Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: containerd 2.0.0
containerd, a well-known container runtime (a CNCF Graduated project), has released its second major version. It brought numerous new features, both stable and experimental. Now, the Transfer service and Sandbox service are stable; NRI (Node Resource Interface), CDI (Container Device Interface), and sandboxed CRI (Container Runtime Interface) are enabled by default.
containerd v2 also features image verifier plugins (for policy enforcement at the image’s pull time), OpenTelemetry environment variable configuration support for built-in tracing plugin, CRI support for user namespaces and recursive read-only mounts. Find more details on the release in the docs and a basic migration guide in this article.
Other significant updates in the Cloud Native space:
1. Open Policy Agent (OPA), a general-purpose policy engine (a CNCF Graduated project), released its v0.70.0, featuring a new optimised read mode for the default in-memory store and a few other improvements.
2. Crossplane, a framework for building Cloud Native control planes (a CNCF Incubating project), delivered v1.18.0 last week. It came with two new alpha features, dependency version upgrade support and package image signature verification with cosign, as well as support for package installation with digests, authenticating private registries, converting to
3. Envoy Gateway (a CNCF Graduated project) v1.2.0 was released last week, bringing full compatibility with Gateway API v1.2.0. It also introduced the experimental standalone (host deployment) mode, active-passive failover,
4. Istio (a CNCF Graduated project) 1.24.0 arrived with general availability of the ambient mode. It got various enhancements while its core features (ztunnel, waypoints, and APIs) were declared stable. This release also improved the automatic retries, which are now available not only on the client sidecar but on the server sidecar as well.
5. Rook, a Cloud Native storage orchestrator for Kubernetes (a CNCF Graduated project), v1.15.5 introduced an experimental support for pool placements, allowing you to override where bucket data will be stored. Other changes include scheduling OSDs on unschedulable nodes and key rotation support for Vault KMS.
P.S. As a small bonus, the "Sneak peek of Kubernetes v1.32" article was published recently, covering the changes we can expect in the next K8s release (scheduled for December 11th).
#news #releases
Release Spotlight: containerd 2.0.0
containerd, a well-known container runtime (a CNCF Graduated project), has released its second major version. It brought numerous new features, both stable and experimental. Now, the Transfer service and Sandbox service are stable; NRI (Node Resource Interface), CDI (Container Device Interface), and sandboxed CRI (Container Runtime Interface) are enabled by default.
containerd v2 also features image verifier plugins (for policy enforcement at the image’s pull time), OpenTelemetry environment variable configuration support for built-in tracing plugin, CRI support for user namespaces and recursive read-only mounts. Find more details on the release in the docs and a basic migration guide in this article.
Other significant updates in the Cloud Native space:
1. Open Policy Agent (OPA), a general-purpose policy engine (a CNCF Graduated project), released its v0.70.0, featuring a new optimised read mode for the default in-memory store and a few other improvements.
2. Crossplane, a framework for building Cloud Native control planes (a CNCF Incubating project), delivered v1.18.0 last week. It came with two new alpha features, dependency version upgrade support and package image signature verification with cosign, as well as support for package installation with digests, authenticating private registries, converting to
function-environment-configs, and passing credentials to functions in the render function.3. Envoy Gateway (a CNCF Graduated project) v1.2.0 was released last week, bringing full compatibility with Gateway API v1.2.0. It also introduced the experimental standalone (host deployment) mode, active-passive failover,
Response Override and RequestTimeout in BackendTrafficPolicy, session persistence in HTTPRoute, direct response and path regex rewrites in HTTPRouteFilter, JWT claims-based authorisation, a Prometheus metrics endpoint, and more.4. Istio (a CNCF Graduated project) 1.24.0 arrived with general availability of the ambient mode. It got various enhancements while its core features (ztunnel, waypoints, and APIs) were declared stable. This release also improved the automatic retries, which are now available not only on the client sidecar but on the server sidecar as well.
5. Rook, a Cloud Native storage orchestrator for Kubernetes (a CNCF Graduated project), v1.15.5 introduced an experimental support for pool placements, allowing you to override where bucket data will be stored. Other changes include scheduling OSDs on unschedulable nodes and key rotation support for Vault KMS.
P.S. As a small bonus, the "Sneak peek of Kubernetes v1.32" article was published recently, covering the changes we can expect in the next K8s release (scheduled for December 11th).
#news #releases
👍5
A few important news related to the CNCF projects from KubeCon NA 2024 that is happening these days:
1. Dapr (Distributed Application Runtime) is a Graduated project now. This project was first released in 2019 by Microsoft and accepted into the CNCF Incubator in November 2021. Since then, it had 3,700+ individual contributors from 400+ organisations.
2. cert-manager is a Graduated project now. It was created in 2017 at Jetstack and accepted into the CNCF Sandbox in November 2020. It has 450+ contributors now.
3. wasmCloud is an Incubating project now. It emerged in 2020 in Cosmonic and was accepted into the CNCF Sandbox in July 2021. Currently, it has 100+ regular contributors representing 73 companies.
4. The Project Journey Report for Cilium was released. It tells the story of this project since 2016 in numbers and charts, highlighting its growth with over 500,000 total contributions and 4000+ contributors.
