcements?

  • Operators as a community project (also see PodCTL #33)
  • Operators for OpenShift 
  • Operators for ISVs 
  • Full Stack Automation (New Installer, New Admin Console)

Topic 4 - What are the announcements coming this week, related to the Linux OS platform? What timelines are important for these announcements?

  • Red Hat CoreOS  
  • Red Hat Quay

Topic 5 - If you’re a customer (new or existing), or an ISV partner of Red Hat, what are you hoping will be the top few takeaways that they understand after hearing these announcements and seeing the demonstrations?


May 08, 2018
Operator Framework

Show: 33

Show Overview: Brian and Tyler talk with Brandon Philips (@brandonphilips, Founder/CTO at @CoreOS, Member of Technical Staff at @RedHat) about the announcement of the Operators Framework, how the Operator SDK and Lifecycle Manager will help companies, as well as his experience at CoreOS of developing etcd, Prometheus and Vault operators. We also discussed how the broader ISV ecosystem is beginning to embrace the concept of Operators.
Show Notes:

Topic 1 - Welcome to the show. Tell us about your role within the Kubernetes community, as well as your new role within Red Hat. 

Topic 2 - Back at the original KubeCon in Seattle, you introduced the concept of Operators, as “human operational knowledge in software, to reliably manage an application”. Give us the basics of your original thinking behind Operators.

Topic 3 - What is being announced today at KubeCon with the Operator Framework? 

Topic 4 - Let’s walk through the 3 core pieces of the Operator Framework

  • Operator SDK 
  • Operator Lifecycle Management 
  • Operator Metering 

Topic 5 - How will the broader community plan a role in Operator Framework?


May 01, 2018
Container Vulnerability Scanning

Show: 32

Show Overview:Tyler and Aaron Delp talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @TheCloudcastNet podcast.

Show Notes:

Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.

Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?

Topic 3 - Is it up to the CI/CD system or  host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?

Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?

Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? 


Apr 19, 2018
PodCTL Basics - Windows Containers & Kubernetes

Show Overview: Brian and Tyler discuss the basics of Microsoft Windows Containers and their integration into Kubernetes.
Show Notes:

Topic 1 - Containers on Windows

  • History of Containers & Windows
  • How Windows Containers differ from Linux Containers

Topic 2 - Running Windows Containers on Kubernetes

  • Requirements
  • Limitations
  • Development


Apr 02, 2018
Reviewing Kubernetes 1.10

Show: 31

Show Overview: Brian and Tyler talk about the Kubernetes v1.10 release, new features and how they can apply to a broad set of application, security and infrastructure use-cases.
Show Notes:

We discussed some of the new features (Stable, Beta and Alpha) from the Kubernetes 1.10 release. We don't cover every new feature, but we tried to hit the highlights.
Topic 1
- API aggregation is stable

Topic 2 - Container Storage Interface (CSI) - Standardized Storage Support

Topic 3 - A replacement for kube-dns

Topic 4 - GPUs and Expanded support for Performance-Sensitive Workloads

Topic 5 - Pod Security Policy

Topic 6 - Adding Identity to Containers (not just pods)


Mar 28, 2018
2018 Kubernetes Trends

Show: 30

Show Overview:Brian and Tyler talk about the biggest trends that will shape the Kubernetes community in 2018, with a focus on five critical areas of stability, innovation and experimentation.

Show Notes:

Topic 1 - Open Service Brokers - who is delivering them, who maintains them, how are they evolving, etc.
Topic 2 - Improved Ops Experiences - Operators, Fargate, Container Instances
Topic 3 - Virtualization + Containers - KubeVirt, Kata Containers, does Network Policy overlap SDN/Security
Topic 4 - Developer Experiences - big area of evolution (Istio, Draft, SpringCloud-Kubernetes, Helm v3, Source-to-Image like capabilities)
Topic 5 - Breadth of Supported Applications - Databases, Windows Containers, Serverless,


Mar 19, 2018
Kubernetes Networking

Show: 29

Show Overview: Brian and Tyler talk with Marc Curry (@redhatmarc, OpenShift Principal Product Manager, Container Infrastructure) about the basics of Kubernetes networking, CNI plugins, managing Network Policy, granular ingress and egress routing, and how CaaS/PaaS and IaaS are being integrated.

Show News:

Show Notes:

Topic 1 - Welcome to the show. Tell us about your background and some of the areas you focus on now?

Topic 2 - Let’s talk about the basics of Kubernetes networking. Walk us through the core elements from container addressing, pod/cluster networking, and things like ingress/egress routing (direct or through proxies).

Topic 3 - Kubernetes has a standard called “CNI” (Container Networking Interface). What does this do, and how does it interact with various SDN projects/products?

Topic 4 - A recent enhancement to Kubernetes was “Network Policy”. What does this provide, and where does it overlap with some commercial SDN capabilities?

Topic 5 - Let’s talk about inbound and outbound routing of traffic. What are some of the biggest issues that people need to take into consideration (proxies, traffic sources, protocols supported, etc.)?

Topic 6 - What are some of the things you’re working on to bridge the networking between CaaS/PaaS layers and IaaS layers?


