CNCF project velocity 2025 report

Key takeaways from the latest CNCF project velocity report:
1. Kubernetes continues to lead with the largest contributor base.
2. Backstage has more than doubled its contributions since 2024.
3. OpenTelemetry saw a 39% rise in commits and 35% rise in a contributor base.

Top 10 CNCF projects by their velocity in 2025:

1. Kubernetes
2. Cilium
3. OpenTelemetry
4. Prometheus
5. Argo
6. Meshery
7. Envoy
8. Backstage
9. Keycloak
10. Kubeflow

This GitHub repo has all the data, and here's our post on a previous velocity report published in July 2025.

#news #cncfprojects

This new UI aims to ensure “modern Kubernetes visibility” by providing comprehensive information on your cluster and its workloads, along with several management features.

Radar is a dashboard that is intended to be “blazing fast”, displays real-time information, and runs as a single binary, not requiring to be installed on a cluster. It comes with:

- General cluster overview, including the stats for existing resources, resource utilisation, and unhealthy workloads.
- Detailed interactive graphs for Kubernetes resources with their full hierarchy and an image filesystem viewer for Pods.
- Live network traffic visualisation (via Hubble or Caretta).
- Timeline of Kubernetes events and resource changes.
- Management for Helm releases and GitOps (Argo CD and Flux) resources.
- Automatic discovery of CRDs and integrations for Gateway API, Karpenter, KEDA, cert-manager, Prometheus Operator, and Trivy.
- MCP server for AI integration.

▶️ GitHub repo

Language: TypeScript, Go | License: Apache 2.0 | 863 ⭐️

#tools #gui

KCDs for 2026 H2 are announced

The list of Kubernetes Community Days (KCDs) events for the second half of 2026 is published. Here's what we can expect:

- KCD Vietnam; July; new
- KCD Melbourne, Australia; August; new
- KCD San Francisco Bay Area, USA; September; Tier 1
- KCD Washington DC, USA; September; Tier 1
- KCD Gujarat, India; September; new
- KCD Sao Paulo, Brazil; September; Tier 2
- KCD Sofia, Bulgaria; September; Tier 2
- KCD Buenos Aires, Argentina; October; Tier 1
- KCD UK; October; Tier 2
- KCD Bandung, Indonesia; October; Tier 1
- KCD Nigeria; October; Tier 1
- KCD Budapest, Hungary; November; Tier 1
- KCD Porto, Portugal; November; Tier 2
- KCD Hangzhou, China; November; Tier 1
- KCD Florida, USA; December; new
- KCD Suisse-Romade, Switzerland; December; Tier 1
- KCD Aix-en-Provence, France; December; new

First-time events imply up to 200 attendees, Tier 1 are for 350+, and Tier 2 are for up to 600. In our earlier post, you can also find the list of the ongoing KCDs for 2026 H1.

#events #news

Sharing our new digest of the prominent software updates in the Cloud Native ecosystem!

1. Kyverno, a Kubernetes-native policy engine (a CNCF Incubating project), released 1.17 that declares its CEL policy engine stable. These CEL-based policies got numerous new function libraries for YAML/JSON parsing, X509 decoding, and more. The release also introduced support for Cosign v3, and namespaced mutation and generation.

2. OpenEverest, a Cloud Native database platform, released 1.13.0, featuring a Pod Logs Viewer displaying real-time logs from database Pods directly in the UI, dynamic value injection in LoadBalancerConfig to create reusable configurations, and support for Percona XtraDB Cluster Operator v1.19.0.

3. Backstage, a framework for building developer portals (a CNCF Incubating project), reached v1.48.0, bringing experimental refresh token support, lots of updates in the new frontend system (new navigation system, home plugin, plugin titles and icons), new UI components, experimental catalog generic SCM event handling, and module federation enabled by default.

4. Crossplane (a CNCF Graduated project) made a regular quarterly release, v2.2.0. It brought a pipeline inspector (alpha), ImageConfig configuration for DeploymentRuntimeConfig used for packages, server-side apply support in the MRD controller when updating CRDs, support for composition functions to request OpenAPI schemas, and an enhanced crossplane beta trace command.

5. Dex, an OpenID Connect identity and OAuth 2.0 provider (a CNCF Sandbox project), was updated to v2.45.0, adding PKCE support in the OIDC connector, a Vault signer for JWT, and enhanced static passwords.

