EDB, the original authors of CloudNativePG, celebrates the leadership of its well-known Kubernetes operator for PostgreSQL in GitHub stars. The project was launched just two years ago, and now it has surpassed all other Open Source PgSQL operators in stargazers.

This happened just recently: at the time of writing this post, CNPG had 4291 stars vs. 4264 for its closest opponent (an operator from Zalando). Also, as we all know, GitHub stars are quite a vague metric. However, the star history chart confirms an overall trend in how the community adopts CNPG.

P.S. Here, you can find an overview of CNPG and a brief comparison with other solutions.

#news #databases

If you’re interested in running local/private LLMs (leveraging Ollama and similar solutions) on Kubernetes, take a look at this new project.

KubeAI serves an OpenAI-compatible HTTP API in Kubernetes, providing you with a drop-in OpenAI replacement and simplifying the needed operations. The project’s authors call it “a Model Operator that manages vLLM and Ollama servers [inside Kubernetes].” Most noticeable KubeAI features include:

- Support for various Open Source model servers, including vLLM, Ollama, FasterWhisper, and Infinity. (Speech-to-Text and Text-Embedding are supported.)
- An option to preload LLMs in custom container images.
- Autoscaling based on load.
- A Chat UI based on OpenWebUI.
- An ability to work in the CPU-only mode and with GPUs. TPU support is planned.
- No dependencies (such as service meshes) and installable in regular K8s clusters, OpenShift, and managed K8s solutions (currently, there’s an instruction for GKE with Autopilot).

▶️ GitHub repo

#tools #genai

Just a few prominent recent events regarding new/maturing CNCF projects:

1. Perses, a dashboard tool to visualise observability data from Prometheus/Thanos/Jaeger aspiring to become a standard, was accepted as a CNCF Sandbox project in the end of August.

2. Artifact Hub, a web app to find, install, and publish packages and configurations for Cloud Native software, became a CNCF Incubating project (after being in its Sandbox for 4 years).

3. CloudNativePG, a Kubernetes operator for PostgreSQL (we covered it just recently), has applied to join CNCF Sandbox. Interestingly, it is the second attempt to do so, with the first one carried out (and failed) in April 2022 when the project was just born.

#tools #news #cncfprojects

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Cortex, a scalable long-term storage for Prometheus (a CNCF Incubating project), got its v1.18.0 with lots of updates. They include an experimental native histogram ingestion, support for filtering alerts (ListRules API), new query rejection mechanism, a token bucket limiter, and ingester metadata API limits.

2. Argo Workflows, a workflow engine for orchestrating parallel jobs on Kubernetes, has seen its v3.6.0-rc1 with hundreds(!) of changes. Some of its new features are using Prometheus TLS by default, configurable individual metrics, OpenTelemetry metrics and numerous new other metrics (Pod pending counter, Pod phase counter, leader metric, etc.), multiple schedules in CronWorkflow, SQLite-based memory store for live workflows, dynamic templateRef naming, support for ephemeral credentials for S3, and many UI improvements.

3. Kanister, a framework for application-level data management on K8s (a CNCF Sandbox project), released v0.111.0 with support for read-only and write access modes when kando connects to Kopia repository server, cache size limits for Kopia server, an ability to pass labels and annotations when creating/cloning volume snapshot resources, and customisation of the labels and annotations of the temporary Pods created by Kanister.

4. Kata Containers 3.9.0 introduced support for pulling cosign-signed images, refined device management for kata-agent, image annotations for remote hypervisors, SetPolicy support in agent-ctl, and more.

5. Devtron, a tool integration platform for Kubernetes, was updated to v0.7.2. This release brought support for creating plugins at pipeline stage level, TLS support for Git and GitOps, GitOps support for OCI repositories, GitLab webhook support, async Argo CD app refresh operation, and other features.

