The documentary on Backstage is available
Yesterday, the latest documentary video about a CNCF project, “Backstage: From Spreadsheet to Standard”, landed on YouTube. It happened shortly after its premiere at KubeCon EU 2026.
In 32 minutes, this video tells the story of Backstage, from its origins at Spotify to modern days. It features the interviews with Spotify employees and Backstage maintainers, including Pia Nilsson, Dave Zolotusky, Petter Måhlén, Tyson Singer, Jimmy Mårdel, Fredrik Adelöw, Ben Lambert, and others.
P.S. Previously, the following documentaries were released:
- “Kubernetes: The Documentary”: Part 1 (24:54) and Part 2 (31:18)
- “Prometheus: The Documentary” (27:00)
- “Inside Envoy: The Proxy for the Future” (31:49)
- “Inside Argo: Automating the Future” (32:15)
- “The Making of Flux”: The Origin (22:21), The Rewrite (44:57), The Scale (23:09), The Future (26:52).
#video #cncfprojects
Yesterday, the latest documentary video about a CNCF project, “Backstage: From Spreadsheet to Standard”, landed on YouTube. It happened shortly after its premiere at KubeCon EU 2026.
In 32 minutes, this video tells the story of Backstage, from its origins at Spotify to modern days. It features the interviews with Spotify employees and Backstage maintainers, including Pia Nilsson, Dave Zolotusky, Petter Måhlén, Tyson Singer, Jimmy Mårdel, Fredrik Adelöw, Ben Lambert, and others.
P.S. Previously, the following documentaries were released:
- “Kubernetes: The Documentary”: Part 1 (24:54) and Part 2 (31:18)
- “Prometheus: The Documentary” (27:00)
- “Inside Envoy: The Proxy for the Future” (31:49)
- “Inside Argo: Automating the Future” (32:15)
- “The Making of Flux”: The Origin (22:21), The Rewrite (44:57), The Scale (23:09), The Future (26:52).
#video #cncfprojects
👍6
Homelabs are a fun way for engineers to learn, experiment, and innovate. Sharing such setups can bring even more benefits to a wider community! Here’s one of such repos you can try this weekend ;)
Homernetes is a Kubernetes cluster for a homelab based on Talos and Proxmox. It features an automated 8-step bootstrap to provision a cluster on bare metal using Terraform. What else does it have?
- GitOps-driven approach based on Argo CD;
- Preloaded randomly-generated passwords/secrets for all services with Vault;
- Networking with encryption and observability based on Cilium;
- Metrics and logs based on Prometheus, Grafana, and Loki;
- cert-manager to handle certificates, Harbor as container registry, CNPG with PostgreSQL used for internal services, and more.
▶️ GitHub repo
💬 Reddit announcement
License: GPL 3.0 | 142 ⭐️
#tools #IaC #gitops
Homernetes is a Kubernetes cluster for a homelab based on Talos and Proxmox. It features an automated 8-step bootstrap to provision a cluster on bare metal using Terraform. What else does it have?
- GitOps-driven approach based on Argo CD;
- Preloaded randomly-generated passwords/secrets for all services with Vault;
- Networking with encryption and observability based on Cilium;
- Metrics and logs based on Prometheus, Grafana, and Loki;
- cert-manager to handle certificates, Harbor as container registry, CNPG with PostgreSQL used for internal services, and more.
▶️ GitHub repo
💬 Reddit announcement
License: GPL 3.0 | 142 ⭐️
#tools #IaC #gitops
👍3🔥3❤1
We’re back online after a short break, and here comes our latest selection of interesting Kubernetes-related articles recently spotted online:
1. "Making Harbor production-ready: Essential considerations for deployment" by Dhruv Tyagi and Daniel Jiang, Broadcom.
2. "Kubernetes Strategic Merge Patch" by Brian Grant, ConfigHub.
3. "Containers Are Not Automatically Secure" by Luca Cavallin.
4. "How Reddit Migrated Petabyte-Scale Kafka from EC2 to Kubernetes" by Alex Xu.
5. "Running Agents on Kubernetes with Agent Sandbox" by Janet Kuo and Justin Santa Barbara.
6. "A one-line Kubernetes fix that saved 600 hours a year" by Braxton Schafer, Cloudflare.
#articles
1. "Making Harbor production-ready: Essential considerations for deployment" by Dhruv Tyagi and Daniel Jiang, Broadcom.
While deploying Harbor is straightforward, making it production-ready requires careful consideration of several key aspects. This blog outlines critical factors to ensure your Harbor instance is robust, secure, and scalable for production environments.
2. "Kubernetes Strategic Merge Patch" by Brian Grant, ConfigHub.
