Why not have a Kubernetes Ingress controller written in Rust? This new project makes this idea easy to try out.

Aralez is a high-performance reverse proxy built on top of Cloudflare's Pingora, a Rust framework for fast and programmable network services. It can operate as an Ingress controller for Kubernetes and offers:

- Zero-config support for gRPC and WebSocket;
- Dynamic load of upstreams and SSL certificates;
- Various authentication methods: basic auth, API tokens, JWT;
- Load balancing based on round-robin, failover with health checks, and sticky sessions via cookies;
- Built-in rate limiter (global and per path);
- Built-in file server for serving static files;
- Prometheus metrics.

Language: Rust | License: Apache 2.0 | 460 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #networking

Sharing recently uploaded recorded talks from the Cloud Native offline events that happened around the world earlier this year:

1. Kubernetes Community Days New York 2025 (4th June; the latest videos were uploaded last week only). This playlist has 6 keynotes, 18 talks, 9 lightning talks, and two panel discussions.

2. Kubernetes Community Days Sofia 2025 (18th September). This video is 7+ hours long and includes 4 keynotes, 11 talks, and 5 lightning talks.

3. Cloud Native Days Austria 2025 (7-8th October). This playlist features 33 talks from both days.

#video #events

Two newly graduated and one incubated CNCF projects

Yesterday, the CNCF Technical Oversight Committee voted to move the following CNCF projects to a higher level of their maturity:

- Crossplane, the cloud native control plane framework, became Graduated (GitHub issue #1788)
- Dragonfly, a P2P-based file distribution and image acceleration system, became Graduated (#1358)
- OpenFGA, a high-performance and flexible authorisation/permission system built for developers, became Incubating (#1287)

#news #cncfprojects

Old-school terminal users might enjoy getting a find-like experience for kubectl with this new project.

kubectl-find is a plugin for kubectl that helps you find Kubernetes resources based on various criteria and perform some actions. It allows you to:

- find resources by their name (regex), age, labels, and status;
- additionally, use a node name, image name, or the fact of being restarted when finding Pods;
- use custom jq filters for finding resources;
- execute one of these actions on the matched resources: print, patch, or delete.

Language: Go | License: Apache 2.0 | 57 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #CLI

Sharing another bunch of interesting Kubernetes-related articles recently spotted online:

1. "Beyond the surface - Exploring attacker persistence strategies in Kubernetes" by Rory McCune.

The goal of this talk is to lay out one attack path that attackers might use to retain and expand their access after an initial compromise of a Kubernetes cluster by getting access to an admin’s credentials. It doesn’t cover all the ways that attackers could do this, but provides one path and also hopefully illuminates some of the inner workings and default settings that attackers might exploit as part of their exploits.

2. "How our small company migrated from Docker Swarm to Kubernetes" by Miroslav Hrivnak, CORETEQ Technology.

As a small tech company with 20–30 people, we’ve gone through the natural evolution of infrastructure. From the days when one server and a few LXC containers were enough, to Docker and Docker Swarm, and finally to Kubernetes, which we now use not only in production but also for development and testing. In this article, I’d like to share why we migrated, the challenges we faced, and how we successfully moved from Docker Swarm to Kubernetes.

3. "k8s-1m Overview" by Ben Chess.

This is an effort to create a fully functional Kubernetes cluster with 1 million active nodes.

4. "Zero Trust for Kubernetes: Implementing Service Mesh Security" by Heinan Cabouly.

Let’s walk through a practical implementation of Zero Trust security using Istio on Amazon EKS. I’ll show you real-world configurations based on production Kubernetes environments.

5. "Clear Kubernetes namespace contents before deleting the namespace, or else" by Hongli Lai.

Our Kubernetes platform test suite creates namespaces with their corresponding contents, then deletes everything during cleanup. We noticed a strange problem: namespace deletion would sometimes get stuck indefinitely. The root cause was surprising — we had to clear the contents before deleting the namespace! We also learned that getting stuck isn’t the only issue that can occur if we don’t do this.

6. "Scaling Kubernetes at Mercado Libre with Karpenter and GitOps" by Juliano Marcos Martins, Mercado Libre.

This article explores how we’ve used Karpenter and GitOps to evolve our ecosystem (35,000 active microservices; approximately 30,000 daily deployments; around 120,000 pull requests per day), achieving automated provisioning, declarative governance, and large-scale cloud-native operations.