6. PipeCD, a GitOps-style continuous delivery platform for apps across different environments (a CNCF Sandbox project), got its v0.49.0 featuring significantly improved AWS Lambda support (plan preview, drift detection, etc.), ECS enhancements (drift detection, LiveState UI), OIDC support for the SSO, and sending OpenTelemetry traces to control plane.

#news #releases

Our newest bunch of interesting Kubernetes-related articles recently spotted online:

1. “The Beginner's Guide to Securing Kubernetes” by Ophir Kelmen, Hunters.

“In this article, you will learn foundational terms and concepts essential for securing Kubernetes clusters. Whether you're a beginner or an experienced professional, this guide covers the critical knowledge required to understand the security dimensions of Kubernetes and methods to identify and detect specific attack techniques. No prior knowledge of Kubernetes is necessary to benefit from the article.”

2. “OpenTelemetry Tracing in 200 lines of code” by Jeremy Morrell.

“It’s no wonder then that most developers approach tracing libraries as unknownable black boxes. We add them to our applications, cross our fingers, and hope they give us useful information when the pager goes off at 2am. They are likely a lot simpler than you expect! Once you peel back the layers, I find a useful mental model of tracing looks like “fancy logging” combined with “context propagation” a.k.a “passing some IDs around”.”

3. “The Istio Service Mesh for People Who Have Stuff to Do” by Luca Cavallin.

“Istio is a powerful tool that simplifies traffic management, security, and observability for microservices. Contributing to Istio gave me insight into how it helps solve some of the complex challenges that come with running distributed systems. If you're running a microservices architecture or planning to scale, Istio can help you make your system more resilient and easier to manage.”

4. “Node.js 20 upgrade: a journey through unexpected HEAP issues with Kubernetes” by Loïc “Ztec” Doubinine, Deezer.

“When using Node.js in a Kubernetes environment, and more broadly in a containerized scenario, you must consider the memory and CPU reservation. It needs to be configured in order to set limits to your process that would otherwise consume more than you expected. Also, setting it to low values requires attention to ensure the process accommodates the limit appropriately.”

5. “Introduction to the Gateway API: Revolutionizing Kubernetes Networking” by Disha Virk.

“Traditional tools like the Ingress API have long been the backbone for exposing services to external traffic, but as environments grow more sophisticated, developers and operators are looking for greater flexibility, extensibility, and fine-grained control over network traffic. In this article, we’ll dive deep into what the Gateway API is, why it was developed, and how it’s set to transform the way we handle networking in Kubernetes.”

6. “Keycloak with istio and Oauth2-Proxy” by Chris Haessig.

“Setting up Istio with Keycloak and OAuth2 Proxy is a common pattern for adding authentication and authorization to your microservices architecture. Each component plays a crucial role in securing access to resources while maintaining flexibility and scalability. Keycloak acts as an identity provider (IdP) and OAuth2 authorization server. It manages user authentication, including multi-factor authentication (MFA), single sign-on (SSO), and federation. By integrating OAuth2 Proxy, you can convert the OAuth2 authentication flow from Keycloak into HTTP headers that are passed to backend services. This decouples services from handling authentication logic, allowing centralized security management.”

#articles

CNCF has published another project journey report: etcd. It covers the whole story of this well-known key-value store (since 2013), featuring various stats and focusing on the years under the CNCF guidance (since 2018).

Some of the facts are:
- in CNCF, etcd has seen 65k contributions from 400+ companies;
- top contributing companies (cumulative) are CoreOS, Google, VMware, Red Hat, and Amazon;
- the project has its own SIG-etcd (introduced in 2023);
- there were 38 keynotes, talks, sessions, meetings, and workshops dedicated to etcd at KubeCons.

P.S. You can find more project reports (Kubernetes, Harbor, OpenTelemetry, and Argo) here.

#news #databases #cncfprojects

A few prominent event-related news:

1. The schedule for the first-ever KubeCon + CloudNativeCon India (Dec 11-12) was just published. It features 80+ talks covering Kubernetes, Cilium, Istio, Argo, OpenTelemetry, Kyverno, Buildpacks, Kubeflow, etcd, and many other CNCF projects.

