Sharing another bunch of interesting Kubernetes-related articles recently spotted online:

1. "Tuning Linux Swap for Kubernetes: A Deep Dive" by Ajay Sundar Karuppasamy.

In this blogpost, I'll dive into critical Linux kernel parameters that govern swap behavior. I will explore how these parameters influence Kubernetes workload performance, swap utilization, and crucial eviction mechanisms. I will present various test results showcasing the impact of different configurations, and share my findings on achieving optimal settings for stable and high-performing Kubernetes clusters.

2. "Top 30 Argo CD Anti-Patterns to Avoid When Adopting Gitops" by Kostis Kapelonis, Codefresh.

Here is the full list of the antipatterns we will see: Not understanding the declarative setup of Argo CD; Creating Argo CD applications in a dynamic way; Using Argo CD parameter overrides; Adopting Argo CD without understanding Helm; Adopting Argo CD without understanding Kustomize; Assuming that developers need to know about Argo CD; Grouping applications at the wrong abstraction level; Abusing the multi-source feature of Argo CD; Not splitting the different Git repositories; Disabling auto-sync and self-heal…

3. "Manage Secrets of your Kubernetes Platform at Scale with GitOps" by Artem Lajko.

If you are building a platform on Kubernetes it does not matter what fancy name you give it. You will run into this challenge sooner or later. This blog is not trainer material. It is not about perfect labs. It is about real world experience with real pain points. The idea is simple. Instead of managing every cluster manually you connect them to a control plane. But the tricky part is how to do this in a secure and repeatable way especially when secrets are involved.

4. "Migrating from Kubernetes Ingress to Gateway API: A Step-by-Step Guide" by Kelvin Manavar.

If your organization is currently relying on Ingress and considering a migration to the Gateway API, this guide will walk you through the process. We’ll explore why the Gateway API is worth adopting, what changes you need to be aware of, and the practical steps to migrate from your existing Ingress setup to the modern Gateway API within a running Kubernetes cluster.

5. "Longhorn – a Kubernetes-native filesystem" by Vegard.

Longhorn in a way has many similarities with ZFS, but made for a distributed environment like Kubernetes. In a nutshell, Longhorn provision block devices out of a pool – or several, I have an SSD pool and a HDD pool. You’ll create storage classes using those pools, with the properties you like. A storageclass is sort of a template for a volume, that says what properties it should have when it’s created. You can still change it afterwards, though. Longhorn also comes with a decent web console, making it easy to get overview of – and manage – your Longhorn storage solution. It has built-in support for snapshot-based backups, most commonly to S3 (or compatible) buckets.

6. "Importance of Graceful Shutdown in Kubernetes" by Alik Khilazhev, Criteo.

In this post, I will share what I have learned about implementing proper graceful shutdown in Kubernetes. I will show you exactly what happens behind the scenes, provide working code examples, and back everything with real test results that clearly demonstrate the difference.

#articles

Knative became a CNCF Graduated project

Knative is a Kubernetes-based platform to build, deploy, and manage serverless workloads. It consists of three main components:
- Knative Serving for deploying and serving applications and functions on Kubernetes as serverless containers;
- Knative Eventing, an event-driven application platform that supports various workloads, including regular Kubernetes services and Knative Serving services;
- Knative Functions, a developer-focused client library and CLI for development and deployment of functions.

It was accepted to CNCF in March 2022 as an Incubating project, and just about 5 hours ago, it passed the CNCF TOC vote for graduation.

#news #cncfprojects #serverless

While we’ve seen many GUIs for Kubernetes lately, new projects still keep appearing. Here’s a small Web client that went public this August.

teleskopio is a new Web UI for K8s that emerged as a result of personal research. It allows you to access your clusters as admin or viewer and comes with numerous features:
- Managing cluster workloads (Deployments, StatefulSets, Jobs, etc.), networking, storage, and access control;
- Embedded Monaco editor with syntax highlighting for creating/editing resources;
- A cluster overview for seeing its overall health and activity;
- Displaying live resource changes, Pod logs and event history;
- Customisable UI: configurable fonts, light and dark themes.

Language: TypeScript, Go | License: Apache 2.0 | 64 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #gui

CNCF projects get access to Docker Sponsored Open Source program

CNCF has just announced a new partnership with Docker, Inc., which provides CNCF projects with direct access to the Docker Sponsored Open Source (DSOS) program. This means they can benefit from unlimited image pulls from Docker Hub, access to Docker Scout for vulnerability analysis and policy enforcement, automated image builds from source, and Docker usage metrics and engagement insights.

