Kubernetes Spec Explorer is an online resource that helps you find the official built-in documentation for all the Kubernetes resources and their properties.

- All the information it provides is automatically generated based on the OpenAPI specification.
- The data is available for any chosen Kubernetes release, from v1.11 to v1.35, and the differences introduced for the resource in each subsequent release are displayed.
- Each Kubernetes resource comes with examples of how it might look.
- CRDs of some other popular Cloud Native tools, such as Argo, Cilium, CloudNativePG, Gateway API, Istio, and Kyverno, are also covered.

#tools

Here come some of the interesting Kubernetes-related articles recently spotted online:

1. "How Airbnb Runs Distributed Databases on Kubernetes at Scale" by ByteByteGo.

Instead of limiting a database cluster to one Kubernetes environment, they chose to deploy distributed database clusters across multiple Kubernetes clusters, each one mapped to a different AWS Availability Zone. This is not a common design pattern. Most companies avoid it because of the added complexity. But Airbnb’s engineers saw it as the best way to ensure reliability, reduce the impact of failures, and keep operations smooth.

2. "Kubernetes Configuration Good Practices" by Kirti Goyal, Kubernetes blog.

This blog brings together tried-and-tested configuration best practices. The small habits that make your Kubernetes setup clean, consistent and easier to manage. Whether you are just starting out or already deploying apps daily, these are the little things that keep your cluster stable and your future self sane.

3. "How Google Does It: Building the largest known Kubernetes cluster, with 130,000 nodes" by Besher Massri and Maciek Różacki, Google.

At Google Cloud, we’re constantly pushing the scalability of Google Kubernetes Engine (GKE) so that it can keep up with increasingly demanding workloads — especially AI. GKE already supports massive 65,000-node clusters, and at KubeCon, we shared that we successfully ran a 130,000-node cluster in experimental mode — twice the number of nodes compared to the officially supported and tested limit. [..] In this blog, we take a look at the trends driving demand for these kinds of mega-clusters, and do a deep dive on the architectural innovations we implemented to make this extreme scalability a reality.

4. "93% Faster Next.js in (your) Kubernetes" by Matteo Collina, Platformatic.

We'll start by examining the complications of running this powerful framework in your own environment, and get under the hood (and I mean, down to the kernel) about why they happen. Then, we'll walk you through the approach we took with Watt to solve them, and what it means for you if you happen to run Next.js on any other Node.js CPU-bound workload on-prem.

5. "OpenPERouter -- Bringing EVPN to Kubernetes" by Mengxin Liu.

Recently, while researching EVPN as a multi-tenancy solution for physical networks, I discovered the open-source project OpenPERouter. It introduces the concept of EVPN into container networking, providing a new approach to achieving multi-tenancy in Kubernetes. This solution not only unifies software and hardware network architectures but also offers some compatibility with existing CNIs like Calico, which advertise routes via BGP.

6. "Kubernetes 1.35: Deep dive into new alpha features" by Kirill Kononovich, Palark.

The Kubernetes 1.35 release, scheduled for December 17th, has gift-wrapped a variety of experimental improvements designed to enhance infrastructure flexibility and security. In this overview, we focus on its Alpha features extending across a broad spectrum of tasks: from watch-based route controller reconciliation and the long-awaited Gang Scheduling for AI/ML workloads to the secrets field for passing Service Account tokens, mutable volume attach limits, and proxying API server requests to fix version skew.

7. "Kubernetes 1.35 - New security features" by Víctor Jiménez Cerrada, Sysdig.

Kubernetes 1.35 will be released soon, bringing 17 changes to its security features. It includes new validations, the deprecation of old technologies, and broader support for user namespaces, to name a few.

#articles

Ingress NGINX retirement: helpful tools and resources

Tools and repos:
1. Ingress2gateway (we described it here before)
2. Gateway API Benchmarks lists and compares existing Gateway API implementations
3. Ingress Migration Kit is a new tool that generates Gateway API migration plans

Related posts and other activities from vendors, projects, and community:
1. Clarifications from a Gateway API maintainer
2. NGINX Inc (F5): blog post; live AMA with the NGINX team (December 10th and 11th); migration experience from a user
3. Isovalent / Cilium: blog post; migration experience from a user
4. Traefik: blog post; Ingress NGINX Migration tool from the company
5. HAProxy: blog post; migration assistance from the company
6. SUSE: blog post

