#126 October 20, 2020

Research, Steering and Honking, with Bob Killen

Hosts: Craig Box, Adam Glick

Bob Killen is co-chair of Kubernetes’ SIG Contributor Experience and was last week elected to the project’s Steering Committee. He worked in academia for 15 years, latterly working on research projects using Kubernetes, with a focus on computer security. He’s now made the leap to working on Cloud Native full time at Google. Bob joins us to explain why Kubernetes twitter is occasionally full of cartoon geese.

Do you have something cool to share? Some questions? Let us know:

Chatter of the week

News of the week

CRAIG BOX: Hi, and welcome to the Kubernetes Podcast from Google. I'm Craig Box.

ADAM GLICK: And I'm Adam Glick.


CRAIG BOX: Two weeks ago, I brought you the news that I'd voted in the New Zealand election. It happened this weekend, and I got to enjoy watching the coverage live on television. I'd say that the most interesting thing about it to me was when you normally live in the country that you're voting in, the election closes seven or eight o'clock at night. And then you have to either stay up late or watch delayed coverage the next day. But it was fun and interesting just being able to have a nice leisurely breakfast and learn what was happening in my home country.

ADAM GLICK: That's great to hear. I know a lot of people are voting in various locations where I'm at. It's currently voting season as well. And I turned in my ballot this week. We vote by mail, and so we put that in. And it's always just kind of an exciting time to look through and read the voter packet and all the different interesting candidates that are in there, and just express that small bit of civic duty that we all get to do. And so for any of you who are looking at upcoming elections, please take the time to vote.

CRAIG BOX: I hear that you even have a special box to put your ballot into!

ADAM GLICK: Yes, they're ballot boxes. It was quite full, but there's one nearby our house, and we went to put our ballots in. We were surprised that the box, you literally could open it up and just see it just piled with ballots. The voting this time is very popular.

CRAIG BOX: It seems so. The number of advance votes in the New Zealand election was substantially higher than we've ever had in the past. But the interesting thing as an international voter is that my vote has not yet been counted, and I can tell it's not actually going to influence the outcome of the election. There are a small number of seats where it is actually likely. There is a candidate that was ahead by something like 400 votes, so international votes and special votes may actually influence it.

But for me, it's just a case of, did I pick the winner? Did I vote for the person who ended up winning? And luckily enough, I'm normally on the right side of history with this kind of thing. And the people who I've voted for did actually win. But it's weird because I don't know that I actually contributed to it.

ADAM GLICK: I want to say a big thank you to everyone who has already filled out our audience survey. For those who haven't yet, we're going to keep it open and running until November 10. When you have a second, please go to kubernetespodcast.com/survey and share your experience and opinions with us. It will help us get to know you all a little bit better and help us make a better podcast for the community as a whole.

CRAIG BOX: Until then, let's get to the news.


CRAIG BOX: VMware's Tanzu Kubernetes Grid 1.2 was released this week. The new version brings Kubernetes 1.19, Azure support, availability zone support for AWS, and custom node images. Additionally, backup and restore functionality is now available as well as the use of the Carvel open source tools for templating and deployment. Networking has also changed the default to VMware's Project Antrea, and plugins for Harbor, Prometheus, and Grafana are now provided.

ADAM GLICK: Red Hat has announced that they will be integrating Ansible, the configuration management deployment and automation tool they acquired in 2015, into OpenShift. Users of their Advanced Cluster Management tool will be able to insert Ansible automation directly into the lifecycle of apps and clusters. The integration is being released as a tech preview. Red Hat has also shown a proof of concept of Knative Ansible integration.

CRAIG BOX: Priyanka Sharma, general manager of the CNCF and our guest on episode 107, has announced some changes for the upcoming virtual KubeCon US based on attendee feedback from the Europe event. You'll be able to build your schedule in sched.com instead of the rather less popular system built into the event software. To help with screen time fatigue, the event timeline has been shortened and will run from 1:00 to 6:30 PM Eastern each day with two 30-minute breaks. There will be an expanded focus on early stage learning with a larger 101 track to help grow the community. And perhaps most importantly to the regular conferencegoer, swag will be available to all paid attendees, rather than only as a random prize for booth crawling, though you will have the opportunity to decline it and make a donation to charity instead.