If you’ve used Kubernetes kubectl apply, server-side apply, or kustomize, then you may have encountered the “strategic merge patch” feature. “Strategic merge patch” is a mouthful. What does it mean? In what sense is it “strategic”? Why does it exist?
3. "Containers Are Not Automatically Secure" by Luca Cavallin.
Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That's one of the things I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath.
4. "How Reddit Migrated Petabyte-Scale Kafka from EC2 to Kubernetes" by Alex Xu.
The Reddit Engineering Team completed one of the most demanding infrastructure migrations in the company’s history. It moved its entire Apache Kafka fleet, comprising over 500 brokers and more than a petabyte of live data, from Amazon EC2 virtual machines onto Kubernetes. The migration was done with zero downtime and without asking a single client application to change how it connected to Kafka. In this article, we will look at the breakdown of this migration, the challenges the engineering team faced, and how they achieved their goal of a successful migration.
5. "Running Agents on Kubernetes with Agent Sandbox" by Janet Kuo and Justin Santa Barbara.
[..] as AI evolves from short-lived inference requests to long-running, autonomous agents, we are seeing the emergence of a new operational pattern. AI agents, by contrast, are typically isolated, stateful, singleton workloads. [..] SIG Apps is developing agent-sandbox. The project introduces a declarative, standardized API specifically tailored for singleton, stateful workloads like AI agent runtimes.
6. "A one-line Kubernetes fix that saved 600 hours a year" by Braxton Schafer, Cloudflare.
Every time we restarted Atlantis, the tool we use to plan and apply Terraform changes, we’d be stuck for 30 minutes waiting for it to come back up. No plans, no applies, no infrastructure changes for any repository managed by Atlantis. With roughly 100 restarts a month for credential rotations and onboarding, that added up to over 50 hours of blocked engineering time every month, and paged the on-call engineer every time. This was ultimately caused by a safe default in Kubernetes that had silently become a bottleneck as the persistent volume used by Atlantis grew to millions of files. Here’s how we tracked it down and fixed it with a one-line change.
#articles
👍7
Kubernetes v1.36 will be released in two weeks. The docs freeze for the related 65 KEPs came into effect less than 30 minutes ago. What are those new features? Learn from:
- “Kubernetes 1.36: Deep dive into new alpha features” (published yesterday by Palark) that covers 20 new features introduced in v1.36.
- “Kubernetes 1.36 – What you need to know” (published by Cloudsmith a month ago).
- The official “Kubernetes v1.36 Sneak Peek” that features biggest deprecations and enhancements.
- The formal “Kubernetes v1.36 Release Information” page with the release schedule and other helpful links.
#articles #releases
- “Kubernetes 1.36: Deep dive into new alpha features” (published yesterday by Palark) that covers 20 new features introduced in v1.36.
- “Kubernetes 1.36 – What you need to know” (published by Cloudsmith a month ago).
- The official “Kubernetes v1.36 Sneak Peek” that features biggest deprecations and enhancements.
- The formal “Kubernetes v1.36 Release Information” page with the release schedule and other helpful links.
#articles #releases
❤6👍1
KubeCon EU 2026 talks are now available
All videos from KubeCon + CloudNativeCon Europe 2026 have been uploaded to YouTube and are available for everyone interested. Find them in the following playlists:
- KubeCon + CloudNativeCon Europe 2026 (408 videos, including regular talks, keynotes, project lightning talks, Kubernetes SIGs’ updates, Cloud Native University, Data on Kubernetes Day, EnvoyCon, Istio Day, KubeVirt Summit, etc.);
- ArgoCon Europe 2026 (31 videos);
- FluxCon Europe 2026 (10 videos);
- Open Source SecurityCon 2026 (16 videos).
#video #events
All videos from KubeCon + CloudNativeCon Europe 2026 have been uploaded to YouTube and are available for everyone interested. Find them in the following playlists:
- KubeCon + CloudNativeCon Europe 2026 (408 videos, including regular talks, keynotes, project lightning talks, Kubernetes SIGs’ updates, Cloud Native University, Data on Kubernetes Day, EnvoyCon, Istio Day, KubeVirt Summit, etc.);
- ArgoCon Europe 2026 (31 videos);
- FluxCon Europe 2026 (10 videos);
- Open Source SecurityCon 2026 (16 videos).
#video #events
🔥9🎉1
Ever noticed that unused resources, such as Secrets and ServiceAccounts, might pile up in your Kubernetes cluster? There is a tool that removes them.
K8s cleaner is a controller that finds stale and unhealthy resources and removes or updates them. Here’s what it offers:
- Identifying various types of unused Kubernetes resources, including ready-to-use examples for ConfigMaps, Secrets, Roles/ClusterRoles, ServiceAccounts, PVs/PVCs, Deployments, and StatefulSets;
- Identifying resources based on annotations for maximum lifespan or expiration date;
- Using Lua scripts to define custom selection criteria;
- Scheduling the scans for finding and removing/updating unused resources;
- Notifications via emails, Slack, Discord, Teams, Telegram, etc.;
- Web UI showing existing issues, cleaners, and Lua scripts.
