This summer, CNCF turns 10! (Here’s the original announcement of this organisation formation back in 2015.)
You can celebrate this anniversary by evaluating your contribution stats and seeing your first contribution in the CNCF-related GitHub repositories. Use CNCF ContribCard for that by typing your GitHub user here.
Following Daniel Krook, Senior Director of Developer Experience at CNCF, the community shares their contributor cards on social media (LinkedIn, Bluesky, etc.) using the
#news
You can celebrate this anniversary by evaluating your contribution stats and seeing your first contribution in the CNCF-related GitHub repositories. Use CNCF ContribCard for that by typing your GitHub user here.
Following Daniel Krook, Senior Director of Developer Experience at CNCF, the community shares their contributor cards on social media (LinkedIn, Bluesky, etc.) using the
#cTENcf hashtag now — feel free to join!#news
❤3
Delighted to present another digest of the prominent software updates in the Cloud Native ecosystem!
1. Freelens, a community-driven fork of Lens, an IDE for Kubernetes, was updated to v1.5.0. It now displays ephemeral containers in Pods views and menus, metrics from metrics-server if there’s no Prometheus, more details for Services, and better renders boolean values.
2. k8gb, a Kubernetes global balancer (a CNCF Sandbox project), reached v0.15.0, introducing multi-zone DNS support, reverse proxy support, VPA (Vertical Pod Autoscaling) integration, and an official SLSA generator.
3. mariadb-operator 25.08.1 was released with numerous new features. They include a new
4. Kyverno, a Kubernetes-native policy engine (a CNCF Incubating project), announced its 1.15 with several new capabilities. New policy types are
5. kube-vip, a Kubernetes virtual IP and load balancer for control plane and K8s Services, has made it to v1.0. This significant milestone for the project came with a few new features, such as internal egress functionality and Zebra/Quagga integration.
6. Cilium, a networking, observability, and security solution (a CNCF Graduated project), released 1.18.0 with lots of new features. Some of them include support for new virtual network device configurations (VXLAN in IPsec and IPIP tunnels), multigateway support in Egress Gateway, ingress rate limiting in the bandwidth manager, ConfigMap synchronization, Multi-Pool IPAM with KVStore and IPSec, BGP route aggregation in the control plane, multiple HTTPRoutes in GAMMA reconciler, and much more.
7. Sveltos, a Kubernetes add-on controller, has reached its v1.0.0. This release introduces a pull mode that eliminates the need for managed clusters to be accessible from the management cluster.
#news #releases
1. Freelens, a community-driven fork of Lens, an IDE for Kubernetes, was updated to v1.5.0. It now displays ephemeral containers in Pods views and menus, metrics from metrics-server if there’s no Prometheus, more details for Services, and better renders boolean values.
2. k8gb, a Kubernetes global balancer (a CNCF Sandbox project), reached v0.15.0, introducing multi-zone DNS support, reverse proxy support, VPA (Vertical Pod Autoscaling) integration, and an official SLSA generator.
3. mariadb-operator 25.08.1 was released with numerous new features. They include a new
PhysicalBackup CR for managing backups at the physical level based on mariadb-backup CLI or VolumeSnapshots, support for MariaDB 11.8 and VECTOR data type, and a new Helm chart for deploying MariaDB clusters.4. Kyverno, a Kubernetes-native policy engine (a CNCF Incubating project), announced its 1.15 with several new capabilities. New policy types are
MutatingPolicy (for dynamic resource transformation) and GeneratingPolicy (for resource creation and synchronization using CEL). It also got a new DeletingPolicy resource for controlled resources cleanup, new OpenReports API group support, and performance improvements.5. kube-vip, a Kubernetes virtual IP and load balancer for control plane and K8s Services, has made it to v1.0. This significant milestone for the project came with a few new features, such as internal egress functionality and Zebra/Quagga integration.
