Managing GenAI workloads on Kubernetes is surely gaining momentum. If it piques your interest as well, consider this new Open Source project.

LLMariner is an extensible platform for hosting and managing LLMs on K8s. It consists of a control plane and worker planes, which can be run in a single or across multiple Kubernetes clusters. Some of the project’s highlights are:

- Support for various inference runtimes, including vLLM, Ollama, and Triton.
- Support for numerous models (Llama 3.1, Gemma, TinyLlama, DeepSeek Coder, Mistral, and more), as well as other models via HuggingFace.
- Works with Retrieval-Augmented Generation (RAG).
- Allows to fine-tune models, run general-purpose training jobs, and run Jupyter Notebooks.
- User management via Dex and access control via organizations and projects.
- Integrates with Open WebUI and other tooling via OpenAI-compatible APIs.

Language: Go | License: Apache 2.0 | 53 ⭐️

▶️ GitHub repo
📢 Reddit announcement

#tools #genai

In January, the CNCF TOC accepted 13 Open Source projects to the CNCF Sandbox. We covered all of them in this post. Last week, another batch of 5 new projects was approved to join CNCF. Here they are:

1. interLink — an abstraction to execute a Kubernetes Pod on any remote resource that can manage the container execution lifecycle. It leverages the Virtual Kubelet technology to simplify the development of provider-specific plugins. [#343]

2. Cozystack — a PaaS platform and framework for building clouds with easily deployed Kubernetes clusters, Database-as-a-Service, virtual machines, load balancers, and more. [#322]

3. kgateway — a Kubernetes-native ingress controller and API gateway that is built on top of Envoy proxy and the Kubernetes Gateway API. As we mentioned, this project originates from Gloo Gateway. [#319]

4. KitOps — a packaging, versioning, and sharing system for AI/ML projects that is built upon the OCI standard and is Kubernetes-ready. [#313]

5. Hyperlight — a lightweight virtual machine manager library for safe execution of untrusted code within micro virtual machines in the applications. [#312]

Welcome aboard! 🤗

#news #cncfprojects

Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Semaphore, a CI/CD platform, released the v1 version of its CE edition which went Open Source with this release. You can run it on Kubernetes clusters, and it offers numerous features, such as fast builds and deployments, parallel execution, visual editor, artifacts, self-hosted agents, GitHub and BitBucket support, Slack and webhook notifications, and more.

2. Dapr, a serverless, event-driven runtime for building distributed apps (a CNCF Incubating project), announced 1.15 with numerous updates. These include a stable Workflow engine for writing long-running stateful apps, a rewritten Actor runtime engine, a stable Scheduler service, a new Conversation API to talk to LLM providers (alpha), and a bunch of SDK improvements.

3. Envoy (a CNCF Graduated project) has announced the first version of Envoy AI Gateway — v0.1. This project leverages Envoy Gateway to handle request traffic from application clients to GenAI services through a unified API while managing authorization, cost control, and scalability.

4. Hyperlight, a lightweight virtual machine manager (it became a CNCF Sandbox project just recently), reached its v0.2.0, which added support for Azure Linux 3 and support for Hyperlight KVM guest debugging using gdb, as well as removed custom alloca (in favour of Clang built-in alloca).

5. Istio (a CNCF Graduated project) released its 1.25, featuring DNS proxying by default for ambient mode, default deny policy for waypoints, and zonal routing enhancements.

6. Shipwright, a framework for building container images on Kubernetes (a CNCF Sandbox project), was updated to v0.15. This release allows controlling which nodes a build can run on, tolerate node taints for builds, and use custom Pod schedulers.

#news #releases

Yesterday, Solo.io announced its new Open Source project called kagent. It is a Kubernetes-native framework for DevOps and platform engineers to build and run AI agents that will automate configuration, troubleshooting, and other similar tasks.

kagent uses custom resources to define the AI agents and tools used by those agents, and offers CLI and web UI to manage them. The project also boasts the tools registry, where you can find predefined functions for interacting with Kubernetes, Prometheus, Istio, Argo, Helm, and other projects.

The tool is written in Python, based on the AutoGen framework, and licensed under the Apache 2.0 license. The authors plan to donate the project to the CNCF. Learn more about kagent on its website, GitHub, and in this announcement.

