The full “Inside Argo: Automating the Future” documentary lasts 32 minutes and was uploaded to YouTube just 4 hours ago. Enjoy watching it here.

#video #gitops

Did you know that the CNCF YouTube channel features 300+ videos from KubeCon + CloudNativeCon NA 2024 already? Enjoy watching it, do your best not to be overwhelmed, and share with the community! 😅

KubeCon NA 2024 playlist →

#video #events

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "KubeCon NA 2024 wrap-up: Don’t miss these major CNCF projects’ news" by Dmitry Shurupov, Palark.

I’ve made this overview of the remarkable news unveiled during KubeCon + CloudNativeCon North America 2024, which happened in Salt Lake City, Utah, last week. Please note it focuses strictly on the news and announcements rather than what has been going on around the booths, in-person communication, etc. Still, reading it should help the community stay informed about ongoing changes and trends in the vibrant Cloud Native world.

2. "Multi-Cloud: That's one small step for Temporal, one giant leap for reliability" by Raphaël Beamonte, Temporal.

Temporal Cloud is now a multi-cloud platform. In this post, we’ll explore how we leveraged Temporal’s own capabilities to expand our infrastructure from AWS to Google Cloud, the challenges we faced along the way, and how we solved them using cloud-agnostic workflows. Whether you’re considering a multi-cloud strategy or interested in scaling distributed systems, our experience offers valuable insights into managing complexity while maintaining consistency across cloud providers.

3. "Using Helm Hierarchies in Multi-Source Argo CD Applications for Promoting to Different GitOps Environments" by Kostis Kapelonis, Octopus Deploy.

In this guide, we include several Helm-related topics to consider when adopting GitOps and Argo CD in your organization. We describe:
- The recommended Helm structure for GitOps repositories
- When to use the multi-source feature of Argo CD and when not to use it
- How to create Helm value hierarchies and why this is important
- Common Helm bad practices and misconceptions that people carry over to Argo CD

4. "We’re leaving Kubernetes" by Christian Weichel & Alejandro de Brito Fontes, Gitpod.

This is our journey of experiments, failures and dead-ends building development environments on Kubernetes. Over the years, we experimented with many ideas involving SSDs, PVCs, eBPF, seccomp notify, TC and io_uring, shiftfs, FUSE and idmapped mounts, ranging from microVMs, kubevirt to vCluster. [..] This is the story of how (not) to build development environments in the cloud.

5. "Advanced Kubernetes Pod Concepts That You Should Know as a Beginner" by Ali Hamza.

Advanced pod features, such as multi-container pod patterns, Init Containers, and resource management, can optimize application performance and stability. This article will explain these essential concepts, equipping you with tools to manage and scale containerized applications more effectively.

6. "The Hard Truth about GitOps and Database Rollbacks" by Rotem Tamir, Atlas.

In this post, we show why our existing tools and practices cannot deliver on the GitOps promise of "declarative" and "continuously reconciled" workflows and how we can use the Operator Pattern to build a new solution for robust and safe schema rollbacks.

#articles

Ever heard of a DevSecOps software bundle for air-gapped environments? Here’s a project showcasing what that might be.

Zarf is a tool that implements secure and continuous software delivery on systems not connected to the Internet. To make this possible, various well-known software projects are combined to automate software deployment to Kubernetes. It covers:

- Building, publishing, pulling, and deploying so-called Zarf packages;
- Creating and verifying package signatures (with cosign);
- Generating SBOMs (with Syft);
- Automating performing specific actions against packages during their lifecycle;
- Using various built-in tools, such as Helm, yq, Docker registry, Gitea, and K9s.

P.S. Zarf is an OpenSSF Sandbox project.

Language: Go | License: Apache 2.0 | 1413 ⭐️

▶️ GitHub repo

#tools #security

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Gateway API v1.2

Gateway API is an official Kubernetes project representing the next generation of K8s APIs for ingress, load balancing, and service meshes. In October, it released v1.2, and yesterday its general availability was announced in the Kubernetes blog.

The features graduated to the Gateway API's standard channel include HTTPRoute timeouts, Gateway infrastructure labels and annotations, and backend protocol support (the appProtocol field in the Service and EndpointSlice Kubernetes resources). This release also introduced new experimental features, such as named rules for *Route resources, HTTPRoute retry support and percentage-based mirroring, and enhanced backend TLS configuration.


