The most actively developed CNCF projects in 2024 were:

1. Kubernetes
2. OpenTelemetry
3. Argo
4. Backstage
5. Prometheus
6. Cilium
7. gRPC
8. Envoy
9. Meshery
10. Keycloak

That’s what the latest review of the CNCF project velocity revealed. This Top 10 is defined by the number of authors contributing to the projects’ repositories. The graph axes also reflect other criteria, such as commits, PRs, and issues.

You can find a full interactive map with all the projects and related data in this spreadsheet. The scripts used to gather and generate this data are available on GitHub.

#news #cncfprojects

Kubernetes 1.33 was just released and codenamed Octarine.

It brings 64 enhancements: 18 stable, 20 beta, 24 alpha, and 2 deprecated. New alpha features include:

- New configuration option for kubectl with .kuberc for user preferences
- Configurable tolerance for HorizontalPodAutoscalers
- Configurable container restart delay
- Custom container stop signals
- Numerous Dynamic Resource Allocation (DRA) enhancements
- Robust image pull policy to authenticate images for IfNotPresent and Never
- Node topology labels are available via downward API
- Better Pod status with generation and observed generation
... and more!

Features that became stable in v1.33 include Sidecar containers, Job success policy, and nftables backend for kube-proxy.

Find full details in this formal announcement.

#news #releases

OpenTofu just became a CNCF Sandbox project.

#news #cncfprojects

The latest Open Source drama came straight into the CNCF's hands. We haven’t seen such cases before: Synadia, the principal maintainer and original creator of NATS, a CNCF Incubating project, wants to get the ownership for this project back from the vendor-neutral home.

Synadia’s plan involved becoming the owner of the NATS project again and switching to the BSL license—which OSI does not consider Open Source—for future releases to ensure its business sustainability. However, CNCF insists there is no “way out” for the foundation's projects and suggests forking its repositories instead.

While Synadia is undoubtedly the leading developing force for NATS, the CNCF has helped the project thrive in many ways since its donation in 2018. In addition to the obvious marketing benefits, NATS also received funding for two third-party security audits and financial support for trademark legal expenses.

If Synadia stops contributing to NATS and there is not enough interest from other community members in developing a project, it might end up archived in the CNCF. The CNCF TOC has already started evaluating the health of this project.

Find more details about this story in the:
- original blog post by CNCF (posted on April 24th and updated on April 28th);
- official answer from Synadia (April 25th);
- Bluesky thread started by Joe Beda (posted on April 26th and answered by Derek Collison, founder and CEO @ Synadia);
- CNCF TOC issue regarding NATS health state.

#news #cncfprojects

What could be the best possible outcome of the NATS case? “CNCF and Synadia today announced that the widely-adopted NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.”

It’s not a fiction, it’s for real! Bravo to all the parties involved 🥳

#news #cncfprojects

Last month, in-toto became the latest (31st) CNCF Graduated project.

in-toto is an SSC (software supply chain) security framework created at the NYU Tandon School of Engineering. Written in Python, it ensures the integrity of a software product from initiation to end-user installation by informing the user which steps are performed and when. The project joined the CNCF Sandbox in 2019, became Incubating in 2022, and was declared Graduated now.

Find more details in the official graduation announcement, project website and main GitHub repo.

#news #cncfprojects

Happy to share our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. Envoy, a high-performance edge/middle/service proxy (a CNCF Graduated project), has seen its 1.34.0 release with alpha support for asynchronous load balancing, initial support for shared libraries to be loaded at runtime, support for Fluentd tracer, configurable custom commands for Redis proxy, configurable backoff strategy for TCP proxy retries, new compliance policies TLS parameter to enforce restrictions, and much more.

2. Percona Everest, a Cloud Native database platform for managing PostgreSQL, MongoDB and MySQL instances, was updated to 1.6.0. It introduced support for manual storage scaling, seamless major version upgrades for MongoDB, support for PostgreSQL 17, and other enhancements.

3. Rook, a storage orchestration for Kubernetes (a CNCF Graduated project), released its v1.17 with numerous updates. They include secure ObjectBucketClaims by default, credential management for CephObjectStoreUser, authentication mechanism for bucket notifications using Kafka topics, Ceph CSI 3.14 and improved Ceph CSI Operator, external (configured outside the Kubernetes cluster) mons, and Kubernetes v1.33 support.

4. Artifact Hub, a web application to find and install Cloud Native packages (a CNCF Incubating project), reached v1.21.0, featuring support for bootable containers images and experimental deletion protection.

