Date: Tue, 28 Apr 2020 22:24:48 +0000
<p>Tim Hinrichs and Torin Sandall are the creators of Open Policy Agent (OPA), a project which allows policy to be integrated with popular cloud native software (including Kubernetes and Envoy) or anything you write yourself. <a href="https://kubernetespodcast.com/about">Adam and Craig</a> discuss OPA with Tim and Torin after the news of the week.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href="https://kubernetespodcast.com">kubernetespodcast.com</a></li> <li>mail: <a href="mailto:kubernetespodcast@google.com">kubernetespodcast@google.com</a></li> <li>twitter: <a href="https://twitter.com/kubernetespod">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="https://twitter.com/craigbox/status/1255146287847993352">The cupboard was bare</a></li> <li><a href="https://twitter.com/jbeda/status/1250549823364755456">Marmite is not a satisfactory substitute for baking yeast</a></li> <li><a href="https://shop.hbo.com/products/westeros-4d-puzzle-from-game-of-thrones"> 4D jigsaw puzzles</a> (or <a href="https://cdn.shopify.com/s/files/1/0006/6060/2935/products/got4dgame02_1024x1024@2x.jpg?v=1534342572"> a picture</a>, if not for sale in your location)</li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href="https://cloud.google.com/blog/topics/anthos/anthos-for-aws-is-now-ga"> Anthos for AWS is now Generally Available</a> <ul> <li><a href="https://techcrunch.com/2020/04/22/google-clouds-fully-managed-anthos-is-now-generally-available-for-aws/"> TechCrunch coverage</a></li> </ul> </li> <li><a href="https://www.eurosys2020.org/">Eurosys ‘20</a>: <ul> <li><a href="https://dl.acm.org/doi/abs/10.1145/3342195.3387524">Autopilot paper</a></li> <li><a href="https://dl.acm.org/doi/abs/10.1145/3342195.3387517">Borg: The Next Generation paper</a></li> <li><a href="https://github.com/google/cluster-data">Cluster traces</a></li> </ul> </li> <li><a href="https://www.cloudfoundry.org/blog/cloud-foundry-becomes-more-kubernetes-native-with-cf-for-k8s/"> Cloud Foundry becomes more Kubernetes-native with cf-for-k8s</a></li> <li><a href="https://paketo.io/">Paketo Buildpacks</a> <ul> <li><a href="https://www.cloudfoundry.org/blog/everything-you-need-to-know-about-paketo-buildpacks/"> Everything you need to know about them</a></li> <li><a href="https://www.cloudfoundry.org/blog/how-paketo-buildpacks-fit-into-the-cloud-native-landscape/"> How they fit into the Cloud Native landscape</a></li> </ul> </li> <li><a href="https://groups.google.com/forum/#!topic/kubernetes-dev/IVpiIOZ4WcM/discussion"> Changes to Kubernetes release cycles for 2020</a></li> <li><a href="https://www.aquasec.com/news/dynamic-threat-container-analysis/">Aqua Security announces Dynamic Threat Analysis</a></li> <li><a href="https://www.redhat.com/en/about/press-releases/red-hat-delivers-force-multiplier-enterprise-it-enhanced-intelligent-monitoring-unveils-latest-version-red-hat-enterprise-linux-8"> RHEL 8.2 adds new container tools</a></li> <li><a href="https://www.redhat.com/en/blog/red-hat-announces-product-life-cycle-changes?sc_cid=7013a000002CrnhAAC"> Red Hat product life cycle changes</a></li> <li><a href="https://blogs.vmware.com/vsphere/2020/04/announcing-support-for-flatcar-linux-on-vsphere.html"> Flatcar Linux now supported on VSphere</a> <ul> <li><a href="https://kubernetespodcast.com/episode/079-cloud-native-rejekts/">Episode 79 with Chris Kühl</a></li> </ul> </li> <li><a href="https://blog.alcide.io/introducing-skan-security-hardening-and-best-practices-for-k8s-configuration-files"> sKan from Alcide</a></li> <li><a href="https://github.com/cyberark/kubeletctl">kubeletctl</a> from CyberArk</li> <li><a