ADAM GLICK: The CNCF has released their Cloud Native Survey results for China. The survey was run last year and provides a nice snapshot into the progress that Kubernetes and cloud-native technologies have made in the country. Highlights include a strong increase in container use in production, moving from 20% in 2018 to 49% in 2019. Kubernetes use has also increased from 40% to 72%.

Service mesh use is on the rise, with the largest share going to Istio, with 45% of the usage. Ceph was the most common storage technology used. And serverless grew in popularity, with Alibaba Cloud Function Compute being the most popular service, and Kubeless being the most popular project for people to run themselves.

On-prem is still the most likely place for people to run Kubernetes, but the new hybrid option in the survey is a close second, with cloud only responses actually falling from the previous year. As for learning, documentation is the number one way that people learn about cloud native technologies, with technical podcasts in second place, ahead of KubeCon events. Thanks to all of you listeners in China.

CRAIG BOX: Back in episode 60, Canonical and Ubuntu founder Mark Shuttleworth told us that the number one ask for MicroK8s was clustering or high availability. They announced that feature in preview in July and have now delivered on the promise in the IoT and edge-focused MicroK8s distribution. The edge features turn on automatically once there are at least three nodes in the cluster. The part of etcd is played by DQLite, Canonical's distributed version of SQLite, with added Raft consensus.

ADAM GLICK: In episode 102, Helm creator Matt Butcher told us about the hackathon where Helm was born. That hackathon was five years ago this week, so happy birthday to the Helm team.

CRAIG BOX: One of the features of Cloud Code, Google's VS Code and JetBrains IDE plugins, is validation or linting of YAML files representing Kubernetes objects. The team has this week expanded beyond base Kubernetes, with support for over 400 common CIDs for projects like cert-manager, Gatekeeper, and Kubeflow. You can also point to your own CIDs installed in your cluster to add them to the list of objects that you can create in the editor.

ADAM GLICK: Finally, the holidays have come early, or at least on time, for Azure Kubernetes service. They've extended the support for 1.16, which was due to expire in November, until the end of January. Don't dally too much though, as you have to remember to move away from Pod Security Policies, which are being deprecated on the 1st of February.

CRAIG BOX: And that's the news.


ADAM GLICK: Bob Killen is a Program Manager at the Google Open Source Programs Office, with a focus on cloud native computing. He comes from an academic background, spending 15 years at the University of Michigan with a latter focus on computational research. He serves as a co-chair of the Contributor Experience Special Interest Group and was last week elected to the Kubernetes Steering Committee. Welcome to the show, Bob.

BOB KILLEN: Thank you, thank you for having me.

CRAIG BOX: 15 years is a long time to work at a job. Was that the school that you went to?

BOB KILLEN: No, it was not. I was actually a college dropout. I was in a transfer program to go to the University of Michigan. There was a little mistake in the program itself, and my credits wouldn't transfer over. I'd have to go to the school another year. I was already working at an internship at the University of Michigan. They liked what I was doing and asked me to come full-time. I just kind of stuck around.

ADAM GLICK: Peter Thiel must be very happy with you right now. How did you get started in technology?

BOB KILLEN: I was always passionate about computers. Through high school, I was involved with our local 2600 chapter for a bit. I was very interested in computer security. The transfer program that I was going into at the University of Michigan was for computer engineering. I loved all the low-level stuff.

Later on, at the University, my focus was computer security, and that led to my handle, Mr. Bobby Tables. My handle references a famous XKCD. Script. Computer security was my focus at the time. My name is Bob, and it seemed to mesh with Little Bobby Tables.