#news #tools #genai

If you’re wondering which Kubernetes features were introduced/stabilised/deprecated/removed in which K8s versions, this new online resource is extremely useful. Using Kaniuse, you can navigate through 370+ K8s features and see their status in Kubernetes 1.19-1.33, as well as see the difference in their status between any two specific releases.

#news

Here goes our latest selection of interesting Kubernetes-related articles recently spotted online:

1. "Securing the Kubernetes Host Operating System" by Rafael Natali.

If the host operating system is breached, the attacker could use it to target other nodes in the cluster, along with all the Pods and applications running on that node. Eventually, the attacker can even access other systems in your network! The next subsections contain the information necessary to secure the host operating system.

2. "Every pod eviction in Kubernetes, explained" by Ahmet Alp Balkan.

There are so many ways Kubernetes terminates workloads, each with a non-trivial (and not always predictable) machinery, and there’s no page that lists out all eviction modes in one place. This article will dig into Kubernetes internals to walk you through all the eviction paths that can terminate your Pods, and why “kubelet restarts don’t impact running workloads” isn’t always true, and finally I’ll leave you with a cheatsheet at the end.

3. "WebAssembly on Kubernetes" by Nicolas Fränkel.

In this post, I showed how to use Webassembly on Kubernetes with the Wasmedge runtime. I created three flavors for comparison purposes: native, embed, and runtime. The first two are "regular" Docker images, while the latter contains only a single Wasm file, which makes it very lightweight and secure.

4. "Yoke is really cool" by Xe Iaso.

With Yoke, you write your infrastructure definitions in Go or Rust, compile it to WebAssembly, and then you take input and output Kubernetes manifests that get applied to the cluster. [..] One of the big advantages of using WebAssembly here is that you can use the same Kubernetes manifest types that Kubernetes itself uses. This means you don't have to write your own types and you can reuse code aggressively.

5. "Exploring Cloud Native projects in CNCF Sandbox. Part 3: 14 arrivals of 2024 H1" by Dmitry Shurupov, Palark.

We’re continuing this series with our brief introductions to the projects added to the Sandbox in April, June, and July of 2024: Radius, Stacker, Score, Bank-Vaults, TrestleGRC, bpfman, Koordinator, KubeSlice, Atlantis, Kubean, Connect, Kairos, Kuadrant, and openGemini.

6. "How to Setup Preview Environments with FluxCD in Kubernetes" by Meysam Azad.

Preview environment is where you see a live state of your changes from your pull request before being merged into the default branch. It gives you a look'n feel of what it would be like if you merged your changes. [..] in this blog post, I will show you how to achieve this using FluxCD Operator.

7. "Container Network Interface (CNI) in Kubernetes: An Introduction" by Homayoon (Hue) Alimohammadi.

In this article, we’re gonna learn about the Container Network Interface (CNI) and CNI plugins, what they’re supposed to do, and how they’re implemented. We’ll also see a simple CNI implementation in Go and Bash, and test it in a Canonical Kubernetes cluster.

#articles

JobSet is a Kubernetes SIG project that provides a unified API for large-scale distributed HPC and ML workloads on Kubernetes. It models a distributed batch workload as a group of Kubernetes Jobs and uses the abstraction of a ReplicatedJob to manage child Jobs. The project is still in its alpha.

Find more details about JobSet in this recent announcement and on GitHub.

#news #tools

Many Kubernetes users liked Lens (or even still do). After it became not Open Source and Lens ID was introduced, many switched to OpenLens. Unfortunately, that fork did not last long and hasn’t issued any releases since July 2023. However, it turned out to be another fork, which is currently active: Freelens.

This project started around January of this year, and released its v1.0.0 in February and further v1.1.0 just five days ago. Today, Freelens:

- is fully compatible with the latest Kubernetes version (1.32);
- comes with kubectl v1.32.3 and Helm v3.17.2;
- is based on Electron 34.3.3 with Node 20.18.3 and Chrome 132.0.6834.210;
- requires GNU C Library 2.34+ for Linux (i.e. Debian 12, Ubuntu 22.04, Fedora 35, openSUSE Leap 15.4), macOS 11+ or Windows 10+ to run.

Language: TypeScript | License: MIT | 607 ⭐️

▶️ GitHub repo

#news #tools #gui

Don’t miss the news regarding five recent critical vulnerabilities in ingress-nginx, including CVE-2025-1974 scored at 9.8 CVSS!