#news #cncfprojects
1. Dapr (Distributed Application Runtime) is a Graduated project now. This project was first released in 2019 by Microsoft and accepted into the CNCF Incubator in November 2021. Since then, it had 3,700+ individual contributors from 400+ organisations.
2. cert-manager is a Graduated project now. It was created in 2017 at Jetstack and accepted into the CNCF Sandbox in November 2020. It has 450+ contributors now.
3. wasmCloud is an Incubating project now. It emerged in 2020 in Cosmonic and was accepted into the CNCF Sandbox in July 2021. Currently, it has 100+ regular contributors representing 73 companies.
4. The Project Journey Report for Cilium was released. It tells the story of this project since 2016 in numbers and charts, highlighting its growth with over 500,000 total contributions and 4000+ contributors.
#news #cncfprojects
👍3🔥2
Not visiting KubeCon NA 2024? It has more than 9200 attendees, but don’t feel FOMO if you’re not one of them. Here’s what we have online to stay informed:
- Keynote livestream. The next sessions are on Thu (Nov 14) at 9:00–10:30 AM MST and Fri (Nov 15) at 9:00–10:30 AM MST.
- KubeCon Day One wrap-up in the CNCF blog, which covers the keynotes and lists the first announcements.
- All Cloud Native Rejekts talks from both days.
- The first videos are already appearing on the CNCF YouTube channel as well. Find dozens of talks from the co-located events (ArgoCon, Observability Day, and AI Day) as well as a short Day 1 highlight.
P.S. Obviously, endless social media posts from the event participants are also here. Have a look at the Bluesky feed (perhaps switch to the Latest one) as a vivid example.
#events #news #video
- Keynote livestream. The next sessions are on Thu (Nov 14) at 9:00–10:30 AM MST and Fri (Nov 15) at 9:00–10:30 AM MST.
- KubeCon Day One wrap-up in the CNCF blog, which covers the keynotes and lists the first announcements.
- All Cloud Native Rejekts talks from both days.
- The first videos are already appearing on the CNCF YouTube channel as well. Find dozens of talks from the co-located events (ArgoCon, Observability Day, and AI Day) as well as a short Day 1 highlight.
P.S. Obviously, endless social media posts from the event participants are also here. Have a look at the Bluesky feed (perhaps switch to the Latest one) as a vivid example.
#events #news #video
👍4
Big software releases from/during KubeCon NA 2024:
1. Jaeger v2, featuring a new architecture based on the OpenTelemetry Collector framework. Announcement; GitHub release.
2. KubeVirt v1.4, bringing network hotplug, common instance types, NUMA topology support, and GPU assignment to GA. Announcement; GitHub release.
3. Keycloak 26 with full support for organisations, TLS server certificates hot-reloading, persistent sessions storage, advanced high availability, and OpenTelemetry tracing. Announcement; GitHub release (note there’s v26.0.5 available already).
4. Prometheus 3.0, introducing new UI, Remote Write 2.0, native histograms, and better OpenTelemetry protocol support. Announcement; GitHub release.
#news #releases #cncfprojects
1. Jaeger v2, featuring a new architecture based on the OpenTelemetry Collector framework. Announcement; GitHub release.
2. KubeVirt v1.4, bringing network hotplug, common instance types, NUMA topology support, and GPU assignment to GA. Announcement; GitHub release.
3. Keycloak 26 with full support for organisations, TLS server certificates hot-reloading, persistent sessions storage, advanced high availability, and OpenTelemetry tracing. Announcement; GitHub release (note there’s v26.0.5 available already).
4. Prometheus 3.0, introducing new UI, Remote Write 2.0, native histograms, and better OpenTelemetry protocol support. Announcement; GitHub release.
#news #releases #cncfprojects
❤6
Kubernative by Palark | Kubernetes news and goodies
The “Inside Argo: Automating the Future” movie has been announced; here comes its trailer. This documentary covers the story of the Argo project and features interviews from its founders and current maintainers, the representatives of Akuity, CNCF, CodeFresh…
The full “Inside Argo: Automating the Future” documentary lasts 32 minutes and was uploaded to YouTube just 4 hours ago. Enjoy watching it here.
#video #gitops
#video #gitops
👍3❤1
Did you know that the CNCF YouTube channel features 300+ videos from KubeCon + CloudNativeCon NA 2024 already? Enjoy watching it, do your best not to be overwhelmed, and share with the community! 😅
KubeCon NA 2024 playlist →
#video #events
KubeCon NA 2024 playlist →
#video #events
🔥4👍3
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. "KubeCon NA 2024 wrap-up: Don’t miss these major CNCF projects’ news" by Dmitry Shurupov, Palark.
2. "Multi-Cloud: That's one small step for Temporal, one giant leap for reliability" by Raphaël Beamonte, Temporal.
3. "Using Helm Hierarchies in Multi-Source Argo CD Applications for Promoting to Different GitOps Environments" by Kostis Kapelonis, Octopus Deploy.
4. "We’re leaving Kubernetes" by Christian Weichel & Alejandro de Brito Fontes, Gitpod.
5. "Advanced Kubernetes Pod Concepts That You Should Know as a Beginner" by Ali Hamza.
6. "The Hard Truth about GitOps and Database Rollbacks" by Rotem Tamir, Atlas.
#articles
1. "KubeCon NA 2024 wrap-up: Don’t miss these major CNCF projects’ news" by Dmitry Shurupov, Palark.