6. Cilium, a networking, observability, and security solution (a CNCF Graduated project), released 1.18.0 with lots of new features. Some of them include support for new virtual network device configurations (VXLAN in IPsec and IPIP tunnels), multigateway support in Egress Gateway, ingress rate limiting in the bandwidth manager, ConfigMap synchronization, Multi-Pool IPAM with KVStore and IPSec, BGP route aggregation in the control plane, multiple HTTPRoutes in GAMMA reconciler, and much more.
7. Sveltos, a Kubernetes add-on controller, has reached its v1.0.0. This release introduces a pull mode that eliminates the need for managed clusters to be accessible from the management cluster.
#news #releases
❤6👍5
External Secrets Operator paused releases and needs maintainers
ESO is a Kubernetes operator that integrates external secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.) to read information from external APIs and automatically inject the values into a Kubernetes Secret. It’s been a CNCF Sandbox project since July 2022.
Yesterday, its maintainer, Gustavo Fernandes de Carvalho, announced that, due to the project's unhealthy status (lack of long-term maintainers), there won’t be new External Secrets Operator releases until more volunteers join the project. This news caught a lot of attention in the Cloud Native community, and hopefully, the situation might improve. Feel free to join this effort:
- GitHub issue
- Reddit discussion
#news #cncfprojects
ESO is a Kubernetes operator that integrates external secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.) to read information from external APIs and automatically inject the values into a Kubernetes Secret. It’s been a CNCF Sandbox project since July 2022.
Yesterday, its maintainer, Gustavo Fernandes de Carvalho, announced that, due to the project's unhealthy status (lack of long-term maintainers), there won’t be new External Secrets Operator releases until more volunteers join the project. This news caught a lot of attention in the Cloud Native community, and hopefully, the situation might improve. Feel free to join this effort:
- GitHub issue
- Reddit discussion
#news #cncfprojects
😢7❤4
Launched in November 2024, the GitHub Secure Open Source Fund aims to secure the supply chain at scale. This Fund conducted two educational, collaborative sessions on security, bringing together 125 maintainers from 71 Open Source projects. They remediated 1100+ vulnerabilities, issued 50+ new CVEs, revealed 176 leaked secrets, and prevented 92 new secrets from being leaked.
Those sessions covered such Open Source projects as Flux, bootc, nixpkgs, Oh My Zsh, Ollama, and many more. The next session is scheduled for September. Find more details in this blog post.
#news #security #GitHub
Those sessions covered such Open Source projects as Flux, bootc, nixpkgs, Oh My Zsh, Ollama, and many more. The next session is scheduled for September. Find more details in this blog post.
#news #security #GitHub
🔥1
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. "Kubernetes 1.34: Deep dive into new alpha features" by Kirill Kononovich, Palark.
2. "My process to debug DNS timeouts in a large EKS cluster" by Jack Lindamood, Anthropic.
3. "Seamless Istio Upgrades at Scale" by Rushy R. Panchal, Airbnb.
4. "The Simplest GitOps Implementation That Actually Works" by Gabriel Garrido.
5. "From Linux Primitives to Kubernetes Security Contexts" by Dave Altena, LearnKube.
#articles
1. "Kubernetes 1.34: Deep dive into new alpha features" by Kirill Kononovich, Palark.
Kubernetes 1.34’s anticipated release is coming on August 27th. With that around the corner, we’ve prepared a comprehensive run-through of the fascinating 13 alpha features in this release, examining each of them in detail. From asynchronous API calls and granular container restart rules to native Pod certificates and the new KYAML format, let’s dive into the exciting updates the upcoming K8s version has in store!
2. "My process to debug DNS timeouts in a large EKS cluster" by Jack Lindamood, Anthropic.
We run a very large AWS EKS cluster with lots of interesting challenges. This post is about a recent investigation into DNS resolution failures that we were able to root cause to an Elastic Network Interface (ENI) packets per second (PPS) limit and a further root cause of the combination of sudo defaults and ndots in our cluster DNS.
3. "Seamless Istio Upgrades at Scale" by Rushy R. Panchal, Airbnb.
