OpenCost became the latest CNCF Incubating project.

OpenCost is a FinOps tool used for cost monitoring for Kubernetes workloads and related cloud expenses. The project was originally developed by Kubecost, the company offering an eponymous commercial product based on OpenCost. Two months ago, Kubecost announced being acquired by IBM.

#news #finops #cncfprojects

CNCF announced the list of all KCDs (Kubernetes Community Days) events for the upcoming 2025 year.

This announcement followed a recent update of the KCD program, which included a limitation on the number of events and their participants, as well as required the organisers to apply their submissions for 2025 by this September.

30 KCDs for 2025 were selected (out of 61 submissions) and confirmed. Here they are:

- March: Beijing (China); Guadalajara (Mexico); Rio de Janeiro (Brazil);
- April: Budapest (Hungary); Chennai (India); Auckland (New Zealand);
- May: Helsinki (Finland); San Francisco, Austin, and New York (USA); Seoul (South Korea); Istanbul (Turkey); Heredia (Costa Rica);
- June: Bratislava (Slovakia); Bangalore (India); Antigua Guatemala (Guatemala); Nigeria;
- July: Utrecht (The Netherlands); Taipei (Taiwan); Lima (Perú);
- August: Bogota (Colombia);
- September: Washington DC (USA); Sofia (Bulgaria); San Salvador (El Salvador); Porto (Portugal);
- July-September: Hangzhou (China);
- October: Warsaw (Poland); Colombo (Sri Lanka); Edinburgh (UK);
- December: Geneva (Switzerland).

P.S. A few prominent events from previous years, such as KCD Munich and KCD Zürich, are missing. We should expect similar offline events in these locations under their new names (not KCDs).

#events #news

Two other events-related news:

1. KubeCon + CloudNativeCon North America 2024 is around the corner: it will start in a week (November 12-15)! You can find the full schedule here. Late tickets are still on sale, the keynotes will be live-streamed, and all recordings will be uploaded to YouTube later. The Kube Events website also made a special page listing all social events and parties for this KubeCon.

2. DevOps Stage 2024 is a free online conference on cloud architecture and DevOps. It will happen on November 22nd and feature 16 sessions in 3 streams with speakers from Grafana Labs, Percona, YugabyteDB, Relex, BWI GmbH, and more. Find all the details and register to join it here.

#events #news

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Vitess v21.0.0

Vitess, a database clustering system for horizontal scaling of MySQL (a CNCF Incubating project), announced its v21 release last week. It came with enhanced query compatibility thanks to two experimental features: atomic distributed transactions and recursive Common Table Expressions (CTEs).

This release also brought a reference table materialisation, an experimental mysqlshell engine to run logical backups and restores, a new vexplain trace command to get deeper insights into query execution paths, a new vexplain keys feature to analyse query interactions with schema, multi-metric support in the tablet throttler, and vitess-operator v2.14.0 with Kubernetes v1.31 support and the ability to horizontally scale the VTGate deployment using HPA.

Other noticeable updates in the Cloud Native space:

1. Testcontainers for Go, a Go package for dealing with container-based dependencies for automated tests, was updated to v0.34.0, featuring 5 new modules (etcd, yugabytedb, meilisearch, dynamodb-local, and databend) and a few other improvements.

2. Apache Pulsar, a distributed pub-sub messaging platform, has recently seen its major v4.0.0 release. New features include an enhanced Key_Shared subscription implementation, better QoS controls for multi-tenant deployments, rate limiting for capacity management, and new Alpine-based images with more performant Java 21 runtime.

3. Kapitan, a configuration management tool for Kubernetes, Terraform and more, has released v0.34.0 with experimental support for Reclass Rust and OmegaConf inventory backends, Pydantic-based inventory validation, and support for Python 3.12.