I’ve made this overview of the remarkable news unveiled during KubeCon + CloudNativeCon North America 2024, which happened in Salt Lake City, Utah, last week. Please note it focuses strictly on the news and announcements rather than what has been going on around the booths, in-person communication, etc. Still, reading it should help the community stay informed about ongoing changes and trends in the vibrant Cloud Native world.
2. "Multi-Cloud: That's one small step for Temporal, one giant leap for reliability" by Raphaël Beamonte, Temporal.
Temporal Cloud is now a multi-cloud platform. In this post, we’ll explore how we leveraged Temporal’s own capabilities to expand our infrastructure from AWS to Google Cloud, the challenges we faced along the way, and how we solved them using cloud-agnostic workflows. Whether you’re considering a multi-cloud strategy or interested in scaling distributed systems, our experience offers valuable insights into managing complexity while maintaining consistency across cloud providers.
3. "Using Helm Hierarchies in Multi-Source Argo CD Applications for Promoting to Different GitOps Environments" by Kostis Kapelonis, Octopus Deploy.
In this guide, we include several Helm-related topics to consider when adopting GitOps and Argo CD in your organization. We describe:
- The recommended Helm structure for GitOps repositories
- When to use the multi-source feature of Argo CD and when not to use it
- How to create Helm value hierarchies and why this is important
- Common Helm bad practices and misconceptions that people carry over to Argo CD
4. "We’re leaving Kubernetes" by Christian Weichel & Alejandro de Brito Fontes, Gitpod.
This is our journey of experiments, failures and dead-ends building development environments on Kubernetes. Over the years, we experimented with many ideas involving SSDs, PVCs, eBPF, seccomp notify, TC and io_uring, shiftfs, FUSE and idmapped mounts, ranging from microVMs, kubevirt to vCluster. [..] This is the story of how (not) to build development environments in the cloud.
5. "Advanced Kubernetes Pod Concepts That You Should Know as a Beginner" by Ali Hamza.
Advanced pod features, such as multi-container pod patterns, Init Containers, and resource management, can optimize application performance and stability. This article will explain these essential concepts, equipping you with tools to manage and scale containerized applications more effectively.
6. "The Hard Truth about GitOps and Database Rollbacks" by Rotem Tamir, Atlas.
In this post, we show why our existing tools and practices cannot deliver on the GitOps promise of "declarative" and "continuously reconciled" workflows and how we can use the Operator Pattern to build a new solution for robust and safe schema rollbacks.
#articles
👍2❤1
Ever heard of a DevSecOps software bundle for air-gapped environments? Here’s a project showcasing what that might be.
Zarf is a tool that implements secure and continuous software delivery on systems not connected to the Internet. To make this possible, various well-known software projects are combined to automate software deployment to Kubernetes. It covers:
- Building, publishing, pulling, and deploying so-called Zarf packages;
- Creating and verifying package signatures (with cosign);
- Generating SBOMs (with Syft);
- Automating performing specific actions against packages during their lifecycle;
- Using various built-in tools, such as Helm, yq, Docker registry, Gitea, and K9s.
P.S. Zarf is an OpenSSF Sandbox project.
Language: Go | License: Apache 2.0 | 1413 ⭐️
▶️ GitHub repo
#tools #security
Zarf is a tool that implements secure and continuous software delivery on systems not connected to the Internet. To make this possible, various well-known software projects are combined to automate software deployment to Kubernetes. It covers:
- Building, publishing, pulling, and deploying so-called Zarf packages;
- Creating and verifying package signatures (with cosign);
- Generating SBOMs (with Syft);
- Automating performing specific actions against packages during their lifecycle;
- Using various built-in tools, such as Helm, yq, Docker registry, Gitea, and K9s.
P.S. Zarf is an OpenSSF Sandbox project.
Language: Go | License: Apache 2.0 | 1413 ⭐️
▶️ GitHub repo
#tools #security
👍4❤1
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: Gateway API v1.2
Gateway API is an official Kubernetes project representing the next generation of K8s APIs for ingress, load balancing, and service meshes. In October, it released v1.2, and yesterday its general availability was announced in the Kubernetes blog.
The features graduated to the Gateway API's standard channel include HTTPRoute timeouts, Gateway infrastructure labels and annotations, and backend protocol support (the
Other significant updates in the Cloud Native space:
1. OpenShift 4.17 was released and is based on Kubernetes 1.30 and CRI-O 1.30. It brought eBPF manager operator, sigstore signature image verification, support for the DNF package manager, rapid recommendations in Insights Operator, support for multi-architecture compute machines in AWS and GCP, IBM Z and IBM LinuxONE compatibility, and much more.
2. Helm Dashboard, “the missing UI for Helm,” has reached its v2 with 2.0.2, which became its first public release since last summer. The most noticeable change is the frontend migration to ReactJS.
3. VictoriaLogs, a user-friendly database for logs from VictoriaMetrics, went GA with its v1.0.0 release. While it’s identical to v0.42.0 released earlier in November, it anticipates the maturity of VictoriaLogs for production usage and the implementation of all planned features since its initial release 1.5 years ago. Today, it allows ingesting logs from numerous log collectors (including OpenTelemetry Collector, Fluentd, and Vector) and comes with a powerful query language with full-text search and querying CLI. Find more details here.