#cncfprojects #news

Have you heard of schedulingGates for Pods in Kubernetes (this feature went stable in v1.30)? They let you control when a Pod is ready to be considered for scheduling. There’s a new project that makes this process declarative.

KSGate is a Kubernetes controller that manages Pod scheduling by using declarative gates and conditions. With it, workloads can get annotations that will match scheduling gates and define the conditions via powerful CEL expressions: they must evaluate to true for the condition to be satisfied. For example, the scheduling condition can be a dependent Pod with a specific name and currently being in a particular phase.

Language: Go | License: Apache 2.0 | 6 ⭐️

▶️ GitHub repo
📣 Project announcement

#tools

After the recent Kubernetes v1.34, lots of blog posts explaining its new features followed. Here’s a list of such articles published on the official blog lately:

- User preferences (kuberc) are available for testing in kubectl 1.34
- Finer-Grained Control Over Container Restarts
- DRA has graduated to GA
- Introducing CPU Manager Static Policy Option for Uncore Cache Alignment
- Service Account Token Integration for Image Pulls Graduates to Beta
- PSI Metrics for Kubernetes Graduates to Beta
- Pod Replacement Policy for Jobs Goes GA
- VolumeAttributesClass for Volume Modification GA
- Snapshottable API server cache
- Use An Init Container To Define App Environment Variables
- Mutable CSI Node Allocatable Graduates to Beta
- Autoconfiguration for Node Cgroup Driver Goes GA
- Decoupled Taint Manager Is Now Stable
- Moving Volume Group Snapshots to v1beta2
- Pods Report DRA Resource Health
- DRA Consumable Capacity
- Recovery From Volume Expansion Failure (GA)
- Pod Level Resources Graduated to Beta

#articles

PodCertificateRequests is a new API (introduced in Kubernetes v1.34 as alpha) that enables the provisioning of certificates to workloads running as Pods within a cluster. Here’s a controller to simplify leveraging this new feature.

Pod-certificate-signer is a controller that creates PodCertificateRequest for your Pods with a custom x509 signer. This tool:
- signs TLS/mTLS certificates for Pods (or denies issuing them based on the relevant configuration);
- allows you to use Pod annotations for certificate configurations;
- validates requests by checking whether the CA-provided or mounted files exist and ensuring that the CA is valid;
- logs all decisions and errors.

Language: Go | License: Apache 2.0 | 1 ⭐️

▶️ GitHub repo

#tools #security

CloudNativePG switches to its own Docker images

Last month, the PostgreSQL Docker Community discontinued support for Debian bullseye for the official postgres image. Following this news, CloudNativePG (a CNCF Sandbox project) decided to switch to its own images. By establishing its build process that uses Docker Bake, the project now fully controls the entire stack provided with its Kubernetes operator.

The PostgreSQL images produced by CNPG are based on Debian stable and oldstable and rebuilt weekly, cover PgSQL v13-v17, support AMD64 and ARM64, include popular extensions (such as PGAudit, pgvector, PostGIS and pgRouting), and come with SBOMs.

#news #cncfprojects #databases

AKS Labs is a free online collection of hands-on workshops for learning Azure Kubernetes Service (AKS) to deploy, scale, and manage containerised applications.

Currently, it offers 20+ labs in the following categories: Getting Started, Networking, Security, Operations, Platform Engineering, Storage, and AI Workloads. All of them come with ready-to-use instructions and listings.

#articles #career #Azure

KCDs for 2026 H1 are announced

The Kubernetes Community Days (KCDs) events for the first half of 2026 have just been announced. They are classified according to a few factors in first-time events (up to 200 attendees), Tier 1 (350+ attendees), and Tier 2 (up to 600 registrations).

Here they are:
- KCD New Delhi, India; February; new
- KCD Guadalajara, Mexico; February; Tier 1
- KCD Panama; March; new
- KCD Beijing, China; March; Tier 1
- KCD Kochi, India; April; new
- KCD Toronto, Canada; May; new
- KCD Austin, USA; May; Tier 1
- KCD Istanbul, Turkey; May; Tier 2
- KCD Helsinki, Finland; May; Tier 2
- KCD Kuala Lumpur, Malaysia; June; new
- KCD Prague, Czechia; June; Tier 1
- KCD New York, USA; June; Tier 2
- KCD Lima, Peru; July; Tier 2

#events #news

KServe joins CNCF as an Incubating project

KServe is a standardised distributed generative and predictive AI inference platform for scalable, multi-framework deployment on Kubernetes. Technically, it provides CRDs for serving predictive and generative ML models and offers various features for that, such as intelligent routing, advanced deployments, model caching, autoscaling, and many more.