Airbnb has been running Istio at scale since 2019. We support workloads running on both Kubernetes and virtual machines (using Istio’s mesh expansion). Across these two environments, we run tens of thousands of pods, dozens of Kubernetes clusters, and thousands of VMs. [..] Istio is a foundational piece of our architecture, which makes ongoing maintenance and upgrades a challenge. Despite that, we have upgraded Istio a total of 14 times. This blog post will explore how the Service Mesh team at Airbnb safely upgrades Istio while maintaining high availability.
4. "The Simplest GitOps Implementation That Actually Works" by Gabriel Garrido.
In this article we will strip GitOps down to its bare essentials and build the simplest implementation that actually works. No fancy operators, minimal tooling - just Git, GitHub Actions, and a sprinkle of automation magic. [..] For the deployment part, I’m using ArgoCD to watch the manifests repository and sync changes to the cluster, but you could just as easily apply the manifests manually or use a simple CronJob. The beauty is in the simplicity of the pipeline itself.
5. "From Linux Primitives to Kubernetes Security Contexts" by Dave Altena, LearnKube.
The Kubernetes API offers several ways to restrict container privileges using the Security Context. [..] Many teams discover these controls only after a security audit or scanner flags a running container. The next steps are usually reactively patching the config, suppressing the warning and moving on. Before we get into Kubernetes SecurityContexts, we need to understand what they're actually configuring under the hood.
#articles
👍4❤1
Unveiling another digest of the prominent software updates in the Cloud Native ecosystem!
1. Istio (a CNCF Graduated project) released 1.27. This version introduced inference extension support when using the Gateway API, multi-cluster deployments in ambient mode (in Alpha), CRL (Certificate Revocation List) support for plugged-in CAs, a new ListenerSets API, and native nftables support in sidecar mode.
2. CloudNativePG, a platform designed to manage PostgreSQL in Kubernetes (a CNCF Sandbox project), was updated to v1.27.0. This release enabled loading PostgreSQL extensions dynamically, logical decoding slot synchronisation in HA clusters, primary isolation checks in the liveness probe, quorum-based failover (experimental), and
3. Crossplane (a CNCF Incubating project) reached its v2.0 milestone, featuring significant improvements. First of all, the project went beyond infrastructure and now lets you manage applications as well. Other changes include composite and managed resources (XRs and MRs) being namespaced by default, support for any Kubernetes resources in compositions, and a new Operation type for one-off, scheduled, and event-driven workflows.
4. Nelm, a Helm 3 alternative (part of werf, a CNCF Sandbox project), has released several versions recently, the latest one being v1.12. They brought numerous improvements, such as force adoption of the resources in the cluster, Helm charts debugging, better log control (hiding logs matching a regexp, disabling Pod log collection, log colouring in popular CI systems), masking sensitive parts of diffs, and status tracking for more popular custom resources.
5. OpenCost, a Kubernetes cost monitoring tool (a CNCF Incubating project), released v1.116.0. It added Promless configuration, diagnostics summary filter, NodeLabel filtering support to allocations, log-level information to heartbeat data, diagnostics data for the collector source in export bucket, and more new features.
6. copa, a CLI tool to directly patch container images without full rebuilds (a CNCF Sandbox project), released v0.11.0 last month (and updated to v0.11.1 last week), introducing multi-platform patching, support for the
#news #releases
1. Istio (a CNCF Graduated project) released 1.27. This version introduced inference extension support when using the Gateway API, multi-cluster deployments in ambient mode (in Alpha), CRL (Certificate Revocation List) support for plugged-in CAs, a new ListenerSets API, and native nftables support in sidecar mode.
2. CloudNativePG, a platform designed to manage PostgreSQL in Kubernetes (a CNCF Sandbox project), was updated to v1.27.0. This release enabled loading PostgreSQL extensions dynamically, logical decoding slot synchronisation in HA clusters, primary isolation checks in the liveness probe, quorum-based failover (experimental), and
Postgres interface support in the CNPG-I (plugin interface) operator.3. Crossplane (a CNCF Incubating project) reached its v2.0 milestone, featuring significant improvements. First of all, the project went beyond infrastructure and now lets you manage applications as well. Other changes include composite and managed resources (XRs and MRs) being namespaced by default, support for any Kubernetes resources in compositions, and a new Operation type for one-off, scheduled, and event-driven workflows.