4. Percona Operator for MongoDB was updated to v1.18.0, introducing support for selective restores from a backup and improved declarative user management. It also allows splitting the replica set of the database cluster over multiple Kubernetes clusters now.
5. Fluent Bit, a lightweight logs and metrics processor (a CNCF Graduated project), announced its v3.2. It features complete YAML support, SIMD support in the JSON encoder, and a new
#news #releases
Release Spotlight: Gateway API v1.2
Gateway API is an official Kubernetes project representing the next generation of K8s APIs for ingress, load balancing, and service meshes. In October, it released v1.2, and yesterday its general availability was announced in the Kubernetes blog.
The features graduated to the Gateway API's standard channel include HTTPRoute timeouts, Gateway infrastructure labels and annotations, and backend protocol support (the
appProtocol field in the Service and EndpointSlice Kubernetes resources). This release also introduced new experimental features, such as named rules for *Route resources, HTTPRoute retry support and percentage-based mirroring, and enhanced backend TLS configuration.Other significant updates in the Cloud Native space:
1. OpenShift 4.17 was released and is based on Kubernetes 1.30 and CRI-O 1.30. It brought eBPF manager operator, sigstore signature image verification, support for the DNF package manager, rapid recommendations in Insights Operator, support for multi-architecture compute machines in AWS and GCP, IBM Z and IBM LinuxONE compatibility, and much more.
2. Helm Dashboard, “the missing UI for Helm,” has reached its v2 with 2.0.2, which became its first public release since last summer. The most noticeable change is the frontend migration to ReactJS.
3. VictoriaLogs, a user-friendly database for logs from VictoriaMetrics, went GA with its v1.0.0 release. While it’s identical to v0.42.0 released earlier in November, it anticipates the maturity of VictoriaLogs for production usage and the implementation of all planned features since its initial release 1.5 years ago. Today, it allows ingesting logs from numerous log collectors (including OpenTelemetry Collector, Fluentd, and Vector) and comes with a powerful query language with full-text search and querying CLI. Find more details here.
4. Percona Operator for MongoDB was updated to v1.18.0, introducing support for selective restores from a backup and improved declarative user management. It also allows splitting the replica set of the database cluster over multiple Kubernetes clusters now.
5. Fluent Bit, a lightweight logs and metrics processor (a CNCF Graduated project), announced its v3.2. It features complete YAML support, SIMD support in the JSON encoder, and a new
blob data type. New experimental features also bring eBPF and profiles’ signal types (according to the OpenTelemetry Profile specification) to this project.#news #releases
👍2❤1
Prefer working with Kubernetes in your terminal but lack an interactive log viewer? Consider trying out this new tool.
kl is a Kubernetes log viewer. Unlike other well-known solutions (stern and kail), it provides an interactive interface and multi-cluster support. Its other features include:
- Viewing logs across multiple containers, pods, namespaces, and clusters;
- Selecting containers interactively or by their names, labels, and owners;
- Flexible representation and navigation through logs thanks to a single log view, fullscreen mode, toggling line wrap, pausing log stream, etc.;
- Searching for logs by exact or regex matching;
- Saving logs to a local file or clipboard.
Language: Go | License: MIT | 134 ⭐️
▶️ GitHub repo
📢 Reddit announcement
#tools #cli
kl is a Kubernetes log viewer. Unlike other well-known solutions (stern and kail), it provides an interactive interface and multi-cluster support. Its other features include:
- Viewing logs across multiple containers, pods, namespaces, and clusters;
- Selecting containers interactively or by their names, labels, and owners;
- Flexible representation and navigation through logs thanks to a single log view, fullscreen mode, toggling line wrap, pausing log stream, etc.;
- Searching for logs by exact or regex matching;
- Saving logs to a local file or clipboard.
Language: Go | License: MIT | 134 ⭐️
▶️ GitHub repo
📢 Reddit announcement
#tools #cli
👍2❤1
In addition to the recently announced Kubernetes Community Days events for 2025, it’s good to know that the Cloud Native community has even more to offer than 30 of them (+ KubeDays + KubeCons). Some well-known European KCDs have been rebranded and will continue to happen in the next year under their new names. Here they are:
* KCD Romania → Cloud Native Days Romania; May 5-6, 2025; website
* KCD Zurich → Cloud Native Zurich; June 11-12, 2025; website
* KCD Munich → Cloud Native Summit Munich; July 21-22, 2025; website
In other related news, the KCD Austria organisers have just uploaded their latest videos from October. Find ~30 talks here.
#events #news
* KCD Romania → Cloud Native Days Romania; May 5-6, 2025; website
* KCD Zurich → Cloud Native Zurich; June 11-12, 2025; website
* KCD Munich → Cloud Native Summit Munich; July 21-22, 2025; website
In other related news, the KCD Austria organisers have just uploaded their latest videos from October. Find ~30 talks here.
#events #news
❤2
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. "I Didn't Need Kubernetes, and You Probably Don't Either" by Ben Houston.
2. "Stateful workload operator: stateful systems on Kubernetes at LinkedIn" by Michael Youssef, byzheyi Y., Daniel Cheng (LinkedIn).
3. "Kubernetes at Mercado Libre" by Juliano Marcos Martins, Marcos Antonio Souza Pinheiro, Marcelo Cordeiro De Quadros (Mercado Libre).