#articles

Happy to share another digest of the prominent software updates in the Cloud Native ecosystem!

Release Spotlight: Mimir 3.0.0

Earlier this week, Grafana Labs announced that Mimir, its horizontally scalable long-term storage for Prometheus, was updated to 3.0.0. Most importantly, it features a new decoupled architecture that involves a Kafka-based ingest storage layer for better scalability and performance.

It also switched to the Mimir Query Engine (MQE) as the default query engine and introduced an experimental support for the Prometheus Remote-Write 2.0 protocol, PromQL duration expressions, and native OTLP delta metric ingestion.

Other noticeable updates in the Cloud Native space:

1. HolmesGPT, an AI agent for cloud troubleshooting (a CNCF Sandbox project), released 0.15. It came with a new Cilium and Hubble toolset, an enhanced New Relic toolset, and improved Gemini support.

2. Backstage, a framework for building developer portals (a CNCF Incubating project), was updated to v1.44.0. Some of its essential changes are a new Dialog component in Backstage UI, support for custom external service auth methods, a new plugin converting Material UI themes to Backstage UI, and easily configured low-level HTTP server options through config.

3. Calico, a container networking and security solution, released v3.31.0. It comes with a streamlined eBPF data plane installation, general availability of nftables data plane, DSCP (Differentiated Services Code Point) marking support, QoS controls for eBPF data plane, fine-grained BGP control with a per-peer local AS number, and numerous other improvements.

4. Vitess, a database clustering system for horizontal scaling of MySQL (a CNCF Graduated project), released v23.0.0. It upgraded the default MySQL version from 8.0.40 to 8.4.6, introduced new metrics (TransactionsProcessed and SkippedRecoveries), and added dynamic control of EmergencyReparentShard-based recoveries to VTOrc.

5. Argo CD (a CNCF Graduated project) released its v3.2.0, which anticipated the deprecation of Argo CD v2.x. New features include health checks for GitOps Promoter resources, new configurable deletion strategies for Progressive Sync, title matching support for the Pull Request Generator in ApplicationSet, server-side diff calculations in Argo CD CLI, and several hydrator improvements.

6. External Secrets Operator, a K8s operator integrating external secret management systems (a CNCF Sandbox project), has reached its v1.0.0, which anticipates its general availability. There are some new features as well — namely, support for generic targets (ConfigMaps, Custom Resources) and a new esoctl bootstrap generator command.

#news #releases

KubeCon + CloudNativeCon North America 2025 begins today, and we can expect some interesting announcements for the Cloud Native community. It also means that Cloud Native Rejekts, the b-side conference, has already happened.

Thus, while we all wait for big news, this YouTube playlist presents ~20 talks given at Rejekts this Saturday. Unfortunately, they are not yet cut into separate videos, but you can use the official schedule for better navigation.

#events #video

Two new certifications from CNCF

New Cloud Native certifications were announced during KubeCon NA, and they are:

- Certified Cloud Native Platform Engineer (CNPE). The exam is now available for enrollment.
- Certified Kubernetes Network Engineer (CKNE). It’s still in development and will become available next year. Subject Matter Experts are welcome to join the development process of this exam.

P.S. Thanks for this photo and info to James Spurin (LinkedIn post).

#news #career

Certified Kubernetes AI Conformance Program 1.0

KubeCon NA also marked the official launch of the Certified Kubernetes AI Platform Conformance Program v1.0 from CNCF, which defines capabilities and configurations for running AI and ML frameworks on Kubernetes and other CNCF projects. It was a community-driven initiative supported by various companies, including Google Cloud, Kubermatic, Microsoft, and Red Hat.

Currently, the following K8s distributions are certified with this program:
- Alibaba Cloud Container Service for Kubernetes
- Amazon Elastic Kubernetes Service (EKS)
- Azure Kubernetes Service (AKS)
- CCE (Cloud Container Engine) by Baidu Cloud
- CoreWeave Kubernetes Service
- DaoCloud Enterprise
- Gardener by NeoNephos Foundation
- Giant Swarm Platform
- Google Kubernetes Engine
- Kubermatic Kubernetes Platform
- Linode Kubernetes Engine (LKE) by Akamai
- OCI Kubernetes Engine (OKE) by Oracle
- OpenShift Container Platform and Red Hat OpenShift Service on AWS
- RKE2 by SUSE
- Talos Linux
- vSphere Kubernetes Service

#news #genai

Helm 4 has just been released

Less than 30 minutes ago, Helm v4.0.0 appeared on GitHub. This release, celebrated during KubeCon NA, came 6 years after Helm v3 and offers significant improvements. They include:

- Redesigned plugin system with WebAssembly-based plugins
- Post-renderers as plugins
- Server Side Apply support
- Improved resource watching based on kstatus
- Local content-based caching

Earlier today, this release was also announced on the CNCF blog, together with the 10th anniversary of Helm.