Mar 12, 2018
Kubernetes Roles & Personas

Show: 28

Show Overview: Brian and Tyler talk about Joe Beda's "More Usable Kubernetes" presentation at KubeCon focused on Roles and Personas of Kubernetes environments. They look at how Cluster and Applications are separated, and how Operators and Developers distribute roles, as well as the intersection of those four areas.

Show Notes:

Topics - On today's show, we looked at the four quadrants outlined by Joe Beda in his talk "More Usable Kubernetes" at KubeCon 2017 Austin. He looked at each role and how well the Kubernetes community has addressed that functional area in both tooling and clear definition of the tasks required. We explored where areas are doing well (green) and where there are still areas that need improvement (yellow or red). 


Mar 05, 2018
The Serverless Landscape

Show: 27

Show Overview: Brian and Tyler talk about the new Serverless working group and whitepaper from CNCF, the 4 elements of serverless, the difference between serverless and FaaS, and the on-going role of Ops teams in a serverless world.
Show Notes:

Topic 1 - Let’s talk about the history of serverless within the CNCF, and maybe within the context of PaaS and Kubernetes.

Topic 2 - When talking about Serverless, there seem to be 4 areas to dissect:

  • The thing that executes the function (is this a container orchestrator)
  • The data sources that can be on either side of the function execution 
  • The developer experience (or lack of experience)
  • Billing/Usage/Metering

Topic 3 - What were your key takeaways from reading the CNCF Serverless whitepaper?

Topic 4 - What about Operations? Do those jobs go away? Are there Ops uses for serverless?


Feb 26, 2018
Kubernetes Myths & Misperceptions - Part II

Show: 26

Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, Kubernetes architecture, compatibility, and OSS stats.

Show Notes:

Myth/Misunderstanding 1 - Architecture - Kubernetes Multi-Tenancy
Myth/Misunderstanding 2 - Architecture - Kubernetes is only for Operators
Myth/Misunderstanding 3 - What does "GKE Compatible" mean?
Myth/Misunderstanding 4 - Enterprises should run Kubernetes as trunk version
Myth/Misunderstanding 5 - Are OSS stats important? How to interpret them?


Feb 19, 2018
Kubernetes Myths & Misperceptions - Part I

Show: 25
Show Overview: Brian and Tyler talk common myths and misperceptions about Kubernetes, container usage, and which applications are a good fit for container platforms.

Show Notes:

  • This is Part 1 of a 2-part series. Part 2 will focus on Kubernetes architecture, operations, Kubernetes compatibility and updates, open source communities.

Myth/Misunderstanding 1 - Kubernetes is a platform.
Myth/Misunderstanding 2 - Containers are only for microservices
Myth/Misunderstanding 3 - Microservices are always “micro” (small in size)
Myth/Misunderstanding 4 - Kubernetes is only for stateful app


Feb 12, 2018
The Blurred Line Between Containers and Applications

Show: 24

Show Overview: Brian and Tyler talk about the differences between a container and an application, and where the lines are blurred at the platform later. What should developers care about? Should Kubernetes be the only platform technology?

Show Notes:

News of the Week:

Topic 1 - What’s the most common “basic” question you get about containers? How often is it about either [a] what should developers care about?, or [b] what applications can go into a container?

Topic 2 - As we’ve seen from various survey data (both from CNCF and analyst firms), there is still some amount of “mixed orchestration” in usage. Have you seen specific applications that really require different orchestrators these days?

Topic 3 - Are the orchestrators similar enough that Ops teams can learn multiple? What else is required to operator multiple orchestrators?

Topic 4 - What is the line between a CaaS and a PaaS? Are those even the right distinctions anymore? What’s different for each for a developer?

Topic 5 - As we’re seeing more “serverless / FaaS” projects created for Kubernetes (OpenFaaS, Kubeless, Fission, OpenWhisk, Nuclio, Fn, etc.), where developers just deal with functions and event-sources, won’t this blur the line more? 


Feb 05, 2018
Microservices with Istio

Show: 23

Show Overview: Brian and Tyler talk with Christian Posta (@christianposta, Chief Architect, Cloud Application Development at Red Hat) about the evolution of SOA and Microservices, Envoy Proxy and Istio Service Mesh, emerging application patterns, and how Kubernetes and Istio are the future of microservices.

Show Notes:

Topic 1 - Welcome to the show. Give us a little bit of your background as a developer and history of working with various development frameworks/languages/concepts.

Topic 2 - Let’s start with some basics - as a development paradigm, why are we now seeing technologies like Istio and Envoy? The premise of service mesh “reliably connecting services across the network” sounds eerily similar to what we heard about ESB technology. Can you say some words about why this service mesh concept idea is different? Or is it?

Topic 3 - So we’re seeing a need to decouple the application code from the routing-level logic and control. Walk us through the types of things that Istio and Envoy are providing for applications? What are the performance implications of the service mesh? How is this related to API management? 

