A brief update on the Freelens project, which is an active Open Source fork of Lens IDE.

It now features a Flux CD extension, making it another UI option for Flux users*. Currently, the extension offers a dashboard for Application components and Events, detailed views of Flux CD resource information, and menus for reconciling, syncing, and automating Flux CD resources. Find more details in this GitHub repo.

* It’s also worth reminding that last year, another Kubernetes GUI, Headlamp, released a Flux plugin that provides an overview of the Flux installation for its users.

#news #tools #gui #gitops

llm-d is a new Open Source project and community for scalable GenAI deployments in Kubernetes.

Described as “a Kubernetes-native high-performance distributed LLM inference framework,” llm-d leverages existing technologies, such as vLLM, Kubernetes, and Inference Gateway, to provide a vLLM-optimised inference scheduler, disaggregated serving, and disaggregated prefix caching. The authors also plan to implement a traffic- and hardware-aware autoscaler.

You can find more details on llm-d in:
- yesterday’s announcement by CoreWeave, Google, IBM Research, NVIDIA, and Red Hat;
- the project’s GitHub repo.

#news #genai #tools

Perhaps not entirely complete and somewhat biased, but surely a vast and detailed comparison of various solutions in how they help with Kubernetes multi-cluster management. Created by the Sveltos project, which develops a Kubernetes add-on controller to simplify the deployment and management of K8s add-ons and applications across multiple clusters.

The source for this comparison, including better descriptions for each column, is on Reddit.

#tools

A couple of recent articles on optimising memory consumption in Prometheus:

1. “Prometheus: How We Slashed Memory Usage” (Devoriales).

“In the production Kubernetes cluster I worked on, Prometheus memory usage climbed past 55 GB, peaking at 60 GB, despite an already oversized node. Indeed, the environment was rapidly growing in the number of applications, but the situation was still not sustainable.”

2. “Understanding and optimizing resource consumption in Prometheus” (Palark blog).

“While Prometheus is an excellent and capable monitoring system, one aspect I find very frustrating is its resource consumption. If this frustrates you as much as it does me, let’s break down the causes of this issue and see how to address it.”

#articles #observability

Portainer announced KubeSolo, its new Kubernetes distribution created specifically for resource-constrained (e.g., IoT) environments. KubeSolo is able to consume as little as 200 MB of RAM and is rightfully called “ultra-lightweight” for this reason.

Some of the project's peculiarities:
- Using SQLite (via Kine) instead of etcd as the default storage backend;
- Replacing the Kubernetes scheduler with a custom webhook;
- Running many components inside a single process and optimising resource limits;
- Ditching the clustering support.

KubeSolo is packaged as a single binary and has minimal OS dependencies. Find more details about this new project on its GitHub repo and website.

#news

BLAFS (bloat-aware filesystem) is a new project aimed at optimising Docker container image size.

Its basic principle is to check which files in the container are actually needed by examining the file access of binaries in the layered filesystem. This approach is different from what other popular tools (such as Cimplifier and SlimToolkit) offer and allows the container size to shrink significantly.

Using BLAFS reduces the size of the Top 10 containers on Docker Hub by 65-95%. The effect for Alpine-based images is smaller, yet still noticeable (e.g., the ghost image is reduced by 27%). More details on how BLAFS works are available in this paper.

Language: Go and C++ | License: MIT | 540 ⭐️

▶️ GitHub repo
💬 Reddit discussion

#tools

Happy to present our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Crossplane v1.20.0

Last week, Crossplane (a CNCF Incubating project) announced its quarterly release, v1.20.0, with numerous new features and enhancements. The real-time compositions, which actively watch for changes to respond to them immediately, matured to Beta and became enabled by default. The ImageConfig API now supports mirroring Crossplane packages to private repositories. Some community providers, including Kubernetes and Helm, got the change logs feature, enabling these providers to log every change and the reason for it.

Function response caching is a new Alpha feature that allows to cache the responses in the function pipeline to reduce the amount of requests Crossplane sends. Another highlight in this release is including shell autocompletion for the crossplane CLI.

Other noticeable updates in the Cloud Native space:

1. vCluster, a namespace-based solution for virtual Kubernetes clusters, released its v0.25.0, featuring support for external standalone etcd, a simplified initContainer process, added validation for cert-manager, KubeVirt and External Secrets, and deprecated k0s and k3s support.

2. Kmesh, a high-performance service mesh data plane (a CNCF Sandbox project), announced its v1.1.0​​, bringing access logs and metrics for long-lived TCP connections, refactored DNS module, BPF config map optimisation, optimised kernel-native mode, and compatibility with Istio 1.25.

3. Kargo, an application lifecycle orchestration platform for Kubernetes, was updated to v1.5.0, with better Project configuration via a new namespaced CRD, enhanced conditional promotion step execution, ConfigMap access and improved Secret access in expressions, improved Workload Identity Federation support in GKE, and Bitbucket support in git-open-pr and git-wait-for-pr promotion steps.