P.S. If you’re interested in seeing even more features for Helm, considering the Nelm project might be helpful, too.

#news #cncfprojects #releases

Ingress NGINX will be retired soon

Another significant announcement made during KubeCon NA involved deprecation. Kubernetes SIG Network and the Security Response Committee declared that Ingress NGINX will be retired in March 2026.

This Ingress controller was developed a long time ago as an example implementation of the API. However, its broad adoption and excess flexibility (e.g., "snippets" annotations) became “today’s insurmountable technical debt.” A recent attempt to replace it with InGate (we covered it in this post) failed, and the project became unsustainable, leading to a difficult decision to retire it.

Users are advised to migrate to Gateway API or another Ingress controller as fast as they can.

P.S. Don’t confuse Ingress NGINX with NGINX Ingress. There is a long-lasting naming confusion for these projects.

#news #networking

The announcement of the Ingress NGINX controller retirement led to wide, ongoing discussions in the Cloud Native community. Here are quotes and links to the thoughts of some well-known folks:

Tom Hockin, Kubernetes co-founder (source):

“The people who currently work on ingress-nginx do so FOR FREE. They have been doing it largely because they feel a sense of duty. They do not need to be berated. In the 2 years this has been a topic, almost nobody has stepped up to help, and there are no new maintainers in the pipeline. Shuttering this project is necessary, and IMO, a better result than pretending it is healthy when it is not.”

Benjamin Elder, Kubernetes Steering Committee (source):

“People need to understand, lots of contributors are willing to do maintenance work, but it simply isn't free, and only doing maintenance generally isn't sustainable. We all have bills to pay and careers to pursue and it's very difficult to succeed doing nothing but maintenance because everyone wants that work for free.”

William Morgan, CEO @ Buoyant (source):

“The actual problem in the CNCF community is instead one of expectations: that all these open source projects I use (on my company’s dime) to build my systems (that allow my company to make money) should be free. And always up to date. And should fix my bugs. And add new features. And somehow this should all just happen magically.”

Kat Cosgrove, Kubernetes Steering Committee (source):

“The ingress-nginx deprecation is the inevitable result of the fundamentally broken way for-profit companies consume open source software, not a reflection on the state of the CNCF or Kubernetes. It had to happen.”

External Secrets Inc. ceased to exist

The commercial company behind External Secrets Operator (a CNCF Sandbox project) announced its shutdown. On the bright side, it has released all its proprietary software as Open Source; it is now available on GitHub.

As you might recall, earlier this year recently, the ESO project itself paused releases due to a critical need for maintainers. Luckily, new people were found, and releases were revived, including the prominent v1.0.0, which was just two weeks ago.

#news

Azure released AKS desktop based on Headlamp

Yesterday, the AKS desktop application was announced. It provides a self-service UI based on Headlamp (a Kubernetes SIG UI project) for deploying and managing workloads on Azure Kubernetes Service.

Currently, v0.1.0-alpha is the only publicly available release of AKS desktop. It supports Azure RBAC and allows you to:

- Create and use AKS cluster projects;
- Visualise the Kubernetes resources in your project;
- Deploy applications and configure their scaling via HPA or manual settings;
- View metrics and logs.

Language: TypeScript | License: Apache 2.0 | 12 ⭐️

▶️ GitHub repo
📣 Project announcement

#tools #gui #Azure #news

Videos from KubeCon + CloudNativeCon North America 2025 are now available

You can find 348 videos from the recent event in this YouTube playlist. They include daily highlights, keynotes, regular and lightning talks. The full schedule is available here.

