Certified Kubernetes AI Conformance Program 1.0

KubeCon NA also marked the official launch of the Certified Kubernetes AI Platform Conformance Program v1.0 from CNCF, which defines capabilities and configurations for running AI and ML frameworks on Kubernetes and other CNCF projects. It was a community-driven initiative supported by various companies, including Google Cloud, Kubermatic, Microsoft, and Red Hat.

Currently, the following K8s distributions are certified with this program:
- Alibaba Cloud Container Service for Kubernetes
- Amazon Elastic Kubernetes Service (EKS)
- Azure Kubernetes Service (AKS)
- CCE (Cloud Container Engine) by Baidu Cloud
- CoreWeave Kubernetes Service
- DaoCloud Enterprise
- Gardener by NeoNephos Foundation
- Giant Swarm Platform
- Google Kubernetes Engine
- Kubermatic Kubernetes Platform
- Linode Kubernetes Engine (LKE) by Akamai
- OCI Kubernetes Engine (OKE) by Oracle
- OpenShift Container Platform and Red Hat OpenShift Service on AWS
- RKE2 by SUSE
- Talos Linux
- vSphere Kubernetes Service

#news #genai

Helm 4 has just been released

Less than 30 minutes ago, Helm v4.0.0 appeared on GitHub. This release, celebrated during KubeCon NA, came 6 years after Helm v3 and offers significant improvements. They include:

- Redesigned plugin system with WebAssembly-based plugins
- Post-renderers as plugins
- Server Side Apply support
- Improved resource watching based on kstatus
- Local content-based caching

Earlier today, this release was also announced on the CNCF blog, together with the 10th anniversary of Helm.

P.S. If you’re interested in seeing even more features for Helm, considering the Nelm project might be helpful, too.

#news #cncfprojects #releases

Ingress NGINX will be retired soon

Another significant announcement made during KubeCon NA involved deprecation. Kubernetes SIG Network and the Security Response Committee declared that Ingress NGINX will be retired in March 2026.

This Ingress controller was developed a long time ago as an example implementation of the API. However, its broad adoption and excess flexibility (e.g., "snippets" annotations) became “today’s insurmountable technical debt.” A recent attempt to replace it with InGate (we covered it in this post) failed, and the project became unsustainable, leading to a difficult decision to retire it.

Users are advised to migrate to Gateway API or another Ingress controller as fast as they can.

P.S. Don’t confuse Ingress NGINX with NGINX Ingress. There is a long-lasting naming confusion for these projects.

#news #networking

The announcement of the Ingress NGINX controller retirement led to wide, ongoing discussions in the Cloud Native community. Here are quotes and links to the thoughts of some well-known folks:

Tom Hockin, Kubernetes co-founder (source):

“The people who currently work on ingress-nginx do so FOR FREE. They have been doing it largely because they feel a sense of duty. They do not need to be berated. In the 2 years this has been a topic, almost nobody has stepped up to help, and there are no new maintainers in the pipeline. Shuttering this project is necessary, and IMO, a better result than pretending it is healthy when it is not.”

Benjamin Elder, Kubernetes Steering Committee (source):

“People need to understand, lots of contributors are willing to do maintenance work, but it simply isn't free, and only doing maintenance generally isn't sustainable. We all have bills to pay and careers to pursue and it's very difficult to succeed doing nothing but maintenance because everyone wants that work for free.”

William Morgan, CEO @ Buoyant (source):

“The actual problem in the CNCF community is instead one of expectations: that all these open source projects I use (on my company’s dime) to build my systems (that allow my company to make money) should be free. And always up to date. And should fix my bugs. And add new features. And somehow this should all just happen magically.”

Kat Cosgrove, Kubernetes Steering Committee (source):

“The ingress-nginx deprecation is the inevitable result of the fundamentally broken way for-profit companies consume open source software, not a reflection on the state of the CNCF or Kubernetes. It had to happen.”

External Secrets Inc. ceased to exist

The commercial company behind External Secrets Operator (a CNCF Sandbox project) announced its shutdown. On the bright side, it has released all its proprietary software as Open Source; it is now available on GitHub.

As you might recall, earlier this year recently, the ESO project itself paused releases due to a critical need for maintainers. Luckily, new people were found, and releases were revived, including the prominent v1.0.0, which was just two weeks ago.