href="https://github.com/learnk8s/xlskubectl">xls-kubectl</a> by Daniele Polencic of Learnk8s</li> <li><a href="https://github.com/microsoft/reverse-proxy">Microsoft’s new reverse proxy</a> <ul> <li><a href="https://www.youtube.com/watch?v=UoSVlSy8Ci0">YARP</a></li> </ul> </li> <li><a href="https://misha.brukman.net/blog/2020/04/running-decade-old-games-in-containers/"> Running decades-old games in containers</a> by Misha Brukman</li> <li><a href="https://medium.com/pytorch/torchserve-and-torchelastic-for-kubernetes-new-pytorch-libraries-for-serving-and-training-models-2efd12e09adc"> TorchServe and TorchElastic for Kubernetes</a> by Facebook and AWS <ul> <li><a href="https://github.com/pytorch/elastic/tree/master/kubernetes">Controller code</a></li> </ul> </li> <li><a href="https://cloud.netapp.com/project-astra">Project Astra from NetApp</a> <ul> <li><a href="https://www.youtube.com/watch?v=IQGvO8wgluM">Launch video</a></li> </ul> </li> <li><a href="https://blog.styra.com/blog/how-guardrails-can-both-secure-and-accelerate-kubernetes-deployments"> Styra adds mutating webhooks to Declarative Authorization Service</a></li> <li><a href="https://pingcap.com/blog/simulating-clock-skew-in-k8s-without-affecting-other-containers-on-node/"> Simulating clock skew</a> by PingCAP</li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="https://www.openpolicyagent.org/">Open Policy Agent</a></li> <li><a href="https://www.styra.com/">Styra</a></li> <li><a href="https://kubernetespodcast.com/episode/042-policy-and-config-management/"> Episode 42 with John Murray</a></li> <li><a href="https://en.wikipedia.org/wiki/Plate_smashing">Plate smashing</a></li> <li><a href="https://en.wikipedia.org/wiki/XACML">OASIS XACML</a> <ul> <li><a href="https://www.openpolicyagent.org/docs/latest/comparison-to-other-systems/#xacml"> OPA is… “easier”</a></li> </ul> </li> <li><a href="https://blog.styra.com/blog/origin-of-open-policy-agent-rego">The origin of Open Policy Agent and Rego</a></li> <li><a href="https://github.com/open-policy-agent">Founded in 2015</a>: <a href="https://github.com/open-policy-agent/opa/commit/7eb56674c51d286afa134861ba282bf7a13668c6"> first commit</a></li> <li><a href="https://www.cncf.io/blog/2018/03/29/cncf-to-host-open-policy-agent-opa/"> Donated to the CNCF Sandbox in 2018</a> and <a href="https://www.cncf.io/blog/2019/04/02/toc-votes-to-move-opa-into-cncf-incubator/"> moved to incubation in 2019</a></li> <li><a href="https://www.openpolicyagent.org/docs/latest/policy-language/">Rego</a> configuration language</li> <li><a href="https://www.openpolicyagent.org/docs/latest/integration/#integrating-with-the-go-api"> Running as a Go API</a></li> <li><a href="https://www.openpolicyagent.org/docs/latest/management/#bundles">Bundles</a></li> <li><a href="https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/"> Admission controllers in Kubernetes</a></li> <li>Existing Kubernetes policies <ul> <li><a href="https://kubernetes.io/docs/concepts/services-networking/network-policies/"> NetworkPolicy</a></li> <li><a href="https://kubernetes.io/docs/concepts/policy/limit-range/">LimitRange</a></li> </ul> </li> <li><a href="https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/"> OPA Gatekeeper: Policy and Governance for Kubernetes</a></li> <li><a href="https://www.openpolicyagent.org/docs/latest/wasm/">OPA and WebAssembly</a></li> <li><a href="https://blog.openpolicyagent.org/securing-the-kubernetes-api-with-open-policy-agent-ce93af0552c3#3bac"> Hooli examples</a></li> <li><a href="https://twitter.com/tlhinrichs">Tim Hinrichs</a> and <a href="https://twitter.com/sometorin">Torin Sandall</a> on Twitter</li> </ul>