5. Linkerd, a service mesh for Kubernetes (a CNCF Graduated project), announced 2.18 with optional protocol declarations (in addition to existing auto-detection), GitOps-compatible multicluster linking, decoupled Gateway API, and experimental Windows support.

6. Vitess, a database clustering system for horizontal scaling of MySQL (a CNCF Graduated project), released 22.0.0 with prepared statements, new VTGate metrics, stalled-disk recovery, improved errant GTID detection, better performance, and updated Kubernetes operator with automated backups and Kubernetes 1.32 support.

#news #releases

Tomorrow, KubeCrash will host another online conference about Cloud Native technologies for Platform Engineers. It will feature a panel discussion on observability in Platform Engineering and 13 talks and keynotes, all delivered by well-known CNCF Ambassadors, engineers, and tech leaders.

KubeCrash Spring 2025 is an entirely free online event. It will start tomorrow (May 8th) at 4 PM CET (10 AM ET, 7 AM PT). Check the full schedule and register to participate if you're interested.

#events

Perhaps most engineers still prefer to type full, even if quite long, CLI commands in their terminals. However, with all the GenAI hype we have now, automated assistance comes everywhere, and good old kubectl is not an exception.

kubectl-ai was created in the Google GKE team, enabling a chatbot-style experience for your kubectl commands. It runs in interactive mode or as a kubectl plugin and allows you to:
- use simple English to construct and execute the kubectl commands, including the required sequences of such;
- benefit from the UNIX shell integration by leveraging pipelines and basic CLI tools (echo, cat, etc.);
- run commands only after your explicit approval;
- use OpenAI, Gemini, Azure OpenAI, Grok, and local AI models (via Ollama or llama.cpp);
- evaluate the performance of different LLM models [for Kubernetes-related tasks] via its own benchmark called k8s-bench.

Language: Go | License: Apache 2.0 | 2529 ⭐️

▶️ GitHub repo
💬 Reddit discussion

#tools #CLI #genai

The CNCF Technical Oversight Committee restructures its groups. While the restructuring is currently underway and nominations for leadership roles are now open, the following new entities are announced:

- TOC Initiatives: Artificial Intelligence;
- TOC Subprojects: Contributor Strategy and Advocacy, Mentoring, and Project Reviews;
- Technical Advisory Groups: Developer Experience, Infrastructure, Operational Resilience, Security and Compliance, and Workloads Foundation.

Find more details about the changes, the dates for the first meetings and related Slack channels of these entities in this blog post.

#news

MCP (Model Context Protocol) servers, bridging AI models and various data sources, are a big thing now. Two leading GitOps solutions just embraced them:

1. Last week, Akuity announced the public availability of Argo CD MCP Server with its v0.1.1 release. It provides access to Argo CD resources and operations and enables AI assistants to interact with your Argo CD applications via natural language. It supports stdio and SSE transport modes to integrate with Visual Studio Code and other MCP clients. Find more info in the project's GitHub repo.

2. Yesterday’s release of Flux Operator v0.20.0 introduced an experimental MCP server created by Control Plane. It connects AI assistants to Kubernetes clusters running Flux Operator and enables interaction through natural language. Find more details about it, including a helpful prompting guide, in the project’s documentation.

P.S. Bonus on a broader MCP topic. Recently, an Awesome DevOps MCP Servers repo emerged on GitHub. It lists dozens of MCP servers focused on DevOps tools, featuring existing integrations with Kubernetes, Prometheus, GitHub, GitLab, cloud services, and much more.

#news #tools #gitops

A new educational website dubbed K8s Issues Explorer and featuring ~500 Kubernetes production issues has emerged. Targeted at Kubernetes operators and SREs, it provides information about various real-life issues that emerged while using Kubernetes.

Each case is described with diagnosis steps, root cause, applied fix, and lessons learned, with recommendations on how to prevent such situations. All issues are classified into cluster management, networking, security, storage, and scaling & load categories.

P.S. Interestingly, while all the data for issues was provided by another person (in this GitHub repo), the website was entirely built by GenAI, and you can find more details on this here.

#career

Excited to announce our newest digest of the prominent software updates in the Cloud Native ecosystem! It comes with lots of significant releases — enjoy & share 🙏

Release Spotlight: etcd v3.6.0

Yesterday, etcd (a CNCF Graduated project) announced its first feature release in 4 years(!). The database migrated to v3store, a new storage engine with better performance and transactional support. Etcd now also fully supports downgrade (to migrate the data schema to a required etcd version), Kubernetes-style feature gates (to manage new features), new discovery protocol (v3discovery), and /livez and /readyz endpoints similar to Kubernetes liveness and readiness probes.