4. Kyverno, a policy engine for Cloud Native platforms (a CNCF Incubating project), released its 1.13 with over 700 changes. They introduce support for verifying container image signatures in the sigstore bundle format, exceptions for ValidatingAdmissionPolicies, a new concept of assertion trees for validation rules, reports for Mutate and Generate rules, custom data in policy reports, removal of wildcard view permissions, and much more.

5. Harbor (a CNCF Graduated project) got its own command-line tool with the release of Harbor CLI v0.0.1. It works on Linux, macOS, and Windows and allows you to manage projects, registries, repositories, artifacts, and users.

6. werf, a CLI tool for implementing CI/CD in Kubernetes (a CNCF Sandbox project), was updated to v2.11.0, which added crane and tzdata to the werf images, werf images for linux/arm64, improved AWS ECR support, and better consistency throughout various commands.

#news #releases

If you’ve ever been puzzled by a need to perform your cloud assets inventory, this tool may greatly help.

cnquery is a CLI tool for querying your entire IT infrastructure based on the cloud instances, bare-metal servers, VMs, containers, and everything related. Here’s what it offers:

- Obtaining information from dozens of targets. They include Linux/macOS/Windows hosts, AWS/Azure/Google Cloud, vSphere/Vagrant, Terraform, Ansible, GitLab/GitHub, and more.
- Vast support for Cloud Native targets: container images and running containers, container registries, Dockerfiles, Kubernetes clusters/nodes/workloads/manifests.
- An opportunity to create your own providers for other resources you have for inventory.
- Running standalone or multiple queries using the MQL language + an interactive shell with auto-completion.
- Generating SBOMs (CycloneDX or SPDX) for given assets.

Language: Go | License: BUSL | 312 ⭐️

▶️ GitHub repo

#tools

KubeCon NA is approaching, and social media is already packed with related posts of the Cloud Native crowd travelling there, meeting each other, etc. Cloud Native Rejekts is the official pre-party featuring lots of great talks that didn’t make it to KubeCon itself. Moreover, these talks are streamed online and available for offline watching afterwards.

Here’s the list of yesterday’s (Nov 10) talks with the links to relevant video moments:

- “Welcome to Cloud Native Rejekts NA 2024!” by Benazir Khan
- “Malicious Compliance Automated: When You Have 4000 Vulnerabilities and only 24 Hours Before Release” by Duffie Cooley, Kyle Quest
- “Ten years of Kubernetes: Building the future” by Lachlan Evenson
- “Images Bite Back -- Dealing with Day 2 Build Issues” by Adrian Mouat
- “A Day in the Life of Kubernetes Release with Tools, Challenges, and Operations” by Meha Bhalodiya
- “Building an Open Source Observability Stack from Raw Telemetry” by Joshua Lee
- “Debug Like a Pro: Ephemeral Containers and Wolfi Linux in Action” by Chad Crowell, Natalie Lunbeck
- “Integrating eBPF superpowers into your observability tooling” by Mauricio Vasquez Bernal, Chris Kuehl
- “Meet the New Kid in the Sandbox - Integrating Visualization with Prometheus” by Eric D. Schabell
- “From Fragile to Resilient: Using Admission Policies to Strengthen Kubernetes” by Marcus Noble
- “Cloud Native Nix!” by Leigh Capili
- “Virtual Machines, Containers, and WebAssembly Face-off” by Danilo (Dan) Chiarlone, Jiaxiao (Joe) Zhou
- “Platform Engineering Loves Security: Shift Down to Your Platform, not Left to Your Developers!” by Mathieu Benoit, Maxime Coquerel

+ You can find 7 more yesterday' talks from another room here.

The schedule for today (Nov 11) is available here. These talks will be streamed via the same YouTube channel. Enjoy!

#video #events

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: containerd 2.0.0

containerd, a well-known container runtime (a CNCF Graduated project), has released its second major version. It brought numerous new features, both stable and experimental. Now, the Transfer service and Sandbox service are stable; NRI (Node Resource Interface), CDI (Container Device Interface), and sandboxed CRI (Container Runtime Interface) are enabled by default.

containerd v2 also features image verifier plugins (for policy enforcement at the image’s pull time), OpenTelemetry environment variable configuration support for built-in tracing plugin, CRI support for user namespaces and recursive read-only mounts. Find more details on the release in the docs and a basic migration guide in this article.