2. KubeCrash, a virtual & free conference focused on Platform Engineering, will happen on October 9th. There will be 10+ talks from CNCF Ambassadors, The New York Times, VMware, Red Hat, Intuit, Buoyant, SUSE, Fairwinds, and other companies.

3. Open Source Observability Day (OSOD), another virtual & free conference, focused on observability this time, is planned for October 24th. It will host speakers from Isovalent, Percona, VictoriaMetrics, Honeycomb, Chronosphere, ClickHouse, and more.

4. 30+ videos from KCD Czech & Slovak 2024 that happened on June 6-7 in Prague are now available for watching in this YouTube playlist.

#news #events

At some point, we all might need to create development environments in Kubernetes. This project simplifies this task!

Kardinal is marketed as “the lightest-weight way” to spin up temporary environments. It aims to make this process as fast and easy as possible. To do so, Kardinal Kontrol is used as a cloud-hosted control plane and a service called Kardinal Manager is deployed to your Kubernetes cluster. Here’s what this tool provides:

- Various environments’ types: for single or multiple services with shared resources, for apps with isolated stateful resources, and for apps with full isolation.
- Templates to unify and customise the environments’ configuration.
- Plugins to simplify configuring dev versions of stateful or external services. Currently, there are plugins for Redis, Neon DB, PostgreSQL (seed data), and AWS RDS.
- Web dashboard to see your environments.
- An ability to use it with Tilt or Telepresence by following the relevant instructions.
- Ready-to-use playground to see Kardinal in action via GitHub Codespaces.

▶️ GitHub repo
📢 Reddit announcement
📖 Introduction article

#tools #dev

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Talos 1.8.0

As many know, Talos is ”Linux designed for Kubernetes.” Last month, it was significantly updated with the v1.8.0 release. This version of Talos is based on Kubernetes 1.31.1, Linux 6.6.49, containerd 2.0.0-rc.4, and brought numerous new features. In terms of K8s, it got a slim Kubelet image with fewer utilities and switched to it as default, node annotations support in machine configuration, various CNI plugins bundled by default (for Flannel), kube-proxy with nftables backend as default, and DNS forwarding for CoreDNS Pods.

Some other changes include a rewritten disk management backend for more complex configurations, Ephemeral volumes support, support for the Apache CloudStack platform, default AppArmor profiles, support for custom trusted roots, and much more. You can find a full list of improvements in the What’s New document.


Other noticeable updates in the Cloud Native space:

1. mariadb-operator was updated to v0.0.33 featuring an ability to pause updates via Never update strategy to allow progressive fleet upgrades and operator upgrades. It also brought a new mariadb-operator-crds Helm chart, huge CRD size reduction, and basic auth support in the Galera agent.

2. kubectl.nvim, a plugin for Neovim simplifying your work with Kubernetes, became mature with its v1.0.0. Its features now include configurable keymaps, resource selection with fuzzy completion, label selector filtering, customisable overview dashboard, real-time resource monitoring, Custom Resource support, Ingress and Helm integration, and much more.

3. k0s, an “all-inclusive Kubernetes distribution” from Mirantis for IoT, Edge, and bare metal, got its v1.31 based on Kubernetes 1.31. This release also supports running dual-stack clusters with kube-router and allows you to configure the bind address. Notably, this project recently applied to join CNCF Sandbox.

4. Flux 2.4 was released with the general availability of Flux S3-compatible Source API, Azure DevOps OIDC authentication, and various improvements in controller and CLI (including a new flux create secret proxy command, the --recursive flag for flux diff kustomization, and Windows support via WinGet).

5. Falco 0.39.0 was released, boasting 50 merged PRs (and 100+ more PRs for libs and drivers). They introduced new basename and regex operators, append output feature (to add output text or fields to a subset of loaded rules), and dynamic driver selection in Falco with Helm.

