Date: Tue, 17 Sep 2019 23:07:12 +0000
<p>containerd was born from community desire for a core, standalone runtime to act as a piece of plumbing that applications like Kubernetes could use. It sits between command line tools like Docker, which it was spun out from, and lower-level runtimes like runC or gVisor, which execute the container’s code. This week’s guest is <a href="https://twitter.com/DerekMcGowan">Derek McGowan</a>, a Software Engineer at Docker and a containerd maintainer-d.</p> <p>Along with the news of the week, <a href="https://kubernetespodcast.com/about">Adam and Craig</a> discuss the many Vancouvers.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://en.wikipedia.org/wiki/Vancouver,_Washington">Vancouver</a>, <a href="https://en.wikipedia.org/wiki/Vancouver">Vancouver</a>, and <a href="https://en.wikipedia.org/wiki/George_Vancouver">George Vancouver</a></li> <li><a href="https://en.wikipedia.org/wiki/South_Bend,_Washington">South Bend</a>, <a href="https://en.wikipedia.org/wiki/North_Bend,_Oregon">North Bend</a>, and <a href="https://en.wikipedia.org/wiki/Bend,_Oregon">Bend</a></li> <li><a href="https://en.wikipedia.org/wiki/Cosmopolis,_Washington">Cosmpolis</a></li> <li><a href="https://thesecret.gallery/shows/50-year-sensation-the-dave-mcmacken-retrospective/"> “50 Year Sensation: the Dave McMacken Retrospective”</a> (album art show in Astoria, Oregon)</li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://developer.ibm.com/blogs/istio-13-release/">Istio 1.3 is out</a></li> <li><a href="https://cloud.google.com/blog/topics/hybrid-cloud/anthos-simplifies-application-modernization-with-managed-service-mesh-and-serverless-for-your-hybrid-cloud"> Google’s Anthos now incudes Anthos Service Mesh, Cloud Run for Anthos and more</a></li> <li><a href="https://cloudblogs.microsoft.com/opensource/2019/09/10/cloud-native-application-bundle-cnab-1-0-updates/"> Cloud Native Application Bundles hit 1.0</a> <ul> <li><a href="https://kubernetespodcast.com/episode/061-cnab/">Episode 61 with Ralph Squillace and Jeremy Rickard</a></li> </ul> </li> <li><a href="https://www.cncf.io/blog/2019/09/13/nominations-are-open-for-the-annual-cncf-community-awards/"> Nominations for the annual CNCF Community Awards</a></li> <li><a href="https://www.cncf.io/blog/2019/09/12/how-bloomberg-achieves-close-to-90-95-hardware-utilization-with-kubernetes/"> Bloomberg hits 90% utilization with Kubernetes</a></li> <li><a href="https://medium.com/@gajus/mistake-that-cost-thousands-kubernetes-gke-2212ea663e1f"> Mistakes that “cost” thousands</a> by Gajus Kuizinas</li> <li><a href="https://www.cncf.io/blog/2019/09/11/kubernetes-iot-edge-wg-identifying-security-issues-at-the-edge/"> Kubernetes Edge working group publishes whitepaper</a></li> <li><a href="https://medium.com/cruise/isopod-5ad7c565d350">Isopod, by Cruise</a></li> <li><a href="https://www.pulumi.com/blog/pulumi-1-0/">Pulumi 1.0</a></li> <li><a href="https://www.stackrox.com/post/2019/09/5-kubernetes-rbac-mistakes-you-must-avoid/"> 5 RBAC mistakes you must avoid</a> (number 4 will shock you)</li> <li><a href="https://blog.openshift.com/openshift-4-2-disconnected-install/">OpenShift 4.2 disconnected install</a></li> <li><a href="https://www.redhat.com/en/blog/red-hat-quay-31-now-even-better-across-distributed-environments"> Red Hat Quay 3.1</a></li> <li><a href="https://github.com/Azure/AKS/releases/tag/2019-09-09">Microsoft AKS brings Scale Sets and Standard LB to GA</a> <ul> <li><a href="https://github.com/Azure/AKS/issues/1204">Upstream kernel bugs</a></li> </ul> </li> <li>Amazom EKS adds <a href="https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-supports-cluster-tagging/"> cluster