4. Backstage, a framework for building developer portals (a CNCF Incubating project), has seen v1.39.0, accumulating 260 pull requests from 74 contributors. It got a REST API for Scheduler Service, its design system Canon updated to 0.4.0 (with a new Tab component), federated credentials for Azure DevOps integration, Valkey support for cache service, and custom AuthConnector implementations. It also removed support for several features from the old backend system and deprecated React 17.

5. CloudNativePG, a platform to run and manage PostgreSQL databases in Kubernetes (a CNCF Sandbox project), released its 1.26.0, introducing declarative offline in-place major upgrades of PostgreSQL, enhanced startup and readiness probes for replicas, declarative management of extensions and schemas, a new annotation to enable webhook validation, and integration with autoscalers like Karpenter for better node drain management.

6. Flux (a CNCF Graduated project) landed v2.6.0 just yesterday. It came with the general availability of Flux OCIRepository API to store the Kubernetes desired state in container registries, image automation digest pinning, object-level workload identities, GitHub App authentication for Git repositories, and several improvements in notifications and controllers.

#news #releases

Kaniko reached its end of life

Kaniko is a well-known tool created by Google to build container images inside a container or Kubernetes cluster. Launched in January 2018, it gained good traction in the Cloud Native community. However, it hasn’t been actively developed for the last few years. Yesterday, a PR officially archiving this project was merged, and its Git repo was archived. From now on, Kaniko will no longer be developed or maintained.

#news #tools

Kong Gateway is a Cloud Native, platform-agnostic, scalable API Gateway. Its recent 3.10.x release introduced the following breaking change: “Free mode is no longer available. Running Kong Gateway without a license will now behave the same as running it with an expired license.”

In response to this news, Tetrate Labs promptly released kong2eg, “a migration tool that helps you transition from Kong Gateway to Envoy Gateway by integrating Kong as an external processing extension within Envoy Gateway.”

#news #networking #tools

A quick update on a recent Kaniko news: Chainguard has forked the project here (only 8 GitHub stars at the moment!). They are using it internally and, thus, plan to maintain Kaniko. That's what their README says:

Chainguard is going to keep this fork updated, patched, and maintained. We do not plan any major feature work, but bug fixes and other minor contributions are welcome! We don't plan on publishing built release artifacts (container images, etc.) publicly, but they are available to Chainguard customers.

An official announcement should follow in their blog later this week.

#news

About 5 hours ago, Apple released a Swift package (Containerization) and a CLI tool (container) to easily run Linux containers on Mac computers.

Containerization uses Virtualization.framework on Apple silicon to provide APIs to spawn lightweight virtual machines and manage their runtime environment, manage OCI images, interact with remote registries, etc. It relies on vmnet framework for managing the virtual network to which the containers attach.

container is a user-facing tool for creating and running Linux containers as lightweight virtual machines. It works with OCI-compliant container images, allowing you to interact with common container registries. Using it, you can also configure memory and CPU limitations for containers, build and run multiplatform images, share host files with containers, view container and system logs.

Both projects are available as Open Source (Apache 2 license). More details about them:
- container on GitHub
- Containerization on GitHub
- video presentation by Michael Crosby from WWDC25

#news #tools

Nice timeline for GitOps briefly covering its precursors, emergence and today’s state.

Source: “GitOps in 2025: From Old-School Updates to the Modern Way” by Gerardo Lopez and Saloni Narang on the CNCF blog

#gitops

Kubernetes Gateway API Inference Extension is a new project focused on solving traffic-routing challenges for GenAI and LLM services running on Kubernetes. Built on top of the Gateway API, it adds inference-specific routing capabilities, allowing you to transform existing gateways into a specialised (i.e. inference) one for self-hosted GenAI/LLMs. The project was launched as part of Kubernetes SIGs.

Learn more about Gateway API Inference Extension from this announcement in the Kubernetes blog and the project's GitHub repo.

#news #genai

OpenReports is a new standardisation effort that originated in the Kubernetes Policy Working Group and is designed to “capture, correlate, and export evaluation results for any Kubernetes tool, such as policy engines, scanners, or any controller that wishes to produce reports.” To do so, it develops a unified API and set of tools for both producing and consuming reports.

The current list of report producers OpenReports focuses on includes Falco, Kyverno, Trivy Operator, and Kubewarden. Consumers include Fairwinds Insights, Kyverno Policy Reporter, Lula, Nirmata Control Hub, and Open Cluster Management.

Find more information about OpenReports from this announcement and the official website.

#news

Kubernetes and CNCF won’t be using Slack like before

For ten years, Slack has supported CNCF and Kubernetes by providing a free enterprise account for both workspaces. However, due to recent changes in their business strategy, this generous offer is no longer available for these huge Open Source communities. Thus, both workspaces will be switched to a free plan this Friday, June 20.