Other significant updates in the Cloud Native space:

1. Open Policy Agent (OPA), a general-purpose policy engine (a CNCF Graduated project), released its v0.70.0, featuring a new optimised read mode for the default in-memory store and a few other improvements.

2. Crossplane, a framework for building Cloud Native control planes (a CNCF Incubating project), delivered v1.18.0 last week. It came with two new alpha features, dependency version upgrade support and package image signature verification with cosign, as well as support for package installation with digests, authenticating private registries, converting to function-environment-configs, and passing credentials to functions in the render function.

3. Envoy Gateway (a CNCF Graduated project) v1.2.0 was released last week, bringing full compatibility with Gateway API v1.2.0. It also introduced the experimental standalone (host deployment) mode, active-passive failover, Response Override and RequestTimeout in BackendTrafficPolicy, session persistence in HTTPRoute, direct response and path regex rewrites in HTTPRouteFilter, JWT claims-based authorisation, a Prometheus metrics endpoint, and more.

4. Istio (a CNCF Graduated project) 1.24.0 arrived with general availability of the ambient mode. It got various enhancements while its core features (ztunnel, waypoints, and APIs) were declared stable. This release also improved the automatic retries, which are now available not only on the client sidecar but on the server sidecar as well.

5. Rook, a Cloud Native storage orchestrator for Kubernetes (a CNCF Graduated project), v1.15.5 introduced an experimental support for pool placements, allowing you to override where bucket data will be stored. Other changes include scheduling OSDs on unschedulable nodes and key rotation support for Vault KMS.

P.S. As a small bonus, the "Sneak peek of Kubernetes v1.32" article was published recently, covering the changes we can expect in the next K8s release (scheduled for December 11th).

#news #releases

A few important news related to the CNCF projects from KubeCon NA 2024 that is happening these days:

1. Dapr (Distributed Application Runtime) is a Graduated project now. This project was first released in 2019 by Microsoft and accepted into the CNCF Incubator in November 2021. Since then, it had 3,700+ individual contributors from 400+ organisations.

2. cert-manager is a Graduated project now. It was created in 2017 at Jetstack and accepted into the CNCF Sandbox in November 2020. It has 450+ contributors now.

3. wasmCloud is an Incubating project now. It emerged in 2020 in Cosmonic and was accepted into the CNCF Sandbox in July 2021. Currently, it has 100+ regular contributors representing 73 companies.

4. The Project Journey Report for Cilium was released. It tells the story of this project since 2016 in numbers and charts, highlighting its growth with over 500,000 total contributions and 4000+ contributors.

#news #cncfprojects

Not visiting KubeCon NA 2024? It has more than 9200 attendees, but don’t feel FOMO if you’re not one of them. Here’s what we have online to stay informed:

- Keynote livestream. The next sessions are on Thu (Nov 14) at 9:00–10:30 AM MST and Fri (Nov 15) at 9:00–10:30 AM MST.
- KubeCon Day One wrap-up in the CNCF blog, which covers the keynotes and lists the first announcements.
- All Cloud Native Rejekts talks from both days.
- The first videos are already appearing on the CNCF YouTube channel as well. Find dozens of talks from the co-located events (ArgoCon, Observability Day, and AI Day) as well as a short Day 1 highlight.

P.S. Obviously, endless social media posts from the event participants are also here. Have a look at the Bluesky feed (perhaps switch to the Latest one) as a vivid example.

#events #news #video

Big software releases from/during KubeCon NA 2024:

1. Jaeger v2, featuring a new architecture based on the OpenTelemetry Collector framework. Announcement; GitHub release.

2. KubeVirt v1.4, bringing network hotplug, common instance types, NUMA topology support, and GPU assignment to GA. Announcement; GitHub release.

