* Security issue in Windows K8 nodes



* Rancher launches Rockoon, a Kubernetes controller for OpenStack.



* Yellowbrick takes a page out of 37signals cloud repatriation manual



* A podcast recommendation




CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API · Issue #129654Exploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query | AkamaiMirantis Rockoon and the Github repositoryGoogle SRE podcast



Security issue in Windows K8 nodes



This one is important, so let’s get it out of the way right away. There’s a security issue with Kubernetes versions that allows takeover of all Windows nodes in a cluster.



Mirantis launches Rockoon



You probably knew that a Rockoon is a rocket attached to a balloon, right?! Well, I didn’t. According to Wikipedia a rockoon “is a sounding rocket that, rather than being lit immediately while still on the ground, is first carried into the upper atmosphere by a gas-filled balloon, then separated from the balloon and ignited. This allows the rocket to achieve a higher altitude, as the rocket does not have to move under power through the lower and thicker layers of the atmosphere.”



Yellowbrick saves tons of money with Cloud repatriation



Here’s another company saving money by moving off the hyperscalers – Yellowbrick is a Postgres look-alike database in the cloud and was previously hosted on three cloud providers, costing around $6 million. How they were able to cut cost in half my moving to a K8-based on-premises solution is described in an informative blog post by their CEO.



A podcast recommendation



Here’s my recommendation for this episode and it’s somewhat tied with the previous topic – the Google SRE Prodcast. It is Google’s podcast about Site Reliability Engineering and production software. What I like most about it is that they bring the receipts.

Where have you been, Sascha?Portland startup kickoff 2025What is the state of Kubernetes in 2024 and how is 2025 going to look?A podcast recommendationNathan C Bowser’s Glow up podcast



Where have you been, Sascha?



Well, 2024 was the first year I’ve been sick to a degree I’ve never been before. It started right in January and by the time June rolled around, I had Legionnaires Disease, HMPV, RSV and COVID-19, spaced out by about two months each. It wasn’t fun, but finally I was back in shape in October to run Portland Marathon, but didn’t get to do that either due to a family emergency. But now everythings back to order!



Portland startup kickoff 2025



So in the spirit of kicking things off I went to the 2025 Portland startup community kickoff event, and I found a who is who of the startup scene in the Pacific Northwest and Portland. The full list of organizations can be found in the show notes and include the Oregon Entrepreneurs Network, North Bank Innovations, Built Oregon and Silicon Florist



What is the state of Kubernetes in 2024 and how is 2025 going to look?



Kubernetes turned 10 years old as a technology platform and has matured to a point where we don’t have to argue about the need for an orchestration platform anymore. The container orchestration wars are over, were over a while ago and there’s nothing on the horizon that I can see that will replace Kubernetes in the foreseeable future. 



A podcast recommendation



There are so many great podcasts out there and I listen to a lot of them, so why not call them out when there’s great stuff to listen to. This time, I want to recommend something not related to the industry, the No Such Podcast




* AI Portland (https://www.aipdx.info/) We are a gathering of enthusiasts, professionals, and the AI-curious from all walks of life, committed to fostering an inclusive environment where everyone is welcome to explore, learn, and innovate. Whether you’re taking your first steps into the world of AI or you’re a seasoned professional looking to push the boundaries of what’s possible, AI Portland offers a space to collaborate, share knowledge, and drive positive change. Join us in our journey to unlock the potential of AI and discover its impact on our lives, our communities, and the world.



* Better Portland (https://wearebetterportland.com/) Our network gets you a foot in the door and then some. We connect businesses, non-profits, and organizations into a like-spirited collective with events, content, and a business-meets-social networking kind of culture. Best of all, everyone’s influence and expertise is a shared commodity. Welcome to business done better.



* Built Oregon (https://builtoregon.com) looks to leverage Oregon’s deep legacy of product craftsmanship and innovation to create broad-based and equitable opportunities for entrepreneurs in consumer products. Ultimately, our vision is a thriving, world-leading consumer products ecosystem across Oregon – One in which we he...

Kubernetes 1.29 Mandala is outSWA – one year onCockroach on KubernetesA podcast recommendation



Kubernetes 1.29 Mandala is out



Hard to believe, but here we are, at the end of the year and we have a new K8 point release. This time, the thing is big. Lots of so-called KEPs, Kubernetes Enhancement Proposals.



SWA – one year on



I started this podcast one year ago and SWA at the time happened to have the largest meltdown of any airline on record. Subsequently, not only did they lose the business of passengers looking for more reliable airlines, they also had to pay a hefty settlement amount to the Dept. of Transportation.