#news #releases

Our newest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Why Kubernetes is removing in-tree cloud-provider integration support in v1.31, and how it can affect you" by Reza Ramezanpour, Tigera.

"In this blog post, we will examine cloud-provider integrations with Google Cloud Provider infrastructure, how it works, and how we can upgrade to later versions of Kubernetes without breaking our environment."

2. "Write Your Next Kubernetes Controller in Rust" by Thomas Rampelberg, kty.

"If you’re interested in interacting with Kubernetes outside of the golang ecosystem, kube-rs is fantastic. It has a great API, lots of examples and supports everything that I would have wanted. The best parts of client-go, controller-runtime and kubebuilder are all rolled into one, letting you build on top of the rich Rust ecosystem. [..] Keep reading to understand a little bit more about the functionality I believe is required and the differences between the languages."

3. "PromQL Cheat Sheet: Must-Know PromQL Queries" by Prathamesh Sonpatki and Anjali Udasi, Last9.

"PromQL can be a pain, but it's also incredibly powerful when you know how to use it. I've spent countless hours fumbling through queries, and I want to save you some of that hassle. Here's a collection of PromQL snippets that have helped me in the trenches."

4. "Kubecost with AWS integration: Implementing and automating with Terraform" by Anton Kirikov, Palark.

"In this article, we are going to take a look at the things Kubecost is capable of and how it integrates with AWS. We’ll also cover a case study in which we were able to help our customer take advantage of these features and use Terraform to automatically deploy everything they needed."

5. "Internal Developer Platform: Insights from Conversations with Over 100 Experts" by Artem Lajko.

"I’ve received insights from Internal Developer Platform operators, companies that failed, companies that regret it, companies that are happy with it, and those that turned it into a product or SaaS solution. I’ve explored the value it brings and found that, in the end, many solutions share a similar logic."

6. "The Karpenter Effect: Redefining Our Kubernetes Operations" by Tanat Lokejaroenlarb, Adevinta.

"Managing a fleet of over 2,000 Kubernetes nodes and 30 clusters across 25 marketplaces is no small feat. While using Kubernetes Cluster Autoscaler and Amazon EKS Managed Node Groups served us well initially, we began encountering operational hurdles that hampered our efficiency and scalability. The complexities of cluster upgrades, the rigidity in instance type selection and limitations in use-case flexibility were becoming increasingly burdensome. We needed a solution that could address these challenges head-on."

#articles

Just learning GitOps or interested in getting a ready-to-use Kubernetes cluster fully controlled by Flux? Take a look at this repo!

k8s-gitops titled “GitOps Workflow for Kubernetes Cluster” builds your infrastructure based on K3s, a well-known lightweight distribution. After your cluster is installed, it bootstraps Flux2 and other services, resulting in:

- Fully-featured Kubernetes cluster with networking (CoreDNS, MetalLB), cert-manager, monitoring (Prometheus, Grafana, InfluxDB, Thanos), logs (Vector, Loki), and storage (Ceph/Rook);
- Continuously updated workloads triggered by the availability of new container images in the repo (via Renovate);
- Notifications and alerts from Flux bot in Discord;
- Auto-upgraded K3s version (via System Upgrade Controller from Rancher);
- Backups based on VolSync.

▶️ GitHub repo

#tools #gitops

Stefan Prodan, a core maintainer of Flux, announced Flux Operator in the ControlPlane blog.

This project is described as “a new component in the Flux CD ecosystem that automates the lifecycle management of Flux components and streamlines GitOps workflows for Kubernetes clusters.” Technically, it works as a Kubernetes operator (CRD controller), which can be used (instead of flux bootstrap) to deploy Flux and manage it in your cluster. This approach strives to simplify the installation, configuration, and operation (e.g., upgrading, scaling, and improved observability) of Flux. The operator's code is written in Go and licensed under AGPL 3.0.

Find more information in this announcement and GitHub repo.

#news #gitops

KubeEdge became the 27th graduated CNCF project.