4. Nelm, a Helm 3 alternative (part of werf, a CNCF Sandbox project), has released several versions recently, the latest one being v1.12. They brought numerous improvements, such as force adoption of the resources in the cluster, Helm charts debugging, better log control (hiding logs matching a regexp, disabling Pod log collection, log colouring in popular CI systems), masking sensitive parts of diffs, and status tracking for more popular custom resources.
5. OpenCost, a Kubernetes cost monitoring tool (a CNCF Incubating project), released v1.116.0. It added Promless configuration, diagnostics summary filter, NodeLabel filtering support to allocations, log-level information to heartbeat data, diagnostics data for the collector source in export bucket, and more new features.
6. copa, a CLI tool to directly patch container images without full rebuilds (a CNCF Sandbox project), released v0.11.0 last month (and updated to v0.11.1 last week), introducing multi-platform patching, support for the
buildkit instance running on Podman and for OCI Media Types (in addition to Docker).#news #releases
👍8
Loft Labs is now vCluster Labs
The company behind vCluster, DevSpace, DevPod and some other Cloud Native projects changed its name to be better associated with its flagship product. Here’s what its CEO, Lukas Gentele, wrote on LinkedIn:
#news
The company behind vCluster, DevSpace, DevPod and some other Cloud Native projects changed its name to be better associated with its flagship product. Here’s what its CEO, Lukas Gentele, wrote on LinkedIn:
We’re all in on vCluster: from open source innovation to enterprise-ready features supporting the largest companies on the planet. By aligning our brand with our flagship project, we’re signaling what matters most, our focus on building the best tooling for Kubernetes tenancy and infrastructure engineering.
#news
Apple hires the creators of Open Policy Agent
Open Policy Agent (OPA) is a general-purpose policy engine that became a CNCF Graduated project in 2021. Yesterday, the project announced that “the creators of Open Policy Agent (along with many team members from Styra) have joined Apple.”
Styra is the company where OPA originated, and Apple is an active user of this project. OPA serves as a key component of Apple’s authorisation infrastructure. After this transition, more OPA-related repositories owned by Styra — such as EOPA (the commercial distribution of OPA), OPA Control Plane, SDKs, and Rental linter for Rego — will be moved to the CNCF OPA GitHub organisation.
#news #cncfprojects
Open Policy Agent (OPA) is a general-purpose policy engine that became a CNCF Graduated project in 2021. Yesterday, the project announced that “the creators of Open Policy Agent (along with many team members from Styra) have joined Apple.”
Styra is the company where OPA originated, and Apple is an active user of this project. OPA serves as a key component of Apple’s authorisation infrastructure. After this transition, more OPA-related repositories owned by Styra — such as EOPA (the commercial distribution of OPA), OPA Control Plane, SDKs, and Rental linter for Rego — will be moved to the CNCF OPA GitHub organisation.
#news #cncfprojects
👍4
The community is asked to try new Kubernetes features
Tim Hockin, one of the Kubernetes original creators, in his post yesterday on Reddit, says that most K8s users don’t use new Alpha features and rarely provide feedback on the Beta features. When the features are GA, and something is wrong with them, it’s much more challenging to make the required changes. That’s why he appeals to the community:
P.S. Kubernetes v1.34 will be released next week.
#news
Tim Hockin, one of the Kubernetes original creators, in his post yesterday on Reddit, says that most K8s users don’t use new Alpha features and rarely provide feedback on the Beta features. When the features are GA, and something is wrong with them, it’s much more challenging to make the required changes. That’s why he appeals to the community:
The SINGLE MOST USEFUL thing anyone here can do for the Kubernetes project is to try out the alpha and beta features, push the limits of new APIs, try to break them, and SEND US FEEDBACK.
P.S. Kubernetes v1.34 will be released next week.
#news
👍8
Sometimes, examining custom resources in Kubernetes becomes challenging. This tool makes things much easier.