▶️ GitHub repo
Language: Go | License: Apache 2.0 | 755 ⭐️
#tools
K8s cleaner is a controller that finds stale and unhealthy resources and removes or updates them. Here’s what it offers:
- Identifying various types of unused Kubernetes resources, including ready-to-use examples for ConfigMaps, Secrets, Roles/ClusterRoles, ServiceAccounts, PVs/PVCs, Deployments, and StatefulSets;
- Identifying resources based on annotations for maximum lifespan or expiration date;
- Using Lua scripts to define custom selection criteria;
- Scheduling the scans for finding and removing/updating unused resources;
- Notifications via emails, Slack, Discord, Teams, Telegram, etc.;
- Web UI showing existing issues, cleaners, and Lua scripts.
▶️ GitHub repo
Language: Go | License: Apache 2.0 | 755 ⭐️
#tools
👍5
Kubernetes updates its AI usage policy
Earlier this month, the Kubernetes Steering Committee announced an update to the project’s policy on the use of AI tools for contributors. While the policy allows AI-assisted contributions, it’s essential to follow a few rules when creating such PRs:
- There should always be a human who is responsible for understanding all the suggested changes. This author should reply to the reviewers’ comments personally, without engaging AI tools.
- AI tools shouldn’t be used for so-signing commits, specified as co-authors or within
You can find the latest version of the updated Kubernetes AI policy at kubernetes.dev.
#news #genai
Earlier this month, the Kubernetes Steering Committee announced an update to the project’s policy on the use of AI tools for contributors. While the policy allows AI-assisted contributions, it’s essential to follow a few rules when creating such PRs:
- There should always be a human who is responsible for understanding all the suggested changes. This author should reply to the reviewers’ comments personally, without engaging AI tools.
- AI tools shouldn’t be used for so-signing commits, specified as co-authors or within
assisted-by/co-developed commit trailers. (Using this metadata leads to unwanted marketing behaviour.)You can find the latest version of the updated Kubernetes AI policy at kubernetes.dev.
#news #genai
👍5
Kubernetes rewritten in Rust is not a joke anymore
There is a new project called Rusternetes, written by a single enthusiast (Chris Alfonso from Red Hat), with assistance from Claude. With 216k lines of code in Rust, implementing 31 controllers and 3.1k tests, and even its own Web dashboard, it’s quite an impressive effort. Moreover, the project claims to pass 90% of conformance tests from the official Kubernetes e2e test suite. However, these numbers are challenged by the community (see comments in LinkedIn here).
The project also opens a wide community debate over whether anyone might need this implementation for real-world workloads. Anyway, the author seemed to start Rusternetes out of his own research and curiosity.
#news #fun
There is a new project called Rusternetes, written by a single enthusiast (Chris Alfonso from Red Hat), with assistance from Claude. With 216k lines of code in Rust, implementing 31 controllers and 3.1k tests, and even its own Web dashboard, it’s quite an impressive effort. Moreover, the project claims to pass 90% of conformance tests from the official Kubernetes e2e test suite. However, these numbers are challenged by the community (see comments in LinkedIn here).
The project also opens a wide community debate over whether anyone might need this implementation for real-world workloads. Anyway, the author seemed to start Rusternetes out of his own research and curiosity.
#news #fun
😁10🙈3
Kubernetes 1.36 is released
The release was announced in the blog and nicknamed "Haru". It comes with 70 enhancements, 18 of which are graduated to stable (GA). They include fine-grained API authorisation, volume group snapshots, several DRA features, mutating admission policies, node log query, support for user namespaces, OCI volume source, and
PSI (Pressure Stall Information) metrics based on cgroup v2.
Find more details about the changes introduced in Kubernetes 1.36 by following the links from our previous post.
#news #releases
The release was announced in the blog and nicknamed "Haru". It comes with 70 enhancements, 18 of which are graduated to stable (GA). They include fine-grained API authorisation, volume group snapshots, several DRA features, mutating admission policies, node log query, support for user namespaces, OCI volume source, and
PSI (Pressure Stall Information) metrics based on cgroup v2.
Find more details about the changes introduced in Kubernetes 1.36 by following the links from our previous post.
#news #releases
❤10🎉5👍1
Here comes our newest digest of the prominent software updates in the Cloud Native ecosystem!
1. Headlamp, a Kubernetes web UI developed by the Kubernetes SIG, released 0.41.0, adding rollback for several resources, cluster deletion in browser, support for Traefik and other reverse proxies to handle auth, and MCP server support for plugins.