Today, KServe is adopted by numerous well-known organisations, including AMD, Bloomberg, Canonical, Cisco, IBM, NVIDIA, Red Hat, and the Wikimedia Foundation. Partly thanks to that, when a relevant CNCF TOC vote passed, the project was able to join the CNCF at the Incubator level.

#news #cncfprojects #genai

112 videos from the ContainerDays Conference 2025 have just become available.

This 3-day event, which took place in Hamburg in September, featured talks from international speakers on Security, Cloud native experience, Operations, Networking, AI + ML, Application development, the Go programming language, Observability, Storage, and Platform engineering. You can find the recordings of all of them in this YouTube playlist.

P.S. The next ContainerDays Conference will happen in London on February 11-12, 2026.

#events #video

Documentary on Flux: 2 parts (out of 4) released

KubeFM and ControlPlane have filmed “The Making of Flux,” a series about Flux. It reveals the story of this project through the words of people directly involved in it. Currently, two episodes have been released on YouTube:

- Ep1 “The Origin” (22 mins), where Alexis Richardson, Andrew Martin, and Chris Aniszczyk cover the foundation of GitOps and creation of Flux, and its path to the CNCF graduation;
- Ep2 “The Rewrite” (45 mins), where Stefan Prodan and Michael Bridgen tell how Flux initially worked and why it needed a complete v2 rewrite.

Two more episodes will follow soon.

#video #gitops #cncfprojects

Excited to present our newest digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Flux v2.7.0

At the end of September, Flux (a CNCF Graduated project) released its v2.7.0, marking the general availability of Flux Image Automation APIs and controllers, i.e. image-reflector-controller and image-automation-controller working together to update Kubernetes manifests in Git when new container images appear in container registries.

Other new features include watching for changes in ConfigMaps and Secrets, integration of Kubernetes Workload Identity at the object level for all Flux APIs, OpenTelemetry tracing for Flux reconciliations, and the artifact generators implemented in a new source-watcher controller.

Other noticeable updates in the Cloud Native space:

1. K3s, a lightweight Kubernetes distribution (a CNCF Sandbox project), was updated to 1.34, which is now based on Kubernetes v1.34 and brings several significant changes. Namely, they are an increased automatic certificate renewal window, optional airgap image tarball imports, enhanced certificate check output, certificate management for kube-scheduler and kube-controller-manager, retention flag for S3-stored snapshots, and an official governance model for the project.

2. Freelens, a fork of Open Lens (the core of Lens IDE for Kubernetes), was updated to v1.6.0. This version added force deletion and finalisation for Pods and other resources, new additional columns for Pods and Deployments lists, more details in the cluster role bindings views, and better support for Prometheus and VictoriaMetrics.

3. Podman Desktop, a developer-focused GUI for simplified container management (a CNCF Sandbox project), released 1.22. It introduced a new Explore Features section on the dashboard, an ability to switch Podman machines between rootless and rootful for macOS and Windows, a new option to apply YAML without creating a file locally, transparent proxy support, and an ARM64 Podman installer for Windows.

4. Headlamp, a Kubernetes web UI developed by the Kubernetes SIG, has seen its 0.36.0, featuring persistent table sorting, enhanced global search, support for EndpointSlice resources, support for running Headlamp embedded within Backstage, better capabilities for plugins, numerous Helm chart improvements, and more.

5. Keycloak, an identity and access management solution (a CNCF Incubating project), was updated to 26.4.0. This release introduced passkeys for passwordless user authentication, SPIFFE or Kubernetes service account tokens usage for Federated Client Authentication, simplified deployments across multiple availability zones, and support for the final specifications of FAPI 2.0 (Security Profile and Message Signing) and DPoP (Demonstrating Proof-of-Possession in OAuth 2.0).

6. Cozystack, a PaaS platform and framework for building clouds (a CNCF Sandbox project), released v0.37.0, bringing a brand-new GUI based on openapi-ui and aware of all allowed settings. Its other changes include Vertical Pod Autoscaler for etcd and dependency updates (Cilium, Velero, Flux Operator).