CRAIG BOX: How did Kubernetes end up with two people called Bobby Tables?

BOB KILLEN: The other Bobby Tables is not an upstream contributor. He's loosely involved the ecosystem. But he gets tagged so many times on issues and PRs instead of me or like on Twitter. So it's not, oh, I think you meant the other Bobby Tables. We'll reassign things, do that for each other. We met at KubeCon in North America last year. Everyone was just us because we're like a massive singularity, the two Bobby Tables meeting for the first time in person.

ADAM GLICK: You mentioned that you were a member of the local chapter of 2600. How would you describe it to someone who'd never heard of 2600 or read the magazine?

BOB KILLEN: We just like to geek out about all sorts of random stuff, like phones. This is back when the red boxes and all the little stuff that connected to phones were still a thing.

CRAIG BOX: We should clarify, by phones here, you're not talking about smart phones.


ADAM GLICK: Did you ever build a red box?


ADAM GLICK: [CHUCKLES] I will not ask you if you ever used it. I believe there's some stories about Steve Jobs and him getting his start as a little bit of an entrepreneur with those as well. So how did you move from-- that's mostly kind of a hardware world of things-- into more of a software-focused world that you're working in now and/or working in at the University?

BOB KILLEN: Originally, I was a bit more of a programmer at the University of Michigan. There was a security incident that came up. I dived hard into that, sort of jumped on the computer security front, also sort of hearkening back to my 2600 days, being the little chaotic one that I was.

CRAIG BOX: Did you cause this incident, or did you fix it?

BOB KILLEN: I fixed it. That rekindled my interest in security for a bit, and I held that position within the pathology department at the University of Michigan for a while. From there, I piqued my interest with virtual machines, VMware, and being able to do all sorts of fun stuff in virtual machines. I could essentially crash a virtual machine without causing any problems to my system.

CRAIG BOX: 15 years ago, you could pretty much crash a virtual machine just by looking at it.

BOB KILLEN: Yeah, but--

CRAIG BOX: Not to downplay the achievement or anything.

BOB KILLEN: No, it was a fun sandbox to play around. From there, we were migrating all our services to virtual machines at that time. We consolidated down two data centers into one in the hospital. Back in 2011, we had gotten really onboard with the whole idea of cloud computing but had to be on-prem, and we were looking at VMware's vCloud Director. We first installed that in the hospital on-prem.

From there, we had jumped in the whole micro-segmentation, being able to separate workloads onto their own little thing, which later naturally lent itself to containers. Circa 2013, 2014, myself and a friend of mine, Jeff Sica, a co-worker, we were looking into containers. This was Lexi at the time. Then we sort of jumped on Kubernetes and Mesos and all those other fun things. We had actually written our own container schedule in the hospital for a bit.

We wound up deploying the 0.3 release of Kubernetes. If you go back, you can see issues we created back then. Kubernetes was by far nowhere near stable enough at the time, doing any sort of production workload at that point in time. So we wound up switching to Mesos, doing all sorts of fun stuff there for a bit and then came back to Kubernetes later.

CRAIG BOX: So you're working at a university which has a huge medical research department. What kind of problems are they trying to solve with computers?

BOB KILLEN: At that point in time, we were running clinical workloads in containers. We were building web apps and interfaces to mostly interact and manipulate data with some of our laboratory information system, the thing that houses all the records and all the other fun stuff.

CRAIG BOX: Are we doing any pharmaceutical research or anything like that?

BOB KILLEN: That time it was more clinical workloads. It wasn't research workloads. I dived hard into the research workloads, myself and Jeff did, when we went over to the later part of our careers in the hospital, like 2015. And then he and I both went over to Advanced Research Computing and Technology Services, ARC-TS, where we dived much more into research in 2016.

ADAM GLICK: What kind of computing was going on in the new group that you transferred to?

BOB KILLEN: The new group that we transferred to was completely focused on research. ARC's mission was to essentially handle the computational research needs for the entire University of Michigan. We're a team of roughly 30 people. And if you needed to do batch computing, we had a classic HPC system.