#news

Azure released AKS desktop based on Headlamp

Yesterday, the AKS desktop application was announced. It provides a self-service UI based on Headlamp (a Kubernetes SIG UI project) for deploying and managing workloads on Azure Kubernetes Service.

Currently, v0.1.0-alpha is the only publicly available release of AKS desktop. It supports Azure RBAC and allows you to:

- Create and use AKS cluster projects;
- Visualise the Kubernetes resources in your project;
- Deploy applications and configure their scaling via HPA or manual settings;
- View metrics and logs.

Language: TypeScript | License: Apache 2.0 | 12 ⭐️

▶️ GitHub repo
📣 Project announcement

#tools #gui #Azure #news

Videos from KubeCon + CloudNativeCon North America 2025 are now available

You can find 348 videos from the recent event in this YouTube playlist. They include daily highlights, keynotes, regular and lightning talks. The full schedule is available here.

As for the co-located events during KubeCon NA 2025, their recordings are also published:
- Maintainer Summit (21 videos)
- FluxCon (10)
- Kubernetes on Edge Day (10)
- Cloud Native University (9)
- OpenFeature Summit (9)
- Open Source SecurityCon (35)
- CiliumCon (9)
- EnvoyCon (9)
- OpenTofu Day (11)
- Observability Day (29)
- Kubeflow Summit (7)
- Data on Kubernetes Day (8)
- ArgoCon (31)
- Cloud Native & Kubernetes AI Day (19)
- BackstageCon (15)
- Istio Day (9)
- Platform Engineering Day (29)
- KyvernoCon (8)
- WasmCon (10)

#events #video

Some engineers dare to admit they are lazy. Here’s why we have lazygit, lazydocker, and now this new tool…

LazyHelm is a terminal UI inspired by other lazy* projects and obviously focused on Helm. It allows you to:

- Navigate through Helm repos and find new charts at Artifact Hub;
- View the charts, modify the values, see the diff between chart versions;
- View all currently deployed Helm releases and filter them, view their details, revision history, and historical values;
- Search through Helm repos, charts, and values.

Language: Go | License: Apache 2.0 | 29 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #CLI

This project has been around for a while, but it is especially useful now, given the upcoming retirement of the Ingress NGINX controller.

Ingress2gateway is part of the Gateway API SIG-Network subproject, focusing on translating Ingress and provider-specific CRDs to Gateway API resources. It supports Ingress NGINX and several other providers (including Apache APISIX, Cilium, Istio, GCE, Kong, NGINX Ingress, and OpenAPI).

However, it’s essential to note that it doesn’t support all the annotations available. The list of those supported for Ingress NGINX is available here.

▶️ GitHub repo

Language: Go | License: Apache 2.0 | 643 ⭐️

#tools #networking

Which Kubernetes versions are currently in use?

Here’s a chart from Datadog showing the Kubernetes versions their users are running on October 1, 2025. According to this data, 78% of users run K8s v1.31-1.34.

#news

It's time to share our latest digest of the prominent software updates in the Cloud Native ecosystem!

1. Gateway API, a part of the Kubernetes SIG Network, reached its 1.4. It declared a few features, including supportedFeatures in the GatewayClass status and named rules for Routes, GA. It also introduced three experimental features, such as a mesh resource for service mesh configuration, default gateways, and externalAuth filter for HTTPRoute.

2. Istio (a CNCF Graduated project) 1.28 introduced the InferencePool v1 API to improve managing and routing AI inference workloads, native nftables support in the ambient mode, better ambient multicluster deployments, enhanced security features, and more.

3. Kustomize, which is also developed in a Kubernetes SIG, released v5.8.0. This version enabled replacements and patch values in the structured data and regex support for replacement selectors.

4. Spin, a framework for building and running cloud microservices with WebAssembly (a CNCF Sandbox project), was updated to v3.5 with WASI Preview 3 support. Other changes include a new Spin Rust SDK, configurable static HTTP responses, and OpenAI integration support.

5. Kueue, a set of APIs and a controller for job queueing in Kubernetes, got lots of new features in v0.15.0. They include a new experimental kueue-populator to create default resources, admission checks to control the delay by external and internal controllers, an optional interface for custom Jobs to activate and deactivate them, TAS support for the Kubeflow Trainer integration, numerous improvements in MultiKueue, and many more.