The Kubernetes blog post states that over 40% of Kubernetes administrators rely on ingress-nginx and should take action immediately. Otherwise, a malicious user with no credentials can take over your Kubernetes cluster by exploiting configuration injection vulnerabilities via the Validating Admission Controller.

The latest ingress-nginx releases, v1.12.1 and v1.11.5, are already available with all five vulnerabilities fixed.

Find more details in this post from the Kubernetes Security Response Committee and this detailed article from Wiz.

#news #security

The next Kubernetes release, v1.33, will become available in a month. Currently, this release is scheduled for 23rd April. The project’s blog has published an early “sneak peek” of some changes we might expect when it’s out.

Particularly, it mentions that Linux user namespaces for Pods are becoming stable, ordered namespace deletion is being introduced, and in-place resource resize for Pods vertical scaling is moving into beta. Find more details in this post.

#news

Since KubeCon Europe is approaching us tomorrow, you can already enjoy numerous great talks at Cloud Native Rejekts Europe 2025. It features two tracks: The Nash (main room) and The Waterloo (side room), where ~50 talks are delivered during two days.

You can find live streams for all these talks on YouTube:
- Yesterday’s recordings:
- The Nash
- The Waterloo
- Today’s streams (they will start in 20 minutes!):
- The Nash
- The Waterloo

P.S. The full schedule for this conference is available here.

#events #video

Amazon EKS introduced a new catalogue of community add-ons, simplifying the use and management of well-known Open Source components in Kubernetes clusters.

Currently, it features metrics-server, kube-state-metrics, cert-manager, prometheus-node-exporter, and external-dns. All of them were packaged and validated for EKS, and hosted in the EKS-owned private ECR. You can work with add-ons via EKS Console, API, CLI, eksctl, and CloudFormation.

Find more details in this announcement and relevant documentation.

#news #AWS

Don't FOMO if you're not at KubeCon London this time. The livestream for KubeCon + CloudNativeCon Europe 2025 keynotes has just started! You can join watching them here today as well as on Thursday and Friday.

Here’s also a short introduction to this KubeCon's Project Pavilion presented by Jorge Castro, a DevRel at CNCF.

Finally, you can see the first videos from yesterday's KubeCon co-located events, such as ArgoCon and Cloud Native Telco Day, uploaded to the CNCF YouTube account already.

#events #video

During today’s KubeCon keynotes, it was announced that Headlamp became a part of Kubernetes SIG UI. You can already see that its official repository is now kubernetes-sigs/headlamp.

SIG UI is a Kubernetes Special Interest Group that “covers all things UI related” to K8s. Originally, its efforts were focused on the Kubernetes dashboard, and now they would be extended to Headlamp. Headlamp was originally created in Kinvolk (acquired by Microsoft in 2021) and became a CNCF Sandbox project in 2023.

#news #cncfprojects #gui

Another interesting announcement from the KubeCon keynotes is that the CNCF has launched its job board, GitJobs, focused on Open Source. It promotes opportunities that contribute back to upstream projects, and posting the job listings there is free.

The platform itself is Open Source, written in Rust and available on GitHub.

#career #news

Yesterday, a Helm fork was announced. It addresses various issues and brings new features to those relying on Helm charts in their Kubernetes deployment process.

Here’s what Nelm, dubbed as a “Helm 3 alternative”, offers:
- Server-Side Apply instead of 3-Way Merge for updating resources;
- advanced resource ordering;
- real-time logs, events, resource statuses, and errors during deployment;
- improved CRD management;
- release plan previewing (similar to terraform plan);
- secrets management.

Language: Go | License: Apache 2.0 | 458 ⭐️

▶️ GitHub repo
📢 Announcement
💬 Reddit discussion

#news #tools

The Linux Foundation Europe launched NeoNephos, a new foundation focused on facilitating a sovereign cloud in Europe. It is backed by European Union funding and supported by the first seven members, including SAP, STACKIT, and T-Systems.

Interestingly, it heavily relies on Kubernetes as its fundamental technology. This is outlined by the list of projects on the NeoNephos website. It includes such Open Source projects as Gardener (a well-known solution implementing Kubernetes-as-a-Service) and CobaltCore (an opinionated OpenStack distribution featuring managed Kubernetes and Kubernetes-based operators for automation).