#articles #tools #networking

No matter how tired you are from seeing all those Kubernetes dashboards. It’s Friday, so why not share yet another GUI… especially since it’s pretty neat! 🤪

Kite is a new Kubernetes dashboard, featuring a modern, responsive UI. While its initial public release happened less than 4 months ago, it already offers a lot for Kubernetes administrators:

- Complete resource management for all popular resources (from Pods to PVCs) and CRDs, including built-in editor (Monaco) for YAML manifests and resource relationships visualisation;
- Multi-cluster management with fine-grained permissions and automatic cluster discovery based on kubeconfig entries;
- RBAC and user management, OAuth integration;
- Powerful observability capabilities, including a general cluster overview, detailed Pod and Node monitoring, real-time metrics, and live logs streaming with filtering and search;
- An ability to execute commands directly in Pods or Nodes.

▶️ GitHub repo
💬 Reddit announcement

Language: TypeScript, Go | License: Apache 2.0 | 1802 ⭐️

#tools #gui

Kubernetes 1.35 has been released. It is codenamed Timbernetes and comes with 60 enhancements: 17 stable, 19 beta, and 22 alpha features.

- Official announcement in the blog
- Overview of newly introduced alpha features

#releases #news

Looking for a way to simplify deploying LLMs on Kubernetes? This project provides everything you might need.

llmaz is an inference platform that integrates various Open Source projects for running LLMs. It supports:

- Different inference backends: vLLM, llama.cpp, Ollama, Text-Generation-Inference, SGLang, and TensorRT-LLM.
- Different model providers: HuggingFace, ModelScope, and ObjectStores.
- Chatbot interface based on Open WebUI.
- Heterogeneous devices.
- Distributed inference via multi-host and homogeneous xPyD support with LeaderWorkerSet.
- Envoy AI Gateway for token-based rate limiting, model routing, and more.
- Horizontal Pod scaling (HPA) and node autoscaling (Karpenter).

▶️ GitHub repo

Language: Go | License: Apache 2.0 | 278 ⭐️

#tools #genai

If you’re not overwhelmed yet with your work after a holiday break… or if you’re just into having some educational and practical fun with Kubernetes, don’t miss this project!

K8sQuest is a new gamified training platform for K8s, where you need to troubleshoot and fix various issues using a GUI terminal featuring arcade game styling. Importantly, it can be self-hosted locally. The project comes with:

- 50 challenges, 5 categories, 3 difficulty levels;
- different K8s topics covered, including basics, scaling, networking, storage, and security;
- progressive hints and step-by-step guides, points for completed challenges, and progress auto-saving.

▶️ GitHub repo
💬 Reddit announcement

Language: Shell, Python | License: Apache 2.0 | 326 ⭐️

#tools #fun #career

Kubernetes Dashboard is getting archived

Yesterday, the Kubernetes Dashboard maintainers announced that the “project will be archived and sunset in the coming days/weeks.” It has been developed in the Kubernetes SIG UI but lacked active contributors and maintainers for a while.

The authors recommend Headlamp as an alternative to Kubernetes Dashboard, since it became a Kubernetes SIG UI project last year.

#news #gui

Percona Everest becomes OpenEverest

Percona Everest is a Cloud Native database platform that helps operating PostgreSQL, MongoDB, and MySQL databases in Kubernetes environments. Originating as a vendor-owned solution, it has now evolved into an independent Open Source project called OpenEverest. Percona has also formed a subsidiary, Solanica, that is fully focused on developing OpenEverest. The authors plan to donate OpenEverest to CNCF soon.

#news #databases

Feel a need to validate your Dockerfiles against best practices? Consider trying this new tool.

Dockadvisor is a fast linter for Dockerfiles that helps you keep them optimal and consistent. Here’s what it offers:

- applying 60+ rules that cover standard instructions (FROM, RUN, ENV, etc.) and multi-stage builds;
- performs security checks, such as specifying secrets in variables;
- scores the quality of your Dockerfile on the scale from 0 to 100;
- can be used as a web interface, Go library, or WebAssembly module (i.e. executed in the browser).

▶️ GitHub repo

Language: Go | License: Apache 2.0 | 70 ⭐️

#tools

KubeAcademy by VMware is retired

KubeAcademy was a free educational resource for learning Kubernetes online, curated by the VMware experts. In 2024, it offered dozens of free courses. In late 2023, Broadcom finalised its acquisition of VMware, which is what most likely affected KubeAcademy's existence: “As of January 1st, 2026, KubeAcademy has been officially retired and the site will no longer be maintained or supported.”