KubeEdge is “a Kubernetes Native Edge Computing Framework”. It brings Kubernetes’ native container orchestration and scheduling capabilities to the edge, allowing you to render edge application management, cloud-edge metadata synchronisation, and edge IoT device management. It was initially created in Huawei Cloud, open-sourced in 2018, accepted to the CNCF Sandbox in 2019, and promoted to Incubating status in 2020. Learn more about its graduation in this announcement.

If you’re also surprised to realise there are 27 graduated CNCF projects already, have a look at this fantastic timeline (attached to the post) created by Hoon Jo, a CNCF Ambassador.

#news #cncfprojects

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Percona Everest 1.2.0

Everest is a new Open Source project from Percona: its first public release occurred earlier this year. It is a Cloud Native platform that should deployed on Kubernetes (EKS and GKE are currently recommended) and implements DBaaS (Database as a Service) for PostgreSQL, MongoDB, and MySQL.

The most recent version of Everest, v1.2.0, was released on October 1st. It introduced RBAC (technical preview) to manage users' roles and permissions. Other changes include retention copies for PostgreSQL when setting up backup schedules, an improved Database overview page in UI, and new operators for PostgreSQL (2.4.1) and MySQL (1.15.0).


Other noticeable updates in the Cloud Native space:

1. Volcano, a Cloud Native Batch System (a CNCF Incubating project), released its v1.10.0 with numerous new features. It got support for the queue priority scheduling strategy, fine-grained GPU resource sharing and reclaim, Pod scheduling readiness support, sidecar container scheduling capabilities, new vcctl commands, and performance optimisations for large-scale scenarios.

2. pi-cluster project, providing an automated home-lab Kubernetes setup, has seen massive changes with v1.9.0. It migrated its GitOps solution from Argo CD to Flux CD, CNI from Flannel to Cilium, service mesh from Linkerd to Istio, and switched Keycloak SSO to an external PostgreSQL database (managed by CNPG operator).

3. Perses, an observability visualisation dashboard tool (a CNCF Sandbox project), was updated to 0.48.0 with a new Prometheus metric finder, based on the design from Prometheus 3.0. It also got a PieChart panel plugin and numerous enhancements for the Table, ScatterPlot and TracingGanttChart panels. Other features include auto-complete support in the TraceQL query editor and improvements in OAuth support.

4. Kubermatic Kubernetes Platform 2.26 was released. It added the ability to define default and enforced applications for user clusters, webhook backend support for api-server audit logs, customisable fields in Presets, support for custom annotations, Tinkerbell support for the bare-metal provider, Kubernetes v1.30 and v1.31 support, and more.

5. CloudNativePG 1.24.1 was released just yesterday with PostgreSQL 17.0 as its default image. It also introduced the ability to configure the full_page_writes parameter in PostgreSQL, the logs pretty command in the cnpg plugin, and the ability to use custom Docker images in the pgadmin4 plugin.

#news #releases

Operators became an essential part of the Kubernetes ecosystem. There are hundreds of operators today, and you can find most of them at OperatorHub. Interestingly, there is another way to discover them, especially the most popular ones.

awesome-operators repo on GitHub lists 300+ Kubernetes operators and:

1. sorts them by GitHub stars;
2. dismisses the projects with no updates in the last 6 months.

… which proves to be quite useful! The only visible downside is that little additional information on each operator is provided (e.g., no categorisation).

#tools

The “Inside Argo: Automating the Future” movie has been announced; here comes its trailer. This documentary covers the story of the Argo project and features interviews from its founders and current maintainers, the representatives of Akuity, CNCF, CodeFresh by Octopus Deploy, Intuit, and Red Hat. The world premiere will happen during KubeCon NA 2024 on November 14.