4. "Understanding Networking in Kubernetes" by Anasloubadi.
5. "Simplifying Secret Distribution Across Kubernetes Clusters" by Gianluca Mardente.
6. "FluxCD Azure DevOps OIDC Authentication" by Mohamed Nour.
#articles
1. "I Didn't Need Kubernetes, and You Probably Don't Either" by Ben Houston.
Kubernetes often represents the ultimate solution for container orchestration, but my experience has led me to leave it behind in favor of a simpler, cost-effective solution using Google Cloud Run. This transition has made my infrastructure projects easier to manage, more scalable, and significantly cheaper. Here’s why I made this choice…
2. "Stateful workload operator: stateful systems on Kubernetes at LinkedIn" by Michael Youssef, byzheyi Y., Daniel Cheng (LinkedIn).
In this blog, we present our Stateful Workload Operator, an alternative model to the traditional approach: all stateful applications now share a common operator with a single custom resource, while application-specific customizations are handled by pluggable external policy engines. At LinkedIn, we've inverted the traditional stateful application operator model, providing application owners with a generic building block and a centralized point to manage storage, external integrations, tooling, and other features.
3. "Kubernetes at Mercado Libre" by Juliano Marcos Martins, Marcos Antonio Souza Pinheiro, Marcelo Cordeiro De Quadros (Mercado Libre).
At Mercado Libre, managing over 30,000 microservices and supporting 16,000 developers requires a robust and scalable solution. To address these challenges, we adopted Kubernetes (K8s) as the core engine of our internal platform, Fury. This article explores how Kubernetes streamlined our infrastructure management, accelerated software delivery, and improved cost efficiency, enabling our developers to focus on innovation and product creation.
4. "Understanding Networking in Kubernetes" by Anasloubadi.
Networking in Kubernetes is designed to provide connectivity between containers, pods, and external systems while abstracting complex networking configurations. This article dives into how networking works in Kubernetes, covering its core concepts, architecture, and practical examples.
5. "Simplifying Secret Distribution Across Kubernetes Clusters" by Gianluca Mardente.
To streamline this process and enhance security, you need a solution that allows you to: centralize secret storage (store the secret in a single, secure location); automate secret distribution (automatically deploy the secret to all target clusters). In the following sections, we’ll explore how Sveltos can help you achieve these goals.
6. "FluxCD Azure DevOps OIDC Authentication" by Mohamed Nour.
In this article, I’ll guide you step-by-step through the process of setting up Flux source-controller and image-automation-controller to authenticate against Azure DevOps repositories using OIDC tokens. By the end, you’ll have a robust and automated solution that aligns with modern security best practices and simplifies your CI/CD workflows.
#articles
👍5
Here are two important Kubernetes/EKS-related announcements during AWS re:Invent 2024 happening these days (December 2-6):
1. EKS Auto Mode. This new feature “automates compute, storage, and networking management for Kubernetes clusters [any new or existing EKS cluster].” Its main idea is to offload cluster operations to AWS and benefit from improved performance and security of apps as well as optimised compute costs. It’s available today for EKS clusters with Kubernetes 1.29+. It is built on top of Karpenter and is called “possibly the most meaningful since EKS first launched 6 years ago” by some AWSers. Find more details in this announcement.
2. EKS Hybrid Nodes that allow you “to attach your on-premises and edge infrastructure as nodes to EKS clusters in the cloud.” By doing so, you offload managing Kubernetes control planes to EKS and get a centralised hybrid infrastructure, which can also benefit from various AWS services, including monitoring, logging, and identity management. More technical details are available in this blog.
#news #AWS #events
1. EKS Auto Mode. This new feature “automates compute, storage, and networking management for Kubernetes clusters [any new or existing EKS cluster].” Its main idea is to offload cluster operations to AWS and benefit from improved performance and security of apps as well as optimised compute costs. It’s available today for EKS clusters with Kubernetes 1.29+. It is built on top of Karpenter and is called “possibly the most meaningful since EKS first launched 6 years ago” by some AWSers. Find more details in this announcement.
2. EKS Hybrid Nodes that allow you “to attach your on-premises and edge infrastructure as nodes to EKS clusters in the cloud.” By doing so, you offload managing Kubernetes control planes to EKS and get a centralised hybrid infrastructure, which can also benefit from various AWS services, including monitoring, logging, and identity management. More technical details are available in this blog.
#news #AWS #events
👍5
Using Gateway API in your Kubernetes clusters? This CLI tool is very helpful in managing your resources.
gwctl is an experimental feature of the Gateway API project that provides an official way of working with relevant resources. Here’s what it offers today:
- Viewing, creating, and deleting Gateway API resources;
- Getting more detailed information about resources, including related resources, policies, and potential problems;
- Analysing resources before creating them;
- Visualising connections between your Gateway API resources using DOT graph representations.
Language: Go | License: Apache 2 | 39 ⭐️
▶️ GitHub repo
#tools #networking
gwctl is an experimental feature of the Gateway API project that provides an official way of working with relevant resources. Here’s what it offers today:
- Viewing, creating, and deleting Gateway API resources;
- Getting more detailed information about resources, including related resources, policies, and potential problems;
- Analysing resources before creating them;
- Visualising connections between your Gateway API resources using DOT graph representations.