Topic 4 - Architecturally, where are you seeing some of the advantages of Istio / Envoy vs. either previous approaches, or some other service-mesh like projects in the market? (e.g. linkerd, Netflix OSS projects) 

Topic 5 - What are some specific problem examples that people run into that should make them think “maybe I need Istio”?

Topic 6 - Where is Istio in its maturity to run in production?


Jan 29, 2018
Highway to Helm

Show: 22

Show Overview: Brian talks with Taylor Thomas (@_oftaylor, Software Engineer at Nike, @HelmPack Maintainer) about the architecture of Helm, how developers interact with it to deploy applications, how Helm manages ALM, Helm Summit, and the future plans for Helm v3.

Show Notes:

Topic 1 - Welcome to the show. Let’s talk about your background prior to getting involved in the Helm community, as well as where you’re focused on with Helm these days.

Topic 2 - For someone that might only be familiar with docker containers (e.g. a DockerFile), give us the basics of what Helm does and the various pieces involved with using Helm (e.g. Helm, Helm Charts, Tiller, Kubernetes).

Topic 3 - Helm is like a blueprint of how you want your containers / application to run. Can you walk us through what else is built into Helm to give it the ability to do Application Lifecycle Management? (versioning, updates, rollback, deletion, etc.)

Topic 4 - Kubernetes can have a lot of different deployment models (stateful, stateless, jobs, batch, custom-resources, etc.). Does Helm have awareness of all of these models?

Topic 5 - What are some of the common tools and patterns you’re seeing around using Helm (CI/CD pipelines, multicloud deployments, etc.)?


Jan 22, 2018
Effective RBAC for Kubernetes

Show: 21

Show Overview: Brian and Tyler talk about how Role-Based Access Control (RBAC) is implemented for Kubernetes.

Show Notes:

Topic 1 - The concept of RBAC is best described as “Can ______ (noun) ______ (verb) on ______ (object) at ______ (location)?” where “noun” is a person/service, “verb” is an action, “object” is a function of the API, and “location” is proximity to a Kubernetes cluster.

Topic 2 - RBAC operates on the concept of Roles and RoleBindings, which map actors to actions, and those actors and actions are defined either globally or locally, and the actions are also defined globally or locally.

Topic 3 - RBAC can be manually defined, or enabled (by default) by an installer or distribution. It comes with a default set of Roles. Everything is done within the scope of a cluster.

Topic 4 - By default, the kube-scheduler, kube-controller-manager, and kube-proxy all have RBAC roles defined. Kubelets (node-level) don’t use RBAC by default, but have their own authorizer, which can then be combined with an RBAC authorizer.

Topic 5 - “Add-ons” (networking, monitoring, logging, etc.) can have RBAC defined in their manifests, or you can grant them access to their service account.

Topic 6 - “If the element needs to be something other than those default roles, or using default authorizer services, then CustomRoles can be created. Can use audit logs to track the needs of a specific add-on. Can use “audit2rbac” tool to views the logs and create custom RBAC roles. 

Topic 7 - “Aggregate Roles” are now available in Kubernetes 1.9.


Jan 15, 2018
Gathering Kubernetes Communities

Show: 20

Show Overview: Brian and Tyler talk with Diane Mueller (@pythondj, ‎Director, Community Development Red Hat, OpenShift Commons) about OpenShift Commons the Open Source community that’s grown up around OpenShift Origin and the OpenShift ecosystem.
 Show Notes:

Topic 1 - Welcome to the show. Tell us a little bit about your background, as you’ve been through many of the transitions in the application/developer platform market. 

Topic 2 - With the breadth of the Kubernetes community today, why does the OpenShift Commons community exist? Don’t they overlap, or are they different types of goals?

Topic 3 - We wanted to talk about the bridge between really wide open communities and customers aligning around common interests. Can you tell us how OpenShift Commons is helping to facilitate those connections? What are some of the “interests” that are growing?

Topic 4 - Almost every week you host at least one video webinar that highlight new technologies. Why do you spend all this time on non-Red Hat technologies and vendors? Have you had any recently that really jumped out at you? 

Topic 5 - Around each KubeCon and Red Hat Summit, you host an event called OpenShift Commons Gathering. Can you tell us what these events are, who typically attends, and how these have co-existed with the KubeCon events?


Jan 08, 2018
PodCTL Basics - Understanding Service Meshes

Show Overview: Brian and Tyler discuss the basics of Service Meshes, such as Istio, Envoy and Linkerd.

Show Notes:

Service Mesh is a layer that manages the communication between apps (or between parts of the same app, e.g. microservices)

Just as applications shouldn’t be writing their own TCP stack, they also shouldn’t be managing their own load balancing logic, or their own service discovery management, or their own retry and timeout logic. - link

Mesh: A group of hosts that coordinate to provide a consistent network topology. In this documentation, an “Envoy mesh” is a group of Envoy proxies that form a message passing substrate for a distributed system comprised of many different services and application platforms. - link

Topic 1
- What is a Service Mesh?

  • Service Discovery 
  • Routing 
  • Load-Balancing 
  • Fault Injection 
  • Circuit Breaking 
  • A/B Deployments 
  • Blue/Green Deployments 
  • Canary Deployments 
  • Traffic Limiting 
  • Tracing 
  • Security Services (e.g. Mutual TLS)

Topic 2 - Didn’t developers build Microservices before Service Meshes?