#news

Kubernetes 1.33 will be released on April 23rd, two weeks from now. It will boast 64 enhancements, including 26 new alpha features. The latter includes support for user namespaces within Linux Pods, in-place resource resize for vertical scaling of Pods, and ordered namespace deletion.

Find a detailed overview of major features and changes coming to Kubernetes 1.33 in this blog post by Cloudsmith and a shorter sneak peek on the project’s official blog.

#news #releases

Have you missed our Cloud Native software digests? Here comes the latest one!

Release Spotlight: Kubeflow 1.10

Kubeflow, a machine learning toolkit for Kubernetes (a CNCF Incubating project), has received many significant changes with its 1.10 release. Training Operator now supports JAX for distributed training, and Katib introduced a new high-level API for hyperparameter tuning. Spark Operator became a core Kubeflow component, with its 2.1.0 included in the platform.

The project got a new user-friendly web UI for Model Registry to manage ML models. The Model Registry was also better integrated with KServe via Custom Storage Initializer (CSI), and KServe got a new Python SDK. Finally, lots of security-related updates arrived, such as leveraging rootless containers in Kubeflow manifests and replacing OIDC-authservice with oauth2-proxy.

Other noticeable updates in the Cloud Native space:

1. KubeVirt, a virtual machine management solution for Kubernetes (a CNCF Incubating project), released its v1.5 a month ago. It brought several features to GA, including migration update strategy and volume migration, auto resource limits for VMIs, VM live updates for hotplugging of CPU/memory/volume resources, and a network binding plugin. It also introduced migrations for hotplugged volumes and dynamic control for the network interface’s link state.

2. Headlamp, a Kubernetes web UI (now part of Kubernetes SIG UI), released 0.30.0. It features two new locales (Traditional Chinese and Italian), an ability to show Custom Resources details in the overlay panel, and a few other improvements.

3. Fluent Bit, a lightweight telemetry agent developed under the umbrella of Fluentd (a CNCF Graduated project), has reached v4.0.0. It comes with conditional processing for logs (i.e. modifying logs based on specific field values), a new trace sampling processor with a pluggable architecture, security enhancements, and experimental support for plugins written in Zig.

4. Thanos, highly available Prometheus with long-term storage (a CNCF Incubating project), released v0.38.0, which added OTLP receiver, native histogram downsampling, caching for regex matchers in series calls, support for chain deduplication algorithm and query offset, and more.

5. Flagger, a progressive delivery Kubernetes operator (part of Flux, a CNCF Graduated project), released 1.41.0, introducing Knative support, support for primary backend cookies in session affinity (Gateway API), and added headers to the Prometheus requests.

6. kgateway, a Cloud Native API Gateway and AI Gateway (a recently accepted CNCF Sandbox project), unveiled the second major release, v2.0.0. It came with custom resources extending Gateway API, better traffic management and security capabilities, open-sourced AI Gateway, and Istio Ambient Waypoint integration.

7. KEDA, a Kubernetes-based Event Driven Autoscaling (a CNCF Graduated project), was updated to v2.17.0, featuring two new scalers (NSQ and Temporal) and a few deprecations.

#news #releases

Many of us thought or even seriously considered using a general-purpose language instead of YAML for the Kubernetes manifests. Here’s a new project that is solving this issue.

k8skonf allows you to describe your Kubernetes resources in TypeScript and convert them to regular YAML manifests. It’s similar to the cdk8s framework but intentionally limited by one specific language, ensuring its full support. Currently, it also works with CRDs and Helm charts. The project roadmap mentions plans to support Kustomize files and multiple versions of K8s.

Language: TypeScript | License: MPL 2.0 | 30 ⭐️

▶️ GitHub repo
💬 Reddit discussion

#tools

The talks from KubeCon Europe 2025 are now available on YouTube. This playlist features 379 videos.

Note that recordings from the co-located events have not yet been uploaded, but they will be there by the end of this week. Currently, you can find the videos from ArgoCon (34 talks) and Cloud Native Telco Day (11 talks) only.

Finally, the event graphical snapshot highlighting its main stats — such as the record-setting 12418 overall attendees for KubeCon — is attached to this post.

#events #video