Language: Go | License: Apache 2 | 39 ⭐️
▶️ GitHub repo
#tools #networking
👍4
Our kind reminder about this Awesome DevOps Telegram repo (created by the Kubernative authors). It lists various Telegram channels and groups dedicated to DevOps, SRE, and Platform Engineering, which hugely intersects with the Cloud Native topic. It was updated recently and offers more resources. Enjoy, contribute, and share with other Telegram users! ✨
https://github.com/palark/awesome-devops-telegram
https://github.com/palark/awesome-devops-telegram
GitHub
GitHub - palark/awesome-devops-telegram: Telegram channels & groups about DevOps, SRE, and Platform Engineering.
Telegram channels & groups about DevOps, SRE, and Platform Engineering. - palark/awesome-devops-telegram
🎉2❤1
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
1. Kubermatic released a new version of KubeOne, its solution to automate Kubernetes cluster operations throughout various environments, v1.9.0. It brought a technical preview of KubeOne UI, an initial implementation of the KubeVirt provider, new
2. Thanos, a highly available Prometheus setup with long-term storage (a CNCF Incubating project), was updated to v0.37.0. It came with a new replication protocol (using Cap'n Proto) for Receivers, hedged requests support and metadata API limit in Store, native histograms for client latency metrics and an ability to do concurrent rule evaluations in Ruler, and much more.
3. Harvester, a hyperconverged infrastructure (HCI) solution from SUSE built on Kubernetes, has seen its v1.4.0 with lots of new features. It introduced experimental support for local storage (via harvester-csi-driver-lvm add-on), Longhorn V2 data engine, and volume encryption and decryption. Other new features include third-party storage for diskless servers, read-write-many (RWX) volumes for guest cluster workloads, scheduled VM backups and snapshots, USB passthrough, and CPU pinning.
4. Woodpecker CI/CD engine was updated to 2.8.0, which added more flexible PR approval options and a full support for Windows containers in Docker backend.
5. External Secrets Operator (a CNCF Sandbox project) issued its v0.11.0, featuring a new way of reconciling external secrets, which significantly reduces the number of API calls. It also introduced caching for ClusterGenerators and Generator as well as CRD validation for all resources.
6. Falcosidekick, which connects Falco (a cloud native runtime security tool, a CNCF Graduated project) to your ecosystem, was updated to 2.30.0, with three new outputs (Webex, OTLP Metrics, and Datadog Logs), significantly improved throughput, better integration with Elasticsearch, and better consistency for Prometheus metrics.
7. Perses, a dashboard tool for visualising observability data (recently accepted to the CNCF Sandbox), released the first public version of its Kubernetes operator, v0.1.0. Being in its alpha, Perses operator currently lacks documentation, yet its README provides a brief instruction for trying it out.
#news #releases
1. Kubermatic released a new version of KubeOne, its solution to automate Kubernetes cluster operations throughout various environments, v1.9.0. It brought a technical preview of KubeOne UI, an initial implementation of the KubeVirt provider, new
kubeone kubeconfig generate command, Kubernetes 1.31 and Ubuntu 24.04 support, and Cilium v1.16.2. Thanos, a highly available Prometheus setup with long-term storage (a CNCF Incubating project), was updated to v0.37.0. It came with a new replication protocol (using Cap'n Proto) for Receivers, hedged requests support and metadata API limit in Store, native histograms for client latency metrics and an ability to do concurrent rule evaluations in Ruler, and much more.
3. Harvester, a hyperconverged infrastructure (HCI) solution from SUSE built on Kubernetes, has seen its v1.4.0 with lots of new features. It introduced experimental support for local storage (via harvester-csi-driver-lvm add-on), Longhorn V2 data engine, and volume encryption and decryption. Other new features include third-party storage for diskless servers, read-write-many (RWX) volumes for guest cluster workloads, scheduled VM backups and snapshots, USB passthrough, and CPU pinning.
4. Woodpecker CI/CD engine was updated to 2.8.0, which added more flexible PR approval options and a full support for Windows containers in Docker backend.
5. External Secrets Operator (a CNCF Sandbox project) issued its v0.11.0, featuring a new way of reconciling external secrets, which significantly reduces the number of API calls. It also introduced caching for ClusterGenerators and Generator as well as CRD validation for all resources.
6. Falcosidekick, which connects Falco (a cloud native runtime security tool, a CNCF Graduated project) to your ecosystem, was updated to 2.30.0, with three new outputs (Webex, OTLP Metrics, and Datadog Logs), significantly improved throughput, better integration with Elasticsearch, and better consistency for Prometheus metrics.
7. Perses, a dashboard tool for visualising observability data (recently accepted to the CNCF Sandbox), released the first public version of its Kubernetes operator, v0.1.0. Being in its alpha, Perses operator currently lacks documentation, yet its README provides a brief instruction for trying it out.
#news #releases
🔥4
Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:
1. "How Kubernetes Uses VXLAN for Overlay Networking" by Matthew Mattox.
2. "Deep Dive into Kubernetes CPU Usage, Requests, and Limits" by John Tucker.
3. "Platform Engineering at KubeCon NA 2024 in Salt Lake City" by Mathieu Benoit, a CNCF Ambassador.
4. "Building your own service mesh" by Daniel Finneran, Isovalent.