The educational content produced by KubeAcademy is being published on GitHub.

#news #career

As many are aware, MinIO has recently gone to "maintenance mode.” If you’ve been looking for a Kubernetes-friendly alternative, check out this new project.

Garage, an S3-compatible distributed object storage, just got an unofficial Kubernetes operator. Still being in its alpha, it simplifies deploying and maintaining Garage clusters with the following features implemented:

- Deploying StatefulSets with proper configuration, storage, and networking;
- Bucket creation with quotas;
- S3 key management with automatic credential generation;
- Multi-cluster federation by connecting Garage clusters across K8s instances.

▶️ GitHub repo
💬 Reddit announcement

Language: Go | License: Apache 2.0 | 44 ⭐️

#tools #storage #news

New Kubernetes working group: Checkpoint/Restore WG

The newly announced Kubernetes WG will focus on the Checkpoint/Restore in Userspace (CRIU) ecosystem for K8s. It includes the CRIU tool as well as checkpointctl, criu-coordinator, and checkpoint-restore-operator.

You can find the charter, which defines the scope and governance of this working group, and other information, including its public meetings, on GitHub.

#news

Happy to share our first-in-2026 digest of the prominent software updates in the Cloud Native ecosystem!

1. Apache CloudStack, an Open Source IaaS solution, updated its CloudStack Kubernetes Provider, a cloud controller manager to facilitate K8s deployments, to v1.2.0. It added support for network ACLs for LB on VPC networks, a configurable source CIDR list, and ARM64 support for Docker images.

2. Harvester, a hyperconverged infrastructure solution built on Kubernetes, released v1.7.0 with experimental automatic VM workload rebalancing, support for MIG-backed vGPU devices, multipath device recognition and management, NIC hot plugging and hot unplugging, Open Virtual Format (OVF), pausable node upgrades, transparent hugepages configuration, VM VLAN trunking, and volume snapshots in guest clusters.

3. Jaeger (a CNCF Graduated project) reached v2.14.0, which added a dark theme to the UI, removed legacy v1 components (query, collector, ingester), and added a bunch of experimental features, most of which are related to ClickHouse and the FindTraces implementation for this storage.

4. Keycloak, an identity and access management solution (a CNCF Incubating project), released 26.5.0 (with 26.5.1, which followed shortly). It introduced several new features in preview, such as Workflows to automate administrative tasks, JWT Authorization Grants, exporting logs and metrics to OpenTelemetry collectors, and authenticating clients with Kubernetes service account tokens. Other release highlights are support for Caddy as a reverse proxy provider for client certificate authentication, organisation invitation management, and a guide on integrating Keycloak with MCP servers.

5. Envoy (a CNCF Graduated project) was updated to v1.37.0, which brought many new features. Some of them include global module loading and streaming HTTP callouts to HTTP filters in dynamic modules, container-aware CPU detection, new MCP filter and router for agentic network, new stats-based access logger, production-ready Proto API Scrubber filter, cluster-level retry policies, hash policies, and request mirroring, and many more.

6. Kubebuilder, an SDK for building Kubernetes APIs using CRDs, has seen its v4.11.0 release. The helm/v1-alpha projects are now automatically migrated to helm/v2-alpha, which got numerous improvements, including nodeSelector, affinity, and tolerations support, standard Helm labels for generated resources, and custom resources added to templates/extras. Newly generated projects also got their AGENTS.md files.

#news #releases

Another bunch of interesting Kubernetes-related articles recently spotted online:

1. "It works on my cluster: a tale of two troubleshooters" by Liam Mackie, Octopus Deploy.

Kubernetes has a gift for making simple problems look complicated, and complicated problems look simple. When something breaks, you often see symptoms completely unrelated to the real cause of the problem. This leads to a problem I like to call “blaming the network team”, where problems end up being diagnosed by the wrong engineers for a given issue. [..] I’ve personally experienced this dichotomy during my time as an engineer, working on both software and infrastructure, so I’m going to tell a story from two perspectives.

2. "A Brief Deep-Dive into Attacking and Defending Kubernetes" by Alexis Obeng.