A lot of grants started coming with cloud credits. We got pretty familiar with every cloud provider. That was always fun. We also had other needs for working with restricted data that had to be worked on-prem. So we had a on-prem virtualization system for running and managing those workloads.

ADAM GLICK: When I think about HPC, I think about SLURM and giant on-prem clusters for the most part, people running it. Their code is different than what I normally think of as Kubernetes. I'm starting to hear people talk about Kubernetes in that aspect, but it's not what I normally think of. But you mentioned running Kubernetes. Were they actually leading on using Kubernetes in HPC, or were these things that ran in parallel for the researchers that you were supporting?

BOB KILLEN: The vast majority of these ran in parallel to HPC. We spun up a slew of services in support of the HPC workloads. Towards the later half of my time at the University of Michigan, we were looking much more heavily into actual batch computing on top of Kubernetes. But there are some issues with the scheduler itself, and it doesn't have the actual native support for the classic HPC-style jobs, where they are co-scheduled or gang-scheduled and having to be coordinated all at the same time, along with other things like queues for jobs, back-fill, fair share, the other sort of things you'd find classically in a HPC system.

CRAIG BOX: You mentioned somewhat offhandedly you built your own container scheduler back in the early days. Were you able to contribute anything to solve some of those HPC problems in Kubernetes or merge some systems together to make that possible?

BOB KILLEN: Not really. Both myself and Jeff had worked with kube-batch a bit and had also done a little bit of work with Volcano, which is now the real up-and-comer for research workloads on top of Kubernetes.

CRAIG BOX: It's obvious why you're using Kubernetes in your research group. What got you involved in the community around it?

BOB KILLEN: A few years ago, a friend of mine, Mario Loria, had started up a local meetup called Orchestructure that was just focused on containers and cloud computing and things like that. Myself, Jeff Sica, and Jorge Castro, we all wound up going to it on the first day, and we all started nerding out together immediately. We all clicked and meshed. Jorge was like, hey, I run this program called Office Hours. You all seem to know Kubernetes-- and asked if we wanted to come on and help answer questions live on air. I did, and I got hooked.

CRAIG BOX: We spoke to Jorge in episode 74, and I believe that you're both coaches of SIG Contributor Experience. How did you go from answering questions to that responsibility?

BOB KILLEN: From there, I started getting much more involved in the community. Put all the blame on Jorge because he was just like, Bob, you know this, you can do this, and just would assign stuff to me. Sure, I'll start working on it. I started diving down that, then I started meeting more people and getting more involved-- I met Paris Pittman, who was the chair of SIG Contributor Experience and is now a Kubernetes Steering member. And I was hooked. I just dived in hard.

CRAIG BOX: Was this something that you were supported to work on full time at UMich, or was this something you were doing nights and weekends?

BOB KILLEN: It's a complicated relationship with work. I could go to meetings and do stuff during daylight hours, as long as I met my deliverables.

CRAIG BOX: That sounds fair.

BOB KILLEN: But I'm just working on stuff in the evenings for my day job and vice versa.

ADAM GLICK: You dove in and you got involved in Contributor Experience, as opposed to-- you've done a bunch of work working with HPC clusters, you've done a bunch of development, you set up your own orchestrator. Why that particular part of the community? Did you decide that that was the place that you wanted to be a part of and dive into? What pulled you in there?

BOB KILLEN: It didn't necessarily take a lot of time. One of the things that really kept me in academia was, I love learning, and I love helping people. I get a lot of those same feels from working in Contributor Experience.

ADAM GLICK: What made you decide to leave that sort of work that you were doing at the University for quite a long time and move directly to the tech companies?

BOB KILLEN: Honestly, I hit probably the farthest of where I could working at the University of Michigan in academia. I loved working on Kubernetes, loved working on open source. It was beneficial to my day job because we were using Kubernetes, and I got to represent the academic needs in the community. It still wasn't my primary focus. That was what I really, really loved. When the job opportunity came up, I jumped on it.