#news #releases

+10 new CNCF Sandbox projects accepted in 2025

Two days ago, a few Open Source projects were accepted to the CNCF Sandbox. This was the second batch of new projects since March, when we announced the latest additions to CNCF. In this post, we list all new arrivals to the CNCF Sandbox from those two batches:

[May 2025]

1. urunc — "runc for unikernels," a CRI-compatible runtime for running unikernels and application kernels as containers. [application request's GitHub issue #353]

2. xRegistry — an abstract model (specification) for managing metadata about resources and a REST-based interface to discover, create, modify and delete those resources. [#357]

3. ModelPack — open standards for packaging, distributing and running AI artifacts in the Cloud Native environment. [#358]

4. kagent — a programming framework for DevOps and platform engineers to run AI agents in Kubernetes. [#360] By the way, we covered the project before in this post.

5. Cadence — a distributed orchestration engine to execute asynchronous long-running business logic. [#368]

[September 2025]

6. OAuth2-Proxy ­— a generic reverse proxy that provides authentication with Google, Azure, OIDC and other identity providers. [#397]

7. Oxia — a scalable metadata store and coordination system for large-scale distributed systems. [#394]

8. HolmesGPT — an AI agent for investigating problems in cloud, finding the root cause, and suggesting remediations. [#392]

9. Cedar — an authorisation policy language for expressing fine-grained permissions as easy-to-understand policies enforced in applications. [#371]

10. Dalec — a declarative format for building system packages and containers in a secure way for supply chain security. [#396]

#news #cncfprojects

A couple of free online events happening soon:

1. Conf42.com Kube Native 2025 (October 16). Dozens of talks about Kubernetes from Apple, Broadcom, Google, IBM, Intuit, Meta, Microsoft, Salesforce, Splunk, Walmart and many more. Subscribing to the community newsletter enables immediate access to keynotes and delayed access to all content.
2. Open Source Observability Day (October 23-24). 20+ talks on observability from Altinity, Amadeus, ClickHouse, Coroot, Dynatrace, Netdata, Percona, VictoriaMetrics, and more.
Free registration is available.

#events

Tired of dealing with various managed Kubernetes solutions from hyperscalers in the terminal? This new project aims to streamline this experience.

Orbit is a CLI tool that unifies the discovery of and access to the K8s clusters across different cloud providers. It offers:

- automatic discovery and access to the clusters managed by AWS EKS, Azure AKS, and Google GKE (existing cloud credentials are used for that);
- adding newly discovered cluster to your kubeconfig (without creating duplicates for the already existing entries);
- an interactive interface to navigate through clusters and see their statuses and other details, and find them by name.

Language: Go | License: Open Source (no specific license is defined yet) | 6 ⭐️

▶️ GitLab repo
📣 Project announcement

#tools #CLI

Why not have a Kubernetes Ingress controller written in Rust? This new project makes this idea easy to try out.

Aralez is a high-performance reverse proxy built on top of Cloudflare's Pingora, a Rust framework for fast and programmable network services. It can operate as an Ingress controller for Kubernetes and offers:

- Zero-config support for gRPC and WebSocket;
- Dynamic load of upstreams and SSL certificates;
- Various authentication methods: basic auth, API tokens, JWT;
- Load balancing based on round-robin, failover with health checks, and sticky sessions via cookies;
- Built-in rate limiter (global and per path);
- Built-in file server for serving static files;
- Prometheus metrics.

Language: Rust | License: Apache 2.0 | 460 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #networking

Sharing recently uploaded recorded talks from the Cloud Native offline events that happened around the world earlier this year:

1. Kubernetes Community Days New York 2025 (4th June; the latest videos were uploaded last week only). This playlist has 6 keynotes, 18 talks, 9 lightning talks, and two panel discussions.

2. Kubernetes Community Days Sofia 2025 (18th September). This video is 7+ hours long and includes 4 keynotes, 11 talks, and 5 lightning talks.

3. Cloud Native Days Austria 2025 (7-8th October). This playlist features 33 talks from both days.

#video #events

Two newly graduated and one incubated CNCF projects

Yesterday, the CNCF Technical Oversight Committee voted to move the following CNCF projects to a higher level of their maturity:

- Crossplane, the cloud native control plane framework, became Graduated (GitHub issue #1788)
- Dragonfly, a P2P-based file distribution and image acceleration system, became Graduated (#1358)
- OpenFGA, a high-performance and flexible authorisation/permission system built for developers, became Incubating (#1287)

#news #cncfprojects