3. Keycloak 26 with full support for organisations, TLS server certificates hot-reloading, persistent sessions storage, advanced high availability, and OpenTelemetry tracing. Announcement; GitHub release (note there’s v26.0.5 available already).

4. Prometheus 3.0, introducing new UI, Remote Write 2.0, native histograms, and better OpenTelemetry protocol support. Announcement; GitHub release.

#news #releases #cncfprojects

The full “Inside Argo: Automating the Future” documentary lasts 32 minutes and was uploaded to YouTube just 4 hours ago. Enjoy watching it here.

#video #gitops

Did you know that the CNCF YouTube channel features 300+ videos from KubeCon + CloudNativeCon NA 2024 already? Enjoy watching it, do your best not to be overwhelmed, and share with the community! 😅

KubeCon NA 2024 playlist →

#video #events

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "KubeCon NA 2024 wrap-up: Don’t miss these major CNCF projects’ news" by Dmitry Shurupov, Palark.

I’ve made this overview of the remarkable news unveiled during KubeCon + CloudNativeCon North America 2024, which happened in Salt Lake City, Utah, last week. Please note it focuses strictly on the news and announcements rather than what has been going on around the booths, in-person communication, etc. Still, reading it should help the community stay informed about ongoing changes and trends in the vibrant Cloud Native world.

2. "Multi-Cloud: That's one small step for Temporal, one giant leap for reliability" by Raphaël Beamonte, Temporal.

Temporal Cloud is now a multi-cloud platform. In this post, we’ll explore how we leveraged Temporal’s own capabilities to expand our infrastructure from AWS to Google Cloud, the challenges we faced along the way, and how we solved them using cloud-agnostic workflows. Whether you’re considering a multi-cloud strategy or interested in scaling distributed systems, our experience offers valuable insights into managing complexity while maintaining consistency across cloud providers.

3. "Using Helm Hierarchies in Multi-Source Argo CD Applications for Promoting to Different GitOps Environments" by Kostis Kapelonis, Octopus Deploy.

In this guide, we include several Helm-related topics to consider when adopting GitOps and Argo CD in your organization. We describe:
- The recommended Helm structure for GitOps repositories
- When to use the multi-source feature of Argo CD and when not to use it
- How to create Helm value hierarchies and why this is important
- Common Helm bad practices and misconceptions that people carry over to Argo CD

4. "We’re leaving Kubernetes" by Christian Weichel & Alejandro de Brito Fontes, Gitpod.

This is our journey of experiments, failures and dead-ends building development environments on Kubernetes. Over the years, we experimented with many ideas involving SSDs, PVCs, eBPF, seccomp notify, TC and io_uring, shiftfs, FUSE and idmapped mounts, ranging from microVMs, kubevirt to vCluster. [..] This is the story of how (not) to build development environments in the cloud.

5. "Advanced Kubernetes Pod Concepts That You Should Know as a Beginner" by Ali Hamza.

Advanced pod features, such as multi-container pod patterns, Init Containers, and resource management, can optimize application performance and stability. This article will explain these essential concepts, equipping you with tools to manage and scale containerized applications more effectively.

6. "The Hard Truth about GitOps and Database Rollbacks" by Rotem Tamir, Atlas.

In this post, we show why our existing tools and practices cannot deliver on the GitOps promise of "declarative" and "continuously reconciled" workflows and how we can use the Operator Pattern to build a new solution for robust and safe schema rollbacks.

#articles

Ever heard of a DevSecOps software bundle for air-gapped environments? Here’s a project showcasing what that might be.

Zarf is a tool that implements secure and continuous software delivery on systems not connected to the Internet. To make this possible, various well-known software projects are combined to automate software deployment to Kubernetes. It covers:

- Building, publishing, pulling, and deploying so-called Zarf packages;
- Creating and verifying package signatures (with cosign);
- Generating SBOMs (with Syft);
- Automating performing specific actions against packages during their lifecycle;
- Using various built-in tools, such as Helm, yq, Docker registry, Gitea, and K9s.