ADAM GLICK: You've been a part of SIG Contributor Experience for a while, and recently, you've decided to take on another role within the community. So congratulations on your election to the Steering Committee. What made you decide to take the jump to Steering Committee?

BOB KILLEN: A few reasons that are all intertwined. I've worn many different hats over the years. I was a downstream consumer of Kubernetes. I was a hobbyist contributor.

I eventually became a sub-product owner and then a chair. Now I work at a cloud provider. I've seen and experienced many different parts of the project, and I wanted to bring some of those experiences and thoughts to Steering.

The other thing is, Steering itself is very closely tied to Contributor Experience. They have a working relationship. Both are very concerned with the overall health of the project, and Steering itself doesn't necessarily do a lot of the things that Steering decides. A lot of those are delegated out to the SIGs.

Much of the work when it comes to the various transparency aspects are delegated to SIG Contributor Experience. These are the things like managing the mailing list, the recordings to YouTube, and all the other various little interactions there. Those tend to be delegated to SIG Contributor Experience.

CRAIG BOX: So basically, you've won the right to tell yourself what to do.

BOB KILLEN: Sort of.

CRAIG BOX: Useful autonomy. For someone who's just using Kubernetes as a user, what would you describe the Steering Committee as, and why is it important to them that the project has one?

BOB KILLEN: The Steering Committee is a vendor-neutral elected body that oversees the broad governance of the Kubernetes project. That sounds like it comes with a lot of power. But the broad goal of Steering is to actually delegate as much as the responsibility down to the SIGs, the people that are very close to the work and most familiar with the particular area of the project that they oversee.

Steering does get involved in a few things, like reviewing charters for the SIGs, which they specify what they're responsible for and what they are not responsible for. They also define the various transparency requirements, such as recording their meetings, making everything open, having a mailing list, doing the reports. They also formally represent the project to the CNCF as a whole.

The other big focus lately is, some of the efforts have been on the long-term sustainability of the project. This really comes in sort of the committee group annual reports. They aren't supposed to be a audit, like checking on SIGs, like, hey, you're not meeting XYZ-- instead are more of like a health check. How are you doing? How can we help? How can we steer resources there?

CRAIG BOX: An apt shipping metaphor.

ADAM GLICK: Now that you're on the Steering Committee, what kind of things do you want to do with your position there? What kind of directions do you want to help steer things?

BOB KILLEN: Being both on the Steering Committee and a chair of SIG Contributor Experience, I'm very well positioned to help the SIGs and other community groups that need it. If something comes up in one of the annual reports or if a SIG has an issue, I can get involved through several of the initiatives and programs that we have in Contributor Experience to help them, help get more contributors to that area, just in general, minimize risk to the project as a whole and make sure we continue to be a healthy project.

CRAIG BOX: What kind of things are on the Steering Committee's backlog?

BOB KILLEN: For most people, it's probably going to be quite boring. It's going over the annual reviews with the SIGs. We have an outstanding issue right now with a travel support program for contributors when COVID is finally over. They're sort of just a slew of small little administrative things that really make up a good chunk of it.

CRAIG BOX: Will we see you on stage in a hypothetical COVID-free world?

BOB KILLEN: I have no idea on that one.

ADAM GLICK: I know some of the things that you've done with the community in the past. You've had a little bit of fun with the "Untitled Goose Game," carrying that on. What's the deal with the goose?

BOB KILLEN: This is going to be a little bit of a story.

CRAIG BOX: We love stories.

BOB KILLEN: Back in late 2019, when "Untitled Goose Game" was really becoming a thing, the Kubernetes community latched onto the goose and latched onto the game quite a bit. We added a command to our CI, /honk, which would just respond to an issue with a random goose GIF. And we have a couple other ones, /woof, /meow, /pony, that all respond with random GIFs and fun things.

