Date: Thu, 15 Jul 2021 19:23:49 +0000
<p>Gatekeeper is an open source project which lets you enforce policy in a Kubernetes cluster. It’s also the basis for Policy Controller, a hosted and managed version now available for all GKE users. <a href="https://twitter.com/MaxSmythe">Max Smythe</a>, a senior SWE at Google, is a maintainer of Gatekeeper and the TL of Policy Controller. He joins us to talk constraints, config and Cruise.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://www.bbc.co.uk/sport/football/51198762">England loses Euro 2020 final</a></li> <li><a href="https://www.nationalgrideso.com/news/its-coming-ohm-national-grid-eso-expects-2gw-spike-during-euro-2020-final"> It’s Coming Ohm: prediction on power usage</a></li> <li><a href="https://twitter.com/JohnRentoul/status/1414874779082006531">Half time power spike</a></li> <li><a href="https://twitter.com/JohnRentoul/status/1414875037769814016">Top 20 spikes</a> <ul> <li><a href="https://en.wikipedia.org/wiki/The_Thorn_Birds_(miniseries)">The Thorn Birds</a></li> </ul> </li> <li><a href="https://medium.com/nycwater/the-big-flush-on-super-bowl-sunday-e0050699fa1b"> The Superbowl Flush</a> - <a href="https://www.snopes.com/fact-check/super-bowl-flushing-breaks-sewage-systems/"> debunked!</a></li> <li><a href="https://en.wikipedia.org/wiki/2020_Summer_Olympics_opening_ceremony"> Tokyo Olympic Games Opening Ceremonies</a></li> <li><a href="https://board-games-galore.fandom.com/wiki/Hedbanz">Hedbanz</a></li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/"> APIs being removed in Kubernetes 1.22</a></li> <li><a href="https://www.containiq.com/post/public-launch">ContainIQ launches</a></li> <li><a href="https://blog.crunchydata.com/blog/the-next-generation-of-kubernetes-native-postgres"> Postgres Operator 5.0</a></li> <li><a href="https://networkservicemesh.io/docs/releases/v1.0.0/">NetworkServiceMesh 1.0.0</a></li> <li><a href="https://cloud.google.com/blog/products/identity-security/google-cloud-certificate-authority-service-is-now-ga"> Google Cloud Certificate Authority Service GA</a> and <a href="https://www.jetstack.io/blog/google-cas-announced/">cert-manager integration</a></li> <li><a href="https://www.businesswire.com/news/home/20210714005318/en/Platform9-Unveils-First-Managed-KubeVirt-Solution-to-Unify-Virtual-Machines-and-Kubernetes-Stacks"> Platform9 Managed KubeVirt</a></li> <li><a href="https://www.rapid7.com/blog/post/2021/07/07/introducing-insightcloudsec/"> InsightCloudSec from Rapid7</a></li> <li><a href="https://www.sophos.com/en-us/press-office/press-releases/2021/07/sophos-acquires-capsule8.aspx"> Sophos acquires Capsul8</a></li> <li><a href="https://www.cncf.io/blog/2021/07/13/spring-term-lfx-program-largest-graduating-class-with-28-successful-cncf-interns/"> Spring 2021 graduating class from CNCF-sponsored LFX Mentorship program</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://en.wikipedia.org/wiki/Brian_May">Brian May</a></li> <li><a href="https://en.wikipedia.org/wiki/Edge_of_Tomorrow">Edge of Tomorrow</a> <ul> <li><a href="https://thespool.net/reviews/movies/the-redemption-of-edge-of-tomorrow/"> The redemption thereof</a></li> </ul> </li> <li><a href="https://research.google/pubs/pub27897/">Chubby</a></li> <li><a href="https://github.com/basho/riak">Riak</a></li> <li><a href="https://open-policy-agent.github.io/gatekeeper/website/docs/">Gatekeeper</a></li> <li><a href="https://cloud.google.com/anthos/config-management">Anthos Config Management</a> <ul> <li><a href="https://cloud.google.com/anthos-config-management/docs/config-sync-overview"> Config Sync</a></li> <li><a href="https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller"> Policy Controller</a></li> </ul> </li> <li><a href="https://kubernetespodcast.com/episode/101-open-policy-agent/">Episode 101, with Tim Hinrichs and Torin Sandall</a></li> <li><a href="https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/"> PodSecurityPolicy is not going GA</a> <ul> <li><a href="https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement"> SIG Auth’s replacement proposal</a></li> <li><a href="https://cloud.google.com/anthos-config-management/docs/how-to/using-constraints-to-enforce-pod-security"> Using ACM constraints to enforce Pod security</a></li> </ul> </li> <li><a href="https://github.com/open-policy-agent/frameworks/tree/master/constraint"> OPA Constraint framework</a></li> <li>Policy Controller: <ul> <li><a href="https://cloud.google.com/anthos-config-management/docs/how-to/creating-constraints"> Creating constraints</a></li> <li><a href="https://cloud.google.com/anthos-config-management/docs/how-to/write-a-constraint-template"> Writing a constraint template</a></li> </ul> </li> <li><a href="https://kubernetes.io/blog/2019/06/20/crd-structural-schema/">Structural schemas</a></li> <li><a href="https://kccncna20.sched.com/event/ekBY/design-patterns-for-extendable-scalable-k8s-extensions-max-smythe-google-rita-zhang-microsoft"> Design Patterns for Extendable, Scalable K8s Extensions</a> by Rita Zhang and Max Smythe</li> <li><a href="https://twitter.com/MaxSmythe">Max Smythe</a> on Twitter</li> </ul>