Topic 3 - How does a Container or Kubernetes interact with a Service Mesh?


Jan 04, 2018
2017 Kubernetes Year in Review

Show: 19

Show Overview: Brian and Tyler talk how the Kubernetes community and technology have evolved in 2017, and make a few predictions for 2018
Show Notes:

Topic 1 - GETTING STARTED: People said that getting started w/ Docker Swarm was easier than Kubernetes. Kubernetes community created tools like Minikube & Minishift to run locally on the laptop, automation playbooks in Ansible, Katacoda have made it simple to have online tutorials, multiple cloud offerings (GKE, AKS, EKS, OpenShift Dedicated) make it simple to get a working Kubernetes cluster.

Topic 2 - ENSURING PORTABILITY: Enterprise customers wants Hybrid Cloud environment. they need to understand how multiple cloud environments will impact this decision. The CNCF’s Kubernetes Conformance model is the only container-centric framework that can ensure customers that Kubernetes will be consistent between clouds.

Topic 3 - INFRASTRUCTURE BREADTH: Other container orchestrators had ways to integrate storage and networking, but only Kubernetes created standards (e.g. CNI, CSI) that have gained mainstream adoption to create dozens of vendors/cloud options.

Topic 4 - APPLICATION BREADTH: The community has evolved from supporting stateless apps to supporting stateful applications (and containerized storage), serverless applications, batch jobs, and custom resources definitions for vertical-specific application profiles. 

Topic 5 - SECURITY: There were concerns about K8S security. the community has responded with better encryption and management of secrets, and improved Kubernetes-specific container capabilities like CRI-O and OCI standardization.

Topic 6 - PERFORMANCE: Red Hat (and others) have started the Performance SIG to focus on high-performance applications (HPC, Oil & Gas, HFT, etc) and profiling the required performance characteristics of these applications in containerized environments.

Topic 7 - DEVELOPER EXPERIENCE: One of the themes of KubeCon was focusing on developer experience, and in just a few months we’re seeing standardization around the Helm format (for application packaging), Draft to streamline application development, Kubeapps to simplify getting started with apps from a self-service catalog. We also seen security model of non-root containers (vs. the Docker model of root-enabled containers).

Topic 8 - APPLICATION EXTENSIBILITY: Kubernetes community decided not to reinvent the wheel, instead working with the Cloud Foundry Foundation to create the Open Service Broker API. Within a year, we’re now seeing implementations that have not only ported all the functionality to Kubernetes, but have extended it beyond Cloud Foundry’s previous capabilities to include support for external clouds (e.g. AWS, Azure, GCP), as well as additional services such as Ansible playbooks and other 3rd-party capabilities.

Topic 9 - IMPROVING OPERATIONAL EXPERIENCE: As Clayton Coleman (Red Hat) discussed in his KubeCon keynote, companies like Red Hat are using their online environments to improve their operational experience and ultimate feed this knowledge back into the upstream products.


Dec 18, 2017
Microsoft in the Kubernetes Ecosystem

Show: 18

Show Overview: Brian and Tyler talk with Gabe Monroy (@gabrtv, Lead Product Manager Containers @ Azure, CNCF Board Member) about a wide variety of projects and services that Microsoft is working on in the Kubernetes and CNCF communities - from Windows containers to Container orchestration to making it simpler for application developers.

Show Notes:

Topic 1 - Welcome to the show. You joined Microsoft via the Deis acquisition. Let’s talk about some of the work you’ve been focused on since joining Microsoft.

Topic 2 - Microsoft Azure offers several options to use containers and container services (ACS, AKS, ACI). Can we dig into each of those services?

Topic 3 - Working on hybrid environments is becoming more important. Let’s dig into how Microsoft is expanding the capabilities of the Open Service Broker.

Topic 4 - Help us understand what the Helm project and Draft project enable for developers.

Topic 5 - One of the most frequent questions we get is around Windows-based containers. When will they be available, and what is Microsoft doing to make them easier to use? 


Dec 11, 2017
Kubernetes Everywhere, Now What...

Show: 17

Show Overview:
Brian and Tyler talk about the containers and Kubernetes news coming out of AWS re:Invent, as well as a look ahead to KubeCon in Austin.

Show Notes:

Topic 1 - AWS re:Invent happened last week. Any news about Kubernetes?

Topic 2 - The concept of “Bring Your Own Container” is evolving to “Bring A Workload that Runs in a Container” (Fargate, Microsoft ACI, etc.)

Topic 3 - What can we expect at KubeCon this week?  What new trends are you seeing emerge, or are you looking to see if they have momentum?

  • Evolution of User-Experience
  • Serverless standards?
  • Adjacent projects to Kubernetes (backups, CI/CD, etc.)


Dec 04, 2017
Day to Day Kubernetes Operations

Show: 17

Show Overview: Brian and Tyler talk about CNCF Kubernetes Conformance, OpenShift 3.7 GA, and some common questions about day-to-day operations with Kubernetes.