P.S. Zarf is an OpenSSF Sandbox project.

Language: Go | License: Apache 2.0 | 1413 ⭐️

▶️ GitHub repo

#tools #security

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Gateway API v1.2

Gateway API is an official Kubernetes project representing the next generation of K8s APIs for ingress, load balancing, and service meshes. In October, it released v1.2, and yesterday its general availability was announced in the Kubernetes blog.

The features graduated to the Gateway API's standard channel include HTTPRoute timeouts, Gateway infrastructure labels and annotations, and backend protocol support (the appProtocol field in the Service and EndpointSlice Kubernetes resources). This release also introduced new experimental features, such as named rules for *Route resources, HTTPRoute retry support and percentage-based mirroring, and enhanced backend TLS configuration.


Other significant updates in the Cloud Native space:

1. OpenShift 4.17 was released and is based on Kubernetes 1.30 and CRI-O 1.30. It brought eBPF manager operator, sigstore signature image verification, support for the DNF package manager, rapid recommendations in Insights Operator, support for multi-architecture compute machines in AWS and GCP, IBM Z and IBM LinuxONE compatibility, and much more.

2. Helm Dashboard, “the missing UI for Helm,” has reached its v2 with 2.0.2, which became its first public release since last summer. The most noticeable change is the frontend migration to ReactJS.

3. VictoriaLogs, a user-friendly database for logs from VictoriaMetrics, went GA with its v1.0.0 release. While it’s identical to v0.42.0 released earlier in November, it anticipates the maturity of VictoriaLogs for production usage and the implementation of all planned features since its initial release 1.5 years ago. Today, it allows ingesting logs from numerous log collectors (including OpenTelemetry Collector, Fluentd, and Vector) and comes with a powerful query language with full-text search and querying CLI. Find more details here.

4. Percona Operator for MongoDB was updated to v1.18.0, introducing support for selective restores from a backup and improved declarative user management. It also allows splitting the replica set of the database cluster over multiple Kubernetes clusters now.

5. Fluent Bit, a lightweight logs and metrics processor (a CNCF Graduated project), announced its v3.2. It features complete YAML support, SIMD support in the JSON encoder, and a new blob data type. New experimental features also bring eBPF and profiles’ signal types (according to the OpenTelemetry Profile specification) to this project.

#news #releases

Prefer working with Kubernetes in your terminal but lack an interactive log viewer? Consider trying out this new tool.

kl is a Kubernetes log viewer. Unlike other well-known solutions (stern and kail), it provides an interactive interface and multi-cluster support. Its other features include:

- Viewing logs across multiple containers, pods, namespaces, and clusters;
- Selecting containers interactively or by their names, labels, and owners;
- Flexible representation and navigation through logs thanks to a single log view, fullscreen mode, toggling line wrap, pausing log stream, etc.;
- Searching for logs by exact or regex matching;
- Saving logs to a local file or clipboard.

Language: Go | License: MIT | 134 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools #cli

In addition to the recently announced Kubernetes Community Days events for 2025, it’s good to know that the Cloud Native community has even more to offer than 30 of them (+ KubeDays + KubeCons). Some well-known European KCDs have been rebranded and will continue to happen in the next year under their new names. Here they are:

* KCD Romania → Cloud Native Days Romania; May 5-6, 2025; website
* KCD Zurich → Cloud Native Zurich; June 11-12, 2025; website
* KCD Munich → Cloud Native Summit Munich; July 21-22, 2025; website

In other related news, the KCD Austria organisers have just uploaded their latest videos from October. Find ~30 talks here.

#events #news

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "I Didn't Need Kubernetes, and You Probably Don't Either" by Ben Houston.

