New Bitnami catalog limitations

The newly announced changes to the Bitnami public catalog of Helm charts and images continue its evolution of becoming more commercial. The authors state that starting August 28th, 2025, “Bitnami will continue to offer a limited subset of free, latest-version images intended for development use.”

Other users — e.g. those who need support for security updates, specific versions of an application, etc. — will need to subscribe to the commercial Bitnami Secure Images offering for that.

#news

The latest CNCF projects' velocity report was published. It names the following projects as the most actively developed (out of 231 hosted in CNCF) during the last year (from July 1st, 2024, to July 1st, 2025):

1. Kubernetes
2. OpenTelemetry
3. Prometheus
4. Argo
5. Backstage
6. Meshery
7. Cilium
8. Envoy
9. gRPC
10. Keycloak

If we compare it with the previous Top 10 for this period (July 1st, 2023, to July 1st, 2024), the most significant difference is:
- Meshery: 11th (a year ago) → 6th place (now);
- Istio: 9th → 15th;
- Prometheus: 5th → 3th.

Other prominent changes in Top 100 include:
- Podman Container Tools debuting at 18th place and CloudNativePG at 29th;
- OpenFGA: 34th → 21st;
- Headlamp: 99th → 50th;
- Buildpacks: 41st → 60th.

You can find all the latest stats on CNCF projects (contributors, commits, PRs, issues, etc.) in this public spreadsheet.

#news #cncfprojects

Open Source Summit is a big offline event organised by The Linux Foundation for everyone involved in Open Source, featuring Cloud & Containers as one of its tracks. Till the end of this year, we can expect four such events around the world, including three of them in Asia(!):

- Open Source Summit India @ Aug 5, Hyderabad;
- Open Source Summit Europe @ Aug 25–27, Amsterdam;
- Open Source Summit Korea @ Nov 4–5, Seoul;
- Open Source Summit Japan @ Dec 8–10, Tokyo.

#events

The next Kubernetes release, 1.34, is scheduled for 27th August. The earliest article covering the upcoming changes was just published on the project’s blog. Its feature highlights include:

- An alpha version of KYAML, a new YAML subset that was designed for Kubernetes and aims to be a safer and less ambiguous;
- Improved tracing for kubelet and API Server;
- Structured parameters for Dynamic Resource Allocation (DRA) becoming stable;
- ServiceAccount tokens for image pull authentication moving to beta;
- PreferSameZone and PreferSameNode traffic distribution for Services moving to beta.

UPD: Even better (more detailed) overview of new K8s v1.34 features can be found in this excellent article by Nigel Douglas from Cloudsmith.

#news #releases #articles

Cloud Native Summit Munich 2025 (ex-KCD Munich) happened last week, and all its talks are now available on YouTube. This playlist features 38 videos, and here you can find the full schedule of the 2-day conference, which includes descriptions for all of these talks.

#events #video

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "How I Survived the Great Kubernetes Exodus: Migrating EKS Cluster from v1.26 to v1.33 on AWS" by Ukeme David Eseme.

So when it was time to migrate a clients 3-4 years old Amazon EKS cluster from v1.26 to v1.33, I knew it wouldn’t just be a version bump—it would be a battlefield. This cluster wasn't just any cluster—it was a complex ecosystem running critical healthcare applications with: 46 Custom Resource Definitions (CRDs) across multiple systems, 7 production domains with SSL certificates, Critical data in PostgreSQL databases, Zero downtime tolerance for production services, Complex networking with Istio service mesh, Monitoring stack with Prometheus and Grafana…

2. "Debugging the One-in-a-Million Failure: Migrating Pinterest’s Search Infrastructure to Kubernetes" by Samson Hu, Shashank Tavildar, Eric Kalkanger, and Hunter Gatewood (Pinterest).

While migrating Pinterest’s search infrastructure — which powers core experiences for millions of users monthly — to Kubernetes, we faced a challenge in the new environment: one in every million search requests took 100x longer than usual. This post chronicles our investigation, uncovering an elusive interaction between our memory-intensive search system and a seemingly innocent monitoring process. The journey involves profiling search systems, debugging performance issues, Linux kernel features, and memory management.