CR(D) Wizard is a UI for exploring Custom Resource Definitions (CRDs) and corresponding Custom Resources (CRs). Being available in two interfaces, a web-based UI and TUI (including a plugin for k9s), this tool:
- displays CRD’s schema as browsable documentation;
- shows information about existing CRs in the cluster;
- draws a resource relationship graph.
Language: Go and TypeScript | License: GPL 3.0 | 81 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
CR(D) Wizard is a UI for exploring Custom Resource Definitions (CRDs) and corresponding Custom Resources (CRs). Being available in two interfaces, a web-based UI and TUI (including a plugin for k9s), this tool:
- displays CRD’s schema as browsable documentation;
- shows information about existing CRs in the cluster;
- draws a resource relationship graph.
Language: Go and TypeScript | License: GPL 3.0 | 81 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
👍8
Kubernative by Palark | Kubernetes news and goodies
The next Kubernetes release, 1.34, is scheduled for 27th August. The earliest article covering the upcoming changes was just published on the project’s blog. Its feature highlights include: - An alpha version of KYAML, a new YAML subset that was designed…
The Kubernetes v1.34 release was announced about 10 hours ago. Its codename, Of Wind & Will (O' WaW), “honours the winds that have shaped us, and the will that propels us forward.”
As the official blog post states, “This release consists of 58 enhancements. Of those enhancements, 23 have graduated to Stable, 22 have entered Beta, and 13 have entered Alpha.”
This overview covers all new alpha features in detail.
#news #releases
As the official blog post states, “This release consists of 58 enhancements. Of those enhancements, 23 have graduated to Stable, 22 have entered Beta, and 13 have entered Alpha.”
This overview covers all new alpha features in detail.
#news #releases
👍5
Metal³ became a CNCF Incubating project
The Metal³ project (pronounced "Metal Kubed") provides a set of tools for managing bare-metal infrastructure using Kubernetes. Its operator, based on Ironic, automates the provisioning of bare-metal servers. It also offers a provider for Cluster API, enabling users to deploy Cluster API-based clusters on top of bare-metal servers.
The project was started in 2019 by Red Hat and was later joined by Ericsson. Since then, many other organisations, including Fujitsu, Ikea, and SUSE, adopted it. The project was accepted into the CNCF Sandbox in September 2020, and two weeks ago, the CNCF TOC voted for its incubation. The official announcement is available here.
#cncfprojects #news
The Metal³ project (pronounced "Metal Kubed") provides a set of tools for managing bare-metal infrastructure using Kubernetes. Its operator, based on Ironic, automates the provisioning of bare-metal servers. It also offers a provider for Cluster API, enabling users to deploy Cluster API-based clusters on top of bare-metal servers.
The project was started in 2019 by Red Hat and was later joined by Ericsson. Since then, many other organisations, including Fujitsu, Ikea, and SUSE, adopted it. The project was accepted into the CNCF Sandbox in September 2020, and two weeks ago, the CNCF TOC voted for its incubation. The official announcement is available here.
#cncfprojects #news
👍6
Kubernative by Palark | Kubernetes news and goodies
External Secrets Operator paused releases and needs maintainers ESO is a Kubernetes operator that integrates external secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.) to read information from external APIs and automatically inject the…
Quick facts from an official update on the ESO (External Secrets Operator) project status posted yesterday:
1. 300+ people signed up to help ESO.
2. The project introduced a contributor ladder and created contribution tracks (testing, CI, core, providers).
3. Releases are still on pause: “… we need to spend time exercising, testing, adjusting it before we feel confident enough to release it.”
4. An effort to become a CNCF Incubating project is still on and moving forward.
You can find more details in this Reddit post and the related GitHub issue.
#cncfprojects #news
1. 300+ people signed up to help ESO.
2. The project introduced a contributor ladder and created contribution tracks (testing, CI, core, providers).
3. Releases are still on pause: “… we need to spend time exercising, testing, adjusting it before we feel confident enough to release it.”
4. An effort to become a CNCF Incubating project is still on and moving forward.
You can find more details in this Reddit post and the related GitHub issue.