Show Notes:

Topic 1 - How do you deploy the underlying compute resources that are used as Nodes in a Kubernetes cluster?

Topic 2 - If a Kubernetes environment has to scale, how do you grow out the computing (or other) resources?

Topic 3 - When a new version of Kubernetes comes out, how do you manage to upgrade the environment?

Topic 4 - What are the common things that the Ops team is tracking, monitoring, measuring in a Kubernetes environment? 

Topic 5 - What are some things that have changed, from an operational perspective, because a Container/Kubernetes environment and previous technologies (e.g. VMs)?

Nov 20, 2017
Security: Identity Management, RBAC, Authentication and Authorization

Show: 15

Show Overview: Brian and Tyler continue their focus on Security with Marc Boorshtein (@mlbiam, CTO of @tremolosecurity), discussing Identity Management, Container and Kubernetes Authorization and Authentication, RBAC, and how IT teams evolve to manage security in more agile environments.
Show Notes:

Topic 1 - Let’s talk about User authentication in Kubernetes>

  • Certificate Authentication 
  • OpenID Connect 
  • Reverse Proxy

Topic 2 - Let’s dig into the various types of Authorizations

  • Overview of RBAC (Role-Based Access Control)
  •  Mapping of Roles to Users and Groups 
  • Organizational Challenges

Topic 3 - Given that various people (Devs & Ops) interact with dashboards, how do we manage that Authentication?

Topic 4 - How are organizations evolving to keep up with this more agile form of software development and the associated security challenges?


Nov 13, 2017
Security: Hosts, Registries, Content and Pipelines

Show: 14

Show Overview: Brian and Tyler talk address some of the many layers of security required in a container environment. This show will be part of a series on container and Kubernetes security. They look at security requirement in the Container Host, Container Content, Container Registry, and Software Build Processes.
 Show Notes and News:

Topic 1 - Let’s start at the bottom of the stack with the security needed on a container host.

  • Linux namespaces - isolation 
  • Linux capabilities and SECCOMP - restrict routes, ports, limiting process calls 
  • SELinux (or AppArmor) - mandatory access controls 
  • cGroups - resource management

Topic 2 - Next in the stack, or outside the stack, is the sources of container content.

  • Trusted sources (known registries vs. public registries (e.g. DockerHub) 
  • Scanning the content of containers 
  • Managing the versions, patches of container content

Topic 3 - Once we have the content (applications), we need a secure place to store and access it - container registries.

  • Making a registry highly-available 
  • Who manages and audits the registry? 
  • How to scan container within a container? 
  • How to cryptographically sign images? 
  • Identifying known registries 
  • Process for managing the content in a registry (tagging, versioning/naming, etc) 
  • Automated policies (patch management, getting new content, etc.) 

Topic 4 - Once we have secure content (building blocks) and a secure place to store the container images, we need to think about a secure supply chain of the software - the build process.

  • Does a platform require containers, or can it accept code? Can it manage secure builds? 
  • How to build automated triggers for builds? How to audit those triggers (webhooks, etc.)? 
  • How to validate / scan / test code at different stages of a pipeline? (static analysis, dynamic analysis, etc.) 
  • How to promote images to a platform? (automated, manual promotion, etc.)


Nov 06, 2017
An Introduction to CRI-O

Show: 12

Show Overview: Brian and Tyler talk with Dan Walsh (@rhatdan, Consulting Engineer at Red Hat, container team lead) and Mrunal Patel (@mrunalp, Principal Engineer at Red Hat, OCI/runc maintainer) about the evolution of containers with Kubernetes, the creation of CRI-O, and the focus on container security and stability. We also discussed emerging projects like Skopeo, Buildah, Intel Clear Containers and Grafeas.
Show Notes:

Topic 1 - Welcome to the show. Why don’t you both introduce yourselves and tell us what areas you focus on.

Topic 2 In past episodes, we’ve talked about the CRI-* concept in Kubernetes. We’ve also talked about the OCI standard for containers. So what is CRI-O?

Topic 3 What problems does CRI-O attempt to solve for the container ecosystem?

Topic 4 - How does CRI-O different from containerd and CRI-containerd?

Topic 5 - How can people get CRI-O today? What are some of the things people can expect with CRI-O beyond v1.0?


Oct 30, 2017
An Introduction to Prometheus Monitoring

Show: 11

Show Overview: Brian and Tyler talk Julius Volz (@juliusvolz, @PrometheusIO co-founder, promcon.io founder) about the challenges that Prometheus solves, how it does monitoring and interacts with other systems, how it works with Kubernetes, and common-use cases and patterns.
Show Notes


Topic 1
- You created Prometheus a couple years ago at SoundCloud. What were the core challenges you were trying to solve?

Topic 2 - For people new to Prometheus, what does it do (at a basic level) in terms of monitoring containers and applications?

  • What can it monitor?
  • What can it trigger other systems to do? 

Topic 3 - Prometheus is now part of CNCF. Is it a native Kubernetes service, or a sidecar application for containers, or a broad service that just runs on Kubernetes?