3. "How we tracked down a Go 1.24 memory regression across hundreds of pods" by Nayef Ghattas, Datadog.

Our story begins while the new version was being rolled out internally. Shortly after deploying it to one of our data-processing services, we noticed an unexpected memory usage increase. We observed the same pattern, a ~20% increase in memory usage, across multiple environments before pausing the rollout. To confirm our suspicions, we conducted a bisect in the staging environment, which pointed directly to the Go 1.24 upgrade as the culprit.

4. "Production-Grade Pain: Lessons From Scaling Kubernetes on EKS" by Aditya Chowdhry, Probo.

Using AWS’s managed Kubernetes offering (EKS) initially simplified our infrastructure management, but as our application grew in scale and complexity, we faced several unexpected challenges in Scaling (Cluster Autoscaler Wasn’t Enough), Networking (Ingress Wars: AWS ALB vs. NGINX), and Application Behavior (Pod Sizing Matters; Graceful Termination; HPA Tuning).

5. "Kubernetes Monitoring — A Complete Solution, Part 8: Logging with VictoriaLogs" by Ryan Jacobs.

Part 8 in a series of posts where we’ll stand up an entire monitoring stack on my home Talos Linux cluster. [..] VictoriaLogs, which is made by the same team as VictoriaMetrics, only stores its data in a local directory, which can be backed by whatever your CSI provides in Kubernetes, and even plays well with NFS just like VM does.

6. "K8sGPT for Kubernetes troubleshooting: How AI helps in different cases" by Evgeny Torin, Palark.

In this article, I will explain what K8sGPT is, how to install it and connect to AI, and which features it offers. I will also share some examples of the output you can expect from this tool and what diagnostics it can perform. Throughout the preparation of this overview, I tested different AI integrations available as well as a number of models (including a local one). All of my examples will be backed up by commands and detailed logs.

#articles

KubeSphere is not Open Source anymore

KubeSphere is a well-known Kubernetes platform originating from China (created in QingCloud), boasting more than 12k GitHub stars. It also gave a start to a few CNCF projects, such as OpenFunction (currently in the Sandbox) and OpenELB (Archived).

Yesterday, a GitHub issue acknowledging this project is not Open Source was raised. Downloading the Open Source version of KubeSphere or even viewing its documentation became unavailable. It turned out that a commit changing the original project’s license (Apache 2) to the so-called “KubeSphere Open Source License” was made almost a year ago, in September 2024. This new license wasn’t Open Source since it enforced several limitations on the users, such as commercial use or offering SaaS.

Today, Ray Xiaosi ZHOU, the founding member of KubeSphere who just left QingCloud, stated:

This project carries countless late nights and relentless effort from our team. Seeing its reputation affected feels like a blow to everyone who once fought for its success. I understand the company’s reasoning. In recent years, repeated violations of the open-source license—by third parties repackaging and monetizing the project—have caused tangible impact on QingCloud’s interests. While the source code remains available under open-source norms, discontinuing the out-of-the-box distributions is, in my view, a challenging adjustment for today’s collaborative open-source ecosystem.

#news

Reddit released ProgressiveDaemonSet for Kubernetes

ProgressiveDaemonSet is a Kubernetes controller and webhook implementation for safe, staged rollouts of DaemonSets. It adds automatic rate-limiting with Pod Scheduling Gates (configurable via annotations) and exposes Prometheus metrics to watch progress in real time.

This project emerged as a solution to the incident that brought half of Reddit offline in November 2024. It was caused by a kube-apiserver memory storm triggered by a one-line DaemonSet rollout. This post shares more details on the reasoning behind ProgressiveDaemonSet and its current implementation. The project is Open Source and available on GitHub.

#tools #news

CNOE AWS reference implementation

CNOE (Cloud Native Operational Excellence) is an Open Source organisation that focuses on building Kubernetes-based Internal Developer Platforms (IDPs) for enterprises. IDP Builder for spinning up a complete IDP featuring Docker as the only dependency is the most well-known project by CNOE.