#cncfprojects #news
❤8
Kubernative by Palark | Kubernetes news and goodies
New Bitnami catalog limitations The newly announced changes to the Bitnami public catalog of Helm charts and images continue its evolution of becoming more commercial. The authors state that starting August 28th, 2025, “Bitnami will continue to offer a limited…
An update on the Bitnami public charts and images
The Bitnami team has postponed the deletion of the Bitnami public catalog until September 29th. It also runs a series of 24-hour brownouts, during which a set of 10 container images from
* Sep 2, 08:00 UTC → Sep 3, 08:00 UTC (it's TODAY!);
* Sep 17, 08:00 UTC → Sep 18, 08:00 UTC.
Here are some of the community efforts that might help to handle this change (besides the official bitnamilegacy repo):
1. TrueCharts, a community-driven catalog of Helm charts (note that some of them are still using Bitnami images!)
2. A new curated collection of production-ready Helm charts from CloudPirates
3. bitnami-depreciation repo from Hoverkraft
Commercial alternatives include images from Docker, Chainguard, Minimus, and echo.
#news
The Bitnami team has postponed the deletion of the Bitnami public catalog until September 29th. It also runs a series of 24-hour brownouts, during which a set of 10 container images from
docker.io/bitnami will be temporarily unavailable. The next brownouts are scheduled for:* Sep 2, 08:00 UTC → Sep 3, 08:00 UTC (it's TODAY!);
* Sep 17, 08:00 UTC → Sep 18, 08:00 UTC.
Here are some of the community efforts that might help to handle this change (besides the official bitnamilegacy repo):
1. TrueCharts, a community-driven catalog of Helm charts (note that some of them are still using Bitnami images!)
2. A new curated collection of production-ready Helm charts from CloudPirates
3. bitnami-depreciation repo from Hoverkraft
Commercial alternatives include images from Docker, Chainguard, Minimus, and echo.
#news
👍4
There are various ways to simplify creating Kubernetes manifests, and GUIs are surely one of them. If that’s something you’ve been looking for, consider this new project.
Kube Composer is a Web UI for generating YAML manifests for Kubernetes. It allows you to easily create numerous resources by filling out visual forms and download the resulting YAMLs. Here’s what you can do with it:
- Create Deployments, Services, Ingress, Namespaces, ConfigMaps, Secrets, and Volumes;
- Configure multiple containers per Deployment, specify resource limits, environment variables, and volume mounts for containers;
- Configure multiple ingress classes, HTTPS with certificate management, and port mapping;
- See your YAML output in real time, as well as diagrams with resource relationships and request routing from Ingress to Pods.
Language: TypeScript, Node.js | License: MIT | 384 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
Kube Composer is a Web UI for generating YAML manifests for Kubernetes. It allows you to easily create numerous resources by filling out visual forms and download the resulting YAMLs. Here’s what you can do with it:
- Create Deployments, Services, Ingress, Namespaces, ConfigMaps, Secrets, and Volumes;
- Configure multiple containers per Deployment, specify resource limits, environment variables, and volume mounts for containers;
- Configure multiple ingress classes, HTTPS with certificate management, and port mapping;
- See your YAML output in real time, as well as diagrams with resource relationships and request routing from Ingress to Pods.
Language: TypeScript, Node.js | License: MIT | 384 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
👍5❤2
AI chatbot assistant right in the Argo CD UI? Here we come…
A few days ago, the assistant-for-argocd project was announced. It’s an Argo CD extension that adds a chatbot to the Argo CD UI. It relies on llama-stack as a backend and adds the Assistant tab to the resources view, where you can ask your LLM of choice about this resource.
Language: TypeScript | License: Apache 2.0 | 35 ⭐️
▶️ GitHub repo
💬 LinkedIn announcement
#tools #gui #gitops #genai
A few days ago, the assistant-for-argocd project was announced. It’s an Argo CD extension that adds a chatbot to the Argo CD UI. It relies on llama-stack as a backend and adds the Assistant tab to the resources view, where you can ask your LLM of choice about this resource.