Jeff Sica, a friend of mine, we decided to do something random and fun for the Kubernetes community at the Contributor Summit, and we did a interactive live game where we created a entire world we called Honk CI. You could go to the website, and you had to solve these puzzles and do recon-like style things. And if you solved them and came to us, we would give people random prizes, stickers, plushies, patches that were all goose-themed.

While this was going on, Ian Coldwater was also doing a keynote also about "Untitled Goose Game" and how it relates to the grand security goose style fun stuff. We all nerded out over the goose and ran with it. After KubeCon ended, we created another fun little thing that was a Kubernetes-themed CTF that people could interact with through Twitter. So you could DM the Honk CI Twitter bot, and it would run commands in a Kubernetes cluster.

CRAIG BOX: Is that still running?

BOB KILLEN: No, thankfully not. At that time, it was running off Jeff's laptop. Duffie was able to get something that could have wiped the disk, but he held off on doing it. We would then kick this up again later in Slack because we exhausted our Twitter API limit. We let people do a few other things.

We then turned it into like a competition and created puzzles. And we ran a couple of these competitions, where people could then join the Slack and execute commands against like Kubernetes cluster to try and exploit it, and pivot, and find something. If they were able to successfully navigate the CTF, we'd give them prizes.

CRAIG BOX: Now, your friend Jeff has a talk at the upcoming virtual KubeCon about "having cloud-native fun with HonkCTL", and there's also a SIG Honk AMA panel. Don't you think it might have gone a little bit too far?

BOB KILLEN: I will admit I was pushing it. They were submitted without knowledge of each other. I was on the review committee. I didn't select the talks this time.

CRAIG BOX: Is SIG Honk the new SIG Beard?

BOB KILLEN: Probably, I would say SIG Honk is--

CRAIG BOX: As a bearded man, how do you feel about that?

BOB KILLEN: It's a little more accessible.

CRAIG BOX: We spoke to Aaron Crickenberger in episode 46, and he said that SIG Beard wasn't about having a beard, but that the beard was just a state of mind.


ADAM GLICK: True enough.

BOB KILLEN: The beard truly is a state of mind.

ADAM GLICK: For those that are familiar with the capture the flag exercises, you're basically trying to set up a system and break into it and figure it out. It seems like you've set up something very similar to that with Honk CI. And if anyone's curious about it, I'd totally encourage them, go check out the website, which still is up, even though you can't execute the commands. And you can look through the Twitter history, and you can find what people tweeted to it. It's a really interesting take on what security testing looks like in the open because you can see all the commands that people issued to it before you guys hit your API limit and moved it off into Slack. But I assume the Slack channel, we could go look through it there as well, correct?

BOB KILLEN: It's a free Slack, so the logs do eventually go away.

ADAM GLICK: OK, so they have aged out?

BOB KILLEN: All of the stuff is in there in the repo to replicate the entire exercise. So you can do it yourself, without having to necessarily go through Slack or Twitter to access it.

ADAM GLICK: Will you eventually open source it?

BOB KILLEN: It is open source. It's up there in the repo.

CRAIG BOX: You can find a link on the show notes.


CRAIG BOX: Well, if you do get a chance to honk at Bob at one of the upcoming events, please do so. And thank you very much for joining us today.

BOB KILLEN: Thank you.

CRAIG BOX: You can find Bob on Twitter, GitHub, or almost any other service you can think of as "mrbobbytables", and on the web at mrbobbytabl.es.


CRAIG BOX: Thanks for listening. As always, if you've enjoyed the show, please help us spread the word and tell a friend. If you have any feedback for us, go fill in that listener survey or find us on Twitter @KubernetesPod. You can also send email to us at kubernetespodcast@google.com.

ADAM GLICK: You can also check out our website at kubernetespodcast.com, where you'll find transcripts and show notes as well as links to subscribe and that survey Craig mentioned. Until next time, take care.

CRAIG BOX: See you next week.