Kubernetes often represents the ultimate solution for container orchestration, but my experience has led me to leave it behind in favor of a simpler, cost-effective solution using Google Cloud Run. This transition has made my infrastructure projects easier to manage, more scalable, and significantly cheaper. Here’s why I made this choice…

2. "Stateful workload operator: stateful systems on Kubernetes at LinkedIn" by Michael Youssef, byzheyi Y., Daniel Cheng (LinkedIn).

In this blog, we present our Stateful Workload Operator, an alternative model to the traditional approach: all stateful applications now share a common operator with a single custom resource, while application-specific customizations are handled by pluggable external policy engines. At LinkedIn, we've inverted the traditional stateful application operator model, providing application owners with a generic building block and a centralized point to manage storage, external integrations, tooling, and other features.

3. "Kubernetes at Mercado Libre" by Juliano Marcos Martins, Marcos Antonio Souza Pinheiro, Marcelo Cordeiro De Quadros (Mercado Libre).

At Mercado Libre, managing over 30,000 microservices and supporting 16,000 developers requires a robust and scalable solution. To address these challenges, we adopted Kubernetes (K8s) as the core engine of our internal platform, Fury. This article explores how Kubernetes streamlined our infrastructure management, accelerated software delivery, and improved cost efficiency, enabling our developers to focus on innovation and product creation.

4. "Understanding Networking in Kubernetes" by Anasloubadi.

Networking in Kubernetes is designed to provide connectivity between containers, pods, and external systems while abstracting complex networking configurations. This article dives into how networking works in Kubernetes, covering its core concepts, architecture, and practical examples.

5. "Simplifying Secret Distribution Across Kubernetes Clusters" by Gianluca Mardente.

To streamline this process and enhance security, you need a solution that allows you to: centralize secret storage (store the secret in a single, secure location); automate secret distribution (automatically deploy the secret to all target clusters). In the following sections, we’ll explore how Sveltos can help you achieve these goals.

6. "FluxCD Azure DevOps OIDC Authentication" by Mohamed Nour.

In this article, I’ll guide you step-by-step through the process of setting up Flux source-controller and image-automation-controller to authenticate against Azure DevOps repositories using OIDC tokens. By the end, you’ll have a robust and automated solution that aligns with modern security best practices and simplifies your CI/CD workflows.

#articles

Here are two important Kubernetes/EKS-related announcements during AWS re:Invent 2024 happening these days (December 2-6):

1. EKS Auto Mode. This new feature “automates compute, storage, and networking management for Kubernetes clusters [any new or existing EKS cluster].” Its main idea is to offload cluster operations to AWS and benefit from improved performance and security of apps as well as optimised compute costs. It’s available today for EKS clusters with Kubernetes 1.29+. It is built on top of Karpenter and is called “possibly the most meaningful since EKS first launched 6 years ago” by some AWSers. Find more details in this announcement.

2. EKS Hybrid Nodes that allow you “to attach your on-premises and edge infrastructure as nodes to EKS clusters in the cloud.” By doing so, you offload managing Kubernetes control planes to EKS and get a centralised hybrid infrastructure, which can also benefit from various AWS services, including monitoring, logging, and identity management. More technical details are available in this blog.

#news #AWS #events

Using Gateway API in your Kubernetes clusters? This CLI tool is very helpful in managing your resources.

gwctl is an experimental feature of the Gateway API project that provides an official way of working with relevant resources. Here’s what it offers today:

- Viewing, creating, and deleting Gateway API resources;
- Getting more detailed information about resources, including related resources, policies, and potential problems;
- Analysing resources before creating them;
- Visualising connections between your Gateway API resources using DOT graph representations.

Language: Go | License: Apache 2 | 39 ⭐️

▶️ GitHub repo

#tools #networking

Our kind reminder about this Awesome DevOps Telegram repo (created by the Kubernative authors). It lists various Telegram channels and groups dedicated to DevOps, SRE, and Platform Engineering, which hugely intersects with the Cloud Native topic. It was updated recently and offers more resources. Enjoy, contribute, and share with other Telegram users! ✨

https://github.com/palark/awesome-devops-telegram