My main motivation for writing this was to better understand for myself how Kubernetes works and its attack surface. I was also inspired from talking to people in the field and realizing just how prominent Kubernetes is in corporate environments. Although I did not cover every single attack vector here, I still cover a large amount of topics in the hope that this will prove useful to others seeking to understand Kubernetes’ attack surface.

3. "Exploring Cloud Native projects in CNCF Sandbox. Part 5: 13 arrivals of January 2025" by Dmitry Shurupov, Palark.

Learn about the following new CNCF projects: Podman Container Tools and Podman Desktop, bootc, composefs, k0s, KubeFleet, SpinKube, container2wasm, Runme Notebooks for DevOps, SlimFaas, Tokenetes, CloudNativePG, and Drasi.

4. "The Real State of Helm Chart Reliability: Hidden Risks in 100+ Open‑Source Charts" by Prequel.

Prequel's reliability research team audited 105 popular Kubernetes Helm charts to reveal missing reliability safeguards. The average score was ~3.98/10. 48% (50 charts) rated "High Risk" (score ≤3/10). Only 17% (18 charts) were rated "Reliable" (≥7/10).

5. "Reclaiming underutilized GPUs in Kubernetes using scheduler plugins" by Lalit Somavarapha, Gernot Seidler, Srujana Reddy Attunuri (HPE).

The default Kubernetes preemption mechanism (DefaultPreemption) can evict lower-priority pods to make room for higher-priority ones. But it only considers priority — not actual utilization. Pods are treated equivalently from a preemption perspective when they share the same priority, regardless of their current utilization. We evaluated several existing approaches.

6. "How We Built Our Deployment Pipeline: GitOps, ArgoCD, and Kubernetes at Dodo Payments" by Ayush Agarwal, Dodo Payments.

The investment in GitOps pays off at a certain scale. Below that scale, simpler solutions work fine. For us, running a payment platform with strict requirements around security, auditability, and reliability — GitOps isn’t optional. It’s infrastructure.

#articles

Kubernetes-based alternatives to Heroku are real. Here’s one of them.

Canine positions itself as a “developer-friendly PaaS for your Kubernetes”. It’s focused on small development teams and simplifies using Kubernetes for them by providing:

- container builds performed via Docker BuildKit or Buildpacks;
- automatic deployment to GitHub and GitLab;
- web UI to deploy, scale, and manage (e.g., configure resource constraints) apps running in Kubernetes;
- integration with existing K8s tools, such as Helm, cert-manager, and Telepresence;
- single sign-on via SAML, OIDC, and LDAP.

▶️ GitHub repo

Language: Ruby | License: Apache 2.0 | 2716 ⭐️

#tools #gui

ClickHouse just got the official Kubernetes operator

Less than 5 hours ago, the official ClickHouse Operator got its first public release, v0.0.1. It allows you to create and manage ClickHouse clusters and features ClickHouse Keeper integration, storage provisioning, TLS/SSL support, and Prometheus metrics integration.

The operator is written in Go, is Open Source (Apache 2.0) and available on GitHub.

#news #releases #databases

vCluster introduced vind, marketed as a better kind

vCluster Labs (previously known as Loft Labs) released a new tool called vind (vCluster in Docker). It is built on top of vCluster and allows you to run Kubernetes clusters directly as Docker containers, similarly to what kind (Kubernetes IN Docker) offers. However, it comes with the following extra features:

- pausing the clusters when they're not in use and resuming them;
- automatic LoadBalancer support;
- image caching (pull-through cache via local Docker daemon);
- support for connecting external nodes, which can be real cloud instances;
- support for choosing CNI and CSI plugins;
- built-in vCluster Platform UI.

You can find more details about vind on GitHub and in yesterday’s video presentation on LinkedIn.

#news #tools

Optimising resources in Kubernetes is something we all want to do at some point. This new project aims to assist in that.

CruiseKube, dubbed as “Autopilot for Kubernetes”, is a controller that watches your K8s workloads and adjusts the resources accordingly. Here’s what it does:

- Continuously evaluates current CPU/memory usage and updates resource requests.
- Considers CPU pressure (PSI metrics) and other Pods on the node when resizing.
- Watches OOM memory values in stats and triggers Pod eviction when needed.
- Uses Prometheus as the primary metrics source.
- Provides a web UI to see and manage your settings.

▶️ GitHub repo
💬 Reddit announcement

Language: Go | License: MIT | 48 ⭐️

#tools