This transition brings lots of limitations in Slack workspaces, such as retaining a 90-day history only and disabling several existing apps and workflows. Therefore, the community is considering the following steps, naming migration to Discord as one of the viable options.

P.S. Half a year ago, in December 2024, the Kubernetes workspace hit a hard Slack limit of having no more than 200,000 users per channel. This event also sparked an early discussion of a possible transition from Slack.

Find more details about these changes in the official posts from the Kubernetes project and CNCF.

#news

Imagine a Kubernetes Pod that automatically scales to zero when there’s no load. No, it’s not KEDA doing that, but an implementation on a container runtime level!

Meet zeropod, a containerd shim that performs a container checkpoint for your Pod (i.e. freezes your container and saves it on a disk) when no new TCP connections are coming. After it’s done, the needed port is still listened to, which allows it to restore the container whenever a new connection arrives. Why would you need it? Think of low-traffic websites or your dev environments. Zeropod:

- is implemented as a DaemonSet that installs a binary on the node and leverages a Runtime Class;
- relies on the CRIU (Checkpoint and Restore in Userspace) tool and requires Kubernetes v1.23+ and containerd 1.6+ to work;
- comes with ready-to-use manifests for general deployments and customisations for kind, k3s, GKE, and RKE2;
- offers some experimental features, such as migrating a scaled-down container and live migrating a running container.

Language: Go | License: Apache 2.0 | 434 ⭐️

▶️ GitHub repo

#tools

Salesforce makes a U-turn for the official Slack workspaces of Kubernetes and CNCF. Their enterprise accounts will still be available (with not much other details provided at the moment).

#news

Seeing Kubernetes nodes’ resource consumption in your terminal has become much easier with this new project.

kubectl node-resource is a kubectl plugin that shows resource allocation and their actual utilisation for your Kubernetes nodes. This tool offers:

- A simple list view and a summary view. The latter features histograms and distribution buckets for both resource allocation and utilisation;
- Displaying specific resources only and free resources, as well as sorting nodes by resource usage;
- Structured JSON output to integrate this data with other tools;
- Optimised API server querying to ensure support for large K8s clusters.

Language: Go | License: Apache 2.0 | 77 ⭐️

▶️ GitHub repo

#tools #cli

CNCF got a new Executive Director

Yesterday, a few changes in the CNCF and Linux Foundation top management were announced:

- Priyanka Sharma, the Executive Director at the CNCF for the last five years, stepped down.
- Jonathan Bryce became the Executive Director at the CNCF and Executive Director of Cloud & Infrastructure at the Linux Foundation. He has been the Executive Director of the OpenInfra Foundation since 2012, and this role will stay with him as well. Previously this year, OpenInfra joined the Linux Foundation.
- Chris Aniszczyk, who has been the CTO at the CNCF, keeps this position and also became the CTO of Cloud & Infrastructure at the Linux Foundation. This means he will work on more cloud projects at the parent organisation.

#news

Happy to present our newest digest of the prominent software updates in the Cloud Native ecosystem!

1. OpenEBS, a persistent storage for Kubernetes workloads (a CNCF Sandbox project), released its v4.3.0 with numerous enhancements. They include data-at-rest encryption and IPv6 support in the replicated storage (Mayastor), a new unified plugin for interacting with all supported engines, and a backup garbage collector for LocalPV ZFS.

2. werf, a CLI tool for software delivery to Kubernetes (a CNCF Sandbox project), has recently released v2.38.0 and v2.39.0, bringing several new features. Now, it allows to have external configuration includes (to simplify reusing common templates), use template debugging mode for Helm charts, and keep specific tags while performing automatic cleanup of container images.

3. Argo CD (a CNCF Graduated project) announced v3.1, its next significant update, which is currently available as v3.1.0-rc1 only. This version introduces support for using OCI-compliant container registries as sources for configuration artifacts, support for CLI plugins, scaling resources directly from the UI, and client-side apply migration.

4. OpenTofu, a community-driven Terraform fork (a CNCF Sandbox project), reached v1.10.0 that introduced OCI registry support, native S3 state locking, enhanced planning, global provider cache lock, OpenTelemetry tracing, external key providers, official VS Code extension, Language Server Protocol support, and OpenTofu Registry MCP server.

5. Headlamp, a Web UI for Kubernetes, released 0.31.0 and 0.32.0, featuring tons of improvements. Particularly, the project got a multi-cluster view (experimental), a few new themes and support for plugin-defined themes, support for Node shell, Pod eviction and force deletion, new advanced search, and several new localisations.

6. OpenBao, a community-driven Vault fork, was updated to v2.3 with significant enhancements. Most notably, it now supports tenant isolation using namespaces (it’s available in UI as well), automatic unsealing using the KMIP protocol, and CEL (Common Expression Language) in PKI.

#news #releases