6. KubeVirt, a virtual machine management add-on for Kubernetes (a CNCF Incubating project), released v1.7.0. It introduced decentralised live migration, support for DRA devices in VMI, generalised migration priority, support for auto-healing strategy in VMPool, and experimental support for AMD SEV-SNP and Intel TDX.

7. Freelens, a GUI for managing Kubernetes clusters, was updated to v1.7.0, featuring an improved YAML editor, Pod-level resource aggregation, Windows Portable distribution, and better extension API.

#news #releases

Kubernetes Spec Explorer is an online resource that helps you find the official built-in documentation for all the Kubernetes resources and their properties.

- All the information it provides is automatically generated based on the OpenAPI specification.
- The data is available for any chosen Kubernetes release, from v1.11 to v1.35, and the differences introduced for the resource in each subsequent release are displayed.
- Each Kubernetes resource comes with examples of how it might look.
- CRDs of some other popular Cloud Native tools, such as Argo, Cilium, CloudNativePG, Gateway API, Istio, and Kyverno, are also covered.

#tools

Here come some of the interesting Kubernetes-related articles recently spotted online:

1. "How Airbnb Runs Distributed Databases on Kubernetes at Scale" by ByteByteGo.

Instead of limiting a database cluster to one Kubernetes environment, they chose to deploy distributed database clusters across multiple Kubernetes clusters, each one mapped to a different AWS Availability Zone. This is not a common design pattern. Most companies avoid it because of the added complexity. But Airbnb’s engineers saw it as the best way to ensure reliability, reduce the impact of failures, and keep operations smooth.

2. "Kubernetes Configuration Good Practices" by Kirti Goyal, Kubernetes blog.

This blog brings together tried-and-tested configuration best practices. The small habits that make your Kubernetes setup clean, consistent and easier to manage. Whether you are just starting out or already deploying apps daily, these are the little things that keep your cluster stable and your future self sane.

3. "How Google Does It: Building the largest known Kubernetes cluster, with 130,000 nodes" by Besher Massri and Maciek Różacki, Google.

At Google Cloud, we’re constantly pushing the scalability of Google Kubernetes Engine (GKE) so that it can keep up with increasingly demanding workloads — especially AI. GKE already supports massive 65,000-node clusters, and at KubeCon, we shared that we successfully ran a 130,000-node cluster in experimental mode — twice the number of nodes compared to the officially supported and tested limit. [..] In this blog, we take a look at the trends driving demand for these kinds of mega-clusters, and do a deep dive on the architectural innovations we implemented to make this extreme scalability a reality.

4. "93% Faster Next.js in (your) Kubernetes" by Matteo Collina, Platformatic.

We'll start by examining the complications of running this powerful framework in your own environment, and get under the hood (and I mean, down to the kernel) about why they happen. Then, we'll walk you through the approach we took with Watt to solve them, and what it means for you if you happen to run Next.js on any other Node.js CPU-bound workload on-prem.

5. "OpenPERouter -- Bringing EVPN to Kubernetes" by Mengxin Liu.

Recently, while researching EVPN as a multi-tenancy solution for physical networks, I discovered the open-source project OpenPERouter. It introduces the concept of EVPN into container networking, providing a new approach to achieving multi-tenancy in Kubernetes. This solution not only unifies software and hardware network architectures but also offers some compatibility with existing CNIs like Calico, which advertise routes via BGP.

6. "Kubernetes 1.35: Deep dive into new alpha features" by Kirill Kononovich, Palark.

The Kubernetes 1.35 release, scheduled for December 17th, has gift-wrapped a variety of experimental improvements designed to enhance infrastructure flexibility and security. In this overview, we focus on its Alpha features extending across a broad spectrum of tasks: from watch-based route controller reconciliation and the long-awaited Gang Scheduling for AI/ML workloads to the secrets field for passing Service Account tokens, mutable volume attach limits, and proxying API server requests to fix version skew.

7. "Kubernetes 1.35 - New security features" by Víctor Jiménez Cerrada, Sysdig.

Kubernetes 1.35 will be released soon, bringing 17 changes to its security features. It includes new validations, the deprecation of old technologies, and broader support for user namespaces, to name a few.