P.S. Previously, you could’ve seen documentaries about other significant Cloud Native projects:
- “Kubernetes: The Documentary”: Part 1 (24:54) and Part 2 (31:18)
- “Prometheus: The Documentary” (27:00)
- “Inside Envoy: The Proxy for the Future” (31:49)

#gitops #video #news

Let's start this week with another bunch of interesting Kubernetes-related articles recently spotted online:

1. "Prometheus Architecture Explained: Key Components and Design" by Rayan Slim, Kubernetes Training.

"This article will dive into the Prometheus architecture and explore how its components work together to create a powerful cloud-native monitoring solution."

2. "Replacing StatefulSets With a Custom K8s Operator in Our Postgres Cloud Platform" by Andrew Charlton, Timescale.

"... working with StatefulSets was becoming increasingly painful and preventing us from innovating. In this blog post, we’re sharing how we replaced StatefulSets with our own Kubernetes custom resource and operator, which we called PatroniSets, without a single customer noticing the shift. This move has improved our stability considerably, minimized disruptions to the user, and helped us perform maintenance work that would have been impossible previously."

3. "What is Helm in Kubernetes? A complete guide" by Jake Page & Philip Miglinci, Glasskube.

"Helm architecture; Why use Helm? How does Helm work? What is a Helm chart? Helm tutorial to create a chart and validate it; FAQ’s."

4. "Deploying My Site on Kubernetes with GitHub Actions and ArgoCD" by JKHZ.

"I set up the CI/CD pipeline to automatically build and deploy changes to my site. Tools used: GitHub Actions; Argo; Docker; Kubernetes (K3s); Hetzner as the cloud provider for hosting the Kubernetes cluster."

5. "Enhance Argo CD Observability: A Step-by-Step Guide to Integrating Prometheus Metrics into the UI" by Christian Huth.

"In this guide, we’ll walk you through the steps to set up Prometheus metrics within the Argo CD UI. We’ll cover setting up Prometheus to collect metrics, setting up the Argo CD Metrics Server to connect Argo CD with Prometheus, configuring Argo CD to retrieve metrics from the Argo CD Metrics Server. By the end of this integration, you’ll have a robust monitoring system that provides key insights into your Kubernetes applications."

6. "Automating CI/CD with Tekton: Setting Up GitHub Webhooks for PR Pipelines and automating test cases" by Ambesh Gaunker.

"This Tekton CI/CD pipeline is now ready to automate your GitHub PR workflows. The pipeline listens to GitHub webhooks for PR events and executes the pipeline, with status updates on GitHub showing if the pipeline succeeds or fails."

Enjoy reading & sharing! 🙌

#articles

If you often need to copy files from Kubernetes to work with them locally — this tool might come handy.

pv-mounter is a simple solution to mount Kubernetes PVs (Persistent Volumes) locally using SSHFS. It was born to automate the author’s need to copy files from his K8s cluster at home. Here’s what pv-mounter does:

- Creates a Pod with an SSH daemon, binds it to the existing PVC, creates a port-forward, and mounts the volume locally via SSHFS.
- Supports RWX and RWO volumes. If the RWO volume is mounted already, an ephemeral container and a reverse SSH tunnel are used.
- Comes with security in mind by using temporary SSH keys and minimal privileges for Pods.

▶️ GitHub repo

#tools #storage

Since we covered Perses joining CNCF Sandbox a month ago, several other additions have happened. Here’s a list of new projects recently accepted to Sandbox:

1. Ratify — a framework to integrate scenarios that require the verification of reference artifacts.
Originated in 2021. Written in Go. Sponsored by Deis Labs (Microsoft). 222 ⭐️ Site; GitHub.

2. HAMi — an all-in-one tool designed to manage heterogeneous AI computing devices (from NVIDIA, Cambricon, Hygon, etc.) in Kubernetes.
Originated in 2021. Written in Go. Sponsored by 4paradigm, DaoCloud, Huawei Cloud, and Rise Union. 817 ⭐️ Site; GitHub.

3. Sermant — a proxyless service mesh based on Java bytecode enhancement technology.
Originated in 2021. Written in Java. Sponsored by Huawei. 1214 ⭐️ Site; GitHub.