5. "Kubernetes configuration linting tools" by Brian Grant.
6. "How We Integrated Native macOS Workloads with Kubernetes" by Vitalii Horbachov, Agoda.
#articles
1. "How Kubernetes Uses VXLAN for Overlay Networking" by Matthew Mattox.
Kubernetes needs to create a virtual network that connects pods across multiple nodes seamlessly. Since these pods reside in isolated networks, overlay networks—like those implemented with VXLAN—allow them to communicate over a physical Layer 3 infrastructure. In this post, we explore how Kubernetes uses VXLAN to build an overlay network, enabling communication between pods across nodes.
2. "Deep Dive into Kubernetes CPU Usage, Requests, and Limits" by John Tucker.
From this fairly long article, we can draw some conclusions:
* It is important to have at least as many threads as the CPU requests in a workload.
* It is a good practice to set a container’s limits equal to it requests.
3. "Platform Engineering at KubeCon NA 2024 in Salt Lake City" by Mathieu Benoit, a CNCF Ambassador.
Like always, I met with old friends, I made new friends and I had deep conversations around Platform Engineering and Cloud Native in general. [..] here is what we will cover throughout this blog post: tl,dr; General announcements; Cloud Native Rejekts; TAG App Delivery; Platform Engineering Day; ArgoCon; AppDeveloperCon, WasmCon, OpenTofu Day, BackstageCon; OpenShift Commons; KubeCon; Score & Humanitec; Next events; Others’s KubeCon recaps.
4. "Building your own service mesh" by Daniel Finneran, Isovalent.
There are a bunch of components that we will need to implement in order for us to implement the “service mesh” type behaviour. Most service meshes implement a heck of a lot more, we’re exploring the basics needed to implement it.
5. "Kubernetes configuration linting tools" by Brian Grant.
There are a number of different Kubernetes configuration validation tools for different needs and preferences. If you don’t use Trivy, Kubescape, or Checkov, you may want to check them out.
6. "How We Integrated Native macOS Workloads with Kubernetes" by Vitalii Horbachov, Agoda.
Today, we’re excited to unveil the open-sourcing of a significant part of our latest successful venture in the Apple Infrastructure world: macOS Virtualization Kubelet (macOS-vz-Kubelet). This project represents a paradigm shift in managing and utilizing macOS infrastructure, replacing our older approach with a modern, scalable solution that harnesses the power of Apple Silicon and Kubernetes.
#articles
👍5🔥1
Thought of reducing your carbon footprint or costs by sending your Kubernetes environments to sleep when not used? Consider this operator.
Snorlax is a K8s operator that allows you to define when your Kubernetes deployments should be running. Its features include:
- Defining the wake & sleep time of the day (no crontab-style support at the moment) for deployments;
- Displaying a temporary page while the needed deployment is waking up;
- Leaving deployments awake if a user request is received during the sleep time;
- Ignoring AWS ELB health checks to avoid waking up deployments for no reason.
Language: Go | License: Apache 2 | 186 ⭐️
▶️ GitHub repo
P.S. Previously, we also covered the sleepcycles project, which has a similar idea.
#tools
Snorlax is a K8s operator that allows you to define when your Kubernetes deployments should be running. Its features include:
- Defining the wake & sleep time of the day (no crontab-style support at the moment) for deployments;
- Displaying a temporary page while the needed deployment is waking up;
- Leaving deployments awake if a user request is received during the sleep time;
- Ignoring AWS ELB health checks to avoid waking up deployments for no reason.
Language: Go | License: Apache 2 | 186 ⭐️
▶️ GitHub repo
P.S. Previously, we also covered the sleepcycles project, which has a similar idea.
#tools
👍2❤1
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
Release Spotlight: Kubernetes v1.32
Released on December 11th and codenamed “Penelope,” the latest Kubernetes release brings 44 enhancements (13 stable, 12 beta, and 19 alpha). Its new Alpha features include asynchronous preemption in the scheduler, mutating admission policies via CEL expressions, Pod-level resource specifications, zero sleep duration for PreStop hooks, new
Some of the features promoted to stable are Structured Authorization Configuration, Custom Resource field selectors, auto-removal of PVCs created by StatefulSet, and Load Balancer IP mode for Services.
Other noticeable updates in the Cloud Native space:
1. Linkerd (a CNCF Graduated project) has released its 2.17, introducing visibility and control for egress traffic leaving the Kubernetes cluster from meshed pods, rate limiting to protect services from being overloaded, and federated services to unite logically the replicas of the same service across multiple clusters.
2. Jaeger (a CNCF Graduated project) has seen its first update since releasing v2 — v2.1.0. It came with an experimental script for metrics markdown table, Cassandra DB schema creation on session initialisation, and read path implementation for the v2 storage interface.
3. Kubeflow, a CNCF Incubating project simplifying deployments of ML workflows on Kubernetes, released its Spark Operator v2.1.0. It brought support for pod template for Spark 3.x applications, updated the default container security context, and added more configurable options.
4. Headlamp, a Kubernetes user interface (a CNCF Sandbox project), was updated to 0.27.0 with numerous additions. They include new global search, bulk resource deletion, adding a Create button to different resource list views, and leveraging cached objects when rendering their details.
5. Coroot, an Open Source observability & APM tool, released v1.6, adding multi-tenancy mode, Kubernetes operator, high availability, and OpenShift support.