tagging</a> and <a href="https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-to-assign-iam-permissions-to-kubernetes-service-accounts/"> IAM roles for service accounts</a></li> <li><a href="https://www.learnaws.org/2019/09/14/deep-dive-aws-fargate/">Deep dive into AWS Fargate</a> by Abhisheck Ray from Amazon</li> <li><a href="https://konghq.com/blog/introducing-kuma-universal-service-mesh/">Kong introduces Kuma, “universal service mesh”</a></li> <li><a href="https://cloud.google.com/blog/products/data-analytics/modernize-apache-spark-with-cloud-dataproc-on-kubernetes"> Google introduces Cloud Dataproc for Kubernetes</a></li> <li><a href="https://github.com/GoogleCloudPlatform/flink-on-k8s-operator">Apache Flink operator from Google Cloud</a></li> <li><a href="https://www.antitree.com/2019/09/container-runtime-security-bypasses-on-falco/"> Container runtime security bypasses on Falco</a> by Mark “Antitree” Manning</li> <li><a href="https://www.fiercetelecom.com/telecom/rafay-systems-lands-8m-funding-launches-saas-automation-framework"> Rafay Systems lands $8m in Series A funding</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://containerd.io/">containerd</a></li> <li><a href="https://blog.docker.com/2016/12/introducing-containerd/">Original announcement</a></li> <li><a href="https://www.ianlewis.org/en/container-runtimes-part-1-introduction-container-r"> The many meanings of ‘container runtime’</a></li> <li><a href="https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/"> kubelet</a> and <a href="https://kubernetes.io/blog/2016/12/container-runtime-interface-cri-in-kubernetes/"> Container Runtime Interfaces</a></li> <li><a href="https://github.com/opencontainers/runc">runC</a>, <a href="https://gvisor.dev/">gVisor</a>, <a href="https://katacontainers.io/">Kata Containers</a>, and the Windows <a href="https://techcommunity.microsoft.com/t5/Containers/Introducing-the-Host-Compute-Service-HCS/ba-p/382332"> Host Compute Service</a> (HCS)</li> <li><a href="https://github.com/projectatomic/containerd/blob/master/docs/cli.md"> ctr</a> debug tool</li> <li><a href="https://www.cncf.io/announcement/2019/02/28/cncf-announces-containerd-graduation/"> containerd’s graduation from the CNCF</a></li> <li><a href="https://github.com/containerd/containerd/pull/2434">containerd shim API</a> <ul> <li><a href="https://github.com/google/gvisor-containerd-shim">gVisor shim</a></li> <li><a href="https://github.com/firecracker-microvm/firecracker-containerd">Firecracker containerd integration</a></li> <li><a href="https://github.com/kata-containers/shim">Kata Containers shim</a></li> <li><a href="https://github.com/microsoft/hcsshim">Windows Container shim</a></li> </ul> </li> <li><a href="http://coreos.com/blog/rocket/">rkt announced in 2014</a> with <a href="https://github.com/appc/spec">appC spec</a></li> <li><a href="https://www.opencontainers.org/">Open Container Initiative</a> <ul> <li><a href="https://github.com/opencontainers/runc/tree/master/libcontainer">libcontainer</a>, which became runC</li> </ul> </li> <li><a href="https://github.com/WebAssembly/design">Web Assembly (WASM)</a></li> <li><a href="https://github.com/moby/buildkit">BuildKit</a></li> <li><a href="https://github.com/containerd/containerd/releases/tag/v1.3.0-rc.1"> 1.3.0 releases are coming</a></li> <li>Contribution opportunities: <ul> <li><a href="https://github.com/containerd/containerd/issues">Reporting issues</a></li> <li><a href="https://github.com/containerd/containerd/blob/master/PLUGINS.md">Plugin ecosystem</a></li> </ul> </li> <li><a href="https://twitter.com/DerekMcGowan">Derek McGowan</a> and <a href="https://twitter.com/containerd">containerd</a> on Twitter</li> </ul>