Language: TypeScript | License: Apache 2.0 | 35 ⭐️
▶️ GitHub repo
💬 LinkedIn announcement
#tools #gui #gitops #genai
🙈4🔥3👍2
Sharing another bunch of interesting Kubernetes-related articles recently spotted online:
1. "Tuning Linux Swap for Kubernetes: A Deep Dive" by Ajay Sundar Karuppasamy.
2. "Top 30 Argo CD Anti-Patterns to Avoid When Adopting Gitops" by Kostis Kapelonis, Codefresh.
3. "Manage Secrets of your Kubernetes Platform at Scale with GitOps" by Artem Lajko.
4. "Migrating from Kubernetes Ingress to Gateway API: A Step-by-Step Guide" by Kelvin Manavar.
5. "Longhorn – a Kubernetes-native filesystem" by Vegard.
6. "Importance of Graceful Shutdown in Kubernetes" by Alik Khilazhev, Criteo.
#articles
1. "Tuning Linux Swap for Kubernetes: A Deep Dive" by Ajay Sundar Karuppasamy.
In this blogpost, I'll dive into critical Linux kernel parameters that govern swap behavior. I will explore how these parameters influence Kubernetes workload performance, swap utilization, and crucial eviction mechanisms. I will present various test results showcasing the impact of different configurations, and share my findings on achieving optimal settings for stable and high-performing Kubernetes clusters.
2. "Top 30 Argo CD Anti-Patterns to Avoid When Adopting Gitops" by Kostis Kapelonis, Codefresh.
Here is the full list of the antipatterns we will see: Not understanding the declarative setup of Argo CD; Creating Argo CD applications in a dynamic way; Using Argo CD parameter overrides; Adopting Argo CD without understanding Helm; Adopting Argo CD without understanding Kustomize; Assuming that developers need to know about Argo CD; Grouping applications at the wrong abstraction level; Abusing the multi-source feature of Argo CD; Not splitting the different Git repositories; Disabling auto-sync and self-heal…
3. "Manage Secrets of your Kubernetes Platform at Scale with GitOps" by Artem Lajko.
If you are building a platform on Kubernetes it does not matter what fancy name you give it. You will run into this challenge sooner or later. This blog is not trainer material. It is not about perfect labs. It is about real world experience with real pain points. The idea is simple. Instead of managing every cluster manually you connect them to a control plane. But the tricky part is how to do this in a secure and repeatable way especially when secrets are involved.
4. "Migrating from Kubernetes Ingress to Gateway API: A Step-by-Step Guide" by Kelvin Manavar.
If your organization is currently relying on Ingress and considering a migration to the Gateway API, this guide will walk you through the process. We’ll explore why the Gateway API is worth adopting, what changes you need to be aware of, and the practical steps to migrate from your existing Ingress setup to the modern Gateway API within a running Kubernetes cluster.
5. "Longhorn – a Kubernetes-native filesystem" by Vegard.
Longhorn in a way has many similarities with ZFS, but made for a distributed environment like Kubernetes. In a nutshell, Longhorn provision block devices out of a pool – or several, I have an SSD pool and a HDD pool. You’ll create storage classes using those pools, with the properties you like. A storageclass is sort of a template for a volume, that says what properties it should have when it’s created. You can still change it afterwards, though. Longhorn also comes with a decent web console, making it easy to get overview of – and manage – your Longhorn storage solution. It has built-in support for snapshot-based backups, most commonly to S3 (or compatible) buckets.
6. "Importance of Graceful Shutdown in Kubernetes" by Alik Khilazhev, Criteo.
In this post, I will share what I have learned about implementing proper graceful shutdown in Kubernetes. I will show you exactly what happens behind the scenes, provide working code examples, and back everything with real test results that clearly demonstrate the difference.
#articles
👍3
Knative became a CNCF Graduated project
Knative is a Kubernetes-based platform to build, deploy, and manage serverless workloads. It consists of three main components:
- Knative Serving for deploying and serving applications and functions on Kubernetes as serverless containers;
- Knative Eventing, an event-driven application platform that supports various workloads, including regular Kubernetes services and Knative Serving services;
- Knative Functions, a developer-focused client library and CLI for development and deployment of functions.