Last week, the organisation published a GitHub repo with its AWS reference IDP implementation. It aims to create a production-ready IDP on EKS based on Crossplane, Backstage, Argo CD, Argo Workflows, Keycloak, and other Open Source tools.

UPD: In this YouTube video, Miguel Fontanilla, Platform Engineering Lead at Sennder, demonstrates the CNOE AWS IDP.

#news #tools #AWS

This summer, CNCF turns 10! (Here’s the original announcement of this organisation formation back in 2015.)

You can celebrate this anniversary by evaluating your contribution stats and seeing your first contribution in the CNCF-related GitHub repositories. Use CNCF ContribCard for that by typing your GitHub user here.

Following Daniel Krook, Senior Director of Developer Experience at CNCF, the community shares their contributor cards on social media (LinkedIn, Bluesky, etc.) using the #cTENcf hashtag now — feel free to join!

#news

Delighted to present another digest of the prominent software updates in the Cloud Native ecosystem!

1. Freelens, a community-driven fork of Lens, an IDE for Kubernetes, was updated to v1.5.0. It now displays ephemeral containers in Pods views and menus, metrics from metrics-server if there’s no Prometheus, more details for Services, and better renders boolean values.

2. k8gb, a Kubernetes global balancer (a CNCF Sandbox project), reached v0.15.0, introducing multi-zone DNS support, reverse proxy support, VPA (Vertical Pod Autoscaling) integration, and an official SLSA generator.

3. mariadb-operator 25.08.1 was released with numerous new features. They include a new PhysicalBackup CR for managing backups at the physical level based on mariadb-backup CLI or VolumeSnapshots, support for MariaDB 11.8 and VECTOR data type, and a new Helm chart for deploying MariaDB clusters.

4. Kyverno, a Kubernetes-native policy engine (a CNCF Incubating project), announced its 1.15 with several new capabilities. New policy types are MutatingPolicy (for dynamic resource transformation) and GeneratingPolicy (for resource creation and synchronization using CEL). It also got a new DeletingPolicy resource for controlled resources cleanup, new OpenReports API group support, and performance improvements.

5. kube-vip, a Kubernetes virtual IP and load balancer for control plane and K8s Services, has made it to v1.0. This significant milestone for the project came with a few new features, such as internal egress functionality and Zebra/Quagga integration.

6. Cilium, a networking, observability, and security solution (a CNCF Graduated project), released 1.18.0 with lots of new features. Some of them include support for new virtual network device configurations (VXLAN in IPsec and IPIP tunnels), multigateway support in Egress Gateway, ingress rate limiting in the bandwidth manager, ConfigMap synchronization, Multi-Pool IPAM with KVStore and IPSec, BGP route aggregation in the control plane, multiple HTTPRoutes in GAMMA reconciler, and much more.

7. Sveltos, a Kubernetes add-on controller, has reached its v1.0.0. This release introduces a pull mode that eliminates the need for managed clusters to be accessible from the management cluster.

#news #releases

External Secrets Operator paused releases and needs maintainers

ESO is a Kubernetes operator that integrates external secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.) to read information from external APIs and automatically inject the values into a Kubernetes Secret. It’s been a CNCF Sandbox project since July 2022.

Yesterday, its maintainer, Gustavo Fernandes de Carvalho, announced that, due to the project's unhealthy status (lack of long-term maintainers), there won’t be new External Secrets Operator releases until more volunteers join the project. This news caught a lot of attention in the Cloud Native community, and hopefully, the situation might improve. Feel free to join this effort:

- GitHub issue
- Reddit discussion

#news #cncfprojects

Launched in November 2024, the GitHub Secure Open Source Fund aims to secure the supply chain at scale. This Fund conducted two educational, collaborative sessions on security, bringing together 125 maintainers from 71 Open Source projects. They remediated 1100+ vulnerabilities, issued 50+ new CVEs, revealed 176 leaked secrets, and prevented 92 new secrets from being leaked.