Topic 4 - What are the basic things that most people use Prometheus to monitor for?  What are a few complex use-cases?  (application types, application frameworks, usage-patterns, etc.)


Oct 23, 2017
Service Catalog All the Things

Show: 10

Show Overview: Brian and Tyler talk with Paul Morie (@cheddarmint, Principal Software Engineer @RedHat, Lead of Kubernetes Service Catalog SIG) about the evolution of the Open Service Broker API, integrating with external services, the role of Service Brokers, and use-cases to expand Kubernetes applications.

Show Notes

Topic 1 - Welcome to the show. Before you got involved in the Service Catalog SIG, you worked on several other aspects of Kubernetes (security, etc.). Tell us about some of the things you’re been involved with?

Topic 2 - Let’s go back to when the Open Service Broker API was announced. What was the purpose and how did it evolve to where it is now?

Topic 3 - What are the basics of how the Service Broker / Service Catalog interacts with applications on Kubernetes and 3rd-party services? 

  • Example: How do we think about user/password/security credentials to a database?
  • Example: Is the Service Broker in the data path as well as the control path? 
  • Example: Where would traffic auditing functions happen?

Topic 4 - We saw a demo of the Service Catalog/Broker at Red Hat summit during an announcement with AWS, where is showed AWS services as part of the catalog. Previously, we’ve seen the CF Service Broker interact with Google or Azure services. Is the relationship between the broker and cloud-services “cloud specific”, or will things be interchangeable at all?

Topic 5 - Beyond public cloud services, what other types of things might be interconnected or managed via the Service Broker?

Oct 17, 2017
Unclogging some Kubernetes Plumbing Issues

Show: 9

Show Overview: Brian and Tyler talk about Kubernetes Networking and Kubernetes Storage.

Show Notes:

Topic 1 - Let’s talk about the challenges of networking with containers and some of the ways that Kubernetes addresses these challenges.

  • There’s lots of different ways to network containers together. Kubernetes does some basic networking (by default), and then there are add-on options for more complex, secure scenarios.
  • The role of DNS in Kubernetes networking (services, etc.) 
  • Kubernetes network plugins (CNI: container network interface) 
  • Ingress and Egress Routes, Services, Load Balancing 
  • Network Policy (fine-grained traffic control)  

Topic 2 - Let’s talk about the challenges of storage with containers and some of the ways that Kubernetes addresses these challenges.

  • There’s definitely a misperception that containers should only be used for stateless applications. 
  • Containers are (primarily) Linux, and Linux has well known concepts about how to interact with persistent storage. 
  • Containers need a way to interact with persistent storage in a model where it can be dynamically allocated. 
  • Kubernetes storage plugin proposal (CSI: container storage interface)


Oct 09, 2017
Managing High Performance Workloads

Show: 8

Show Overview: Brian and Tyler talk with Jeremy Eder (@jeremyeder, Senior Principal Software Engineer at Red Hat) about the Kubernetes Resource Management Working Group, scaling Kubernetes environments, extending Kubernetes for high-performance workloads (HPC, HFT, Animation, GPUs, etc.), testing at scale and how companies can get involved.
Show Notes:

Topic 1 - Welcome to the show. You recently introduced the Resource Management Working Group within Kubernetes. Tell us a little bit about the group.

Topic 2
- The group’s prioritized list of features for increasing workload coverage on Kubernetes enumerated in the charter of the Resource Management Working group includes (below). Let’s talk about some of the types of use-cases you’re hearing that drive these priorities.

  • Support for performance sensitive workloads (exclusive cores, cpu pinning strategies, NUMA) 
  • Integrating new hardware devices (GPUs, FPGAs, Infiniband, etc.)  
  • Improving resource isolation (local storage, hugepages, caches, etc.)  
  • Improving Quality of Service (performance SLOs) 
  • Performance benchmarking 
  • APIs and extensions related to the features mentioned above 

Topic 3 - This is a broad list of areas to focus on. How do you determine what things should be kernel-level focus, Kubernetes-level focus, or application-level focus?
Topic 4 - How do you go about testing these areas? Are there lab environments available? How will you publish methodologies and results?
Topic 5 - As you talk to different companies, do you feel like they are holding back on deploying higher-performance applications on Kubernetes now, or they are looking for more optimizations?


Oct 02, 2017
Digging into Kubernetes 1.8

Show: 7

Show Overview: Brian and Tyler talk with Clayton Coleman (@smarterclayton, Lead Kubernetes Architect) and Derek Carr (@derekwaynecarr, Kubernetes Lead Engineer) about the Kubernetes development process, the role of SIGs, the process for deciding what gets included in a release, as well as an in-depth discussion about the extensibility of Kubernetes 1.8

Show Notes:

Topic 1 - Welcome to the show. Both of you are top contributors to Kubernetes, both also lead (or co-lead) some of the SIG/Working group. Can you give us a sense of your community involvement from a contributor and leader perspective?

Topic 2 - Derek, you're on the nomination list for the Kubernetes Steering Committee. Chris Aniszczyk mentioned it a couple weeks ago, but what does that group do that’s different than SIGs?