#articles

Ingress NGINX retirement: helpful tools and resources

Tools and repos:
1. Ingress2gateway (we described it here before)
2. Gateway API Benchmarks lists and compares existing Gateway API implementations
3. Ingress Migration Kit is a new tool that generates Gateway API migration plans

Related posts and other activities from vendors, projects, and community:
1. Clarifications from a Gateway API maintainer
2. NGINX Inc (F5): blog post; live AMA with the NGINX team (December 10th and 11th); migration experience from a user
3. Isovalent / Cilium: blog post; migration experience from a user
4. Traefik: blog post; Ingress NGINX Migration tool from the company
5. HAProxy: blog post; migration assistance from the company
6. SUSE: blog post

#articles #tools #networking

No matter how tired you are from seeing all those Kubernetes dashboards. It’s Friday, so why not share yet another GUI… especially since it’s pretty neat! 🤪

Kite is a new Kubernetes dashboard, featuring a modern, responsive UI. While its initial public release happened less than 4 months ago, it already offers a lot for Kubernetes administrators:

- Complete resource management for all popular resources (from Pods to PVCs) and CRDs, including built-in editor (Monaco) for YAML manifests and resource relationships visualisation;
- Multi-cluster management with fine-grained permissions and automatic cluster discovery based on kubeconfig entries;
- RBAC and user management, OAuth integration;
- Powerful observability capabilities, including a general cluster overview, detailed Pod and Node monitoring, real-time metrics, and live logs streaming with filtering and search;
- An ability to execute commands directly in Pods or Nodes.

▶️ GitHub repo
💬 Reddit announcement

Language: TypeScript, Go | License: Apache 2.0 | 1802 ⭐️

#tools #gui

Kubernetes 1.35 has been released. It is codenamed Timbernetes and comes with 60 enhancements: 17 stable, 19 beta, and 22 alpha features.

- Official announcement in the blog
- Overview of newly introduced alpha features

#releases #news

Looking for a way to simplify deploying LLMs on Kubernetes? This project provides everything you might need.

llmaz is an inference platform that integrates various Open Source projects for running LLMs. It supports:

- Different inference backends: vLLM, llama.cpp, Ollama, Text-Generation-Inference, SGLang, and TensorRT-LLM.
- Different model providers: HuggingFace, ModelScope, and ObjectStores.
- Chatbot interface based on Open WebUI.
- Heterogeneous devices.
- Distributed inference via multi-host and homogeneous xPyD support with LeaderWorkerSet.
- Envoy AI Gateway for token-based rate limiting, model routing, and more.
- Horizontal Pod scaling (HPA) and node autoscaling (Karpenter).

▶️ GitHub repo

Language: Go | License: Apache 2.0 | 278 ⭐️

#tools #genai

If you’re not overwhelmed yet with your work after a holiday break… or if you’re just into having some educational and practical fun with Kubernetes, don’t miss this project!

K8sQuest is a new gamified training platform for K8s, where you need to troubleshoot and fix various issues using a GUI terminal featuring arcade game styling. Importantly, it can be self-hosted locally. The project comes with:

- 50 challenges, 5 categories, 3 difficulty levels;
- different K8s topics covered, including basics, scaling, networking, storage, and security;
- progressive hints and step-by-step guides, points for completed challenges, and progress auto-saving.

▶️ GitHub repo
💬 Reddit announcement

Language: Shell, Python | License: Apache 2.0 | 326 ⭐️

#tools #fun #career

Kubernetes Dashboard is getting archived

Yesterday, the Kubernetes Dashboard maintainers announced that the “project will be archived and sunset in the coming days/weeks.” It has been developed in the Kubernetes SIG UI but lacked active contributors and maintainers for a while.

The authors recommend Headlamp as an alternative to Kubernetes Dashboard, since it became a Kubernetes SIG UI project last year.

#news #gui

Percona Everest becomes OpenEverest

Percona Everest is a Cloud Native database platform that helps operating PostgreSQL, MongoDB, and MySQL databases in Kubernetes environments. Originating as a vendor-owned solution, it has now evolved into an independent Open Source project called OpenEverest. Percona has also formed a subsidiary, Solanica, that is fully focused on developing OpenEverest. The authors plan to donate OpenEverest to CNCF soon.

#news #databases