Other significant updates in the Cloud Native space:

1. OpenShift 4.17 was released and is based on Kubernetes 1.30 and CRI-O 1.30. It brought eBPF manager operator, sigstore signature image verification, support for the DNF package manager, rapid recommendations in Insights Operator, support for multi-architecture compute machines in AWS and GCP, IBM Z and IBM LinuxONE compatibility, and much more.

2. Helm Dashboard, “the missing UI for Helm,” has reached its v2 with 2.0.2, which became its first public release since last summer. The most noticeable change is the frontend migration to ReactJS.

3. VictoriaLogs, a user-friendly database for logs from VictoriaMetrics, went GA with its v1.0.0 release. While it’s identical to v0.42.0 released earlier in November, it anticipates the maturity of VictoriaLogs for production usage and the implementation of all planned features since its initial release 1.5 years ago. Today, it allows ingesting logs from numerous log collectors (including OpenTelemetry Collector, Fluentd, and Vector) and comes with a powerful query language with full-text search and querying CLI. Find more details here.

4. Percona Operator for MongoDB was updated to v1.18.0, introducing support for selective restores from a backup and improved declarative user management. It also allows splitting the replica set of the database cluster over multiple Kubernetes clusters now.

5. Fluent Bit, a lightweight logs and metrics processor (a CNCF Graduated project), announced its v3.2. It features complete YAML support, SIMD support in the JSON encoder, and a new blob data type. New experimental features also bring eBPF and profiles’ signal types (according to the OpenTelemetry Profile specification) to this project.

#news #releases

Prefer working with Kubernetes in your terminal but lack an interactive log viewer? Consider trying out this new tool.

kl is a Kubernetes log viewer. Unlike other well-known solutions (stern and kail), it provides an interactive interface and multi-cluster support. Its other features include:

- Viewing logs across multiple containers, pods, namespaces, and clusters;
- Selecting containers interactively or by their names, labels, and owners;
- Flexible representation and navigation through logs thanks to a single log view, fullscreen mode, toggling line wrap, pausing log stream, etc.;
- Searching for logs by exact or regex matching;
- Saving logs to a local file or clipboard.

Language: Go | License: MIT | 134 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools #cli

In addition to the recently announced Kubernetes Community Days events for 2025, it’s good to know that the Cloud Native community has even more to offer than 30 of them (+ KubeDays + KubeCons). Some well-known European KCDs have been rebranded and will continue to happen in the next year under their new names. Here they are:

* KCD Romania → Cloud Native Days Romania; May 5-6, 2025; website
* KCD Zurich → Cloud Native Zurich; June 11-12, 2025; website
* KCD Munich → Cloud Native Summit Munich; July 21-22, 2025; website

In other related news, the KCD Austria organisers have just uploaded their latest videos from October. Find ~30 talks here.

#events #news

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "I Didn't Need Kubernetes, and You Probably Don't Either" by Ben Houston.

Kubernetes often represents the ultimate solution for container orchestration, but my experience has led me to leave it behind in favor of a simpler, cost-effective solution using Google Cloud Run. This transition has made my infrastructure projects easier to manage, more scalable, and significantly cheaper. Here’s why I made this choice…

2. "Stateful workload operator: stateful systems on Kubernetes at LinkedIn" by Michael Youssef, byzheyi Y., Daniel Cheng (LinkedIn).

In this blog, we present our Stateful Workload Operator, an alternative model to the traditional approach: all stateful applications now share a common operator with a single custom resource, while application-specific customizations are handled by pluggable external policy engines. At LinkedIn, we've inverted the traditional stateful application operator model, providing application owners with a generic building block and a centralized point to manage storage, external integrations, tooling, and other features.

3. "Kubernetes at Mercado Libre" by Juliano Marcos Martins, Marcos Antonio Souza Pinheiro, Marcelo Cordeiro De Quadros (Mercado Libre).

At Mercado Libre, managing over 30,000 microservices and supporting 16,000 developers requires a robust and scalable solution. To address these challenges, we adopted Kubernetes (K8s) as the core engine of our internal platform, Fury. This article explores how Kubernetes streamlined our infrastructure management, accelerated software delivery, and improved cost efficiency, enabling our developers to focus on innovation and product creation.