As for the co-located events during KubeCon NA 2025, their recordings are also published:
- Maintainer Summit (21 videos)
- FluxCon (10)
- Kubernetes on Edge Day (10)
- Cloud Native University (9)
- OpenFeature Summit (9)
- Open Source SecurityCon (35)
- CiliumCon (9)
- EnvoyCon (9)
- OpenTofu Day (11)
- Observability Day (29)
- Kubeflow Summit (7)
- Data on Kubernetes Day (8)
- ArgoCon (31)
- Cloud Native & Kubernetes AI Day (19)
- BackstageCon (15)
- Istio Day (9)
- Platform Engineering Day (29)
- KyvernoCon (8)
- WasmCon (10)

#events #video

Some engineers dare to admit they are lazy. Here’s why we have lazygit, lazydocker, and now this new tool…

LazyHelm is a terminal UI inspired by other lazy* projects and obviously focused on Helm. It allows you to:

- Navigate through Helm repos and find new charts at Artifact Hub;
- View the charts, modify the values, see the diff between chart versions;
- View all currently deployed Helm releases and filter them, view their details, revision history, and historical values;
- Search through Helm repos, charts, and values.

Language: Go | License: Apache 2.0 | 29 ⭐️

▶️ GitHub repo
💬 Reddit announcement

#tools #CLI

This project has been around for a while, but it is especially useful now, given the upcoming retirement of the Ingress NGINX controller.

Ingress2gateway is part of the Gateway API SIG-Network subproject, focusing on translating Ingress and provider-specific CRDs to Gateway API resources. It supports Ingress NGINX and several other providers (including Apache APISIX, Cilium, Istio, GCE, Kong, NGINX Ingress, and OpenAPI).

However, it’s essential to note that it doesn’t support all the annotations available. The list of those supported for Ingress NGINX is available here.

▶️ GitHub repo

Language: Go | License: Apache 2.0 | 643 ⭐️

#tools #networking

Which Kubernetes versions are currently in use?

Here’s a chart from Datadog showing the Kubernetes versions their users are running on October 1, 2025. According to this data, 78% of users run K8s v1.31-1.34.

#news

It's time to share our latest digest of the prominent software updates in the Cloud Native ecosystem!

1. Gateway API, a part of the Kubernetes SIG Network, reached its 1.4. It declared a few features, including supportedFeatures in the GatewayClass status and named rules for Routes, GA. It also introduced three experimental features, such as a mesh resource for service mesh configuration, default gateways, and externalAuth filter for HTTPRoute.

2. Istio (a CNCF Graduated project) 1.28 introduced the InferencePool v1 API to improve managing and routing AI inference workloads, native nftables support in the ambient mode, better ambient multicluster deployments, enhanced security features, and more.

3. Kustomize, which is also developed in a Kubernetes SIG, released v5.8.0. This version enabled replacements and patch values in the structured data and regex support for replacement selectors.

4. Spin, a framework for building and running cloud microservices with WebAssembly (a CNCF Sandbox project), was updated to v3.5 with WASI Preview 3 support. Other changes include a new Spin Rust SDK, configurable static HTTP responses, and OpenAI integration support.

5. Kueue, a set of APIs and a controller for job queueing in Kubernetes, got lots of new features in v0.15.0. They include a new experimental kueue-populator to create default resources, admission checks to control the delay by external and internal controllers, an optional interface for custom Jobs to activate and deactivate them, TAS support for the Kubeflow Trainer integration, numerous improvements in MultiKueue, and many more.

6. KubeVirt, a virtual machine management add-on for Kubernetes (a CNCF Incubating project), released v1.7.0. It introduced decentralised live migration, support for DRA devices in VMI, generalised migration priority, support for auto-healing strategy in VMPool, and experimental support for AMD SEV-SNP and Intel TDX.

7. Freelens, a GUI for managing Kubernetes clusters, was updated to v1.7.0, featuring an improved YAML editor, Pod-level resource aggregation, Windows Portable distribution, and better extension API.

#news #releases

Kubernetes Spec Explorer is an online resource that helps you find the official built-in documentation for all the Kubernetes resources and their properties.

- All the information it provides is automatically generated based on the OpenAPI specification.
- The data is available for any chosen Kubernetes release, from v1.11 to v1.35, and the differences introduced for the resource in each subsequent release are displayed.
- Each Kubernetes resource comes with examples of how it might look.
- CRDs of some other popular Cloud Native tools, such as Argo, Cilium, CloudNativePG, Gateway API, Istio, and Kyverno, are also covered.

#tools