New etcd version reduces the average memory consumption by at least 50% and improves both read and write throughput by approximately 10%.

Other noticeable updates in the Cloud Native space:

1. Kyverno, a Cloud Native policy engine (a CNCF Incubating project), released its 1.14, bringing two new specialised policy types (ValidatingPolicy and ImageValidatingPolicy), streamlined validation with improved CEL support and performance, enhanced supply chain security with dedicated image verification, and CEL expressions support in policy exceptions.

2. Helmfile, a declarative spec for deploying Helm charts, reached its v1.0.0. This update introduced the ability to sync release labels to the target release across various commands and configurations, added the --take-ownership flag to helm diff, and removed several outdated features, such as its double rendering workaround and loading charts.yaml.

3. Calico, a Cloud Native networking and network security solution from Tigera, was updated to v3.30.0 with many new features. They include tech previews for Calico Whisker (a web console for network activity observability), flow logs API, and Calico Ingress Gateway (an enterprise-hardened distribution of Envoy Gateway). It also introduced staged network policies to test policies before applying them, Quality of Service controls, service LoadBalancer IP allocation support in IPAM, custom host endpoints for nodes, OpenStack Caracal support, and even more.

4. Argo CD (a CNCF Graduated project) released v3.0.0, featuring fine-grained update/delete RBAC enforcement on resources, revised defaults for new installations based on best practices, and official recommendations on secrets management.

5. Istio (a CNCF Graduated project) released 1.26.0, which added customisation of resources provisioned by the Gateway API, improved Gateway API support (TCPRoute in waypoints and experimental BackendTLSPolicy), experimental support for the ClusterTrustBundle resource in Kubernetes, and specific checks in istioctl analyze.

6. containerd (a CNCF Graduated project) released 2.1.0, adding OCI/Image Volume Source support, container restore through CRI/Kubernetes, erofs snapshotter and differ, multiple uid/gid mappings support in runtime, and multipart layer fetch and unpacking custom media types in image distribution.

7. Freelens, an Open Source fork of Lens IDE for Kubernetes, was updated to v1.3.0, and got an extension template for developers, Kubernetes 1.33 support, a Windows ARM64 version, and a modified light theme.

#news #releases

A brief update on the Freelens project, which is an active Open Source fork of Lens IDE.

It now features a Flux CD extension, making it another UI option for Flux users*. Currently, the extension offers a dashboard for Application components and Events, detailed views of Flux CD resource information, and menus for reconciling, syncing, and automating Flux CD resources. Find more details in this GitHub repo.

* It’s also worth reminding that last year, another Kubernetes GUI, Headlamp, released a Flux plugin that provides an overview of the Flux installation for its users.

#news #tools #gui #gitops

llm-d is a new Open Source project and community for scalable GenAI deployments in Kubernetes.

Described as “a Kubernetes-native high-performance distributed LLM inference framework,” llm-d leverages existing technologies, such as vLLM, Kubernetes, and Inference Gateway, to provide a vLLM-optimised inference scheduler, disaggregated serving, and disaggregated prefix caching. The authors also plan to implement a traffic- and hardware-aware autoscaler.

You can find more details on llm-d in:
- yesterday’s announcement by CoreWeave, Google, IBM Research, NVIDIA, and Red Hat;
- the project’s GitHub repo.

#news #genai #tools

Perhaps not entirely complete and somewhat biased, but surely a vast and detailed comparison of various solutions in how they help with Kubernetes multi-cluster management. Created by the Sveltos project, which develops a Kubernetes add-on controller to simplify the deployment and management of K8s add-ons and applications across multiple clusters.

The source for this comparison, including better descriptions for each column, is on Reddit.

#tools

A couple of recent articles on optimising memory consumption in Prometheus:

1. “Prometheus: How We Slashed Memory Usage” (Devoriales).

“In the production Kubernetes cluster I worked on, Prometheus memory usage climbed past 55 GB, peaking at 60 GB, despite an already oversized node. Indeed, the environment was rapidly growing in the number of applications, but the situation was still not sustainable.”

2. “Understanding and optimizing resource consumption in Prometheus” (Palark blog).