Those sessions covered such Open Source projects as Flux, bootc, nixpkgs, Oh My Zsh, Ollama, and many more. The next session is scheduled for September. Find more details in this blog post.

#news #security #GitHub

Here goes our latest bunch of interesting Kubernetes-related articles recently spotted online:

1. "Kubernetes 1.34: Deep dive into new alpha features" by Kirill Kononovich, Palark.

Kubernetes 1.34’s anticipated release is coming on August 27th. With that around the corner, we’ve prepared a comprehensive run-through of the fascinating 13 alpha features in this release, examining each of them in detail. From asynchronous API calls and granular container restart rules to native Pod certificates and the new KYAML format, let’s dive into the exciting updates the upcoming K8s version has in store!

2. "My process to debug DNS timeouts in a large EKS cluster" by Jack Lindamood, Anthropic.

We run a very large AWS EKS cluster with lots of interesting challenges. This post is about a recent investigation into DNS resolution failures that we were able to root cause to an Elastic Network Interface (ENI) packets per second (PPS) limit and a further root cause of the combination of sudo defaults and ndots in our cluster DNS.

3. "Seamless Istio Upgrades at Scale" by Rushy R. Panchal, Airbnb.

Airbnb has been running Istio at scale since 2019. We support workloads running on both Kubernetes and virtual machines (using Istio’s mesh expansion). Across these two environments, we run tens of thousands of pods, dozens of Kubernetes clusters, and thousands of VMs. [..] Istio is a foundational piece of our architecture, which makes ongoing maintenance and upgrades a challenge. Despite that, we have upgraded Istio a total of 14 times. This blog post will explore how the Service Mesh team at Airbnb safely upgrades Istio while maintaining high availability.

4. "The Simplest GitOps Implementation That Actually Works" by Gabriel Garrido.

In this article we will strip GitOps down to its bare essentials and build the simplest implementation that actually works. No fancy operators, minimal tooling - just Git, GitHub Actions, and a sprinkle of automation magic. [..] For the deployment part, I’m using ArgoCD to watch the manifests repository and sync changes to the cluster, but you could just as easily apply the manifests manually or use a simple CronJob. The beauty is in the simplicity of the pipeline itself.

5. "From Linux Primitives to Kubernetes Security Contexts" by Dave Altena, LearnKube.

The Kubernetes API offers several ways to restrict container privileges using the Security Context. [..] Many teams discover these controls only after a security audit or scanner flags a running container. The next steps are usually reactively patching the config, suppressing the warning and moving on. Before we get into Kubernetes SecurityContexts, we need to understand what they're actually configuring under the hood.

#articles

Unveiling another digest of the prominent software updates in the Cloud Native ecosystem!

1. Istio (a CNCF Graduated project) released 1.27. This version introduced inference extension support when using the Gateway API, multi-cluster deployments in ambient mode (in Alpha), CRL (Certificate Revocation List) support for plugged-in CAs, a new ListenerSets API, and native nftables support in sidecar mode.

2. CloudNativePG, a platform designed to manage PostgreSQL in Kubernetes (a CNCF Sandbox project), was updated to v1.27.0. This release enabled loading PostgreSQL extensions dynamically, logical decoding slot synchronisation in HA clusters, primary isolation checks in the liveness probe, quorum-based failover (experimental), and Postgres interface support in the CNPG-I (plugin interface) operator.

3. Crossplane (a CNCF Incubating project) reached its v2.0 milestone, featuring significant improvements. First of all, the project went beyond infrastructure and now lets you manage applications as well. Other changes include composite and managed resources (XRs and MRs) being namespaced by default, support for any Kubernetes resources in compositions, and a new Operation type for one-off, scheduled, and event-driven workflows.

4. Nelm, a Helm 3 alternative (part of werf, a CNCF Sandbox project), has released several versions recently, the latest one being v1.12. They brought numerous improvements, such as force adoption of the resources in the cluster, Helm charts debugging, better log control (hiding logs matching a regexp, disabling Pod log collection, log colouring in popular CI systems), masking sensitive parts of diffs, and status tracking for more popular custom resources.