Topic 3 - When there are 100s of contributors and many different focus areas, what is the process for deciding what’s included or prioritized or dropped from a specific release?
Topic 4  - Kubernetes 1.8 has a mix of Alpha, Beta and Stable features. What do you see as the key focus areas in this release? (e.g. RBAC, CRI-O, etc.)
Topic 5 - How does Kubernetes look at the explosion of “tools” around core Kubernetes (deployers, application templates, application frameworks) and when to make those parts of the project or keep them separate?


Sep 25, 2017
What's included with Kubernetes?

Show: 6

Show Overview: Brian and Tyler talk about the technologies in “core” Kubernetes and the additional elements needed to evolve it into a more complete application platform.
Show Notes:

News of the Week:

Topics 1 - What's included in Kubernetes (by default)?
We’ve seen quite a bit of survey data recently that shows usage of Kubernetes is growing quite rapidly. If somebody says they are “using Kubernetes”, by default, what functionality do they have available to them?

Topic 2 -  What core “platform” elements aren’t included with Kubernetes?

  • Container Runtime (e.g. docker, rkt, oci)
  • Container Registry
  • Advanced Networking
  • Persistent Storage
  • Monitoring, Logging
  • Backup tools for Kubernetes or the applications running in Pods.

Topic 3 - What are some of the standard ways to plug in those pieces?

  • Container Runtime - CRI (Container Runtime Interface)
  • Registry - Many 3rd-party options
  • Networking - CNI (Container Network Interface) 
  • Storage - CSI (Container Storage Interface)
  • Logging / Monitoring - Sidecar Containers

Topic 4 - What does a company get with a "distribution" vs. "platform" vs. "public cloud service"?

  • Tectonic (example)
  • OpenShift (example)
  • Google Container Engine (example)

Question of the Week:

Q: What is "pure" Kubernetes?


Sep 18, 2017
PodCTL Basics - How to Containerize an Application

Show Overview: Brian and Tyler discuss the basics of how an application gets into a container, how to layer OS + applications + dependencies, how a container interacts with a container registry, and how container files different from Kubernetes manifests.
Show Notes:

Topic 1 - How does a Container know what application to run?

  • Metadata
  • Image Layers

Topic 2 - Can any Application run in a Container? Does it have to be modified?

  • User namespace vs. Root
  • Resource requirements

Topic 3 - How does a Container interact with a Container Registry?

Topic 4 - How does a Container tell Kubernetes about it’s Application needs (HA, Static IP, Storage, etc.)?

  • Pods and Manifests

Topic 5 - Can a Containerized Application interact with other applications? How?

  • Within a Cluster
  • DNS Services / Networking
  • Kubernetes Services
  • Service Discovery frameworks


Sep 13, 2017
Understanding the Cloud Native Ecosystem

Show: 5

Show Overview: Brian and Tyler talk with Chris Aniszczyk (@cra, CTO/COO of CNCF, Executive Director of OCI) about the Cloud-Native Ecosystem, if there is a CNCF "stack", the CNCF process for project acceptance, and the growth vs. hype of Kubernetes.
 Show Notes:

 News of the Week 

 Interview with Chris Aniszczyk
Topic 1 - Welcome to the show. What hats do you wear at both the CNCF and OCI?
Topic 2 - How do the CNCF projects and OCI projects work together? (example: why is rkt or containerd in the CNCF and not OCI?)
Topic 3 - What is the role of the CNCF? 

Is there a CNCF stack?

Can you talk about how projects get engaged with CNCF and the process of “official” vs. “incubation”, etc?

Will it ever make sense to have a “certification” program for CNCF-associated offerings, or does that create too much overhead?

Topic 4 - With so many projects being created, in different parts of the stack, where do you potentially see the next “official” projects coming from?
Topic 5 - Can you give us your perspective on some of the noise recently around Kubernetes?

Community Question of the Week:
 Q: My company runs mostly pre-packed Windows applications. Is there anything that we can do with Containers or Kubernetes to help them?


Sep 11, 2017
PodCTL Basics - Linux Containers

Show Overview: Brian and Tyler discuss the basics of Linux containers.

Show Notes:

 Segment 1 - What is a Linux Container?

Segment 2 - How do Linux hosts interact (and isolate) Linux Containers?

  • Host OS vs. Container OS
  • Container isolation 
  • Container security 101

Segment 3 - How does a container interact with Networking and Storage?

  • Pass-thru host details
  • CNI - Container Native Interface
  • Native container networking
  • Storage Volumes (static & dynamic)

Segment 4 - Can any Application run in a Linux Container? Does it have to be modified?

  • User namespace vs root
  • Resource requirements 


Sep 07, 2017
All the Tools in the Kubernetes Toolbox

Show: 4

Show Description:
Brian and Tyler discuss the broad range of tools that are available to deploy, operate and manage Kubernetes environments. There are lots of options...

Show Notes:

Segment 1 - [News of the Week]

  • VMware, Google and Pivotal announced a packaged version of the Kubo project, called Pivotal Container Service (PKS). 
  • CNCF continues to be the center of Enterprise IT with VMware, Pivotal joining

Segment 2 - Why do Open Source Projects often end up with so many installers?