“While Prometheus is an excellent and capable monitoring system, one aspect I find very frustrating is its resource consumption. If this frustrates you as much as it does me, let’s break down the causes of this issue and see how to address it.”

#articles #observability

Portainer announced KubeSolo, its new Kubernetes distribution created specifically for resource-constrained (e.g., IoT) environments. KubeSolo is able to consume as little as 200 MB of RAM and is rightfully called “ultra-lightweight” for this reason.

Some of the project's peculiarities:
- Using SQLite (via Kine) instead of etcd as the default storage backend;
- Replacing the Kubernetes scheduler with a custom webhook;
- Running many components inside a single process and optimising resource limits;
- Ditching the clustering support.

KubeSolo is packaged as a single binary and has minimal OS dependencies. Find more details about this new project on its GitHub repo and website.

#news

BLAFS (bloat-aware filesystem) is a new project aimed at optimising Docker container image size.

Its basic principle is to check which files in the container are actually needed by examining the file access of binaries in the layered filesystem. This approach is different from what other popular tools (such as Cimplifier and SlimToolkit) offer and allows the container size to shrink significantly.

Using BLAFS reduces the size of the Top 10 containers on Docker Hub by 65-95%. The effect for Alpine-based images is smaller, yet still noticeable (e.g., the ghost image is reduced by 27%). More details on how BLAFS works are available in this paper.

Language: Go and C++ | License: MIT | 540 ⭐️

▶️ GitHub repo
💬 Reddit discussion

#tools

Happy to present our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Crossplane v1.20.0

Last week, Crossplane (a CNCF Incubating project) announced its quarterly release, v1.20.0, with numerous new features and enhancements. The real-time compositions, which actively watch for changes to respond to them immediately, matured to Beta and became enabled by default. The ImageConfig API now supports mirroring Crossplane packages to private repositories. Some community providers, including Kubernetes and Helm, got the change logs feature, enabling these providers to log every change and the reason for it.

Function response caching is a new Alpha feature that allows to cache the responses in the function pipeline to reduce the amount of requests Crossplane sends. Another highlight in this release is including shell autocompletion for the crossplane CLI.

Other noticeable updates in the Cloud Native space:

1. vCluster, a namespace-based solution for virtual Kubernetes clusters, released its v0.25.0, featuring support for external standalone etcd, a simplified initContainer process, added validation for cert-manager, KubeVirt and External Secrets, and deprecated k0s and k3s support.

2. Kmesh, a high-performance service mesh data plane (a CNCF Sandbox project), announced its v1.1.0​​, bringing access logs and metrics for long-lived TCP connections, refactored DNS module, BPF config map optimisation, optimised kernel-native mode, and compatibility with Istio 1.25.

3. Kargo, an application lifecycle orchestration platform for Kubernetes, was updated to v1.5.0, with better Project configuration via a new namespaced CRD, enhanced conditional promotion step execution, ConfigMap access and improved Secret access in expressions, improved Workload Identity Federation support in GKE, and Bitbucket support in git-open-pr and git-wait-for-pr promotion steps.

4. Backstage, a framework for building developer portals (a CNCF Incubating project), has seen v1.39.0, accumulating 260 pull requests from 74 contributors. It got a REST API for Scheduler Service, its design system Canon updated to 0.4.0 (with a new Tab component), federated credentials for Azure DevOps integration, Valkey support for cache service, and custom AuthConnector implementations. It also removed support for several features from the old backend system and deprecated React 17.

5. CloudNativePG, a platform to run and manage PostgreSQL databases in Kubernetes (a CNCF Sandbox project), released its 1.26.0, introducing declarative offline in-place major upgrades of PostgreSQL, enhanced startup and readiness probes for replicas, declarative management of extensions and schemas, a new annotation to enable webhook validation, and integration with autoscalers like Karpenter for better node drain management.

6. Flux (a CNCF Graduated project) landed v2.6.0 just yesterday. It came with the general availability of Flux OCIRepository API to store the Kubernetes desired state in container registries, image automation digest pinning, object-level workload identities, GitHub App authentication for Git repositories, and several improvements in notifications and controllers.

#news #releases

Kaniko reached its end of life

Kaniko is a well-known tool created by Google to build container images inside a container or Kubernetes cluster. Launched in January 2018, it gained good traction in the Cloud Native community. However, it hasn’t been actively developed for the last few years. Yesterday, a PR officially archiving this project was merged, and its Git repo was archived. From now on, Kaniko will no longer be developed or maintained.

#news #tools