Cockroach on K8



A great article by Charlie Custer was published on the Cockroach blog. I keep coming back to talk about Cockroach because it’s a great database and my own installation experience when I tried it out a few years ago was impressive



A podcast recommendation



There are so many great podcasts out there and I listen to a lot of them, so why not call them out when there’s great stuff to listen to. This time, I want to recommend something related to the industry, the The Stack Overflow Podcast

K8 1.28 is out – release name “Planternetes”Waleed Magdy’s Step-by-Step DevOps projectAWS shuts down EC2-ClassicAwesome Kubernetes ResourcesA podcast recommendationApropos of nothing – Netbox



K8 Planternetes 1.28 is out 



Back in in April, 2021, the Release Team merged a Kubernetes Enhancement Proposal (KEP) changing the Kubernetes release cycle from four releases a year (once a quarter) to three releases a year and that was basically both an admission that 4 releases a year was too fast for folks to keep up and also that COVID had an impact on people’s ability to contribute. So here we are with the third and last release of K8 for 2023!



Waleed Magdy’s Step-by-Step DevOps project



I don’t know about you, but when I read the following I’ll say out loud – “let’s go and do this!”.  



“Let’s embark on a journey that transforms theoretical understanding into practical mastery. It’s time to connect the dots, overcome the hurdles, and embrace the full potential of DevOps integration.”



AWS shuts down EC2-Classic



“Retiring services isn’t something we do at AWS.” – Werner Vogel, CTO of Amazon. I am finding it funny to be honest, it seems so much a dig towards Google, the prolific “let’s launch something and shut it down when people least expect it.” kind of a company.



Awesome Kubernetes Resources



Longhorn, EBS or Rook?



KConnect, KTunnel or Kubebox?



Argo, FLux or Flagger?



A podcast recommendation



Nobody Asked Us with Des & Kara. Once competitors and Olympic teammates, now friends and podcast partners, Des Linden and Kara Goucher share their hot takes about all things running with a little bit of life-stuff sprinkled in too. Come for the insights on running and stay for the inspiration from two legends in the sport. No filter needed.

* K8 misconfig exposes Fortune 500s’ data



* The Reluctant Sysadmin’s Guide to Securing a Linux Server



* John maddog Hall’s take on RHELs license changes



* A podcast recommendation




K8 misconfig exposes Fortune 500s’ data



Professionally, I work in the security space, and because of that, I’m always interested in hearing about security issues, risks, attacks, or anything really going on in that space. So right now my Infosec exchange feed is full of people traveling to Vegas, of course and a lot of activities directed towards finding and reporting on security issues. One of the most forward companies in the K8 security space is Aqua Security.



The Reluctant Sysadmin’s Guide to Securing a Linux Server 



Since we’re talking about security already, why not cover the basics in case you’re someone using a Linux server or workstation somewhere in your network. I am a huge fan of revisiting basics over and over again, just to make sure everyone is getting the same message, consistently and frequently. It deepens and freshens knowledge of any topic. Some call it wax on, wax off or sharpening the saw.I recently came across The Reluctant Sysadmin’s Guide to Securing a Linux Server and I think it has some great information and is very useful.



John maddog Hall’s take on RHELs license changes



Lots and lots has been written about Red Hat’s changes in releasing source code for RHEL and I talked about it in the last show or two. As with everything, people are calming down after a frenzy of discussion and disagreements and the waters are calming a little bit. The distros competing with RHEL have made their business decisions and are moving on with their lives. 



An assessment by John maddog Hall is worth noting in this discussion



https://blog.aquasec.com/kubernetes-exposed-one-yaml-away-from-disaster



https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/



https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF



https://pboyd.io/posts/securing-a-linux-vm/



https://www.lpi.org/blog/2023/07/30/ibm-red-hat-and-free-software-an-old-maddogs-view/



https://linuxunplugged.com/about

Linux forklore everywhereA K8 book club500 Portainer templatesA podcast recommendation



Linux forklore everywhereIn the last episode I talked about a change Red Hat is making, specifically not releasing RHEL sources like they used to. There are some nuances to that, so I would not have expected a careful take from Red Hat’s competitors, but what Oracle did was definitely surprisingly low.



A K8 book clubWhen I see or hear of a good idea, I make a note in my Apple Notes and drag it out when the time comes. So with this, I present the K8 bookclub, hosted at https://www.santana.dev/book-club. The Kubernetes Book Club is a community group that discusses books about Cloud Native



500 Portainer templatesGo have at it.



A podcast recommendationGive a listen to “For the long run” with Jonathan Levitt. He’s a runner, cyclist and podcast host from Boston, MA. This podcast is exploring the why behind what keeps runners running long, strong, and motivated. Jonathan is super-connected in the field and I have listened to some great conversations, which is one of the podcast formats that I wish I could do some of, so why don’t you come and be my guest on the show?

Red Hat to Docker - hold my beer.
Google accuses Microsoft of unfair practices in Azure cloud unit
Google’s State of Kubernetes Cost Optimization report
A podcast recommendation

Red Hat to Docker - hold my beer.
In episode 7 I talked a little bit about the mishaps in communication that Docker had when they announced a switch to the subscription model. Corporate communications are hard, especially in the open source world. So now Red Hat has been in the news recently due to some communication missteps, as I am going to call them.