#news #releases
Release Spotlight: Kubernetes v1.32
Released on December 11th and codenamed “Penelope,” the latest Kubernetes release brings 44 enhancements (13 stable, 12 beta, and 19 alpha). Its new Alpha features include asynchronous preemption in the scheduler, mutating admission policies via CEL expressions, Pod-level resource specifications, zero sleep duration for PreStop hooks, new
statusz and flagz endpoints for core components, and graceful shutdowns of Windows nodes.Some of the features promoted to stable are Structured Authorization Configuration, Custom Resource field selectors, auto-removal of PVCs created by StatefulSet, and Load Balancer IP mode for Services.
Other noticeable updates in the Cloud Native space:
1. Linkerd (a CNCF Graduated project) has released its 2.17, introducing visibility and control for egress traffic leaving the Kubernetes cluster from meshed pods, rate limiting to protect services from being overloaded, and federated services to unite logically the replicas of the same service across multiple clusters.
2. Jaeger (a CNCF Graduated project) has seen its first update since releasing v2 — v2.1.0. It came with an experimental script for metrics markdown table, Cassandra DB schema creation on session initialisation, and read path implementation for the v2 storage interface.
3. Kubeflow, a CNCF Incubating project simplifying deployments of ML workflows on Kubernetes, released its Spark Operator v2.1.0. It brought support for pod template for Spark 3.x applications, updated the default container security context, and added more configurable options.
4. Headlamp, a Kubernetes user interface (a CNCF Sandbox project), was updated to 0.27.0 with numerous additions. They include new global search, bulk resource deletion, adding a Create button to different resource list views, and leveraging cached objects when rendering their details.
5. Coroot, an Open Source observability & APM tool, released v1.6, adding multi-tenancy mode, Kubernetes operator, high availability, and OpenShift support.
#news #releases
❤4
Don’t fancy endless
kftray is a tool for simplifying Kubernetes port-forwarding settings. It interacts with the Kubernetes API directly (not relying on
- Simple (“one-click”) configuration for several port-forwarding instances;
- Access to internal or external servers using the kftray’s proxy relay server deployed in your Kubernetes cluster, with TCP and UDP port forwarding support;
- Automatic reconnection to the Pod when it dies;
- Desktop app-only features: HTTP logs support and storing your configurations on GitHub.
Language: Rust | License: GPL 3 | 877 ⭐️
▶️ GitHub repo
📢 Reddit announcement
#tools #networking #gui
kubectl port-forward commands and manual reconnections when your Pod dies? This nice GUI is to the rescue!kftray is a tool for simplifying Kubernetes port-forwarding settings. It interacts with the Kubernetes API directly (not relying on
kubectl) and offers two interfaces: desktop (kftray) and terminal (kftui). Its features include:- Simple (“one-click”) configuration for several port-forwarding instances;
- Access to internal or external servers using the kftray’s proxy relay server deployed in your Kubernetes cluster, with TCP and UDP port forwarding support;
- Automatic reconnection to the Pod when it dies;
- Desktop app-only features: HTTP logs support and storing your configurations on GitHub.
Language: Rust | License: GPL 3 | 877 ⭐️
▶️ GitHub repo
📢 Reddit announcement
#tools #networking #gui
👍5❤3🔥1
Following the recent Kubernetes v1.32 release (see this digest), the project's blog has seen several posts covering some of the significant changes. It might be a good read for the festive season!
1. “QueueingHint Brings a New Possibility to Optimize Pod Scheduling”: “[..] a QueueingHint subscribes to a particular kind of cluster event, and make a decision about whether each incoming event could make the Pod schedulable.”
2. “Memory Manager Goes GA”: “[..] the memory manager provides topology hints to optimize memory allocation and alignment. This enables users to allocate exclusive memory for Pods in the Guaranteed QoS class.”
3. “A New CPU Manager Static Policy Option For Strict CPU Reservation”: “When this new strict-cpu-reservation policy option is enabled, the CPU Manager static policy will not allow any workload to use the reserved system CPU cores.”
4. “Moving Volume Group Snapshots to Beta”: “Behind the scenes, Kubernetes uses a label selector to group multiple PersistentVolumeClaims for snapshotting. A key aim is to allow you restore that set of snapshots to new volumes and recover your workload based on a crash consistent recovery point.”
#news #articles
1. “QueueingHint Brings a New Possibility to Optimize Pod Scheduling”: “[..] a QueueingHint subscribes to a particular kind of cluster event, and make a decision about whether each incoming event could make the Pod schedulable.”
2. “Memory Manager Goes GA”: “[..] the memory manager provides topology hints to optimize memory allocation and alignment. This enables users to allocate exclusive memory for Pods in the Guaranteed QoS class.”
3. “A New CPU Manager Static Policy Option For Strict CPU Reservation”: “When this new strict-cpu-reservation policy option is enabled, the CPU Manager static policy will not allow any workload to use the reserved system CPU cores.”
4. “Moving Volume Group Snapshots to Beta”: “Behind the scenes, Kubernetes uses a label selector to group multiple PersistentVolumeClaims for snapshotting. A key aim is to allow you restore that set of snapshots to new volumes and recover your workload based on a crash consistent recovery point.”
#news #articles
👍3