6. Flux (a CNCF Graduated project) released 2.8 GA, featuring Helm v4 support, faster recovery from failed deployments, CEL-based health check expressions for Helm releases, ephemeral preview environments from GitHub PRs and GitLab MRs, and support for Cosign v3.

#news #releases

Watching your Kubernetes Pods in real-time 3D space sounds like a deal for Friday, doesn’t it? 🙃

Observatory is a visualisation dashboard that makes this possible. Originally built for K3s, it works with other Kubernetes distros as well, allowing you to watch your containers like never before. What it offers:

- Displaying your Kubernetes nodes and Pods in the 3D space where you can travel;
- Showing sidecars as orbiting moons for multi-container Pods;
- Providing the current and continuously updated state of Pods (running, pending, etc.) as well as their memory and CPU usage visualised as size and colours.

▶️ GitHub repo
💬 Reddit announcement

Language: Go, TypeScript | License: GPL v3 | 28 ⭐️

#tools #gui

New Kubernetes working group: AI Gateway

The “AI Gateway” term refers to network gateway infrastructure, such as proxy servers and load balancers, that implements the Gateway API specification with enhanced capabilities for AI workloads. The newly announced AI Gateway WG will create declarative APIs, standards, and guidance for AI workload networking in Kubernetes.

P.S. This announcement came shortly after disbanding the Kubernetes WG Serving.

#news #networking #genai

AWS Load Balancer Controller now supports Gateway API

Previously, AWS Load Balancer Controller relied on Application Load Balancer and Network Load Balancer as Ingress and Service in Kubernetes environments. Now, you can also use the Gateway API.

P.S. According to this GitHub issue, Azure Kubernetes Service is also expected to introduce Gateway API support for App Routing in March. Google Cloud has been recommending using its Gateway API implementation in the GKE Gateway controller to expose apps in Kubernetes for a while.

#news #networking #aws

Interested in seeing the contents of your container images without running them? Check out this new tool.

cek (container exploration kit) is a CLI tool for exploring the OCI images filesystem. Unlike Skopeo, it works with the container itself (rather than the container registry), i.e. it can read images directly from Docker, Podman, or containerd in addition to pulling them from remote registries. cek allows you to:

- list files in your image and display the directory tree structure;
- read file contents;
- inspect image metadata;
- export images to tar files.

▶️ GitHub repo
💬 Reddit announcement

Language: Go | License: MIT | 261 ⭐️

#tools #storage

NVIDIA introduced AI Cluster Runtime (AICR)

Yesterday, the company released its recipes for GPU-accelerated Kubernetes clusters across cloud and on-premises AI factories. These recipes are “version-locked configurations for specific environments” — the combinations of drivers, runtimes, operators, kernel modules, and system settings for AI workloads that have been validated by NVIDIA. They include specific components, their versions, constraints, and the configuration values for each environment.

You can find more details in this blog post and the AICR repo on GitHub.

#news #genai

Kyverno became a CNCF Graduated project

Kyverno, a Kubernetes-native policy engine originally developed in Nirmata, has become the latest addition to the list of CNCF Graduated projects. About 6 hours ago, the CNCF Technical Oversight Committee completed the relevant voting process for this project.

Today’s Kyverno adopters include Vodafone, Deutsche Telekom, Saxo Bank, LinkedIn, Spotify, US DoD Platform One, OVHcloud, and many other well-known organisations worldwide.

#cncfprojects #news #security

The official Kubernetes image promoter was rewritten

registry.k8s.io is a production OCI registry service for Kubernetes' container image artifacts. Recently, the core system behind it was rewritten to improve performance and add new features (SLSA provenance attestation, vulnerability scanning, SBOM support), and the upgrade was performed seamlessly for users pulling container images from the registry.

Find more technical details about the issues that kpromo, the Kubernetes image promoter, had and how they were solved in this blog post.

#news

Cloud Native Rejekts live streams

KubeCon + CloudNativeCon Europe 2026 is around the corner, and today is the day of its b-side conference organised by the community, Cloud Native Rejekts. This year, it features talks in two rooms, and both of them are streamed online right now. You can watch them here:

- Cloud Native Rejekts EU 2026 Room 1
- Cloud Native Rejekts EU 2026 Room 2

The full event schedule is available here.

#events #video

Ingress2gateway 1.0

The Kubernetes SIG Network just announced the stable version of its official assistant that helps migrate from the soon-to-be-retired Ingress NGINX controller to Gateway API.