4. "Understanding Networking in Kubernetes" by Anasloubadi.

Networking in Kubernetes is designed to provide connectivity between containers, pods, and external systems while abstracting complex networking configurations. This article dives into how networking works in Kubernetes, covering its core concepts, architecture, and practical examples.

5. "Simplifying Secret Distribution Across Kubernetes Clusters" by Gianluca Mardente.

To streamline this process and enhance security, you need a solution that allows you to: centralize secret storage (store the secret in a single, secure location); automate secret distribution (automatically deploy the secret to all target clusters). In the following sections, we’ll explore how Sveltos can help you achieve these goals.

6. "FluxCD Azure DevOps OIDC Authentication" by Mohamed Nour.

In this article, I’ll guide you step-by-step through the process of setting up Flux source-controller and image-automation-controller to authenticate against Azure DevOps repositories using OIDC tokens. By the end, you’ll have a robust and automated solution that aligns with modern security best practices and simplifies your CI/CD workflows.

#articles

Here are two important Kubernetes/EKS-related announcements during AWS re:Invent 2024 happening these days (December 2-6):

1. EKS Auto Mode. This new feature “automates compute, storage, and networking management for Kubernetes clusters [any new or existing EKS cluster].” Its main idea is to offload cluster operations to AWS and benefit from improved performance and security of apps as well as optimised compute costs. It’s available today for EKS clusters with Kubernetes 1.29+. It is built on top of Karpenter and is called “possibly the most meaningful since EKS first launched 6 years ago” by some AWSers. Find more details in this announcement.

2. EKS Hybrid Nodes that allow you “to attach your on-premises and edge infrastructure as nodes to EKS clusters in the cloud.” By doing so, you offload managing Kubernetes control planes to EKS and get a centralised hybrid infrastructure, which can also benefit from various AWS services, including monitoring, logging, and identity management. More technical details are available in this blog.

#news #AWS #events

Using Gateway API in your Kubernetes clusters? This CLI tool is very helpful in managing your resources.

gwctl is an experimental feature of the Gateway API project that provides an official way of working with relevant resources. Here’s what it offers today:

- Viewing, creating, and deleting Gateway API resources;
- Getting more detailed information about resources, including related resources, policies, and potential problems;
- Analysing resources before creating them;
- Visualising connections between your Gateway API resources using DOT graph representations.

Language: Go | License: Apache 2 | 39 ⭐️

▶️ GitHub repo

#tools #networking

Our kind reminder about this Awesome DevOps Telegram repo (created by the Kubernative authors). It lists various Telegram channels and groups dedicated to DevOps, SRE, and Platform Engineering, which hugely intersects with the Cloud Native topic. It was updated recently and offers more resources. Enjoy, contribute, and share with other Telegram users! ✨

https://github.com/palark/awesome-devops-telegram

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Kubermatic released a new version of KubeOne, its solution to automate Kubernetes cluster operations throughout various environments, v1.9.0. It brought a technical preview of KubeOne UI, an initial implementation of the KubeVirt provider, new kubeone kubeconfig generate command, Kubernetes 1.31 and Ubuntu 24.04 support, and Cilium v1.16.

2. Thanos, a highly available Prometheus setup with long-term storage (a CNCF Incubating project), was updated to v0.37.0. It came with a new replication protocol (using Cap'n Proto) for Receivers, hedged requests support and metadata API limit in Store, native histograms for client latency metrics and an ability to do concurrent rule evaluations in Ruler, and much more.

3. Harvester, a hyperconverged infrastructure (HCI) solution from SUSE built on Kubernetes, has seen its v1.4.0 with lots of new features. It introduced experimental support for local storage (via harvester-csi-driver-lvm add-on), Longhorn V2 data engine, and volume encryption and decryption. Other new features include third-party storage for diskless servers, read-write-many (RWX) volumes for guest cluster workloads, scheduled VM backups and snapshots, USB passthrough, and CPU pinning.

4. Woodpecker CI/CD engine was updated to 2.8.0, which added more flexible PR approval options and a full support for Windows containers in Docker backend.

5. External Secrets Operator (a CNCF Sandbox project) issued its v0.11.0, featuring a new way of reconciling external secrets, which significantly reduces the number of API calls. It also introduced caching for ClusterGenerators and Generator as well as CRD validation for all resources.