2. KubeVirt, implementing virtual machine management for Kubernetes (a CNCF Incubating project), reached its v1.8.0. New features include ContainerPath volumes (mapping container paths for VM storage), incremental backups with CBT (Changed Block Tracking), PCIe NUMA-aware topology placement for GPU, Hypervisor Abstraction Layer (enabling KubeVirt to integrate multiple hypervisor backends beyond KVM), and live updates to NAD references without VM restarts.
3. CloudNativePG, a platform designed to manage PostgreSQL in Kubernetes (a CNCF Sandbox project), released 1.29.0, which highlighted the integration of Image Catalogs with a new, dedicated ecosystem for PostgreSQL extensions via the postgres-extensions-containers project. It also introduced dynamic network access control via Pod selectors, shared ServiceAccount support, and granular TLS configuration for PgBouncer. Finally, the project started signing all its release artifacts and container images.
4. ExternalDNS, which synchronises exposed Kubernetes Services and Ingresses with DNS providers (a Kubernetes SIG project), released v0.21.0. This update added client flags for Kubernetes client rate limiting, a new unstructured source for DNS records, a new annotation to request a specific DNS record type for a source, improved Gateway API support, and more new features.
5. Kube-OVN, which integrates OVN-based network virtualisation with Kubernetes (a CNCF Sandbox project), was updated to v1.16.0. It brought provider-scoped policies for multi-network Pods in NetworkPolicy, IPv6 and dual-stack support in the MetalLB underlay integration, several improvements to VPC Egress Gateway (BGP and EVPN support, custom resources and bandwidth limits) and VPC NAT Gateway (user-defined annotations on NAT gateway, SNAT EIP to FIP EIP traffic).
6. kagent, a Kubernetes native framework for building AI agents (a CNCF Sandbox project), was updated to v0.9.0, which added agent sandbox support, UI for prompt templates, token exchange for model auth, and SAP AI Core as a new model provider.
7. Cozystack, a PaaS platform and framework for building clouds (a CNCF Sandbox project), released v1.3, featuring storage-aware scheduling via LINSTOR Extender, a GUI for LINSTOR, a new vm-default-images package for out-of-the-box VM provisioning, improved application observability, and a RestoreJob experience for backups in the dashboard.
#news #releases
1. Headlamp, a Kubernetes web UI developed by the Kubernetes SIG, released 0.41.0, adding rollback for several resources, cluster deletion in browser, support for Traefik and other reverse proxies to handle auth, and MCP server support for plugins.
2. KubeVirt, implementing virtual machine management for Kubernetes (a CNCF Incubating project), reached its v1.8.0. New features include ContainerPath volumes (mapping container paths for VM storage), incremental backups with CBT (Changed Block Tracking), PCIe NUMA-aware topology placement for GPU, Hypervisor Abstraction Layer (enabling KubeVirt to integrate multiple hypervisor backends beyond KVM), and live updates to NAD references without VM restarts.
3. CloudNativePG, a platform designed to manage PostgreSQL in Kubernetes (a CNCF Sandbox project), released 1.29.0, which highlighted the integration of Image Catalogs with a new, dedicated ecosystem for PostgreSQL extensions via the postgres-extensions-containers project. It also introduced dynamic network access control via Pod selectors, shared ServiceAccount support, and granular TLS configuration for PgBouncer. Finally, the project started signing all its release artifacts and container images.
4. ExternalDNS, which synchronises exposed Kubernetes Services and Ingresses with DNS providers (a Kubernetes SIG project), released v0.21.0. This update added client flags for Kubernetes client rate limiting, a new unstructured source for DNS records, a new annotation to request a specific DNS record type for a source, improved Gateway API support, and more new features.
5. Kube-OVN, which integrates OVN-based network virtualisation with Kubernetes (a CNCF Sandbox project), was updated to v1.16.0. It brought provider-scoped policies for multi-network Pods in NetworkPolicy, IPv6 and dual-stack support in the MetalLB underlay integration, several improvements to VPC Egress Gateway (BGP and EVPN support, custom resources and bandwidth limits) and VPC NAT Gateway (user-defined annotations on NAT gateway, SNAT EIP to FIP EIP traffic).
6. kagent, a Kubernetes native framework for building AI agents (a CNCF Sandbox project), was updated to v0.9.0, which added agent sandbox support, UI for prompt templates, token exchange for model auth, and SAP AI Core as a new model provider.
7. Cozystack, a PaaS platform and framework for building clouds (a CNCF Sandbox project), released v1.3, featuring storage-aware scheduling via LINSTOR Extender, a GUI for LINSTOR, a new vm-default-images package for out-of-the-box VM provisioning, improved application observability, and a RestoreJob experience for backups in the dashboard.
#news #releases
🔥5❤4