With this new release, the tool supports 30+ widely used annotations, covering headers, timeouts, redirects, rewrites, regex, CORS, backend TLS, and IP range control.

Find more details from this announcement and on GitHub.

#news #releases #networking

Here comes our latest digest of the prominent software updates in the Cloud Native ecosystem!

1. Cozystack, a PaaS platform and framework for building clouds (a CNCF Sandbox project), released v1.1 that introduced an OpenBao managed service for secret management, tiered storage pools support for SeaweedFS, a bucket user model with S3 login, and a configurable version selector for RabbitMQ instances.

2. Agentgateway, an agentic proxy for AI agents and MCP servers (a Linux Foundation project), has reached its v1.0.0, which was the first release entirely decoupled from Kgateway and highlighted the project's production readiness. This milestone also promoted the experimental XListenerSet API to the ListenerSet API, introduced the CEL 2.0 implementation, added support for Kubernetes Gateway API 1.5.0, autoscaling policies for the agentgateway controller, simplified LLM configuration, and prerouting-phase support for policies.

3. Backstage, a framework for building developer portals (a CNCF Incubating project), released v1.49.0 that introduced the v1.0 release candidate of the New Frontend System: newly created Backstage apps now use it by default. This update also brought several new additions in Backstage UI, the refactored Backstage CLI that became an extensible module system, a new auth CLI command group, a new predicate-based filtering system for the catalog entities, a new ToastApi for rich notifications, OpenAPI 3.1 support, and other new features.

4. Harbor (a CNCF Graduated project) was updated to v2.15.0, which added the tag deletion option in garbage collection, UI for upstream registry connection limit, OCI type support for JFrog registry, and several other improvements.

5. Argo CD (a CNCF Graduated project) announced its v3.4 Release Candidate, bringing pause reconciliation for a cluster, ApplicationSet cache synchronisation, glob patterns in the values files, annotation-based filtering, a new Operation Status filter, source Hydrator UI improvements, and other new features.

6. k8gb, a Cloud Native Kubernetes global balancer (a CNCF Sandbox project), released v0.19.0 with a strong focus on vendor neutrality thanks to a new vendor-neutral canonical API group and switch to new OCI registry and repository. This release also added Dynamic Zones support with the new cluster-scoped ZoneDelegation resource.

7. OpenChoreo, a developer platform for Kubernetes (a CNCF Sandbox project), released its first production-ready version, v1.0.0. It features a modular architecture, programmable control plane, Backstage-based console, and built-in observability.

#news #releases

Brief news from KubeCon EU 2026

1. This is the biggest KubeCon ever, with ~13500 attendees (up 10% from last year).
2. KubeCon Europe 2027 will be in Barcelona (Mar 15-18), KubeCon NA 2027 in New Orleans (Nov 8-11), and KubeCon Europe 2028 in Berlin (Apr 24-27).
3. New reports unveiled by the CNCF:
- CNCF Technology Radar on Workflow Orchestration, App Delivery and Security & Policy Management
- CNCF + SlashData State of Cloud Native Development Q1 2026

#events #news #reports

The kubernetes/ingress-nginx repository has finally been archived. It happened right on the KubeCon stage just a couple of hours ago.

P.S. Previously, we covered the recent ingress2gateway v1.0 release and some other related tools.

#news #networking

Notable CNCF projects’ news from KubeCon EU 2026

Red Hat donated llm-d to the CNCF Sandbox. This distributed inference serving stack optimised for Kubernetes was created a year ago, together with CoreWeave, IBM, Google, and NVIDIA.

Broadcom donated Velero to the CNCF Sandbox. This backup tool for Kubernetes was formerly known as Heptio Ark and originally created by Heptio, a startup acquired by VMware in 2018.

Tekton, a Kubernetes-native framework for creating continuous integration and delivery (CI/CD) systems, was moved from the CD Foundation to the CNCF as an Incubating project.

#news #cncfprojects

The documentary on Backstage is available

Yesterday, the latest documentary video about a CNCF project, “Backstage: From Spreadsheet to Standard”, landed on YouTube. It happened shortly after its premiere at KubeCon EU 2026.

In 32 minutes, this video tells the story of Backstage, from its origins at Spotify to modern days. It features the interviews with Spotify employees and Backstage maintainers, including Pia Nilsson, Dave Zolotusky, Petter Måhlén, Tyson Singer, Jimmy Mårdel, Fredrik Adelöw, Ben Lambert, and others.