6. Falcosidekick, which connects Falco (a cloud native runtime security tool, a CNCF Graduated project) to your ecosystem, was updated to 2.30.0, with three new outputs (Webex, OTLP Metrics, and Datadog Logs), significantly improved throughput, better integration with Elasticsearch, and better consistency for Prometheus metrics.

7. Perses, a dashboard tool for visualising observability data (recently accepted to the CNCF Sandbox), released the first public version of its Kubernetes operator, v0.1.0. Being in its alpha, Perses operator currently lacks documentation, yet its README provides a brief instruction for trying it out.

#news #releases

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "How Kubernetes Uses VXLAN for Overlay Networking" by Matthew Mattox.

Kubernetes needs to create a virtual network that connects pods across multiple nodes seamlessly. Since these pods reside in isolated networks, overlay networks—like those implemented with VXLAN—allow them to communicate over a physical Layer 3 infrastructure. In this post, we explore how Kubernetes uses VXLAN to build an overlay network, enabling communication between pods across nodes.

2. "Deep Dive into Kubernetes CPU Usage, Requests, and Limits" by John Tucker.

From this fairly long article, we can draw some conclusions:
* It is important to have at least as many threads as the CPU requests in a workload.
* It is a good practice to set a container’s limits equal to it requests.

3. "Platform Engineering at KubeCon NA 2024 in Salt Lake City" by Mathieu Benoit, a CNCF Ambassador.

Like always, I met with old friends, I made new friends and I had deep conversations around Platform Engineering and Cloud Native in general. [..] here is what we will cover throughout this blog post: tl,dr; General announcements; Cloud Native Rejekts; TAG App Delivery; Platform Engineering Day; ArgoCon; AppDeveloperCon, WasmCon, OpenTofu Day, BackstageCon; OpenShift Commons; KubeCon; Score & Humanitec; Next events; Others’s KubeCon recaps.

4. "Building your own service mesh" by Daniel Finneran, Isovalent.

There are a bunch of components that we will need to implement in order for us to implement the “service mesh” type behaviour. Most service meshes implement a heck of a lot more, we’re exploring the basics needed to implement it.

5. "Kubernetes configuration linting tools" by Brian Grant.

There are a number of different Kubernetes configuration validation tools for different needs and preferences. If you don’t use Trivy, Kubescape, or Checkov, you may want to check them out.

6. "How We Integrated Native macOS Workloads with Kubernetes" by Vitalii Horbachov, Agoda.

Today, we’re excited to unveil the open-sourcing of a significant part of our latest successful venture in the Apple Infrastructure world: macOS Virtualization Kubelet (macOS-vz-Kubelet). This project represents a paradigm shift in managing and utilizing macOS infrastructure, replacing our older approach with a modern, scalable solution that harnesses the power of Apple Silicon and Kubernetes.

#articles

Thought of reducing your carbon footprint or costs by sending your Kubernetes environments to sleep when not used? Consider this operator.

Snorlax is a K8s operator that allows you to define when your Kubernetes deployments should be running. Its features include:

- Defining the wake & sleep time of the day (no crontab-style support at the moment) for deployments;
- Displaying a temporary page while the needed deployment is waking up;
- Leaving deployments awake if a user request is received during the sleep time;
- Ignoring AWS ELB health checks to avoid waking up deployments for no reason.

Language: Go | License: Apache 2 | 186 ⭐️

▶️ GitHub repo

P.S. Previously, we also covered the sleepcycles project, which has a similar idea.

#tools

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Kubernetes v1.32

Released on December 11th and codenamed “Penelope,” the latest Kubernetes release brings 44 enhancements (13 stable, 12 beta, and 19 alpha). Its new Alpha features include asynchronous preemption in the scheduler, mutating admission policies via CEL expressions, Pod-level resource specifications, zero sleep duration for PreStop hooks, new statusz and flagz endpoints for core components, and graceful shutdowns of Windows nodes.

Some of the features promoted to stable are Structured Authorization Configuration, Custom Resource field selectors, auto-removal of PVCs created by StatefulSet, and Load Balancer IP mode for Services.

Other noticeable updates in the Cloud Native space:

1. Linkerd (a CNCF Graduated project) has released its 2.17, introducing visibility and control for egress traffic leaving the Kubernetes cluster from meshed pods, rate limiting to protect services from being overloaded, and federated services to unite logically the replicas of the same service across multiple clusters.