It was accepted to CNCF in March 2022 as an Incubating project, and just about 5 hours ago, it passed the CNCF TOC vote for graduation.
#news #cncfprojects #serverless
Knative is a Kubernetes-based platform to build, deploy, and manage serverless workloads. It consists of three main components:
- Knative Serving for deploying and serving applications and functions on Kubernetes as serverless containers;
- Knative Eventing, an event-driven application platform that supports various workloads, including regular Kubernetes services and Knative Serving services;
- Knative Functions, a developer-focused client library and CLI for development and deployment of functions.
It was accepted to CNCF in March 2022 as an Incubating project, and just about 5 hours ago, it passed the CNCF TOC vote for graduation.
#news #cncfprojects #serverless
🔥6❤3👍3
While we’ve seen many GUIs for Kubernetes lately, new projects still keep appearing. Here’s a small Web client that went public this August.
teleskopio is a new Web UI for K8s that emerged as a result of personal research. It allows you to access your clusters as admin or viewer and comes with numerous features:
- Managing cluster workloads (Deployments, StatefulSets, Jobs, etc.), networking, storage, and access control;
- Embedded Monaco editor with syntax highlighting for creating/editing resources;
- A cluster overview for seeing its overall health and activity;
- Displaying live resource changes, Pod logs and event history;
- Customisable UI: configurable fonts, light and dark themes.
Language: TypeScript, Go | License: Apache 2.0 | 64 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
teleskopio is a new Web UI for K8s that emerged as a result of personal research. It allows you to access your clusters as admin or viewer and comes with numerous features:
- Managing cluster workloads (Deployments, StatefulSets, Jobs, etc.), networking, storage, and access control;
- Embedded Monaco editor with syntax highlighting for creating/editing resources;
- A cluster overview for seeing its overall health and activity;
- Displaying live resource changes, Pod logs and event history;
- Customisable UI: configurable fonts, light and dark themes.
Language: TypeScript, Go | License: Apache 2.0 | 64 ⭐️
▶️ GitHub repo
💬 Reddit announcement
#tools #gui
👍4
CNCF projects get access to Docker Sponsored Open Source program
CNCF has just announced a new partnership with Docker, Inc., which provides CNCF projects with direct access to the Docker Sponsored Open Source (DSOS) program. This means they can benefit from unlimited image pulls from Docker Hub, access to Docker Scout for vulnerability analysis and policy enforcement, automated image builds from source, and Docker usage metrics and engagement insights.
#cncfprojects #news
CNCF has just announced a new partnership with Docker, Inc., which provides CNCF projects with direct access to the Docker Sponsored Open Source (DSOS) program. This means they can benefit from unlimited image pulls from Docker Hub, access to Docker Scout for vulnerability analysis and policy enforcement, automated image builds from source, and Docker usage metrics and engagement insights.
#cncfprojects #news
👍9🤔3
Have you heard of
KSGate is a Kubernetes controller that manages Pod scheduling by using declarative gates and conditions. With it, workloads can get annotations that will match scheduling gates and define the conditions via powerful CEL expressions: they must evaluate to
Language: Go | License: Apache 2.0 | 6 ⭐️
▶️ GitHub repo
📣 Project announcement
#tools
schedulingGates for Pods in Kubernetes (this feature went stable in v1.30)? They let you control when a Pod is ready to be considered for scheduling. There’s a new project that makes this process declarative.KSGate is a Kubernetes controller that manages Pod scheduling by using declarative gates and conditions. With it, workloads can get annotations that will match scheduling gates and define the conditions via powerful CEL expressions: they must evaluate to
true for the condition to be satisfied. For example, the scheduling condition can be a dependent Pod with a specific name and currently being in a particular phase.Language: Go | License: Apache 2.0 | 6 ⭐️
▶️ GitHub repo
📣 Project announcement
#tools
👍4