Google accuses Microsoft of unfair practices in Azure cloud unit
It kind of always was obvious, but now Google made an official complaint. It goes something like this: “Hey, it’s kind of unfair that we need to pay a license fee to Microsoft for a VM running Windows on Google Cloud, but on Microsoft Azure, Microsoft does not need to pay itself a license fee. So my customer ends up paying more for Windows here than they do on Azure”. Duh.I guess. But also - isn’t giving away free things always the strategy MSFT deploys?

Google’s State of Kubernetes Cost Optimization report
Google published an interesting report on K8s cost optimization, aptly named” State of Kubernetes Cost Optimization”. It provides insights and best practices to the Kubernetes community about running cost-efficient clusters in the public cloud without compromising the performance or reliability of their workloads.

https://www.redhat.com/en/blog/red-hats-commitment-open-source-response-gitcentosorg-changes
https://www.redhat.com/en/blog/furthering-evolution-centos-stream
https://www.cnbc.com/2023/06/21/google-accuses-microsoft-of-anticompetitive-practices-in-azure-cloud.html
https://packetpushers.net/podcast/network-break-433-nvidia-melds-switches-dpus-for-ai-networking-fabric-ftc-says-amazon-ring-employee-spied-on-female-customers/

K8sGPT -- SRE superpowers through AI
KubeVirt - running VMs on Kubernetes
Microsoft releases its own Linux distribution for Azure
A podcast recommendation

https://docs.k8sgpt.ai/getting-started/getting-started/
https://anaisurl.com/k8sgpt-full-tutorial/
https://killercoda.com/matthisholleville/scenario/k8sgpt-cli
Fabian Deutsch, and Andrew Burden | KubeCon CloudNativeCon EU 2023
https://charlesarea.medium.com/how-to-integrate-legacy-vms-into-container-pipelines-on-kubernetes-with-kubevirt-555137fb3f4a
https://build.microsoft.com/en-US/sessions/e84dd80a-f3bb-4d3d-978e-ffd811e3bfe1?source=sessions
https://www.artofmanliness.com/character/knowledge-of-men/podcast-904-how-emerson-can-help-you-become-a-stoic-nonconformist/

Be cloud agnostic – this is the way, according to Gartner



When it comes to the Cloud, the magic quadrant has hits all over the box, well except for the “Challenger” box. I am just kidding here, if you are familiar with the Gartner magic quadrant you know what companies look for is on the top right corner of the box. You’re leading and you’re the best. Amazon, Microsoft and Google are in that top right corner. However, when it comes to Cloud, Gartner seems to say it’s best to pick one cloud and have another ace in the hole, just in case another pandemic hits or something like that.



Layoffs hit Red Hat as well



4% of the company, or about 800 people are being axed and they ask themselves – WHY? It’s a good question, given that in IBM’s recent Q1 2023 results, revenue for Red Hat grew 8 percent (11 percent in constant currency – whatever that is).



Google Cloud makes first profit



Making money in the cloud is very, very, very hard. I used to work for a company providing an Openstack-based hyper converged offering and I’ve done many models for prospects and took them through ROI calculations and capex models. Google is of course in a better position. Instead of paying a vendor for an off-the-shelf solution, they are developing their own solutions, based on open source. Now, after it was launched in April 2008, it finally eked out a profit. Here’s what Ruth Porrat, Alphabet’s CFO said on their earnings call:



A podcast recommendation



There are so many great podcasts out there and I listen to a lot of them, so why not call them out when there’s great stuff to listen to. This time, I want to recommend “Gadget Lab, Weekly tech news from WIRED”. Yes, you can still buy a printed edition of Wired, but you can also listen to the podcast. Not only is it sounding GREAT, the hosts WIRED editor in chief Gideon Lichfield and senior writer Lauren Goode are always bringing in nice guests and level headed commentary

Datadog bills a single customer $65M and we just need to know who
Every once in a while, earnings calls are interesting and when this popped up, I naturally was curious as well. So transport yourself to the Datadog earnings call Q1/23 when Mark Murphy, a JPMorgan Chase Analyst comes off mute and asks this question, answered by David M. Obstler, Chief Financial Officer:
Hetzner Cloud is hard to beat on price
Here’s a treat from the folks of Servicestack, a specialist in comprehensive .NET Frameworks for building API first systems, who got ticked off by an $8 price increase at DigitalOcean. It’s just the little things that annoy us, isn’t’ it?
Amazon Prime moving from Serverless backed by Lambda to monoliths running on VMs
This is a great lesson learned article from the Amazon team showing how they designed a system only to find out that it hit a hard performance limit at 5% of the expected load. Ouch!