5. OpenCost, a Kubernetes cost monitoring tool (a CNCF Incubating project), released v1.116.0. It added Promless configuration, diagnostics summary filter, NodeLabel filtering support to allocations, log-level information to heartbeat data, diagnostics data for the collector source in export bucket, and more new features.

6. copa, a CLI tool to directly patch container images without full rebuilds (a CNCF Sandbox project), released v0.11.0 last month (and updated to v0.11.1 last week), introducing multi-platform patching, support for the buildkit instance running on Podman and for OCI Media Types (in addition to Docker).

#news #releases

Loft Labs is now vCluster Labs

The company behind vCluster, DevSpace, DevPod and some other Cloud Native projects changed its name to be better associated with its flagship product. Here’s what its CEO, Lukas Gentele, wrote on LinkedIn:

We’re all in on vCluster: from open source innovation to enterprise-ready features supporting the largest companies on the planet. By aligning our brand with our flagship project, we’re signaling what matters most, our focus on building the best tooling for Kubernetes tenancy and infrastructure engineering.

#news

Apple hires the creators of Open Policy Agent

Open Policy Agent (OPA) is a general-purpose policy engine that became a CNCF Graduated project in 2021. Yesterday, the project announced that “the creators of Open Policy Agent (along with many team members from Styra) have joined Apple.”

Styra is the company where OPA originated, and Apple is an active user of this project. OPA serves as a key component of Apple’s authorisation infrastructure. After this transition, more OPA-related repositories owned by Styra — such as EOPA (the commercial distribution of OPA), OPA Control Plane, SDKs, and Rental linter for Rego — will be moved to the CNCF OPA GitHub organisation.

#news #cncfprojects

The community is asked to try new Kubernetes features

Tim Hockin, one of the Kubernetes original creators, in his post yesterday on Reddit, says that most K8s users don’t use new Alpha features and rarely provide feedback on the Beta features. When the features are GA, and something is wrong with them, it’s much more challenging to make the required changes. That’s why he appeals to the community:

The SINGLE MOST USEFUL thing anyone here can do for the Kubernetes project is to try out the alpha and beta features, push the limits of new APIs, try to break them, and SEND US FEEDBACK.

P.S. Kubernetes v1.34 will be released next week.

#news

Sometimes, examining custom resources in Kubernetes becomes challenging. This tool makes things much easier.

CR(D) Wizard is a UI for exploring Custom Resource Definitions (CRDs) and corresponding Custom Resources (CRs). Being available in two interfaces, a web-based UI and TUI (including a plugin for k9s), this tool:

- displays CRD’s schema as browsable documentation;
- shows information about existing CRs in the cluster;
- draws a resource relationship graph.

Language: Go and TypeScript | License: GPL 3.0 | 81 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #gui

The Kubernetes v1.34 release was announced about 10 hours ago. Its codename, Of Wind & Will (O' WaW), “honours the winds that have shaped us, and the will that propels us forward.”

As the official blog post states, “This release consists of 58 enhancements. Of those enhancements, 23 have graduated to Stable, 22 have entered Beta, and 13 have entered Alpha.”

This overview covers all new alpha features in detail.

#news #releases

Metal³ became a CNCF Incubating project

The Metal³ project (pronounced "Metal Kubed") provides a set of tools for managing bare-metal infrastructure using Kubernetes. Its operator, based on Ironic, automates the provisioning of bare-metal servers. It also offers a provider for Cluster API, enabling users to deploy Cluster API-based clusters on top of bare-metal servers.

The project was started in 2019 by Red Hat and was later joined by Ericsson. Since then, many other organisations, including Fujitsu, Ikea, and SUSE, adopted it. The project was accepted into the CNCF Sandbox in September 2020, and two weeks ago, the CNCF TOC voted for its incubation. The official announcement is available here.

#cncfprojects #news