Date: Tue, 26 Feb 2019 21:31:00 +0000
<p>Kubernetes has a number of mechanisms to enforce policy: some built-in, like quota and NetworkPolicy; some extensions or add-ons like OPA. John Murray, a product manager at Google Cloud, joins <a href="https://kubernetespodcast.com/about">Craig and Adam</a> to talk about policy and configuration, and introduce the new CSP Config Management tool launched to Beta along with the new Cloud Services Platform.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://www.sdxcentral.com/articles/news/google-csp-beta-bolsters-on-prem-fight-against-microsoft-aws/2019/02/"> Adam is in the news!</a></li> <li><a href="https://www.alderac.com/cat-lady/">Cat Lady</a></li> <li><a href="https://kubernetespodcast.com/episode/027-evolution-of-the-kubernetes-community/"> Craig’s Oscar prediction</a> and <a href="https://variety.com/2019/film/news/rami-malek-falls-off-oscars-stage-1203148663/"> Rami Malek’s incident</a></li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://cloud.google.com/blog/products/gcp/cloud-services-platform-bringing-hybrid-cloud-to-you"> Google brings Cloud Services Platform to Beta</a> <ul> <li><a href="http://services.google.com/fh/files/blogs/csp_white_paper.pdf">Application Modernization and the Decoupling of Infrastructure Services and Teams</a> by Eric Brewer and Jennifer Lin</li> </ul> </li> <li><a href="https://blog.openshift.com/openshift-4-a-noops-platform/">Developer preview of OpenShift v4</a></li> <li><a href="https://medium.com/knative/announcing-knative-v0-4-release-ec3a230823a6"> Knative v0.4</a></li> <li><a href="https://azure.microsoft.com/en-gb/blog/update-to-azure-devops-projects-support-for-azure-kubernetes-service/"> Update to Azure DevOps Projects support for Azure Kubernetes Service</a></li> <li><a href="https://cloud.google.com/blog/products/networking/the-service-mesh-era-securing-your-environment-with-istio"> The service mesh era: Securing your environment with Istio</a> by Samrat Ray of Google Cloud</li> <li><a href="http://shop.oreilly.com/product/0636920175131.do">Cloud Native DevOps with Kubernetes</a> by John Arundel and Justin Domingus <ul> <li><a href="https://www.nginx.com/resources/library/cloud-native-devops-with-kubernetes/#download"> Get it free* from NGINX</a></li> </ul> </li> <li><a href="https://www.reddit.com/r/kubernetes/comments/atjvbz/new_services_at_reddit_launch_to_production_on/"> All new Reddit services run on Kubernetes</a></li> <li><a href="https://www.twistlock.com/labs-blog/breaking-docker-via-runc-explaining-cve-2019-5736/"> Breaking Docker via runC</a> by Yuval Avrahami of Twistlock</li> <li><a href="https://koudingspawn.de/secure-kubernetes-with-vault/">Secure Kubernetes with Vault</a> by Bjorn Wenzel</li> <li><a href="https://blog.algolia.com/challenging-migration-heroku-google-kubernetes-engine/"> Migrating from Heroku to GKE</a></li> <li><a href="https://enterprisersproject.com/article/2019/2/kubernetes-job-interview-questions-how-prepare"> How to prepare for a Kubernetes interview</a></li> <li><a href="https://lwn.net/SubscriberLink/780364/51230bfb2f59ce05/">Adding “containers” to Linux</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://kubernetes.io/docs/concepts/policy/resource-quotas/">ResourceQuota</a>, <a href="https://kubernetes.io/docs/concepts/policy/pod-security-policy/">PodSecurityPolicy</a> and <a href="https://kubernetes.io/docs/concepts/services-networking/network-policies/"> NetworkPolicy</a></li> <li><a href="https://www.openpolicyagent.org/">Open Policy Agent</a> <ul> <li><a href="https://www.openpolicyagent.org/docs/kubernetes-admission-control.html"> Kubernetes integration</a></li> </ul> </li> <li><a href="https://cloud.google.com/csp-config-management/">CSP Config Management</a> <ul> <li><a href="https://cloud.google.com/blog/products/containers-kubernetes/take-control-of-your-kubernetes-clusters-with-csp-config-management"> Take control of your clusters with CSP Config Management</a> (blog post)</li> </ul> </li> <li><a href="https://twitter.com/jrmurray000">John Murray on Twitter</a></li> </ul>