2. Jaeger (a CNCF Graduated project) has seen its first update since releasing v2 — v2.1.0. It came with an experimental script for metrics markdown table, Cassandra DB schema creation on session initialisation, and read path implementation for the v2 storage interface.

3. Kubeflow, a CNCF Incubating project simplifying deployments of ML workflows on Kubernetes, released its Spark Operator v2.1.0. It brought support for pod template for Spark 3.x applications, updated the default container security context, and added more configurable options.

4. Headlamp, a Kubernetes user interface (a CNCF Sandbox project), was updated to 0.27.0 with numerous additions. They include new global search, bulk resource deletion, adding a Create button to different resource list views, and leveraging cached objects when rendering their details.

5. Coroot, an Open Source observability & APM tool, released v1.6, adding multi-tenancy mode, Kubernetes operator, high availability, and OpenShift support.

#news #releases

Don’t fancy endless kubectl port-forward commands and manual reconnections when your Pod dies? This nice GUI is to the rescue!

kftray is a tool for simplifying Kubernetes port-forwarding settings. It interacts with the Kubernetes API directly (not relying on kubectl) and offers two interfaces: desktop (kftray) and terminal (kftui). Its features include:

- Simple (“one-click”) configuration for several port-forwarding instances;
- Access to internal or external servers using the kftray’s proxy relay server deployed in your Kubernetes cluster, with TCP and UDP port forwarding support;
- Automatic reconnection to the Pod when it dies;
- Desktop app-only features: HTTP logs support and storing your configurations on GitHub.

Language: Rust | License: GPL 3 | 877 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools #networking #gui

Following the recent Kubernetes v1.32 release (see this digest), the project's blog has seen several posts covering some of the significant changes. It might be a good read for the festive season!

1. “QueueingHint Brings a New Possibility to Optimize Pod Scheduling”: “[..] a QueueingHint subscribes to a particular kind of cluster event, and make a decision about whether each incoming event could make the Pod schedulable.”

2. “Memory Manager Goes GA”: “[..] the memory manager provides topology hints to optimize memory allocation and alignment. This enables users to allocate exclusive memory for Pods in the Guaranteed QoS class.”

3. “A New CPU Manager Static Policy Option For Strict CPU Reservation”: “When this new strict-cpu-reservation policy option is enabled, the CPU Manager static policy will not allow any workload to use the reserved system CPU cores.”

4. “Moving Volume Group Snapshots to Beta”: “Behind the scenes, Kubernetes uses a label selector to group multiple PersistentVolumeClaims for snapshotting. A key aim is to allow you restore that set of snapshots to new volumes and recover your workload based on a crash consistent recovery point.”

#news #articles

Here comes our newest (and the last one for 2024) digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Open Policy Agent 1.0

OPA is a general-purpose policy engine that graduated from CNCF in 2021 and has been under development for almost 10 years. Its 1.0 release is said to “consolidate an improved developer experience for the future of Policy as Code.”

It came with numerous changes to the defaults in Rego (OPA’s native query language) v1, such as the mandatory use of if for all rule definitions and contains for multi-value rules, new keywords (every, in) being available without any imports, and mandatory requirements that were previously applicable to the strict mode only (e.g., opa check --strict). OPA 1.0 also brought improvements to memory allocations, SDK, scientific notation parsing, and test suite performance.

Other noticeable updates in the Cloud Native space:

1. KAITO, the Kubernetes AI Toolchain Operator that has been recently accepted to the CNCF Sandbox, released its v0.4.0 with numerous new features. They include the addition of RAGEngine CRD, support for vLLM runtime deployments, support for support adaptive max_model_len, and options for building and running private/custom models.

2. Talos, “Linux designed for Kubernetes,” was updated to 1.9.0, introducing systemd-udevd (instead of eudev), a local image cache for container images, custom DNS search domains, device selectors (matching on MAC address of the network interfaces), new experimental NodeAddress address sort algorithm, new talosctl cgroups command, Kubernetes API server authorization config, and an ability to run Kubernetes Pods with user namespaces enabled.