Segment 3
- What are some of the common types of tools for kubernetes installations?

  • Install on your laptop (e.g. Minikube, Minishift, etc.)  
  • Public Services (OpenShift Online, GKE, Azure Container Service, etc)
  • Quickstart installer on a public cloud (e.g. Heptio, DO, kops, etc.)
  • Kubernetes-specific installers (kubeadm, kubicorn, kargo, etc.)  
  • Deployment scripts and variations on “runbooks” (e.g. Ansible, Chef, Puppet, etc.)

Segment 4 - What are some of the Day 2 tools that are used with Kubernetes?

  • Upgrade tools (e.g. 1-click, Operators, etc.) 
  • Monitoring & Management (e.g. Prometheus, Datadog, New Relic, Zabbix, SysDig, CoScale) - https://blog.openshift.com/monitoring-openshift-three-tools/ 
  • Logging  (e.g. EFK, Loggly, etc.) 
  • Application Frameworks - Save that for future shows!


Sep 04, 2017
Making Sense of Container Standards

Show: 3

Show Description: Brian and Tyler talk with Vincent Batts (@vbatts, Principle Software Engineer in the Office of Technology for Container Architecture at Red Hat) about the state of container standards - OCI, containerd, Moby, Linux vs. Windows containers, etc.

Show Notes:

 Segment 1 - News of the Week

Segment 2 - An Interview with Vincent Batts

  • Topic 1 - Welcome to the show Vincent. Tell us what types of things you work on in the container community.
  • Topic 2 - 2yrs ago, there was docker and rkt arguing about container standards, and the OCI emerged. Can you give us an update on where container standards are today? 
  • Topic 3 - What is this new concept called CRI-O, and how does it relate to Kubernetes? 
  • Topic 4 - Containers always used to be Linux-specific, but we’re starting to hear more noise around Windows containers. Is this Microsoft specific, or are standards groups working on this too?

Segment 3 - Question(s) of the Week


Aug 28, 2017
PodCTL Basics - What is Kubernetes?

Show: PodCTL Basics #1

Show Overview: The basics of Kubernetes.

Show Notes:

 Segment 1 - What is Kubernetes?

  • Technology that spawned from Google’s internal “Borg” system for running application in containers. 
  • Open source project donated to the CNCF in 2015. 
  • Open source community of 1500+ engineers working on various sub-projects that make up the Kubernetes system. 

 Segment 2 - How does Kubernetes work?

  • etcd 
  • Kubernetes API 
  • Kubernetes scheduler 
  • Kubelet on each worker machine
  • Controllers

 Segment 3 - What’s the relationship between Kubernetes and Containers?

  • Containers describe what application bits run on a machine 
  • Kubernetes is the framework that places containers on machines and ensures that the containers run in a well-defined manner (start/stop, highly available, load-balanced, etc.) 

 Segment 4 - Are there alternative technologies that work similar to Kubernetes?

  • Kubernetes is ultimately a framework that schedules containers 
  • Mesos Marathon 
  • Docker Swarm 
  • Nomad from Hashicorp 
  • Lots of homegrown, DIY systems, mostly based on scripting

 Segment 5 - How can a company get Kubernetes or use Kubernetes?

  • Use the Open source software from the Kubernetes community 
  • Use commercially available distributions of Kubernetes from multiple vendors 
  • Consume Kubernetes-as-a-Service from multiple cloud providers


Aug 21, 2017
Who has a Kubernetes problem?

Show Description: Brian and Tyler discuss some of the use-cases that businesses have for using Kubernetes. They review several public examples of Kubernetes uses, both in web scale and Enterprise environments.
Show Notes:

Segment 1 - Thank you for the great response to the initial show. Response has been very positive and we’ve already had like 8-10 people ask to be guests on the show. The challenge is to figure out what to do on show #2 or #3 since there is so much happening. So we’ve decided that for a while, we’re going to make sure that we cover all the fundamentals of containers and Kubernetes.

Segment 2
- News of the Week

  • GitHub announces details of how they use Kubernetes 
  • AWS does not announce a Kubernetes services at AWS Summit in NYC 
  • KubeCon CFP is due by August 21st

Segment 3 - How are companies using Kubernetes?

Segment 4 - How to Learn More

 Segment 5 - Question(s) of the Week


Aug 21, 2017
3.6 Ways to Love Kubernetes

Show: 1

Show Overview: Brian Gracely (@bgracely) and Tyler Britten (@vmtyler) introduce the PodCTL podcast, discuss the latest news in the Kubernetes community, highlight the OpenShift 3.6 launch, and answers some frequently asked questions about Linux containers.

Show Links:

Show Notes

  • Topic 1: An Introduction to the new podcast and our hosts.
  • Topic 2: News and Updates from the Kubernetes and CNCF Communities
  • Topic 3: What's new in OpenShift 3.6 with this week's launch?
  • Topic 4: How can people learn more about OpenShift, or get hands-on experience?- Self-Paced Online Learning: 

Learning Links:


Aug 11, 2017