P.S. Previously, the following documentaries were released:

- “Kubernetes: The Documentary”: Part 1 (24:54) and Part 2 (31:18)
- “Prometheus: The Documentary” (27:00)
- “Inside Envoy: The Proxy for the Future” (31:49)
- “Inside Argo: Automating the Future” (32:15)
- “The Making of Flux”: The Origin (22:21), The Rewrite (44:57), The Scale (23:09), The Future (26:52).

#video #cncfprojects

Homelabs are a fun way for engineers to learn, experiment, and innovate. Sharing such setups can bring even more benefits to a wider community! Here’s one of such repos you can try this weekend ;)

Homernetes is a Kubernetes cluster for a homelab based on Talos and Proxmox. It features an automated 8-step bootstrap to provision a cluster on bare metal using Terraform. What else does it have?

- GitOps-driven approach based on Argo CD;
- Preloaded randomly-generated passwords/secrets for all services with Vault;
- Networking with encryption and observability based on Cilium;
- Metrics and logs based on Prometheus, Grafana, and Loki;
- cert-manager to handle certificates, Harbor as container registry, CNPG with PostgreSQL used for internal services, and more.

▶️ GitHub repo
💬 Reddit announcement

License: GPL 3.0 | 142 ⭐️

#tools #IaC #gitops

We’re back online after a short break, and here comes our latest selection of interesting Kubernetes-related articles recently spotted online:

1. "Making Harbor production-ready: Essential considerations for deployment" by Dhruv Tyagi and Daniel Jiang, Broadcom.

While deploying Harbor is straightforward, making it production-ready requires careful consideration of several key aspects. This blog outlines critical factors to ensure your Harbor instance is robust, secure, and scalable for production environments.

2. "Kubernetes Strategic Merge Patch" by Brian Grant, ConfigHub.

If you’ve used Kubernetes kubectl apply, server-side apply, or kustomize, then you may have encountered the “strategic merge patch” feature. “Strategic merge patch” is a mouthful. What does it mean? In what sense is it “strategic”? Why does it exist?

3. "Containers Are Not Automatically Secure" by Luca Cavallin.

Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That's one of the things I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.

4. "How Reddit Migrated Petabyte-Scale Kafka from EC2 to Kubernetes" by Alex Xu.

The Reddit Engineering Team completed one of the most demanding infrastructure migrations in the company’s history. It moved its entire Apache Kafka fleet, comprising over 500 brokers and more than a petabyte of live data, from Amazon EC2 virtual machines onto Kubernetes. The migration was done with zero downtime and without asking a single client application to change how it connected to Kafka. In this article, we will look at the breakdown of this migration, the challenges the engineering team faced, and how they achieved their goal of a successful migration.

5. "Running Agents on Kubernetes with Agent Sandbox" by Janet Kuo and Justin Santa Barbara.

[..] as AI evolves from short-lived inference requests to long-running, autonomous agents, we are seeing the emergence of a new operational pattern. AI agents, by contrast, are typically isolated, stateful, singleton workloads. [..] SIG Apps is developing agent-sandbox. The project introduces a declarative, standardized API specifically tailored for singleton, stateful workloads like AI agent runtimes.

6. "A one-line Kubernetes fix that saved 600 hours a year" by Braxton Schafer, Cloudflare.

Every time we restarted Atlantis, the tool we use to plan and apply Terraform changes, we’d be stuck for 30 minutes waiting for it to come back up. No plans, no applies, no infrastructure changes for any repository managed by Atlantis. With roughly 100 restarts a month for credential rotations and onboarding, that added up to over 50 hours of blocked engineering time every month, and paged the on-call engineer every time. This was ultimately caused by a safe default in Kubernetes that had silently become a bottleneck as the persistent volume used by Atlantis grew to millions of files. Here’s how we tracked it down and fixed it with a one-line change.

#articles

Kubernetes v1.36 will be released in two weeks. The docs freeze for the related 65 KEPs came into effect less than 30 minutes ago. What are those new features? Learn from:

- “Kubernetes 1.36: Deep dive into new alpha features” (published yesterday by Palark) that covers 20 new features introduced in v1.36.
- “Kubernetes 1.36 – What you need to know” (published by Cloudsmith a month ago).
- The official “Kubernetes v1.36 Sneak Peek” that features biggest deprecations and enhancements.
- The formal “Kubernetes v1.36 Release Information” page with the release schedule and other helpful links.

#articles #releases