4. youki — an implementation of container runtime (OCI runtime-spec) in Rust.
Originated in 2021. Written in Rust. Sponsored by Microsoft, Docker, and Red Hat. 6267 ⭐️ Site; GitHub.

5. OpenEBS — a container-native storage platform for stateful persistent applications on Kubernetes. This project has been a Sandbox project since 2019, but then moved to the archive in Feb 2024; now it’s in Sandbox again.
Originated in 2017, Written in Go. Sponsored by DataCore. 8949 ⭐️ Site; GitHub.

6. KAITO — an operator that automates the AI/ML model inference or tuning workload in Kubernetes.
Originated in 2023. Written in Go. Sponsored by Microsoft. 416 ⭐️ GitHub.

7. Kmesh — a high-performance and low overhead service mesh data plane based on eBPF and programmable kernel.
Originated in 2023. Written in Go and C. Sponsored by Huawei. 450 ⭐️ Site; GitHub.

8. OVN-Kubernetes — a robust networking solution for Kubernetes clusters with Open Virtual Networking and Open vSwitch at its core.
Originated in 2016. Written in Go. Sponsored by Red Hat and NVIDIA. 825 ⭐️ Site; GitHub.

#tools #news #cncfprojects

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. KubeBlocks, a control plane to manage databases and other stateful apps on K8s, released the v0.9.1 version, adding support for Loki, Minio, and RabbitMQ. It also introduced PITR and key-based recovery for Redis, backups for ZooKeeper, the ability to start and stop clusters via Cluster API, and improved system recovery and resource management.

2. Altinity Kubernetes Operator for ClickHouse has seen its 0.24 release with fully rewritten ClickHouse Keeper support. It also got an updated Grafana dashboard and now allows managing the PDB behaviour (pdbMaxUnavailable) as well as adding Pod labels in the Helm chart.

3. Azure Service Operator that helps provision Azure resources was updated to v2.10.0. It came with added support for various new resources (including FluxConfiguration for KubernetesConfiguration and ApplicationSecurityGroup for Network), more flexible Helm chart configuration, and other improvements.

4. Kuma, “the multi-zone service mesh for containers, Kubernetes and VMs” (a CNCF Sandbox project), released its 2.9.0 version. The notable changes include a new way to represent services and manage traffic (via MeshService and MeshMultiZoneService resources), a better approach to managing policies by service owners, selective mTLS with a new MeshTLS policy, and more robust transparent proxying.

5. wasmCloud, which enables building, managing, and scaling Wasm apps across clouds, K8s, and edge (a CNCF Sandbox project), was updated to v1.4.0. It relies on the WASI 0.2.2 standard, supports new wasi:config/store, and adds support for wasmCloud-named things for packages.

6. Kata Containers 3.10.0 was released with CDI (Container Device Interface) support in runtime-rs, support for confidential sealed secrets as volume, support for virtio-scsi devices and network device hotplugging in QEMU, and dropped support for the ACRN hypervisor.

7. ko, a container image builder for Go applications (a CNCF Sandbox project), was updated to v0.17.0. This release added a few features, such as setting annotations on image indexes and manifests and specifying the default user for images.

#news #releases

Flatcar became the most recent addition to the CNCF projects, joining it in the Incubating status.

Flatcar Container Linux is a minimal operating system for Kubernetes, which is closely integrated with Cluster API. It originated as a CoreOS Container Linux derivative and was created in Kinvolk (acquired by Microsoft in 2021).

As Andrew Randall (ex-Chief Commercial Officer of Kinvolk) anticipates, “the Flatcar project's entire raison d'être is to provide a vendor-neutral foundation for cloud native applications, and to enable innovation and collaboration on an open, cloud native operating system platform that is governed _by the community, for the community_.”

P.S. In this Reddit comment, you can find a nice comparison of Flatcar vs. Talos.

#news #cncfprojects