3. Logging Operator, a CNCF Sandbox project leveraging Fluent Bit and Fluentd (or syslog-ng) to manage your Kubernetes logging pipeline, has seen the 5.0.0 release. It got the CRD's subchart provided as an OCI artifact, a new option to ensure resource deletion, a Telemetry Controller migration option, support for rdkafka2 options, and IPv6 support.

4. Rook (a CNCF Graduated project) released v1.16, focused on expanding its capabilities for advanced object store use cases. It resulted in an ability to configure multiple object stores to be backed by the same pools, a bucket policy for S3 buckets, two new mechanisms for advanced configuration of Rook’s RGW daemons, improved RGW operation logging, and more.

5. CloudNativePG 1.25.0 was announced with several prominent features, such as a new Database CRD for declarative database management, new Publication and Subscription CRDs for managing logical replication, and a new dataDurability option for synchronous replication configuration. It also introduced an experimental CNPG-I interface for extending CNPG with external plugins.

Have a wonderful festive time, and see you next year! 🙌

#news #releases

👋 We're back and happy to present our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Linux container from scratch" by Michal Pitr.

I recently built a docker clone from scratch in Go. This made me wonder - how hard would it be to do the same step-by-step in a terminal? Let’s find out!

2. "Decoding the pod termination lifecycle in Kubernetes: a comprehensive guide" by Rohit Raveendran, Facets.Cloud.

This guide examines each lifecycle phase during pod termination, detailing the mechanisms for graceful handling, resource optimization strategies, persistent data management, and troubleshooting techniques for common termination issues. By the end of this blog, you will have a thorough understanding of how to effectively manage pod termination in your Kubernetes environment, ensuring smooth and efficient operations.

3. "Getting Started With wasmCloud" by Michael Levan.

In this blog post, you’ll learn about what wasmCloud is and how to get started with Go (golang). However, if you’re using Rust or TypeScript, wasmCloud supports those languages as well.

4. "How to support a growing Kubernetes cluster with a small etcd" by David M. Lentz, Datadog.

This post explores some best practices that can help you avoid outgrowing your etcd storage, even while your Kubernetes cluster becomes larger and busier. We’ll show you how you can:
- Provision appropriate resources for your etcd cluster
- Manage the amount of data you need etcd to store
- Split data across multiple etcd clusters to manage the performance and size of each one

5. "Understanding ReplicaSet vs. StatefulSet vs. DaemonSet vs. Deployments" by Abhisman Sarkar.

When you begin learning about Kubernetes, you hear about the different types of sets it supports and start wondering about their differences. [..] In this blog, I am going to go over each type and explain the differences between them, so that you can understand how exactly we use each set, how they differ from each other, and the purpose that each serves.

6. "Are You Affected by Bitnami LTS and Docker Hub Pull Rate Limits?" by Artem Lajko.

Bitnami chose the worst possible time to roll out their “Notice about LTS branches and pull rates in Docker Hub”. Originally scheduled for December 10, 2024, the timing — right before Christmas — was far from ideal. The community requested a postponement, and Bitnami/VMware responded by delaying the permanent change to Monday, January 6, 2025. [..] But what exactly does the change mean and how does it affect you or your company? Let’s take a look at what has changed in the first place.

#articles

InGate is a new project developed within the Kubernetes SIG to replace a well-known Ingress NGINX Controller for Kubernetes (ingress-nginx).

As its official description says, InGate is “an Ingress and Gateway API Controller for Kubernetes.” The idea is to have a traditional ingress controller that provides more flexibility in traffic routing, load balancing, etc., thanks to the Gateway API implementation under the hood. At the same time, it should not be difficult for those using ingress-nginx to adapt.

You can learn more about this project from the “Securing the Future of Ingress-Nginx” talk (starting from 13:13) presented by James Strong, Isovalent & Marco Ebert, Giant Swarm during KubeCon NA 2024.

P.S. Thanks to Trenton VanderWert for bringing this news to our attention.

#news #networking

Common Expression Language (CEL) is getting increasingly popular in the Kubernetes community. This project leverages it to validate your Helm values.

Helm CEL is a plugin that allows you to write validation rules for Helm charts in CEL (via values.cel.yaml) instead of JSON schema (values.schema.json). Its features include:

- Automatic generation of rules based on your Helm values file;
- An ability to organise your validation rules into multiple files;
- Two severity levels (errors and warnings) and reusable expressions for rules.

Language: Go | License: MIT | 62 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools