Welcome to the February edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

It's a relatively light edition this month - short month, slowness at the start of the year and folks waiting for KubeCon next month to make big announcements - but there's still plenty of 🔥hot🔥 posts included!

While this month seems to be have calm for some folks, I've been keeping busy!

Rejekts Amsterdam is coming along great! The org team are absolutely smashing it and I can't wait to see all their hard work pay off. The schedule is looking great, everything is falling into place and tickets are running out - I can't wait to see everyone there!

I also gave two talks at ContainerDays London this month, including a brand new one all about giving technical talks which I really enjoyed. Really hoping I have an opportunity to give that again as I got some fantastic feedback on how I can make it better! Unfortunately none of the talks were recorded though. 😞 Although, that's prob for the best as the conference had a real problem with noise in the venue.

KubeCon is just around the corner and my week is going to be jam packed - I'm hoping to catch up with as many people as I can while there so please do come find me:
✨ Saturday: Cloud Native Rejekts
✨ Sunday: Maintainer Summit - I’m looking forward to diving deep into the technical discussions with the brilliant minds building our cloud native tools.
✨ Monday: Co-located Events - I’ll be exploring a few different events, but most likely Platform Engineering Day. Let me know if you're going!
✨ Tuesday: KubeCon kicks off! Also, don’t miss Kuberoke in the evening, the #1 party of the year! 🎶🎤 (get your ticket while you can!)
✨ Wednesday: I’m giving my first-ever KubeCon talk with my awesome friend Márk Sági-Kazár. Come find us in Hall 7 Room A at 11:45am for some fun ‘Kube Oddities’! Really looking forward to this!
✨ Thursday: KubeCon wraps up. If I haven’t had a chance to connect with you yet, I’ll be focusing on the hallway track and catching up with everyone this day.

If you'd like to catch up at KubeCon or any of the events around it, feel free to reach out to me on any of my socials. 👋 If you're looking for things to do in the evenings there are a whole bunch of 🎉parties🎉 going on, be sure to check out conf.party for all the fun happening throughout the week.

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Why the OpenTelemetry Batch Processor is Going Away (Eventually)
  An analysis of why the OpenTelemetry community is moving away from the in-memory batch processor in favor of exporter-level batching. This post explains the architectural limitations of memory buffering during Collector restarts, the resulting risk of data loss, and how persistent storage in the exporter-level approach provides better durability for production telemetry.
• Treat the edge like infrastructure, not an exception  - Manuel Gawert
  A look at why you should be treating edge computing as infrastructure and not an exception compared to the rest of your infrastructure.
• Introducing Node Readiness Controller  - Ajay Sundar Karuppasamy
  In the standard Kubernetes model, a node’s suitability for workloads hinges on a single binary "Ready" condition. However, in modern Kubernetes environments, nodes require complex infrastructure dependencies—such as network agents, storage drivers, GPU firmware, or custom health checks—to be fully operational before they can reliably host pods. This project introduces a declarative system for managing node taints, extending the readiness guardrails during node bootstrapping beyond standard conditions.
• 📗 Cilium: Up and Running - Isovalent
  A new book from the folks at Isovalent, including my dear friend James Leverack, about operating Cilium and leveraging it to its fullest. It's available in bookshops now, or you can download it free from Cilium - or, if you're going to be at KubeCon Amsterdam you have a chance to pick up a signed copy!
• Self-hosting my websites using bootable containers  - Yorick Peterse
  A very, very details article that covers all about investigating and implementing containers as a bootable application for hosting their website.
• Kubernetes Ingress NGINX Shutdown: Migration Guide  - Monika Chauhan
  Kubernetes Ingress NGINX shuts down March 2026. Learn security risks and Gateway API migration strategies from Kubernetes Steering Committee.
• Red Hat takes on Docker Desktop with its enterprise Podman Desktop build  - Steven J. Vaughan-Nichols
  Red Hat is betting a commercially supported Podman Desktop can lure corporate developers away from Docker Desktop.
• State of AI-Assisted Development in CNCF Projects - cncf
  This initiative empowers the CNCF projects to move from ad-hoc experimentation to confident adoption by surveying real-world AI tool usage across CNCF projects and delivering a practical, vendor-neutral guide for secure integration.
• Heroku Is (Finally, Officially) Dead - Will Vincent
  Analyzing the official announcement of the end of Heroku and reviewing hosting alternatives in 2026.
• ArgoCD to Flux  - Vlad Mocanu
  Migrating from ArgoCD to Flux — the why, the how, and what I learned
• Announcing H2 2026 KCDs
  The next batch of Kubernetes Community Days from around the world has been announced including five new locations!

🔒 Security

• ⚠️ Multiple issues in ingress-nginx  - Tabitha Sable
  If you're still running ingress-nginx, be aware of several new CVEs that have been disclosed.

🧑‍🏫 Tutorials, Videos & Podcasts

• A Beginner's Guide to Kubernetes  - Arsh Sharma
  Learn the fundamentals of Kubernetes. Understand core resources like Pods, Deployments, Services, and more.
• 📺 Cilium Explained: eBPF-Powered Kubernetes Networking  - Whitney Lee
  Why is Cilium one of the most widely adopted Container Networking Interfaces (CNIs) in production Kubernetes environments? What does it do differently?
• 📺 Secure your Kubernetes applications with Chainguard  - Kubernetes Bytes
  In this episode Bhavin talks to Adrian Mouat, Dev Rel at Chainguard about all things Kubernetes Security. They discuss CVEs, the different vulnerability databases, and how platform engineers can use Chainguard images to protect against CVEs.

🧰 Tools

• node-readiness-controller - kubernetes-sigs
  This repository contains a Kubernetes controller that manages node taints based on multiple readiness conditions, providing fine-grained control over when nodes are ready to accept workloads. See above for the announcement post for more details.
• TOPF - Talos Orchestrator  - PostFinance
  TOPF is managing Talos based Kubernetes clusters. It provides functionality for bootstrapping new clusters, resetting existing ones, and applying configuration changes.
• homelab: A K8s homelab on public VPS. Built to learn from — or fork and make your own.  - tograu
  A personal Kubernetes homelab built with Ansible (IaC) and Argo CD (GitOps), running on VPS infrastructure. It's designed to be rebuilt, not to never fail.
• K8s Games - Rohit Ghumare
  Deploy pods, fix CrashLoopBackOff, type real kubectl commands — all in a 3D simulation that runs in your browser. No install needed.
• Announcing Kyverno 1.17!  - Charles-Edouard Breteche
  Kyverno 1.17 is a landmark release that marks the stabilization of our next-generation Common Expression Language (CEL) policy engine.
• Announcing Flux 2.8 GA  - Stefan Prodan & Matheus Pimenta 
  Flux v2.8 comes with Helm v4 support, bringing server-side apply and enhanced health checking to Helm releases.

🎤 Events and CFPs

Events

• 🎉 Conf.Party - KubeCon + CloudNativeCon Europe
  Find all the parties, socials and meetups in and around KubeCon in Amsterdam
• 🇳🇱 Cloud Native Rejekts Europe 2026  - 21st March, 2026
  Rejekts is the best kick-off to your KubeCon week. If y'all are going to be in Amsterdam on the 21st be sure to grab a FREE ticket now while you still can! The schedule is looking great! 💙
• 🇨🇦 KCD Toronto 2026  - 13th May, 2026
  Join the inaugural KCD Toronto 2026, the biggest event in Toronto for the cloud-native and Kubernetes community.
• 🇷🇴 Cloud Native Days Romania  - 18th - 19th May, 2026
  Cloud Native Days Romania is coming in May and the early bird tickets are still available at €99 for corporate or €49 for individuals! Be sure to grab this fantastic price before they go up March 15th!

CFPs

• 🇹🇷 KCD Istanbul 2026  - Deadline 1st March
• 🌐 KyvernoCon Virtual 2026  - Deadline 8th March
• 🇯🇵 KubeCon + CloudNativeCon Japan 2026  - Deadline 29th March
• 🇩🇪  Cloud Native Summit Munich 2026 - Deadline 31st March
• 🇦🇹 Cloud Native Days Austria 2026  - Deadline 30th April
• 🇪🇺 SecurityNativeEurope  - Deadline 31st December

💬 Social Post of the Month

🤷 Misc & Fun

• I Made An ESP32 On-Call Beeper  - Kyle Tryon
  A fun personal project from Kyle about building an on-call beeper (pager). I'd really love to see something like this as swag from one of the KubeCon sponsors (hint hint Incident.io 😉)

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the January edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

What. A. Month. 😮‍💨

Can you believe it's still January?! I don't know about y'all but for me this month has felt so long! It's been a busy one for sure!

I've been working on a couple new talks I'll be giving soon that I'm very excited about. The first is a meta talk about giving talk titled "Debugging Your Conference Talk: Practical Tips to Resonate with your Audience" that I will be giving at Container Days London next month, as well as an updated version of my "Pod Deep Dive" talk that I have a lot of fun giving. The other new talk I will be giving at KubeCon in March alongside my dear friend Márk where we will be going over some of our favourite "Kube Oddities" in fun and lighthearted talk. Kinda nervous about this one, not only is it my first KubeCon talk but also my first time giving a talk with someone else! 😱

Speaking of KubeCon, I've also been helping out the 🎤 Chief Karaoke Officer Lian (and other amazing peeps) with organising Kuberoke for after KubeCon day 1 in Amsterdam. It's going to be an amazing night, I can't wait! 💙 Be sure to keep an eye out for the tickets being made available soon!

And, if that wasn't enough... some huge news from me this month is that I've joined Lexi and Laura to form a new Steering Committee for the ✨incredible✨ Cloud Native Rejekts conference to ensure it has a future after Microsoft decided to no longer keep it running. We're taking it back to it's community-focussed roots and things are already in full swing to get something together in time for KubeCon Amsterdam in March. If you haven't already seen the full announcement I recommend giving it a read on LinkedIn. ♥️
If you are able to help out with sponsorship, or know someone who might, please take a look at the Sponsorship Prospectus. 🙏

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky, Mastodon or LinkedIn! 💬

📰 News & Articles

• Ingress NGINX: Statement from the Kubernetes Steering and Security Response Committees - Kat Cosgrove
  In March 2026, Kubernetes will retire Ingress NGINX, a piece of critical infrastructure for about half of cloud native environments. The retirement of Ingress NGINX was announced for March 2026, after years of public warnings that the project was in dire need of contributors and maintainers. There will be no more releases for bug fixes, security patches, or any updates of any kind after the project is retired. This cannot be ignored, brushed off, or left until the last minute to address.
• FluxCD OCI Artifact Verification  - Caleb Woodbine
  A look at using OCI with FluxCD along with Sigstore for verification.
• Why High-Cardinality Metrics Break Everything  - Prathamesh Sonpatki & Mukta Aphale
  What actually breaks when teams add high cardinality metrics and why those failures are hard to avoid unless the system is built for it.
• Archiving of Kubernetes Dashboard Project  - Sebastian Florek
  An announcement that the Dashboard project, that has been around since the early days of Kubernetes, is being archived. Those looking for an alternative UI should take a look at Headlamp.
• Where the Cloud Ecosystem is Heading in 2026: Top 5 Predictions  - Arsh Sharma
  Explore 5 key predictions for the cloud ecosystem in 2026, from AI skepticism to the shift away from local dev environments and Kubernetes abstractions.
• Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc  - Peter Engelbert & Ben Petersen
  Did you know that kubectl can run arbitrary executables, including shell scripts, with the full privileges of the invoking user, and without your knowledge? New changes can help to mitigate against some of the risks posed by this capability.
• Announcing the Checkpoint/Restore Working Group  - Radostin Stoyanov, Viktória Spišaková, Adrian Reber & Peter Hunt
  Announcing the new Kubernetes Checkpoint / Restore WG focusing on the integration of Checkpoint/Restore functionality into Kubernetes.
• Hardened containers don't fix a broken software supply chain  - Dan Lorenc
  Hardened containers are like patching a leaky pipe rather than truly solving the problem. The real fix is building trusted software from the source.
• Kubernetes 1.35 features that change Day 2 operations  - Janakiram MSV
  A look at some of the new features in 1.35 that make operating clusters in production a little bit nicer.
• Back on the board - Liz Rice
  Liz has rejoined the Cloud Native Computing Foundation (CNCF) governing board, and has started a monthly newsletter to keep you updated on their perspective and notes on how it's going. Go give it a subscribe!
• Introducing Amutable
  A lot of the folks behind Flatcar Linux have started a new company, Amutable, that promises to deliver cryptographically verifiable integrity into Linux systems. This is going to be one to watch in the coming years! 👀
• Caught in the Middle: The New Role of Platform Teams  - Yaron Yarimi
  Platform teams face questions from security, finance and compliance without authority to act. Why an accountability gap exists and what needs to change.
• Cluster API v1.12: Introducing In-place Updates and Chained Upgrades  - Fabrizio Pandini
  The Cluster API v1.12.0 release expands what is possible in Cluster API, reducing friction in common lifecycle operations by introducing in-place updates and chained upgrades.

🔒 Security

• Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554  - Rory McCune
  A look at how Kubernetes CVE-2020-8554 works.
• A Brief Deep-Dive into Attacking and Defending Kubernetes  - Alexis Obeng
  A very detailed post on what attackers do in Kubernetes and how to catch them.

🧑‍🏫 Tutorials, Videos & Podcasts

• 📺 Managing Secrets in Configuration Files with SOPS  - Whitney Lee
  Tired of .env files and worried about leaking API keys in your Git repository? There's a better way.
• Kubernetes the (Very) Hard Way  - Márk Sági-Kazár
  A hands-on, step-by-step guide to assembling a Kubernetes cluster from the ground up, (without using any automation) while deeply exploring each component's role and functionality along the way.
• Uniform API server access using clientcmd  - Stephen Kitt
  If you've ever wanted to develop a command line client for a Kubernetes API, especially if you've considered making your client usable as a kubectl plugin, you might have wondered how to make your client feel familiar to users of kubectl. A quick glance at the output of kubectl options might put a damper on that: "Am I really supposed to implement all those options?" Fear not, others have done a lot of the work involved for you.
• 📺 Telemetry Talks - Ep.1 - Observability and OpenTelemetry  - VictoriaMetrics
  In the first episode of Telemetry Talks, Diana talks with Jose, VictoriaMetrics Cloud Lead, about the practical origins of observability and how OpenTelemetry is shaping modern monitoring.
• Experimenting with Gateway API using kind  - Ricardo Katz
  This tutorial will guide you through setting up a local experimental environment with Gateway API on kind.

🧰 Tools

• eBPF.party  - David Ventura
  Learn eBPF through hands-on exercises. Write, compile, and run programs directly from your browser.

🎤 Events and CFPs

Events

• 🇨🇭 📺 Cloud Native Suisse Romande
  All the talk recordings are now available to watch on YouTube
• 🇳🇱 Cloud Native Rejekts - 21st March, 2026
• 🇳🇱 Maintainer Summit Europe 2026 Schedule  - 22nd March, 2026
  Check out the schedule for Maintainer Summit Europe 2026
• 🇮🇳 KubeCon + CloudNativeCon India - 18th - 19th June, 2026
  Save 15% on ticket prices with code KCIN26AMBF
• 🇩🇰 Cloud Native Denmark  - 19th - 20th November, 2026

CFPs

• 🇹🇷  KCD Istanbul 2026  - Deadline 1st March
• 🇩🇪  Cloud Native Summit Munich 2026 - Deadline 31st March
• 🇨🇿🇸🇰 KCD Czech & Slovak 2026 - Deadline 31st March
• 🇨🇭  Swiss Cloud Native Day 2026  - Deadline 30th April
• 🇳🇴  Cloud Native Days Norway - Deadline 1st June

💬 Social Post of the Month

🤷 Misc & Fun

• DNS Belgium leaves AWS
  DNS Belgium intends to eventually remove its critical infrastructure from AWS and migrate to a European cloud provider.
• HackerNews Readings
  A neat app that lets you see comments on HackerNews related to specific books. Good for finding recommendations or what to avoid.
• Solving Factorio with Terraform  - Bevel Work
  When you have terraform, every problem's a nail.
• Isometric NYC
  This is quite a mindblowing post on how Isometric NYC (check it out if you haven't seen it!) was made.
  

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the December edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

Can you believe it's been a whole year of this newsletter?! 🤯 The time has flown by. If you missed any months, you can always catch up from the archive.

I was originally expecting this issue to be mostly a look back on the past year, anticipating not much happening this month due to the holiday period and general end-of-year slowdown. But it seems that doesn't slow down the cloud native community! 🚀 There has been plenty going on this month from new Kubernetes releases to several open CFPs and a sprinkling of articles around some serious downtime recently.

I hope you've all had a wonderful holiday, whether you celebrate or not, and I wish each and every one of you a truly fantastic new year. 💙 Here's hoping 2026 bring you all everything you want! 🎆

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Three Core Principles for Sustainable Platform Design  - Abby Bangser
  Many platforms solve today's problems but don’t scale. Move beyond simple tools to build platforms that pass key value tests and support long-term growth.
• Announcing Amazon EKS Capabilities for workload orchestration and cloud resource management - Channy Yun
  Big news for EKS users! New EKS Capabilities make EKS cluster more production-ready from day one by providing managed functionality to handle cluster operations. Available at launch: Argo CD, AWS Controllers for Kubernetes and Kube Resource Orchestrator.
• Introducing the Technology Matrix - Rawkode
  Your new compass for the Cloud Native landscape. Explore, filter, and learn about the technologies that power modern platforms.
  I really like what David is trying to do here and think the Technology Matrix is really well presented with some clear categorization. Think a much less overwhelming CNCF Landscape, with some opinionated choice added in to help differentiate between the options.
• Canonical Extends Kubernetes Long-Term Support to 15 Years - Steven J. Vaughan-Nichols
  I'm not really sure who this is for exactly but if you do want to run the same Kubernetes for 15 years I guess Canonical have you covered.
• Announcement: Checkpoint/Restore WG is here! - Viktória Spišaková
  A new Kubernetes working group has been set up to discuss and advance checkpoint restore. If that's something you're interested in or are able to help out with please consider joining the working group.
• How when AWS was down, we were not - Warren Parad
  Nothing can have an unlimited uptime. But even when AWS and other hyperscalers are having incidents, Authress created an architecture that is resilient to those outages. This article covers how they've managed to achieve that and avoid being impacted when many others were.
• Cloudflare outage on December 5, 2025 - Dane Knecht
  Cloudflare experienced a significant traffic outage on December 5, 2025, starting approximately at 8:47 UTC. The incident lasted approximately 25 minutes before resolution. This is Cloudflare's write up of what happened and how they are improving things.
• How the Team Behind Valkey Knew It Was Time to Fork - Steven J. Vaughan-Nichols
  Lessons from the Valkey team on breaking away from a company that wants to close your open source project.
• Hardened Images for Everyone - Christian Dupuis & Michael Donovan
  Docker has released Docker Hardened Images that are now free to use, share, and build on with no licensing surprises.
• New Features We Find Exciting in the Kubernetes 1.35 Release - Arsh Sharma
  The folks at Metalbear share some of their favourite new features from the Kubernetes 1.35 release.
  Read more about this release and its various new features in the Tools section below. 👇
• What's Wrong with Kubernetes Today - Debo Ray
  A look at how Kubernetes fails to effectively scale without waste. Covers various bin packing approaches and tools used in Kubernetes today and how they work and where they fall short.
• It works on my cluster: a tale of two troubleshooters - Liam Mackie
  Kubernetes is hard to troubleshoot. Learn how two teams worked together to troubleshoot a particularly tricky bug.

🔒 Security

• ⚠️ CVE-2025-14269: Credential caching in Headlamp with Helm enabled - kubernetes
  If you run Headlamp please take a look at this recently released CVE and make sure you're updated to at least v0.38.0

🧑‍🏫 Tutorials, Videos & Podcasts

• 📺 Fluent Bit Explained: Data Pipelines for Observability. The Evolution of Cloud-Native Logging - Whitney Lee
  Observability begins with data movement: collecting, routing, and analyzing information so it reaches the right place in the right form.
  In this episode, Whitney Lee and Eduardo Silva Pereira trace how Fluentd introduced a unified way to move data and how Fluent Bit extended that approach for modern environments.
• An End-to-End Cloud Native Observability Framework  - Khushboo Nigam
  This practical guide walks you through building a unified framework for your applications, Kubernetes clusters and CI/CD pipelines.
• 📺 Observability 2.0 with OpenTelemetry: Make Signals Work Together - Whitney Lee
  Observability got bigger than “three pillars” and a dashboard. Observability 2.0 is about correlation, not collection, so teams can ask meaningful questions and get useful answers.
• 📺 Navigating Kubernetes: Insights, Challenges, and the Release Cycle with Kat Cosgrove - David Flanagan & Laura Santamaria
  In this episode of Cloud Native Compass, hosts David Flanagan and Laura Santamaria dive deep into the complexities of the Kubernetes release cycle with guest Kat Cosgrove.
• 📺 Navigating Kairos: Immutable Operating Systems with a Cloud Native Twist - David Flanagan & Laura Santamaria
  In this episode, David Flanagan & Laura Santamaria dive into the Kairos project, a CNCF initiative aimed at converting any Linux distribution into an immutable operating system.
• Kubernetes Optimization using In-Place Pod Resizing and Zone-Aware Routing - Manu Someshwar R
  At Halodoc, they improved Kubernetes efficiency using in-place pod resizing to right-size resources without restarts and zone-aware routing to cut cross-AZ traffic. These changes reduced compute costs, lowered latency, and improved overall cluster performance. This post walk through how they achieved it.
• 📺 Logging Operator: Multi-Tenant Kubernetes Logging - Whitney Lee
  Kubernetes gives every pod a place to write logs, but it leaves the actual logging pipeline up to you. Once you try to ship those logs anywhere, you face choices about collectors, routing, buffering, isolation, and how to keep one noisy team from affecting everyone else. In this episode, Whitney Lee stands at the lightboard with Peter Wilcsinszky to look at why this happens and how the Logging Operator helps. They walk through the realities of node-level collection, what makes routing tricky, and how Flows and Outputs give teams a clear, Kubernetes-native way to control where their logs go.
• 📺 Kyverno vs OPA Gatekeeper – Which Policy Engine Rules Kubernetes? - Henrik Rexed
  In this episode of Is It Observable?, Henrik dives deep into the ultimate Kubernetes policy showdown: Kyverno vs OPA Gatekeeper.

🧰 Tools

• Kubernetes v1.35.0 - kubernetes
  The latest release of Kubernetes is here. v1.35.0 is out with the following new and improved features:
  • Kubernetes 1.35 "Timbernetes" Introduces Vertical Scaling - Joab Jackson
  • Kubernetes v1.35: Job Managed By Goes GA - Dejan Zele Pejchev & Michał Woźniak
  • Kubernetes 1.35: In-Place Pod Resize Graduates to Stable - Natasha Sarkar
  • Kubernetes v1.35: Kubelet Configuration Drop-in Directory Graduates to GA - Sohan Kunkerkar
  • Kubernetes v1.35: Fine-grained Supplemental Groups Control Graduates to GA - Shingo Omura
  • Kubernetes v1.35: Introducing Workload Aware Scheduling - Maciej Skoczeń & Dominik Marciński
• Web UI - Flux Operator
  Flux CD now has a fancy web UI thanks to Flux Operator.

🎤 Events and CFPs

Events

• 🇬🇧 ContainerDays London 2026 - 11th - 12th February, 2026
  ContainerDays is coming to the UK for the first time next year and tickets are now available. I'm going to be giving two talks here! 🤯
  If you're looking to grab a ticket, take a look at the ContainerDays LinkedIn account where they've been giving away some free tickets over the holidays. If you're quick you might still be able to grab one! 😉
• 🇳🇱 KubeCon + CloudNativeCon Amsterdam - 23 → 26 March
  KubeCon + CloudNativeCon is going back to Amsterdam!
  On a personal note, this will be the first time that I'm speaking there! 😮 Very excited about that!
  Get 15% off ticket prices with code: KCEU26ABSH15
• 🇯🇵 KubeCon + CloudNativeCon Japan - 29 → 30 July
  KubeCon + CloudNativeCon is going back to Japan. This time in Yokohama!

CFPs

• 🇳🇱 Cloud Native Rejekts EU 2026 - Deadline 17th January
• 🇷🇴 Cloud Native Days Romania 2026 - Deadline 7th February
• 🇫🇮 KCD Helsinki 2026 - Deadline 15th February
• 🇨🇦 KCD Toronto 2026 - Deadline 16th February
• 🇩🇪 ContainerDays Hamburg 2026 - Deadline 28th February

💬 Social Post of the Month

🤷 Misc & Fun

• Join the on-call roster, it’ll change your life - Sergey Tselovalnikov
  Joining an on-call rotation might change the future of your career – and maybe you as a person. This article shares Sergey's experience being on-call.
• Size of life - Neal
  Another fun website from Neal that shows the scale of size difference between many forms of life.
• Klustered '26 - Live Kubernetes Debugging Competition - Rawkode
  David is looking for volunteers to take part in a new season of Klustered. Think your Kubernetes debugging skills are up to the challenge? Apply now!
• SERVER: Survival Protocol
  Architect infrastructure that survives!
• Font with Built-In Syntax Highlighting
  An experiment in javascript-free syntax highlighting, made possible by opentype contextual alternates and COLR table.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the November edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

Lots has been going on this month! KubeCon brought a lot of activity and some great talks and announcements but we've also seen the (upcoming) retirement of ingress-nginx, some major releases of Helm and external-secrets and a Cloudflare outage that effected lots of the internet.

This months issue also includes all the recordings from not one, not two, not three but FOUR different conferences! 😮 That should keep y'all busy in the fast approaching winter nights.

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Kustomize logo design proposals - Kustomize
  The Kustomize project is looking for a new logo. If you're feeling creative why not add your submission?
• Tailscale Welcomes Kubernetes Co-Founder Joe Beda as Advisor - Joab Jackson
  The Kubernetes co-founder will help bring Wireguard VPN's ease of use to solving complicated K8s networking patterns.
• Announcing the 2025 Steering Committee Election Results - Arujjwal Negi
  The 2025 Steering Committee Election is now complete. The Kubernetes Steering Committee consists of 7 seats, 4 of which were up for election in 2025. Incoming committee members serve a term of 2 years, and all members are elected by the Kubernetes Community.
• Ingress NGINX Retirement: What You Need to Know - Tabitha Sable
  If you haven't heard already - ingress-nginx is being retired due to lack of time and support for the maintainers of the project. This post outlines the current plan for maintenance and retirement.
• Navigating the Ingress-nginx Archival: Why Now Is the Time to Move to Cilium - Isovalent
  Following on from the above post, this post explains what the retirement means, compares your options, and shows how to migrate quickly to Cilium Ingress or adopt the Cilium Gateway API for advanced traffic management.
• External Secrets Inc is winding down - External Secrets Inc
  External Secrets Inc., the company set up to build out External Secrets, is winding down operations but its not just bad news. All of the (formerly) proprietary code is now open source (under the MIT License) so that all may benefit from what they've created.
• Kubernetes v1.35 Sneak Peek - Aakanksha Bhende, Arujjwal Negi, Chad M. Crowell, Graziano Casto & Swathi Rao 
  A look at what we can expect from the upcoming Kubernetes v1.35 release expected to be released December 17th.
• Gateway API 1.4: New Features -  Beka Modebadze
  The Kubernetes SIG Network community presented the General Availability release of Gateway API (v1.4.0)! Released on October 6, 2025, version 1.4.0 reinforces the path for modern, expressive, and extensible service networking in Kubernetes.
• SRE math every engineer should know: a practical guide - Srivatsa RV
  Curious how top engineers keep systems reliable? This guide breaks down the maths behind Site Reliability Engineering into simple, real-life examples whether it’s understanding error budgets, decoding percentiles, or making sense of dashboards. Perfect if you want to stop firefighting and start making data-driven, confident decisions on call.
• A 2025 look at real-world Kubernetes version adoption - Rory McCune
  Rory took a fresh look at the state of Kubernetes version adoption and things are looking generally pretty good.
• Cloudflare outage on November 18, 2025 - Matthew Prince
  Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected. This post breaks down the cause and the steps taken to identify and fix the problem.
• How Amazon Prepares for Black Friday: Predictive Modeling - Joab Jackson
  As Black Friday approaches, two Amazon engineers shared secrets of how they ensure the shopping service stays up even under heavy duress.

🔒 Security

• ⚠️ Three runc CVE published
  There's been 3 CVEs published against runc, all rated as "High". Please make sure you're updated!
  - CVE-2025-31133 - container escape via "masked path" abuse due to mount race conditions
  - CVE-2025-52881 - container escape and denial of service due to arbitrary write gadgets and procfs write redirects
  - CVE-2025-52565 - container escape with malicious config due to /dev/console mount and related races
• OpenSourceMalware.com - Community Threat Intelligence
  A community database, API and collaboration platform to help identify and protect against open-source malware.
• Fun-reliable side-channels for cross-container communication -
  h4x0r
  Some Linux Kernel exploits to allow for cross-container communication.

🧑‍🏫 Tutorials, Videos & Podcasts

• Preventing Kubernetes from Pulling the Pause Image from the Internet - Kyle Cascade
  A look at how to block pulling the pause image from the internet - useful when deploying into airgapped or highly restricted environments.
• Wrangling Kubernetes contexts - Natalie Klestrup Röijezon
  If you use Kubernetes on a regular basis, you've probably came across the dreaded context. This post walks through how to manage your context.
• 📺 Pixie: Instant Kubernetes Visibility with eBPF - Whitney Lee
  Pixie lets you observe live traffic, system behavior, and app hotspots without touching the code, so teams can investigate issues the moment they appear.
• 🎙️ Cows, Tech Careers, Working at Microsoft, and Even More About Cows, with Saad Ansari - Software Defined Talk
  In this episode, Whitney and Coté speak with Saad Ansari, a product manager at Databricks, about his journey from working at Microsoft to co-founding a startup focused on creating sensors for monitoring cow behavior.
• 📺 Kubernetes Community Days UK - Edinburgh, 2025
  All the recordings from KCD UK last month are now available to watch on YoutTube.
• 📺 Cloud Native Rejekts Atlanta 2025 - Tack 1 & Track 2
  The livestream recordings from Cloud Native Rejekts in Atlanta are available to watch back on YouTube.
• 📺 KubeCon+CloudNativeCon NA 2025
  All recordings from KubeCon NA are now available to watch on YouTube.
• 📺 Netflix’s Engineering Culture - The Pragmatic Engineer
  What’s it like to work as a software engineer inside one of the world’s biggest streaming companies.
• 📺 TalosCon 2025
  Recordings from TalosCon are available to watch on YouTube.
• 🎙️ Whitney goes to KubeCon - Software Defined Talk
  This week, Whitney Lee joins Software Defined Talk to discuss KubeCon news, Coding Assistants, and conference tips. Plus, vegan food and note-taking recommendations.

🧰 Tools

• External-Secrets v1.0.0 (and v1.1.0) - external-secrets
  External-secrets has made the jump to a v1.0.0 release!
• Grafana Mimir 3.0 release: performance improvements, a new query engine, and more - Dimitar Dimitrov, Nick Pillitteri & Vladimir Varankin
  Grafana Mimir 3.0 marks a new era for the open source time series database, delivering dramatic improvements in both reliability and performance.
• Helm v4.0.0 - helm
  This has been coming for a long time now and finally Helm v4 has been released for all to use! Lots of new features and fixes in this release.

🎤 Events and CFPs

Events

• 🇬🇧 ContainerDays London 2026 - 11th - 12th February, 2026
  ContainerDays is coming to the UK for the first time next year and tickets are now available. I'll also be speaking so come say hi if you are there! 👋
• 🇨🇭 Cloud Native Zürich 2026 -11th June, 2026
  Tickets are now available for Cloud Native Zürich

CFPs

• 🇮🇹 Cloud Native Days Italy 2026 - Deadline 6th March

💬 Social Post of the Month

🤷 Misc & Fun

• Linux Kernel Ported To WebAssembly - Demo Lets You Run It In Your Web Browser - Michael Larabel
  Linux in your web browser!? 🤯
• stickertop.art
  Discover a unique collection of laptops adorned with creative stickers from around the world.
• Kubernetes Cluster Goes Mobile In Pet Carrier - Bryan Cockfield
  If you were at KubeCon earlier this month you might have seen Justin walking around with a cluster running from a backpack!

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the October edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

This month seems to have flow by! How is it Halloween already!? 👻

I managed to attend one of my favourite cloud native conferences this month - Kubernetes Community Days UK - this time hosted in wonderful Edinburgh for the first time. It was great to see so many lovely friends, both new and old. I also had the pleasure of not only seeing my teammates giving a talk to a full room but also watching so many of my dear friends giving amazing talks throughout the two days. 💙

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Follow Up - Preventing Upgrade Failures from etcd v3.5 to v3.6 - Benjamin Wang & Josh Berkus
  Additional scenarios have been identified and fixed that may cause upgrade failures when moving from etcd v3.5 to v3.6. This post contains details, the fix, and additional workarounds.
• GitHub Will Prioritize Migrating to Azure Over Feature Development - Frederic Lardinois
  GitHub is working on migrating all of its infrastructure to Azure, even though this means it'll have to delay some feature development. Not super happy about this news.
• Migrating From Cluster Autoscaler to Karpenter v0.32 - Isaac Kiptanui
  A guide to switching Cluster Autoscaler for Karpenter's newer NodePool and EC2NodeClass setup and how to save money while you're at it.
• The State of CI/CD in 2025: Key Insights from the Latest JetBrains Survey - Olga Bedrina
  What's the most popular CI/CD tool in 2025? How many companies use AI in their workflows? Find answers to these and other questions in this blog post, based on the latest JetBrains survey.
• Fidelity Investments Shares Its Migration Story from Terraform to OpenTofu - James Humphries
  A G&A with Fidelity Investments about their migration from Terraform to OpenTofu
• Engineering Reality Report - Chainguard
  A software engineer’s reality moving into 2026: what engineers want to do, and what they have to do
• Ulysses’ Odyssey: Lessons for Platform Engineering - William Rizzo
  Is your platform engineering journey facing monsters like technical debt or integration complexity? Learn how to navigate these challenges.
• k8s-1m Overview - Ben Chess
  An effort to create a fully functional Kubernetes cluster with 1 million active nodes.
• Spotlight on Policy Working Group - Arujjwal Negi
  In the complex world of Kubernetes, policies play a crucial role in managing and securing clusters. But have you ever wondered how these policies are developed, implemented, and standardized across the Kubernetes ecosystem? To answer that, let's take a look back at the work of the Policy Working Group.
• 📗 Container Security - Liz Rice
  Grab a free copy of Liz Rice's book "Container Security" thanks to Isovalent.
• The Challenges of Uniting VMs and Containers on a Single Platform - Dean Lewis
  The idea of running VMs and containers on one platform is appealing, but there are real-world obstacles to making it happen.
• Highlights from CNCF’s first Open Observability Summit - Dotan Horovits
  Dotan covers all the highlights from the first Open Observability Summit.
• 7 Common Kubernetes Pitfalls (and How I Learned to Avoid Them) - Abdelkoddous Lhajouji
  A practical guide to some of the most common pitfalls and mistakes that folks make when working with Kubernetes.
• Why Modern IPv6 Failed This Massive Kubernetes Networking Test - Steven J. Vaughan-Nichols
  Deutsche Telekom pushes the limits of Kubernetes, containers and networks in its satellite network simulation.

🔒 Security

• Beyond Namespaces: Why Kubernetes Needs Real Workload Isolation - Lewis Denham-Parry
  To build secure, resilient infrastructure, we need to reset the conversation. Namespaces are valuable, but they don’t isolate. This post from Lewis takes a look at how we can take things further.
• OWASP Kubernetes Top 10 2025 Survey
  Kubernetes SIG Security Docs subproject is starting an update of the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included.
• Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 - Benny Isaacs & Nir Brakha
  A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.

🧑‍🏫 Tutorials, Videos & Podcasts

• Build Java Containers with Jib - Chainguard
  In this tutorial, you'll learn how to build minimal Java containers using Jib and Chainguard base images
• A Practical Guide to Kubernetes Stateful Backup and Recovery - Adetokunbo Ige
  Explore methods, tools and best practices for protecting data in databases, memory caches, storage systems and other stateful applications.
• Kube Mysteries: The Invisible Pod | Challenge - Márk Sági-Kazár
  Did you know that pods can become invisible? Can you figure out how?
• 📺 Flagger on Kubernetes: Progressive Delivery and Canary Deployments - Whitney Lee
  Deploying fast is easy; deploying safely is hard. Instead of swapping Kubernetes resources by hand or hoping a rollout won’t break users, Flagger runs the release process itself.
• 📺 How to Run the Simplest Talos Linux Cluster on Oracle Cloud - Gerhard Lazu
  Join Gerhard as they explore the "why" behind Kubernetes and Talos, and then get hands-on with a step-by-step guide to getting your own single-node cluster up and running.
• 🎙️ The Making of Flux: The Rewrite - KubeFM
  The Making of Flux: The Rewrite
• 🎙️ How We Integrated Native macOS Workloads with Kubernetes - KubeFM
  How Testkube integrated native macOS workloads with Kubernetes.
• 📺 Platform Engineering: Asking "Why"? with Evelyn Osman - Rawkode Academy
   This episode had some long conversations about Arc Bash and the future of scripting as well as platforms and the rise and fall of Kubernetes.
• 🎙️ Cloud Native Compass | Flatcar Linux: A Modern OS for the Always-On Infrastructure - David Flanagan
  Flatcar Linux: A Modern OS for the Always-On Infrastructure. In this episode, they dive deep into Flatcar Linux, an immutable Linux distribution designed for always-on infrastructures.
• 📺 Kubernetes 1.34: Security, Performance, and DRA Go GA - The Landscape - Sylvain Kalache
  Vyom Yadav, Kubernetes Release Team Lead and Software Engineer at Canonical, joins Sylvain Kalache to discuss what’s new in Kubernetes 1.34. With over 58 enhancements, this release focuses on maturing Kubernetes.
• 📺 Pixie: Instant Kubernetes Visibility with eBPF - Whitney Lee
  Pixie lets you observe live traffic, system behavior, and app hotspots without touching the code, so teams can investigate issues the moment they appear.

🧰 Tools

• Announcing Flux 2.7 GA
  Flux v2.7.0 has been released! Here you will find highlights of new features and improvements in this release.
• CNCF Project Level Updates
  There's been several projects this month that have either being adopted by the CNCF or have been promoted to a new level:
  • OAuth2-Proxy - Sandbox
  • Lima - Sandbox → Incubation
  • Dragonfly - Incubating → Graduated
  • Crossplane - Incubating → Graduated
  • Knative - Incubating → Graduated
• Introducing Headlamp Plugin for Karpenter - Scaling and Visibility - René Dudfield & Anirban Singha
  Headlamp is an open‑source, extensible Kubernetes SIG UI project designed to let you explore, manage, and debug cluster resources.
  Karpenter is a Kubernetes Autoscaling SIG node provisioning project that helps clusters scale quickly and efficiently. It launches new nodes in seconds, selects appropriate instance types for workloads, and manages the full node lifecycle, including scale-down.
  The new Headlamp Karpenter Plugin adds real-time visibility into Karpenter’s activity directly from the Headlamp UI.
  • Headlamp Plugins
    Following on from the above, Headlamp have a new, fancy plugins website.
• Spotter - Madhu Akula
  Spotter is a comprehensive Kubernetes security scanner that uses CEL-based rules to identify security vulnerabilities, misconfigurations, and compliance violations across your Kubernetes clusters, manifests, and CI/CD pipelines.
• Secure and Free MinIO Chainguard Containers - Chainguard
  MinIO pulled its free images—but Chainguard has you covered. Get zero-CVE, continuously built MinIO and MinIO Client containers, free and secure from Chainguard.

🎤 Events and CFPs

Events

• 🇳🇱 KubeCon + CloudNativeCon Europe - 23rd – 26th March, 2026
  Tickets for KubeCon EU are on sale and the early bird pricing ends November 19th! If you're planning to attend and want to save some $$$ be sure to get your ticket soon.
  • KubeTrain: Travel to KubeCon by Train
    If you are planning to attend KubeCon be sure to check out KubeTrain. The coolest way to get to the conference with all your cloud native friends. They are also looking for sponsors.
• 🇩🇪 CNS Munich - 29th – 30th June, 2026
  Cloud Native Summit Munich have a date locked in for next year and are now looking for sponsors.
• 🇺🇸 KubeCon + CloudNativeCon North America 2026 - 9th – 12th November, 2026
  The location for KubeCon NA 2026 has changed! Due to issues with the venue it will no longer be in LA but instead back in Salt Lake City.

CFPs

• 🇳🇱 Maintainer Summit: KubeCon + CloudNativeCon Europe 2026 - Deadline 14th December

💬 Social Post of the Month

🤷 Misc & Fun

• A Gift for the Open Source Community: Chainguard’s CVE-Free Raspberry Pi Images (Beta) - Dustin Kirkland
  Chainguard has created the first-ever CVE-free, vulnerability-free Raspberry Pi image.
• Cursed Knowledge - Immich
  Cursed knowledge Immich have learned as a result of building their product that they wish they never knew.
• Compute Cuter
  A cute computer environment can bring you joy! Here are some great resources to help make your computing cuter! ✿
• I am sorry, but everyone is getting syntax highlighting wrong - Nikita Prokopov
  A very interesting article about syntax highlighting but I did find that the suggested approach didn't work for me.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the September edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

It's been a busy week for me. Not only have I been busy with my first month at Monzo I was also in Hamburg for a week while giving at talk at ContainerDays.

With all that, and the Bitnami Helm chart mess, I didn't end up having the time to do the upgrade and tweaks to this newsletter that I mentioned last month. Ah well. There's no rush. (I did have my first couple paid members sign up last month! THANK YOU! 💙)

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Kubernetes v1.34
  Following the release of Kubernetes v1.34 last month there has been several posts highlighting the new changes:
  - Pod Level Resources Graduated to Beta - Dixita Narang
  This significant milestone introduces a new layer of flexibility for defining and managing resource allocation for your Pods.
  - Finer-Grained Control Over Container Restarts - Yuan Wang
  This feature, named Container Restart Policy and Rules, allows you to specify a restart policy for each container individually, overriding the Pod's global restart policy. In addition, it also allows you to conditionally restart individual containers based on their exit codes.
  - DRA has graduated to GA - The DRA team
  Kubernetes 1.34 has brought a huge wave of enhancements for Dynamic Resource Allocation (DRA)!
  - Snapshottable API server cache - Marek Siarkowicz
  With each release, we've chipped away at the problem, and today, we're thrilled to announce the final major piece of this puzzle.
  - Use An Init Container To Define App Environment Variables - HirazawaUi
  The valueFrom now supports pointing to a file contained on a volume, such as an emptyDir populated by an initContainer.
• How our Edge Kubernetes Platform has Evolved - Zack Smith
  A detailed look at how the Chick-fil-a platform has evolved over the years.
• Investigating and fixing "StopPodSandbox from runtime service failed" Kubelet errors - Marcus Noble
  A shameless plug from myself - I investigate and resolve a bunch of Kubelet error logs that stem from my CRI being unable to clean up an old, deleted pod.
• Using systemd-nspawn containers as KubeEdge edge nodes - Simon Weald
  How Simon is using systemd-nspawn containers as throwaway edge nodes for testing KubeEdge.
• How Maintainer Burnout Is Causing a Kubernetes Security Disaster - Steven J. Vaughan-Nichols
  Without more support, the open source project is in a heap of trouble, which means Kubernetes is facing a potential security disaster.
• 2025 State of Internal Developer Portals - Port
  Port's second annual report on the state of internal developer portals dives deeper into the challenges engineering teams face and why they look towards platform engineering best practices as a way to overcome these challenges.
• Kubernetes CPU Limits and Go - William Kennedy
  An old article recently updated with all the latest information. Always worth brushing up on.
• Using Kyverno to Enforce Minimal Base Images - Neil Carpenter
  Secure Kubernetes deployments with Kyverno by enforcing Minimus minimal base images, reducing vulnerabilities and improving compliance.
• Tesco Sues Broadcom Over £100M Software Dispute - Rihem Akkouche
  More Broadcom drama. This time UK superstore Tesco is getting into the fight.
• Why the Frontend Should Embrace Platform Engineering - Loraine Lawson
  A look at how platform engineering on the frontend can speed development while maintaining the entire web dev technology stack.

🔒 Security

• ⚠️ CVE-2025-55190: Project API Token Exposes Repository Credentials
  Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets.
• ⚠️ CVE-2020-8562: Bypass of Kubernetes API Server proxy
  A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.
• Beyond the surface - Exploring attacker persistence strategies in Kubernetes - Rory McCune
  Rory has been doing a talk on Kubernetes post-exploitation for a while now and has finally got around to writing it up in blog form. Well worth a read and I also highly recommend watching a recording of the talk - it's one of my recent favourites.
• Expanding Chainguard VMs: Zero-CVE Application & Base Virtual Machine Images for Cloud and On-Prem - Mark Baker &Anushka Iyer
  Chainguard VMs is expanding with new Application and Base VM Images — giving teams a secure, zero-CVE foundation to build and innovate faster.
• Breaking Boundaries - Kubernetes Namespaces and multi-tenancy - Iain Smart
  This post aims to serve as both a collection of attack paths to watch out for when reviewing Kubernetes clusters, but also as a reference to point at when people claim that multi-tenancy is easy.
• Kubernetes Escape Room
  A tool that analyzes Kubernetes Pod manifests to identify potential container escape vulnerabilities and provides security recommendations for mitigation.
• From suspicion to published curl CVE - Daniel Stenberg
  An in-depth look at the process that goes on behind every security report that is submitted to curl.

🧑‍🏫 Tutorials, Videos & Podcasts

• Observability for Platform Engineering - Platform Engineering University
  A free, on-demand course covering the introduction to observability for platform engineers. Learn to simplify telemetry, navigate open-source solutions, and enforce effective observability practices.
• Solving Kubernetes Multi-tenancy Challenges with vCluster - Fabian Brundke
  A walkthrough on leveraging vCluster to provide multi-tenant Kubernetes clusters.
• 🎙️ The business value of developer relations, devrel history, plus more stuff, with Mary Thengvall - Software Defined Talk
  In this episode, Whitney and Coté chat with Mary Thengvall, exploring the development and significance of Developer Relations (devrel) over the years.
• 📺 Cluster API + Proxmox = Local Kubernetes Magic! (Step-by-Step Tutorial) - Is it Observable
  This episode is a deep dive into automating Kubernetes cluster creation using Cluster API (CAPI) on a Proxmox-base.
• 📺 Beyond Standard Kubernetes: Why Argo Rollouts Is a Game-Changer - Whitney Lee
  In this episode of 🌩️ Thunder, Whitney Lee talks with Nicholas Morey about Argo Rollouts: a CNCF project that is a controller and set of CRDs that bring progressive delivery to Kubernetes.
• 🎙️ Aflevering 111: Beyond Orchestration: CNCF’s Past, Present and Future - Jan Stomphorst
  Chris explains that Kubernetes is much more than just a container orchestrator. Thanks to extensions and CRDs, it is increasingly seen as the “Linux of the cloud”.

🧰 Tools

• Announcing the OPA Control Plane - open-policy-agent
  The Open Policy Agent team have announce OPA Control Plane (OCP) as a new OPA subproject. OCP simplifies how you manage policies for your OPA deployments and provides a centralized management system.
• yaml/go-yaml: The YAML org maintained fork - yaml
  The YAML org maintained fork of https://github.com/go-yaml/yaml now that the original project is archived.

🎤 Events and CFPs

Events

• 🇺🇸 Cloud Native Rejekts NA 2025 - 4th November, 2025
  Tickets are now available for Rejekts NA, and they're FREE!
• 🇰🇷 OpenSourceSummit Korea - 4th → 5th November, 2025
  The schedule for OpenSourceSummit in Korea is now available.
• 🌐 Announcing H1 2026 KCDs
  The KCDs scheduled for the first half of 2026 has been announced by the CNCF. This year will include 5 new locations!
  If you're looking to organise a KCD for the second half of 2026, the applications open in December.

CFPs

• 🇳🇱 KubeCon + CloudNativeCon Europe 2026 - Deadline 12th October
• 🇨🇭 Voxxed Days CERN 2026 - Deadline 21st October
• 🇬🇧 Container Days London - Deadline 31st October
• 🇳🇱 KubeCon EU Co-located Events - Deadline 2nd November

💬 Social Post of the Month

🤷 Misc & Fun

• Not a Robot - Neal
  Really prove that you're not a robot with a series of increasingly difficult captchas you need to solve. I only made it as far as the maths one. 🙈
• Messenger
  It's a small planet, but someone's gotta make the deliveries. A very cute realtime game, all in the browser.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the August edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

This month's issues is slightly lighter than previous as it seems as not as much has been going on this month (summer holidays for many people likely contributed to that) but it has been quite a busy month for me personaly.

I started off this month with a very lovely week off for my birthday where I visited Bristol, exploring all the increadible street art they have on offer there, followed by spending some time in the Peak District (near my hometown) visiting my friend. The rest of this month has been spent focussing on wrapping up my four years at Giant Swarm (😱) before starting my new role at Monzo! 🎉

I have also updated Ghost, which runs this newsletter, to the latest major release - Ghost 6.0. Right now you wont notice any changes but in the coming weeks I plan to migrate away from the Bitnami Helm chart and images (see news below) and attempt to anable the new analytics and social web features that this new version introduces. I am unsure yet if I'll be keeping the analytics enabled or not - I will only do so if they are sufficiently anonymous as I only really want to know what is working vs what is not so I can improve future issues.

I have also enabled a paid subscription tier for members that want to help cover the running costs of this newletter. It's set at £1/month and is very much an experiment right now but it does come with the ability to comment on posts. Just be aware that depending on how this goes I might end up dropping it. Feedback very much appreciated!

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Kubernetes 1.34: Deep dive into new alpha features - Kirill Kononovich
  Prepare for the upcoming Kubernetes release by learning about the 13 alpha features it brings. They cover various areas of the project, from asynchronous API calls to the new KYAML format.
• User feedback Survey: Building Multi cluster Management and Monitoring tool - SIG Multicluster
  SIG Multicluster is building a tool for multi-cluster management and monitoring- and they're seeking user feedback! If you or anyone you know has experience with running multicluster setups, they'd love to hear from you! Share your insights in this survey!
• Upcoming changes to the Bitnami catalog - Bitnami
  Bitnami (Broadcom) gives everyone a months notice that their image registry (docker.io/binami) will be replaced with a new paid subscription repository (bitnamisecure) and the existing images will be archived to bitnamilegacy. If you use any Bitnami images in your cluster please take a look at this issue and tackle your migration NOW before things start to break!
  Rory McCune did an analysis of what the imapact of this is likely to look like. 😱 (Spoiler - it's likely to be messy). There is also a blog post from Broadcom where they outline some more details - including a "brownout" approach to make people aware of the change. (Not sure I'm keen on this approach, personally)
• Understanding the Kubernetes Pause Container: The Pod's Hidden Hero - James Spurin
  Engineers working with Kubernetes often focus on application containers and overlook the tiny pause container. Discover this component that quietly holds everything together in Kubernetes Pods.
• Introducing Headlamp AI Assistant - Joaquim Rocha
  To simplify Kubernetes management and troubleshooting, the Headlamp project is introducing the Headlamp AI Assistant: a powerful new plugin for Headlamp that helps you understand and operate your Kubernetes clusters and applications with greater clarity and ease.
• Health of External Secrets project - Gustavo Fernandes de Carvalho
  There's been some drama this month following a cry for help from the maintainers of the External Secrets project.
• Create encrypted Persistent Volumes on OVHcloud Managed Kubernetes clusters with LUKS - OVHcloud Blog - Aurélie Vache
  Since this summer, it’s possible to create encrypted OVHcloud Block Storage with OMK (OVHcloud managed key) in RBX, SBG, Paris & BHS regions. And the good news is that you can use encrypted Block Storage using Persistent Volumes in your OVHcloud Managed Kubernetes Service (MKS) clusters.
• Note from Teemu, Tim, and Torin to the Open Policy Agent community - Tim Hinrichs
  The creators of Open Policy Agent (along with many team members from Styra) have joined Apple.
• Are you chasing the 10x engineer dream — or building a 10x team? - Anastasija Uspenski
  Organizations built on heroes eventually break. You don’t need a 10x engineers — you need a 10x organization that scales sustainably.
• Kubernetes Isn't Enough for a Production-Ready Platform - Jennifer Riggins
  Kubernetes may be the reason you started with platform engineering, but it’s not enough to handle Day 2 ops and managing complexity at scale.
• The State of Commercial Open Source 2025 - Linux Foundation
  The latest report from the Linux Foundation on the state of commercial open source.

🔒 Security

• CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - kubernetes
  A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource.
• Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer - Nick Frichette & Brandon Dossantos
  Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
• Kubernetes 1.34: Top Security Features & Enhancements - Ben Hirschberg
  Improve your cloud security with the latest upgrades in Kubernetes 1.34, from mutual TLS and token hardening to CEL-based admission policies.
• User preferences (kuberc) are available for testing in kubectl 1.34 - Maciej Szulik
  Have you ever wished you could enable interactive delete, by default, in kubectl? Or maybe, you'd like to have custom aliases defined, but not necessarily generate hundreds of them manually? Look no further. SIG-CLI has been working hard to add user preferences to kubectl, and we are happy to announce that this functionality is reaching beta as part of the Kubernetes v1.34 release.

🧑‍🏫 Tutorials, Videos & Podcasts

• Kubernetes: Admission Control - Márk Sági-Kazár
  Dive deep into Kubernetes admission control with hands-on examples. Learn how admission controllers influence cluster behavior, apply default configurations, and enforce policies for consistency and compliance.
• 📺 Episode 190: Enigma Machine in eBPF - eBPF & Cilium Community
  Liz talks through implementing the Enigma machine in eBPF. 😮
• 🎙️ Communications Skills, Ultrarunning, and Whacky YouTube Thumbnails, with James Eastham - Coté & Whitney Lee
  In this episode, Whitney and Coté talk with James Eastham about developing social skills through reading, the importance of deep work in productivity, and the mental challenges of ultrarunning.
• 📺 From Chaos to Clarity: Mastering Distributed Systems with Jaeger - Whitney Lee
  In this episode of 🌩️ Thunder, Whitney Lee and Jonah Kowall explain what Jaeger does, why it exists, and how this powerful tool helps teams understand complex microservices architectures and solve problems across distributed systems. From spans and traces to storage backends, sampling, and scaling, this short recap shows how Jaeger and OpenTelemetry work together to make distributed tracing practical for modern microservices.
• 📺Understanding Perses: Open Standards for Observability Dashboarding in CNCF - Whitney Lee wiggitywhitney
  In this episode of 🌩️ Thunder, learn about Perses, the innovative open standard for observability dashboarding, with Eric Deschabelle from Kronosphere and CNCF Ambassador Whitney Lee. Discover how this tool integrates with existing CNCF technologies and enables automated dashboard management. What sets Perses apart?: dashboards as code, built-in validation, and a Prometheus-native workflow that plays nicely with GitOps. We also talk about what makes a dashboard useful in the first place, and how teams can avoid the common trap of collecting metrics they never actually look at.
• Kubernetes: Runtime Class - Márk Sági-Kazár
  Learn how to configure and use Kubernetes Runtime Classes to specify different container runtimes for your workloads. Explore different OCI runtimes and their scheduling constraints.

🧰 Tools

• Kubernetes v1.34.0
  The latest and greatest version of Kubernetes is now available.
• Kind v0.33.0
  This is small release containing patched dependencies and Kubernetes 1.34, as well as a bugfix for Kubernetes v1.33.0+ cluster reboots.
• helm-chart-toolbox - Grafana
  This repository provides a set of tools and utilities to help with the development, testing, and management of Helm charts. It includes features for generating documentation, schemas, running tests, and more!
• Announcing Kyverno Release 1.15! - Kyverno
  Kyverno 1.15 makes policy management more modular, streamlined, and powerful. This release includes new MutatingPolicy, GeneratingPolicy and more!
• Kubernetes Spec v1.33: Reference Guide and Documentation - Aptakube
  Not new but something I re-discovered this month and wanted to share. Kubespac provides a really nice UI explorer for Kubernetes resources with syntax highlighting and change history. It also include some populare 3rd-party CRDs such as Kyverno.
• KYAML - kubernetes
  A new output format is being introduced into Kubectl - "KYAML"!
  This format is a strict subset (aka "dialect") of standard YAML, and so should be parseable by the existing ecosystem. This dialect seeks to emphasize syntactical choices which avoid many of the most common traps in YAML. For example, unlike standard YAML output, this dialect is not whitespace-sensitive, which makes it vastly easier to patch correctly in things like Helm charts.
• Caddy HTTP handler module for Kubernetes admission webhooks - Márk Sági-Kazár
  Caddy HTTP handler module for Kubernetes admission webhooks.
• Kaniuse - Kubernetes Feature Status Tracker - Kaniuse
  Track and discover Kubernetes features across different lifecycle stages - Alpha, Beta, GA, Deprecated, and Removed. Stay updated with K8s feature status changes.
  Please note: this currently isn't available on mobile / small displays. Take a look on your laptop for the full goodness!

🎤 Events and CFPs

Events

• 🇩🇪 ContainerDays - 9th → 11th September, 2025
  I'll be speaking here on the final day. 😁 Come say Hi! 👋
• 🇬🇧 KCD UK - 21st October
  The agenda for KCD UK in Edinburgh is now available
• 🇺🇸 KubeCon + CloudNativeCon North America 2025 - 10th → 13th November
  Get 15% off ticket price with discount code: KCNA2515AMB
  • The schedule for the Maintainer Summit is also now available.

CFPs

• 🇨🇭 KCD Suisse Romande (CERN) 2025 - Deadline 15th Septemer
• 🇳🇱 KubeCon + CloudNativeCon Europe 2026 - Deadline 12th October

💬 Social Post of the Month

🤷 Misc & Fun

• TIL that You can spot base64 encoded JSON, certificates, and private keys - Thibault Martin
  A colleague was able to spot that a long string of gibberish was base64 encoded json. I couldn't believe he was base64 decoding on the fly without tools, so I asked him how he did it. It turns out that everyone can spot base64 encoded json.
• Go Concurrency Rocks - Go Concurrency Rocks
  Interactive exploration of Go concurrency patterns
• ohyaml.wtf | YAML Quiz -
  YAML is known to be nobody's friend and almost everyone's enemy. Try this to see if it's your friend or foe!
• Offline QR Codes - Ben Foxall
  Have you tried using a QR Code for that?
• An Interactive Guide to SVG Paths • Josh W. Comeau - Josh W. Comeau
  SVG gives us many different primitives to work with, but by far the most powerful is theelement. Unfortunately, it’s also the most inscrutable, with its compact Regex-style syntax. In this tutorial, we’ll demystify this infamous element and see some of the cool things we can do with it!
• Bsky-screenshot - Marcus Noble
  A web app to generate screenshots of Bluesky posts. You can see this in action above.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the July edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

This month I attended Cloud Native Summit Munich for the first time and was able to give my Pod deep-dive talk to a mostly packed room. It was a fantastic event and I managed to have a lot of really great discussions with loads of people. A huge thank you to everyone involved in making the event what it was. It was also so lovely to have people come up to me and tell me they read this newsletter! 💙 Hiiiiii y'all! 👋

This months issue is slightly shorter (although still packed with plenty!) as it seems people are taking well deserved time off for the summer. 🏖️ I'm also going on a short holiday imediately after this post is published although with the inconsistent weather we've had here lately I'm not sure how summer-y it's going to be. 😅

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Introducing First-Party Helm Charts for Chainguard Containers - Sam Katzen & Tazin Progga
  Chainguard first-party Helm Charts are designed to work seamlessly with their continuously updated container images.
• Time-based deployments with Flux Operator - Matheus Pimenta & Stefan Prodan
  Update your Kubernetes workloads based on schedules with Flux Operator.
• I shouldn’t have to read installer code every day - Brian Grant
  "I don’t want helm charts to be my interface to off-the-shelf components on a d§aily basis. Kubernetes resources are simpler." - I can certainly understand a lot of Brians frustrations.
• Kubernetes List API performance and reliability - Ahmet Alp Balkan
  Another great technical post from Ahmet - this time looking at List API performance at scale.
• DNS Hijacking in Kubernetes - Jan-Otto Kröpke
  Kubernetes DNS, while convenient, harbors a security risk: a lack of understanding regarding its resolution mechanisms permits attackers to redirect cluster traffic without exploits, simply by creating specific namespaces and services. Some good suggestions in this short post to make your clusters a little more secure.
• Kubelet Tracing Coming in K8s 1.34! - David Flanagan
  Kubernetes 1.34 will deliver distributed tracing in the kubelet, providing unprecedented visibility into node-level operations that have been a debugging black box until now.
• 2025 Docker State of App Dev: Key Insights Revealed - Olga Diachkova, Rebecca Floyd & Julia Wilson
  Explore Docker’s 2025 App Dev Report: Discover trends in developer productivity, AI adoption, and security practices shaping modern software development
• Incidents/2025-05-08 Papal announcement traffic surge - Wikipedia
  A report from Wikipedia about how the new Pope announcement caused some issues for them due to traffic surge.
• FluxCD: Why the GitOps Pioneer Remains Its Future - David Flanagan
  A definitive look at FluxCD's controller-first design and why its architectural alignment with Kubernetes offers [arguably] superior security, efficiency, and operational maturity over ArgoCD.
• Under the hood: Amazon EKS ultra scale clusters - AWS
  Amazon Elastic Kubernetes Service (Amazon EKS) announced support for clusters with up to 100,000 nodes. This post takes a look under the hood of that achievement.
• Post-Quantum Cryptography in Kubernetes - Fabian Kammel
  The world of cryptography is on the cusp of a major shift with the advent of quantum computing. While powerful quantum computers are still largely theoretical for many applications, their potential to break current cryptographic standards is a serious concern, especially for long-lived systems. This is where Post-Quantum Cryptography (PQC) comes in. In this article, I'll dive into what PQC means for TLS and, more specifically, for the Kubernetes ecosystem. I'll explain what the (suprising) state of PQC in Kubernetes is and what the implications are for current and future clusters.
• Mid-Year 2025 CNCF Open Source Project Velocity - Chris Aniszczyk
  As we reach mid-year 2025, it’s time to reflect on the development velocity of CNCF, Linux Foundation, and the top 30 open source projects.
• Kubernetes v1.34 Sneak Peek - Agustina Barbetta, Alejandro Josue Leon Bellido, Graziano Casto, Melony Qin & Dipesh Rawat
  Kubernetes v1.34 is coming at the end of August 2025. This release will not include any removal or deprecation, but it is packed with an impressive number of enhancements.
• Prometheus Labels: Understanding and Best Practices - Neel Shah
  Some best practices for using labels in your metrics.

🔒 Security

• CVE-2025-7342: VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for Windows images if user did not override
  If you use image-builder to create Windows based images on either Nutanix or OVA platforms please take a look at this CVE issue.

🧑‍🏫 Tutorials, Videos & Podcasts

• 📺 What Service Mesh Adds to Observability - Whitney Lee
  In this episode of 🌩️ Thunder, Whitney Lee and Abdel Sghiouar demystify the world of service mesh.
• 📺 Using Chainguard's Helm Charts - Adrian Mouat
  Adrian takes a look at using the new Helm charts from Chainguard (see article above)
• 🎙️ Cords, Cyborgs & Cold Cases: Grandpa Dancy’s Operating System for Life - Software Defined Talk
  Coté and Whitney speak with Chris Dancy as they wander delightfully through stories of Google Glass, Apple Vision Pro, Palmolive soap metaphors, and Grandpa Cyborg’s widget garage for municipalities. With sincerity and sparkle, Chris makes the case that life should be intentional, measurable, and ultimately — more loving.

🧰 Tools

• octelium - octelium
  A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA/BeyondCorp architecture, API/AI gateway, a PaaS, an infrastructure for MCP & A2A architectures or even as an ngrok-alternative and a homelab infrastructure.
• seabee - National Security Agency
  SeaBee enforces policy-based access control on eBPF objects. Released by the NSA of all people.

🎤 Events and CFPs

Events

• 🇮🇳KubeCon + CloudNativeCon India - 6th → 7th August, 2025
• 🇩🇪 ContainerDays - 9th → 11th September, 2025
  I'll be speaking here on the final day. 😁
• 🇧🇬 KCD Sofia - 18th September
  The first-ever KCD in Bulgaria! I'm sad to be missing this one, I'm sure it's going to be great!
• 🇯🇵 KubeCon + CloudNativeCon Japan 2026 - 29th → 30th July, 2026
  KubeCon will officially be back in Japan next year. This time in Yokohama.

CFPs

• 🇯🇵 Open Source Summit Japan + AI_dev - Deadline 4th August
• 💻 KyvernoCon Virtual - Deadline 6th August
• 🇮🇪 Cloud Native Dublin - cTENcf Birthday Bash Dublin - Deadline 6th August
• 🇺🇸 Cloud Native Rejekts NA (Atlanta) 2025 - Deadline 11th August
• 🇬🇧 TechMids Conf 2025 - Deadline 31st August
• 🇨🇭 KCD Suisse Romande 2025 - Deadline 31st August

💬 Social Post of the Month

🤷 Misc & Fun

• stacks·camera - Ben Foxall
  Collect a stack of photos by lining up your camera over the last picture you took.
• SVGs that feel like GIFs - Vincent Warmerdam
  The moving image below is only 49Kb and has an incredibly high resolution. It's similar to a GIF but instead of showing moving images, it shows moving SVGs!
• I displayed an open graph image and had to pay how much?! - Alistair Shepherd
  A media company demanded a license fee for an Open Graph image used on my twitter archive. I gave in and paid it, but what does that mean for open graph images and copyright?

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the June edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

Can you believe that there has been not one but TWO KubeCon's this month?! Not only was the month kicked off with KubeCon China but also the first ever KubeCon Japan took place in Tokyo and was a huge success. I'm very jealous to everyone who was able to attend, both events looked increadible and I had massive FOMO seeing all the photos.
If you also was unable to attend, the talk recordings are already online:

• 🇨🇳 KubeCon + CloudNativeCon China 2025 (Photo album)
• 🇯🇵 KubeCon + CloudNativeCon Japan 2025 (Photo album)

On top of that,  Apple had their annual WWDC where they announced a new open source container tool and framework for Mac OS 🤯 (See tools below).

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• KubeCon + CloudNativeCon EU Transparency Report [PDF]
• CNCF Slack Workspace Changes
  It was announced that the Kubernetes Slack Workspace and the CNCF Slack Workspace would be downgraded to the free tier after Salesforce informed CNCF that they will be stopping their sponsored support, with only a weeks notice before it happens.
  ℹ️ This has thankfully been reverted now and the workspaces will NOT be downgraded, at least for now.
• The Isovalent Load Balancer - Thomas Graf
  Isovalent have announced the availability of their new Load Balancer, designed to distribute application traffic across heterogeneous environments.
• Kyverno 1.14 ValidatingPolicy: CEL Changes Everything - David Flanagan
  Kyverno 1.14 introduces dedicated ValidatingPolicy and ImageValidatingPolicy types that leverage CEL (Common Expression Language) - the same validation language Kubernetes now uses natively, creating a unified policy experience across your entire stack.
• GitOps in 2025: From Old-School Updates to the Modern Way - Gerardo Lopez & Saloni Narang
  GitOps is now a foundational standard for managing modern applications, especially in Kubernetes environments. By the end of 2023, GitOps adoption surged, highlighting its role as a crucial pillar of software operations. It brings automation, consistency, and traceability to the otherwise chaotic world of cloud-native software.
• What You Need To Know About Apple's New Container Framework - Alex Zenla
  Starting in macOS 26, every macOS developer will have access to proper container isolation in their development workflow.
• What Would a Kubernetes 2.0 Look Like - Matt Duggan
  As we approach the 10 year anniversary of the 1.0 release of Kubernetes, let's take stock of the successes and failures of the project in the wild. Also what would be on a wish list for a Kubernetes 2.0 release.
• Multiple GCP products are experiencing Service issues
  An incident report for a pretty major GCP outage that effect a large portion of the internet.
• Cloudflare service outage June 12, 2025 - Jeremy Hartman & CJ Desai
  On June 12 2025 Cloudflare suffered a significant service outage that affected a large set of our critical services, including Workers KV, WARP, Access, Gateway, Images, Stream, Workers AI, Turnstile and Challenges, AutoRAG, and parts of the Cloudflare Dashboard.
• This Shit is Hard: Inside the Chainguard Factory - Jason Hall
  The Chainguard Factory combines world-class talent and automation to produce packages and images at a level of speed unmatched by any other Linux distribution.
• Lazyjournal: A Log Viewer for Cloud Native Environments - David Flanagan
  Lazyjournal is a TUI log viewer that aggregates logs from various sources, providing a unified interface for developers and system administrators.
• Smart Uses of imagePullSecrets in Kubernetes Cluster with ServiceAccounts - Sunny Bhambhani
  Kubernetes is everywhere nowadays, so are the container images and fetching the images from a private registry is a norm because of N number of reasons including security, that being the topmost.

🔒 Security

• CVE-2025-4563: Nodes can bypass dynamic resource allocation authorization checks
  A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks.
• Over 46,000 Grafana instances exposed to account takeover bug - Bill Toulas
  More than 46,000 internet-facing Grafana instances remain unpatched (for CVE-2025-4123) and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.

🧑‍🏫 Tutorials, Videos & Podcasts

• 🎙️ Cloud Native Compass - The Future of Sustainability in Open Source
  In this mind-bending episode, Hazel Weakly guides us through the social, economic, and emotional layers of open source communities. We dig into governance, funding models, trust, burnout, and what it means to scale collective ownership—without losing your mind.
• 📺 Kubernetes Monitoring 101: A Practical Walkthrough - Whitney Lee
  In this episode of 🌩️ Thunder, Whitney Lee and Pete Wall walk through the fundamentals of monitoring Kubernetes: what to collect, where to collect it from, and how to make sense of it all. From logs and metrics to traces, profiles, and dashboards, this video highlights key tools and concepts—including node health, kube-state-metrics, OpenCost, and more.
• 🎙️ Cloud Native Compass - Observability for Developers: What You Need to Know?
  In this episode, David and Laura discuss the intricacies of observability in microservices with Adriana Villela, a principal developer advocate at Dynatrace and an OpenTelemetry maintainer. Adriana shares insights about the importance of properly instrumenting code, managing technical debt, and balancing the environmental impact of observability data.

🧰 Tools

• container - Apple
  A tool for creating and running Linux containers using lightweight virtual machines on a Mac written in Swift, and optimized for Apple silicon.
• containerization - Apple
  Containerization is a Swift package for running Linux containers on macOS.
• kubectl-node_resource - ahmetb
  kubectl node-resource is a kubectl plugin that provides insights into Kubernetes node resource allocation (based on pod requests) and actual utilization (based on metrics-server data).
  It helps administrators and developers understand how resources are being consumed across their cluster's nodes and node pools.
• kubectl-dpm - bavarianbidi
  Manage your kubectl debug profiles with style
• etcd Cluster Playground - Márk Sági-Kazár on iximiuz Labs
  A multi-node etcd cluster for exploring clustering and coordination features.
• containerd Playground - Márk Sági-Kazár on iximiuz Labs
  A new playground for exploring and experimenting with containerd.
• Kubectl user preferences (kuberc)
  Kubectl v1.33 now has support for a kuberc file where you can define things like aliases.
• Instrumentation Score Specification - Instrumentation Score Community
  A standardized metric for assessing OpenTelemetry instrumentation quality. Numerical score from 10-100 providing objective feedback on telemetry best practices.
• insights - Linux Foundation
  Linux Foundation have now open sourced their LFX Insights platform.
• kubetail - kubetail-org
  Real-time logging dashboard for Kubernetes (browser/terminal)

🎤 Events and CFPs

Events

• 🇮🇹 The Linux Foundation Europe Roadshow - 8th July
  A new European conference from the Linux Foundation aimed at policymakers, developers, academics, and industry leaders.
  Get 50% off tickets with code LFEUMIL50FN
• 🇩🇪 Cloud Native Summit Munich - 21st - 22nd July
  I'll be here giving my Pod Deep Dive talk. If you're going to be there please do come say hi! 👋

CFPs

• 🇺🇸 Maintainer Summit: KubeCon + CloudNativeCon North America 2025 - Deadline 20th July

💬 Social Post of the Month

🤷 Misc & Fun

• The 1 billionth GitHub repository
  💩
• Passkeys for Normal People - Troy Hunt
  I hadn't really taken the time to look at Passkeys until reading this post. Very useful if you've also been ignoring them like I had.
• DevRel Foundation - Linux Foundation
  I had no idea that the Linux Foundation now has a foundation dedicated to DevRel. Still seems like early days but I suspect many of my friends in the community will be interested in this.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the May edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

I don't know about y'all but this has seemed like a very looooonnngggg month for me! 😅 Been a lot going on for me it seems and the weather, at least here in the UK, has been a bit all over the place. Not sure if it's spring, summer or winter right now! 🤣

If any of y'all are going to be at KCD Czech & Slovak in Bratislava next week please do come find me and say hi! 👋 I'll be giving a talk Thursday afternoon about all the weird, wonderful and WTF things I discovered about Kubernetes Pods after doing a deep-dive to learn all I could about them.

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬
Alternatively, I'd appreciate if you took a couple minutes to fill out this feedback form so I know what is and isn't working. 🙏

📰 News & Articles

• CNCF and Synadia Align on Securing the Future of the NATS.io Project - CNCF
  Following on from the article featured in last months issue it seems that an agreement has been reached to secure the future of the NATS project.
• Dragonfly Is Not Redis: An Open Letter to the Community - Roman Gershman
  Dragonfly is often mistaken for Redis, to the point where Redis's lawyers have accused the Dragonfly team of misleading users. This post aims to set the record straight and make it clear that Dragonfly is not Redis.
• Gateway API or Ingress: A Developer’s Guide to Kubernetes Routing - Janakiram MSV
  The Kubernetes Gateway API is a more powerful and standardized successor to the Ingress API, addressing its limitations in handling advanced routing and portability.
• Scaling with safety: Cloudflare's approach to global service health metrics and software releases - Cloudflare
  Learn how Cloudflare tackles the challenge of scaling global service health metrics to safely release new software across our global network.
• VMware perpetual license holders receive cease-and-desist letters from Broadcom - Scharon Harding
  Broadcom says it may audit VMware users.
• Kubernetes v1.33: Image Pull Policy the way you always thought it worked! - Ben Petersen, Stanislav Láznička
  Some things in Kubernetes are surprising, and the way imagePullPolicy behaves might be one of them. Given Kubernetes is all about running pods, it may be peculiar to learn that there has been a caveat to restricting pod access to authenticated images for over 10 years in the form of issue 18787! It is an exciting release when you can resolve a ten-year-old issue.
• Kubernetes v1.33: From Secrets to Service Accounts: Kubernetes Image Pulls Evolved - Anish Ramasekar
  On a similar note to the above article some more improvements to Image Pulls come in v1.33 - Service Account Token Integration for Kubelet Credential Providers.
• Incident Report: Spotify Outage on April 16, 2025 - Spotify Engineering - Spotify Engineering
  On April 16, Spotify experienced an outage that affected users worldwide. Here is what happened and what they are going to do about it.
• Report calls for regulation of “legally and ethically flawed” VMware - Scharon Harding
  It seems the Broadcom / VMWare drama never ends. Now there's calls forregulatory action against the way Broadcom are handling their VMWare customers.
• In-depth look at CRDs and how they work under the hood - Gergely Brautigam
  A walk through how a CRD looks like, what it does, what it contains, how it works and how it alters Kubernetes. The design, the api extension and links and snippets to the code (accurate at the time of writing) where it happens. I do love a deep dive post!

🔒 Security

• European Union Vulnerability Database (EUVD)
  While the US CVE programme is undergoing budget difficulties and uncertainties (see last months issue) the EU have the EUVD as an alternative to ensure this critical service continues.
• Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images - Daniel Velikanski
  Wiz now offers minimal, near-zero CVE images for their customers as WizOS, which is now available in private preview.
• Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production - Michael Donovan & Nikhil Kaul
  Everyone is getting into the hardened container image game recently it seems (like the Wiz post above this one) and now Docker has announced it's offering.

🧑‍🏫 Tutorials, Videos & Podcasts

• Using Pinniped for authentication against Talos-based Kubernetes clusters - Simon Weald
  Usinig Pinniped to access Kubernetes on Talos; what it is, how it works and why Simon chose it.
• The Guide to Kubernetes Debugging - Rox Williams
  Kubernetes debugging is how you diagnose and resolve issues within your clusters. Learn how to debug Kubernetes in this guide.
• 📺 How Thanos Helps Scale Prometheus for Kubernetes Monitoring - Whitney Lee
  🌩️ Thunder is back with a new episode! This time, they're talking about how Thanos extends Prometheus.
• 🎙️ The Business of Open Source | How to be Successful when Donating a Project to the CNCF with Liz Rice
  Emily Omier talks with Liz Rice about how to be successful as a company that has donated their project to the CNCF. Seems like this is a bit of a hot topic currently so well worth a listen!
• End to end argo-workflow for CI/CD - Afzal Ansari
  If you're just getting started with GitOps or CI/CD pipelines in Kubernetes, Argo Workflows offers a powerful and Kubernetes-native way to automate your build pipelines.
• Understanding and optimizing resource consumption in Prometheus - Vladimir Guryanov
  Explore the Prometheus design and see which components consume the most resources. Find out why it happens, what affects it, and how you can optimize your setups to get the best performance in monitoring.
• 📺 What Is Cortex? Scalable, Multi-Tenant Storage for Prometheus Metrics - Whitney Lee
  Another issue of 🌩️ Thunder - this one has Whitney speaking with Friedrich Gonzalez from Adobe to break down what Cortex is, how it works and where it shines!
• How to Harden GitHub Actions: The Unofficial Guide - Rami McCarthy & Shay Berkovich
  Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.
• 📺 Secret Code to Synchronizing Business Outcomes with Platform Engineering Initiatives - Cloud Native Podcast
  Saim talks with Nicki Watt about the friction between business goals and platform roadmaps, missing concepts in our platform engineering vocabulary and how platform engineering is or isn't guiding the modernisation of the classic dev and ops workflows.

🧰 Tools

• Redis is now available under the the OSI-approved AGPLv3 open source license - Rowan Trollope
  Anyone else struggling to keep up with all these license changes lately? 😅 It looks like Redis has gone back to being Open Source as of release 8.0.0.
• Announcing etcd v3.6.0 - Benjamin Wang
  It's been 4 years since the last feature release of etcd (wow!) but this one comes packed with some fantastic performance improvements, among other things.
• renovate-pretty-log - Jamie Tanna
  Two utilities for exploring Renovate debug log files.
• azflow - Iliabuleh
  A CLI tool to detect and analyze cross–availability-zone pod-to-pod network traffic in Kubernetes using Cilium Hubble.

🎤 Events and CFPs

Events

• 🇸🇰 KCD Czech & Slovak - June 5th
  I'll be here giving my "Pod Deep Dive" talk. Come say hi 👋 if you're about!
• 🇮🇹 Cloud Native Days Italy - June 24th
  You can get a discount using code community-speaker-earlybird-43CE13 ✨
• 🇳🇱 KCD Utrecht - July 3rd
  I reviewed some of the CFPs for this and I can tell you... it's going to be an amazing event! So many high quality submission. Grab your ticket while you can!
• 🇩🇪 Cloud Native Summit Munich - July 21st
  I'll also be here giving my "Pod Deep Dive" talk. Come say hi 👋 if you're about!
• 🇩🇪 ContainerDays - September 9th - 11th
  I'm going to be speaking about Kubernetes admission logic at this along with a huge line up of amazing talks spread over 3 days! 😮
• 🇬🇧 Civo Navigate London - September 30th
  Grab a ticket for only $25 with promo code KUNAL25 ✨

CFPs

• 🇬🇧 KCD UK Edinburgh - Closes 🔜 June 8th
• 🇵🇱 KCD Warsaw - Closes 🔜 June 15th
• 🇳🇴 Cloud Native Day Bergen - Closes July 1st
• 🇸🇻 KCD El Salvador - Closes July 6th
• 🇱🇰 KCD Sri Lanka - Closes August 4th

💬 Social Post of the Month

🤷 Misc & Fun

• My tips on giving technical talks - Marcus Noble
  A personal plug from my own blog (sorry, not sorry 😅) where I share my tips on giving talks at technical events such as meetups and conferences. I have also started including tips from others as well so please reach out if you have some advice to share.
• Notable People - Topi Tjukanov
  A fascinating interactive map of the world that highlights where famous or notable people were born.
• Ground control to Major Trial - Olivier Lambert
  An interesting look at how an unnamed company was using free trials for years be cycling through all their email addresses.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the April edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

I'm not sure about all of you but KubeCon London was a fantastic, albeit very busy, week for me! So many people I wanted to catch up with from the community, both old friends and new. It was lovely to see everyone and just wish I had more time to catch everyone I wanted to talk with.

This month's issue includes several announcements and updates from KubeCon and related events so if you weren't able to make it don't feel like you're missing out!

On a personal note, I also spoke at the first ever KCD Budapest 🇭🇺 this month and had a fantastic time.
Lots of great talks and a really good turn out with almost 300 attendees! 🤯

I'm also still looking for feedback on this newsletter. I've had some great feedback so far, both in person and via the form, but would really like to get as much as possible to make it great for all of you!
So if you have a few minutes to spare I'd love it if you could share your thoughts:

➡️ Feedback Form ⬅️

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Protecting NATS and the integrity of open source: CNCF’s commitment to the community
  It seems Synadia is trying to take back the NATS project after donating it to the CNCF back in 2018! Looks like they're trying to now change it to a BUSL license (i.e. not truely open source) and the CNCF and Linux Foundation is fighting back. This is going to be interesting to see how it unfolds.
• Cloud Native 2024: Approaching a Decade of Code, Cloud, and Change - CNCF
  A PDF report containing the annual CNCF survey data for 2024. Lots of insight and analysis of the current state of cloud native.
• Multi-Cluster Orchestrator for cross-region Kubernetes workloads - Nick Eberts
  The new Multi-Cluster Orchestrator service helps platform and application teams manage workloads across Kubernetes clusters across regions.
• The Super Helm Chart: To Deploy or Not To Deploy? - Utku Darılmaz
  Dig into the pros, cons and real-world implications of trading multiple Helm charts for a single, structured chart that manages all K8s applications.
• Honeycomb Acquires Grit: A Strategic Investment in Pragmatic AI and Customer Value - Christine Yen
  Honeycomb has completed our first-ever acquisition: we’re joining forces with Grit, bringing on board not only a strong team, but also compelling technology.
• Simple, scalable, and global: Containers are coming to Cloudflare Workers in June 2025 - Mike Nomitch & Gabi Villalonga Simón
  Cloudflare Containers are coming this June. Run new types of workloads on our network with an experience that is simple, scalable, global and deeply integrated with Workers.
• Dependabot version updates now support Helm - GitHub
  Developers can now use Dependabot to automatically keep their Helm dependencies up to date.
• Optimizing Our E2E Pipeline - Engineering at Slack - Dan Carton
  I look at some of the improvements Slack made to their E2E pipelines to cut the time they take in half.
• How Much Should I Be Spending On Observability? - Charity Majors
  In this update to her 2018 post, Charity Majors explains how much teams should spend when it comes to observability costs. Part 2 is available here.
• Kelsey Hightower on Nix vs. Docker: Is There a Different Way? - David Cassel
  In a recent talk, Kubernetes expert Kelsey Hightower explored the Docker alternative Nix, recognizing its potential for improved software reproducibility and supply chain security.
• A Kubernetes Journey - Gabriel Quennesson
  A great look at Michelin's Kubernetes journey dating back from 2018 to today.
• Introduction to Gitless GitOps: A New OCI-Centric and Secure Architecture - Tetsuya KIKUCHI
  Exploring Gitless GitOps, which is driven by OCI registries instead of Git, offering enhanced security and simplified operations.
• Top 10 Platform Engineering Takeaways from PlatEngDay & KubeCon London 2025 - Daniel Bryant
  Platform Engineering was the hottest topic in the room at KubeCon, even edging out AI from Daniel's perspective! Here are his top 10 observations.
• Kubernetes 1.33: Top 8 Security Features You Need to Know - Matthias Bertschy
  Explore the key security improvements in Kubernetes 1.33 including fine-grained Kubelet authorization alongside other features like topology-aware routing and more.
• DevOps vs SRE vs Platform Engineering - Ikpemosi Victoria Braimoh
  DevOps, SRE, and platform engineering are three closely related but different disciplines that solve software development problems in three different ways.

🔒 Security

• The Collapse of CVE: How a Funding Failure Threatens Global Cybersecurity - Sal Kimmich
  The Common Vulnerabilities and Exposures (CVE) program will no longer be funded by the U.S. government, a serious concern for global vulnerability coordination. As a response, some of the board members have started the CVE Foundation in an attempt to keep things going.
• ⚠️ Argo Events CVE-2025-32445
  A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges.
• ARMO CADR Detects and Contains Kubernetes Crypto Mining Attacks - Amit Schendel
  Learn how ARMO CADR uncovered and prevented two distinct crypto-mining attack campaigns targeting a vulnerable Kubernetes deployment, providing valuable insights and IOCs.
• clusterfuck: attack sims on k8s clusters - bilal
  clusterfuck is a multi-stage attack simulation against k8s environments. It performs executing privilege escalation, container escape, credential theft, lateral movement, and crypto mining techniques. It’s designed to validate detection capabilities in your cloud security posture management (CSPM) and endpoint detection and response (EDR) tools.
• Kubectl Get Hacked - Iain Smart
  Discussing some ways kubeconfig files can bite and taking a look specifically at the exec capabilities.

🧑‍🏫 Tutorials, Videos & Podcasts

• Container CPU Requests & Limits Explained with GOMAXPROCS Tuning - Phuong Le
  When running Go apps in Kubernetes, default CPU thread scheduling can conflict with cgroup CPU limits. The runtime sees all host CPUs, but the container may only be allowed a fraction of one. This often leads to early throttling. Properly configuring GOMAXPROCS avoids this waste and improves stability.
• Managing Applications across Fleets of Kubernetes Clusters - Brian Grant
  What tools are available to manage applications across a fleet of Kubernetes clusters?
• Kubernetes On Hetzner Cloud+Robot With Talos Linux - Caleb Woodbine
  A nice look at how Caleb runs Kubernetes on Hetzner with a look at some nice tools.
• Understanding Kubernetes Networking Internals - Santosh Kumar Perumal
  In Kubernetes, networking is a core concept that can feel like a black box until you crack it open and start digging into namespaces, CNI plugins, and virtual Ethernet interfaces.
• How To Build Scalable and Reliable CI/CD Pipelines With Kubernetes - Neha Surendranath
  By integrating CI/CD pipelines with Kubernetes, organizations can deploy applications in a scalable, consistent, and resilient manner. 
• 📺 Assessing Container Image Security with CHPs - Adrian Mouat
  In this video, Adrian covers Chainguard's new way to assess container image security: Container Hardening Priorities (CHPs).
• 📺 Prometheus Explained — Beginner-Friendly Recap - Whitney Lee
  Whitney is back with a new YouTube series - 🌩️ Thunder a brand-new streaming series that distills the best parts of her long-form show ⚡Enlightning into short, concentrated episodes. The first episode covers Prometheus in less than 20 minutes.

🧰 Tools

• Kubernetes v1.33: Octarine - Agustina Barbetta, Aakanksha Bhende, Udi Hofesh, Ryota Sawada, Sneha Yadav
  Similar to previous releases, the release of Kubernetes v1.33 introduces new stable, beta, and alpha features. The consistent delivery of high-quality releases underscores the strength of our development cycle and the vibrant support from our community.This release consists of 64 enhancements. Of those enhancements, 18 have graduated to Stable, 20 are entering Beta, 24 have entered Alpha, and 2 are deprecated or withdrawn.
• Nelm 1.0 released: Helm-chart compatible alternative to Helm 3 - Flant staff
  We mentioned this in last months issue but Flant have now put out a blog post introducing the v1.0 release of Nelm.
• Introducing kube-scheduler-simulator - Kensei Nakada
  The Kubernetes Scheduler is a crucial control plane component that determines which node a Pod will run on. Thus, anyone utilizing Kubernetes relies on a scheduler. kube-scheduler-simulator is a simulator for the Kubernetes scheduler that allows users to closely examine the scheduler’s behavior and decisions.
• Introducing vNode: Virtual Nodes for Secure Kubernetes Multi-Tenancy - Lukas Gentele
  Loft Labs introduces a new complimentary tool to their vCluster project that helps with node-level isolation - vNode.
• KubeFleet - Azure
  KubeFleet is an open source solution that works on any Kubernetes cluster. We are working towards the vision that we will eventually be able to treat each Kubernetes cluster as cattle.
• Koreo - Real Kinetic
  Koreo is a new approach to Kubernetes configuration management empowering developers and platform teams through programmable workflows and structured data
• Ksctl
  Ksctl aims to simplify a collection of kubernetes clusters running on different cloud providers. It provides a simple and intuitive interface for managing Kubernetes clusters and is designed to be efficient and can perform tasks quickly and without the need for additional tools.
• Comparing open source Cloud Native DBaaS solutions - Sergey Pronin
  Comparing open source Cloud Native database-as-a-service solutions that can help you to avoid vendor lock and run databases in Kubernetes with ease.
• Atuin Desktop: Runbooks that Run - Ellie Huxtable
  Atuin Desktop looks like a doc, but runs like your terminal. Script blocks, embedded terminals, database clients and prometheus charts - all in one place.

🎤 Events and CFPs

Events

• All the KubeCon London and related updates
  • 📺 Recordings of Cloud Native Rejekts talks
  • 📺 Recordings of KubeCon talks (all of the Co-located event recordings are also up in individual playlists)
  • 📸 Photos from KubeCon
  • 📸 Photos from Maintainers Summit
  • Keynote recap posts - Day 1, Day 2 & Day 3
• 🇺🇸 KCD San Francisco Bay Area - May 28th - 29th
  Use promo code FRIENDS25 for a 25% discount on tickets.
• 🇺🇸 OpenObservabilityCon and OTel Community Day - June 26th
• 🇬🇧 Civo Navigate London - September 30th
  Grab a ticket for only $25 with promo code KUNAL25 ✨

CFPs open this month

• 🇺🇸 OpenObservabilityCon and OTel Community Day - Closes May 11th
• 🇺🇸 KubeCon + CloudNativeCon North America - Closes May 27th
• 🇩🇰 Cloud Native Denmark - Closes June 15th
• 🇵🇹 KCD Porto - Closes June 30th

💬 Social Post of the Month

🤷 Misc & Fun

• GitJobs
  GitJobs is an open source job board focused on open source job opportunities. Replaces the old CNCF jobs board.
• Always deploy at peak traffic - Swizec Teller
  A very interesting take on when you should be deploying to production. Deploying at peak time helps with quick identification of issues and has the benefit of having plenty of support staff and engineers still working to deal with issues quickly.
• The Best Programmers I Know - Matthias Endler
  Matthias take a look at some traits noticed in some of the best engineers they've worked with over the years.
• Things I've learned about building + delivering software for other engineers while working in Engineering Productivity - Jamie Tanna
  13 lessons Jamie learned about building software for (internal teams of) software engineers.
• This blog is hosted on a Nintendo Wii - Alex Haydock
  A fun little experiment to use a salvaged Nintendo Wii as a web serever running NetBSD.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the March edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

I hope you're all as excited for KubeCon London over the next few days as I am! 🎉 I'll be at Rejekts (where I'm giving a brand new talk!), Maintainer Summit and KubeCon all week if you want to come say "Hi 👋", just reach out to me on Bluesky, Mastodon or LinkedIn or swing by the Giant Swarm booth (location N450) where I'll likely be spending a lot of my time with my colleagues. As I reminder, I'll also have some custom sticker packs to give out if anyone wants one!

I'd love to know how y'all are finding CloudNative.Now so far and if you have any suggestions for changes or improvements.
If you have the time I'd really appreciate if you could fill out this brief survey with your thoughts:

✨ Feedback form ✨

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

📰 News & Articles

• ⚠️ Ingress-nginx CVE-2025-1974 - Tabitha Sable
  The ingress-nginx maintainers have released patches for a batch of critical vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster. If you run ingress-nginx in your clusters please read this and get your clusters upgraded! Wiz also has a great writeup on how they discovered these vulnerabilities.
• Kubernetes v1.33 sneak peek - Agustina Barbetta, Aakanksha Bhende, Udi Hofesh, Ryota Sawada, Sneha Yadav
  A look at the upcoming changes that will make up Kubernetes v1.33.
• Wiz to Join Google Cloud: Making Magic Together - Assaf Rappaport
  Wiz have signed a deal to be acquired by Google. Still subject to regulatory review though.
• Platform Building Antipatterns: Slow, Low, and Just for Show - Daniel Bryant
  Recognising these antipatterns is essential to building platforms that empower devs, ops, and, critically, everyone else in your org.
• The Evolution of IT Operations and Opsgenie - Vivek Iyer
  Atlassian is shutting down Opsgenie - end of sale June 2025, end of support April 2027. They provide some alternatives to migrate to but it's unclear right now if these will be favourable for current Opsgenie uses so I suspect over the next couple years we might see some posts about migrations to other solutions.
• Breaking the Chains of Kube-Proxy With Cilium - Dean Lewis
  Built on eBPF, container network interface Cilium brings modern networking capabilities that address many scaling and performance pain points.
• Benefits and Challenges of Infrastructure From Code - Brian Grant
  What is Infrastructure From Code, how does it differ from IaC, and what are its benefits and challenges?
• Checklist for Kubernetes in Production: Best Practices for SREs - Utku Darilmaz & Renato Losio
  This article provides SREs with a checklist for managing Kubernetes in production environments. It identifies common challenges including resource management, workload placement, high availability, health probes, storage, monitoring, and cost optimization. By implementing consistent GitOps automation across these areas, teams can significantly reduce complexity, and prevent downtime.
• A seven-step framework for running incident debriefs - Chris Evans
  ​Ever felt that post-incident debriefs are more of a chore than a chance to improve? At incident.io, they've transformed these sessions into engaging, insightful discussions. Their structured, blameless framework helps teams extract actionable lessons from incidents, turning challenges into opportunities for growth.
• ⚠️ CVE-2025-1767 - Another gitrepo issue - raesene
  Rory takes a look at CVE-2025-1767 and outlines the interesting aspects of this latest announced vulnerability.
• Skyscanner’s journey to effective observability - Skyscanner Engineering
  A look at Skyscanner's journey to revolutionise their observability stack and help engineers operate complex distributed systems with confidence.
• Learning from Failure, Why You Should Write Post-Mortems for Your Homelab - Barush Mendez
  A look at the importance of doing post-mortems for your own infrastructure failures to help you learn and improve.
• Dutch parliament calls for end to dependence on US software companies - Toby Sterling
  The Netherlands' parliament approved a series of motions calling on the government to reduce dependence on U.S. software companies, including by creating a cloud services platform under Dutch control.
• Trapping misbehaving bots in an AI Labyrinth - Cloudflare
  How Cloudflare uses generative AI to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives.
• Introducing JobSet - Daniel Vega-Myhre, Abdullah Gharaibeh, Kevin Hannon
  This article introduces JobSet, an open source API for representing distributed jobs. The goal of JobSet is to provide a unified API for distributed ML training and HPC workloads on Kubernetes.
• Cloud veterans launch ConfigHub to fix 'configuration hell' - Paul Sawers
  Alexis Richardson, Brian Grant and Jesper Joergensen have come together to launch a new venture, ConfigHub, aimed at transforming and simplifying how we manage application operations.

🧑‍🏫 Tutorials, Videos & Podcasts

• Dapr in Two Minutes: Simplifying Distributed Application Development - Whitney Lee
  A gresat introduction to Dapr (Distributed Application Runtime) that takes the pain out of building distributed applications by offering developers simple “building block” APIs to manage the challenges of connecting with complex infrastructure.
• Introducing Kubernetes Resource Orchestrator (KRO) - Abdel Sghiouar
  We mentioned KRO in our January issue but this great post from Abdel helps you learn what KRO (Kubernetes Resource Orchestrator) is and how it simplifies Kubernetes app deployment by creating custom APIs that group resources, reducing YAML complexity and making management easier for developers.
• Java on containers: a guide to efficient deployment - Nicholas Thomson & Scott Gerring
  Learn how to tune the JVM, GC, and your containerized environment to efficiently deploy and manage Java applications in the cloud.
• 🎙️ Cloud Server-Side WebAssembly - Cloud Native Compass
  In this episode, David and Laura catch up with Mikkel Mørk Hegnhøj from Fermyon to break down the latest in WebAssembly
• 📺 Optimizing cost, performance, and security in K8s with policy-as-code - Cloud Native Live
  Kubernetes gives teams flexibility, but without the proper guardrails, costs soar, performance suffers, and security risks increase. In this webinar, Anusha & Sachin will explore how teams can enforce cost-efficient, high-performance, and secure Kubernetes operations with Policy-as-Code using Kyverno. Discover practical strategies for automating governance, reducing waste, and maintaining control - without slowing development.
• Scaling Prometheus: From Single Node to Enterprise-Grade Observability - Gaurav Maheshwari
  A look at the various ways to configure Prometheus for different scales of deployment.
• 📺 Kubernetes Topic Trends - KubeFM
  Bart, Amit and Whitney talk about the recent trends in the cloud native space and take a look at the stats from interviews done during KubeCon NA in Salt Lake City.

🧰 Tools

• Nelm v1.0.0 - Werf
  Nelm is meant to be a Helm 3 replacement, providing first-class Helm-chart support, yet improving on what Helm 3 offers. Nelm is a standalone tool, but is also used as the deployment engine in werf. v1.0.0 has just been released but it's still light on documentation right now.
• Introducing Apache Kafka® 4.0 - Confluent
  Apache Kafka 4.0 is a significant milestone, marking the first major release to operate entirely without Apache ZooKeeper™. By running in KRaft mode by default, Kafka simplifies deployment and management, eliminating the complexity of maintaining a separate ZooKeeper ensemble.
• Argo CD v3.0 Release Candidate - Dan Garfield
  Argo CD 3.0 brings improvements to security, performance and distills dozens of best practices to provide better defaults while still allowing for flexible configuration to match any team. This release represents a more mature Argo CD that removes deprecated components and streamlines future development and maintenance. For those on v2.x Argo CD 3.0 should be a low risk upgrade. Argo CD 2.14 will go out of support at the end of 2025.

🎤 Events and CFPs

Events

• 🇬🇧 KubeCon + CloudNativeCon Europe is about to kick off in full force! If you're attending there's a lot to keep you busy!
  • Cloud Native Rejekts March 30th → 31st
    • If you're not able to make it, all talks are going to be livestreamed on YouTube
  • Maintainers Summit - March 31st
  • Co-Located Events - April 1st
  • KubeCon - April 2nd → 4th
  • 🎉 Parties
• 🇨🇳 KubeCon + CloudNativeCon China schedule now available
• 🇯🇵 KubeCon + CloudNativeCon Japan schedule now available
• Rawkode Academy Community Day
  Rawkode is planning a one-day conference somewhere in Europe. Details are pretty light right now but this could be worth keeping an eye on. 👀
• 🇬🇧 Civo Navigate is heading back to London later this year in September for a one-day conference of talks and workshops.

CFPs open this month

• 🇧🇬 KCD Sofia - Closes April 20th
• 🇬🇧 Civo Navigate London - Closes April 30th
• 🇺🇸 KCD Washington DC - Closes May 25th
• 🇦🇹 Cloud Native Days Austria - Closes May 31st
• 🇬🇧 KCD UK Edinburgh - Closes June 8th
• 🇯🇵 Open Source Summit Japan - Closes August 4th

💬 Social Post of the Month

🤷 Misc & Fun

• 📗 We Just Build Hammers - Coraline Ada Ehmke
  Stories of visionaries from the past, present, & future of responsible tech, and the science fiction that inspired them.
• EU OS
  A community-led proof-of-concept free operating systrem for EU public sector. Will be interesting to see how this progresses.
• 📄 The Value of Open Source Software (PDF) - Harvard Business
  School
  Researchers at Harvard Business School and University of Toronto used unique data to quantify the value of open source.
• 📘 Kubernetes Stories from the Trenches
  A book of battle-tested experiences from engineers who pushed Kubernetes to its limits and lived to tell the tale. A free PDF download it available!

That's all for this month!
Thank you for reading! 💙

Again, If you have the time, I'd really appreciate if you could fill out this feedback form to help me understand what y'all want from this newsletter. 😊

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the February edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

Thank you so much to everyone who provided feedback and kind words on last months issue. I really appreciate it and would love for it to continue!

I'm getting excited for KubeCon London that is fast approaching (and will be upon us when i send out the next issue of this newsletter). It's going to be nice to have it in my own country for a change and I think with how accessible London is from around the world it's going to be a very large event. I'll be there with several of my Giant Swarm colleagues as we have a sponsor booth (location N450) so do stop by and say "Hi 👋" if you're going to be there! (Not got a ticket? See below for a chance to win one!) Reach out to me on Bluesky, Mastodon or LinkedIn if you want to meet up while there - I'll be at Rejekts, Maintainer Summit and KubeCon all week. As I have done in the past I'll have some ✨ custom stickers ✨ with me to give out so come find me if you want any!

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• ⚠️ CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API - Kubernetes
  A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. Please make sure you update to the latest patch releases (see below).
• Why Observability 2.0 Is Such a Gamechanger - Erwin van der Koogh
  In this blog, Erwin articulates just how much of a difference Honeycomb/observability 2.0 makes compared to your current way of working.
• Seeking Support After Equinix Metal Sunsets - Alpine Linux
  Alpine Linux are seeking support to help with their hosting followig the end of support from Equinix due to them sunsetting their bare-metal offering.
• Reused AWS S3 buckets a weak link in supply chain security - The Register
  A look at the risk of being able to reuse S3 bucket names and how they can lead to potential supply chain attacks.
• CNCF End User Case Study Contest - CNCF
  CNCF are looking for end user case studies that might be used during the keynotes at this years KubeCon in London.
  (Deadline: March 7, 2025, 11:59 PM PT)
• How to Set Up RWX Volumes on VKE with Vultr File System - Vultr
  Vultr introduces ReadWriteManay compatible volumes to their Kubernetes platform.
• Cloudflare incident on February 6, 2025 - CloudFlare
  On Thursday, February 6, 2025, Cloudflare experienced an outage with their object storage service (R2) and products that rely on it. Here's what happened and what they're doing to fix this going forward.
• Kelsey Hightower joins Civo - Civo
  Kelsey Hightower joins Civo as board director, guiding Civo’s next phase of growth and product innovation.
• WASM will replace containers - Creston Bunch
  A look at the future and how WASM may replace containers.
• Docker Announces Don Johnson as New CEO, Succeeding Scott Johnston - Docker
  Docker Announces Don Johnson as New CEO
• The Cloud Controller Manager Chicken and Egg Problem - Kubernetes
  Kubernetes 1.31 completed the largest migration in Kubernetes history, removing the in-tree cloud provider. While the component migration is now done, this leaves some additional complexity for users and installer projects. This post goes over those additional steps and failure points and make recommendations for cluster owners. This migration was complex and some logic had to be extracted from the core components, building four new subsystems.
• Canonical Extends Kubernetes Distro Support to a Dozen Years - Steven J. Vaughan-Nichols
  Canonical is now offering 12 years(!!) of long term support for it's Kubernetes distribution. That's quite a bit more than the measly 14 months offered upstream from Kubernetes. It'll be interesting to see how this turns out.
• What is Continuous Delivery & How Does It Work? - Control Plane
  An exploration of what Continuous Delivery is, how it differs from related concepts, and how Flux can help.
• A Simple Definition Of “Platform” - Charles Betz
  The folks at Forrester make a compelling argument for their standard definition of what a "platform" is.
• Revisiting Docker Hub Policies: Prioritizing Developer Experience - Docker
  Docker announced some new pull rate limits which wasn't well recieved. They quickly put out this announcement responding to feedback and tweaking the limits that will be coming into force from April 1st.
• Debugging Hetzner: Uncovering failures with powerstat, sensors, and dmidecode - Burak Yucesoy
  About a year ago, Hetzner launched the AX162 server line. It offered better price / performance than its predecessor, AX161. Ubicloud was very excited to adopt it, but they soon encountered serious reliability issues. Ubicloud observed that the new servers had 16 times higher annual failure rates.
• Every pod eviction in Kubernetes, explained - Ahmet Alp Balkan
  Anyone who is running Kubernetes in a large-scale production setting cares about having a predictable Pod lifecycle but pod evictions happen and for a variety of reasons. This article covers each in details.
• NFTables mode for kube-proxy - Dan Winship
  A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out.
• HashiCorp officially joins the IBM family - Armon Dadgar
  HashiCorp is now officially part of IBM with the deal finally being completed.

🧑‍🏫 Tutorials, Videos & Podcasts

• kind + CAPI vclusters + GPU - Martin Proffitt
  This GitHub Gist walks through the steps needed to setup a Kind cluster with GPU support and share that to a vCluster running within.
• 🎙️ 10x People, AI Trends, and Career Management, with Richard Seroter - Software Defined Talk
  Whitney and Coté talk with Richard Seroter from Google about the myth of the 10X developer and his perspective on hiring and managing tech talent.
• 📺 Sandbox environments - creating efficient and isolated testing realms - Victor Bucicovschii
  A sandbox environment enables engineering teams to develop, test and experiment with new features in an isolated, controlled space. Watch this webinar to learn how to create sandbox environments using Kubernetes, explore a step-by-step workflow and gain insight
• k8s v1.32 + Cilium v.17.0 + illumos = true? - Tony Norlin
  A great look at Tony's Kubernetes homelab setup running the l.
• 📺 Shopify’s Journey to Planet-Scale Observability - OpenObservability Talks
  Shopify operates at massive scale, running thousands of services and processing billions of events per second. To tackle the challenges of observability at this scale, they built Observe—an in-house observability stack that makes use of open-source tools and specifications. In fact, they replaced an older vendors-based system, in an awe-inspiring migration project. But why build their own stack? Which open source tools did they use? How did they shape the user experience to their needs?
• Enhancing Kubernetes Security: Detecting Threats in OVHcloud Managed Kubernetes cluster (MKS) Audit Logs with Falco - Aurélie Vache
  In this article, Aurélie explores the integration of Falco, an open-source intrusion detection system, with OVHcloud's MKS (Managed Kubernetes Service) audit logs to monitor if everything is ok within the cluster.
• 📺 One-Shot Actions (CI) - Feat. GitHub Actions, Argo Workflows, Tekton - You Choose!
  In this episode, Whitney & Viktor and this weeks guests go through one-shot actions tools typically used to execute tasks like workflows, CI, etc. The tools covered are GitHub Actions, Argo Workflows, and Tekton.
  Also check out Graphical User Interface - Feat Backstage & Port.
• Docker Bake and Chainguard Images - Adrian Mouat
  Docker Bake is a great resource to define build configuration using a declarative file that integrates well with Chainguard Images. See how in this post.
• Tolerating full cloud outages with Monzo Stand-in - Monzo
  A look at how Monzo handles the impact of full cloud outages with their Monzo Stand-in atchitecture.
• Demo an automated canary deployment with Kubernetes - Whitney Lee
  A great walkthrough on how to use Argo Rollouts, Isto and Prometheus to automate canary deployments on Kubernetes.
• Scaling Beyond Limits: Harnessing Route Server for a Stable Cluster - Zalando
  A proxy server contributing to a stable Kubernetes cluster and scaling ingress controller.
• 📺 7 Ways to Secure Your Clusters - Drewbernetes
  In this video Drew takes a look at some of the things you can do to help lock down and secure you Kubernetes clusters.

🧰 Tools

• Kubernetes patch releases - Kubernetes
  A new round of patch releases for Kubernetes has been released that fix CVE-2025-0426: v1.29.14, v1.30.10, v1.31.6 & v1.32.2 (as well as a new v1.33 alpha)
• Cilium 1.17.0 - cilium
  Lots of changes, fixes and improvements in this release. A total of 2761 new commit went into this release!
• Announcing Flux 2.5 GA - FluxCD
  Flux v2.5.0 is out! Take a look at the highlights of new features and improvements in this release.
• khi: A transformative log viewer for Kubernetes - GoogleCloudPlatform
  Kubernetes History Inspector (KHI) is a rich log visualization tool for Kubernetes clusters. KHI transforms vast quantities of logs into an interactive, comprehensive timeline view. Currently focussed on Google Cloud but other Kubernetes distros said to be supported in the future.
• Weave-Gitops Release 0.39.0-rc.1 - Weave
  The first release candidate of weave-gitops since the changeover to being a community run project. If you use Flux it would be good to give this a try and provide feedback.
• Docker Bake is Now Generally Available in Docker Desktop 4.38! - Docker
  Learn more about the new release of Docker Bake, including what it is, how it simplifies complex builds, and where to get started.
• k0rdent: Distributed Container Management for Platform Engineering - Mirantis
  k0rdent is an open-source, Kubernetes-native distributed container management environment for platform engineers. Design, automate, and manage Internal Developer Platforms (IDPs).
• Go 1.24 is released! - The Go Programming Language
  Go 1.24 brings generic type aliases, map performance improvements, FIPS 140 compliance and more.
• DocumentDB: Open-Source Announcement - Microsoft Open Source Blog
  I missed this announcement last month but Microsoft has made their DocumentDB project, which powers their vCore-based Azure Cosmos DB for MongoDB, available with an MIT open source license.
• Tekton applying for incubation in the CNCF - Tekton
  This one had completely gone unnoticed by me until now but it looks like progress is now being made to move the Tekton project from the CD.Foundation to being part of the CNCF. I feel this is quite a welcome move and would better suit Tekton as a cloud native CI/CD tool designed for Kubernetes.
• komodorio/komoplane: 🍨 Crossplane Troubleshooting Tool - Komodor
  Komodor's Crossplane Tool is a project to experiment with visualizing Crossplane resources.
• BLAFS: A Bloat Aware Filesystem for Container Debloating - negativa-ai
  BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment.
  Check the paper for more details: The Cure is in the Cause: A Filesystem for Container Debloating.

🎤 Events and CFPs

Events

• 🎟️ Want to win a ticket to KubeCon London?
  Tech.tickets have a competition with the ability to win a ticket to KubeCon London in April! The competition closes March 17th so be sure to submit if you want a chance to win.
  (Note: Only covers conference ticket, not travel and accommodation)
• 🎉 KubeCon + CloudNativeCon London Parties & Socials - Conf.Party
  If you're looking for parties, socials and events around KubeCon I run Conf.Party to help keep track of them. If you know of a party not listed, or your hosting one yourself, please do let me know and I'll get it added ASAP.
  I also host a 🦋 Bluesky feed that attempts to list all posts related to KubeCon parties and the like.
• The schedule for Cloud Native Rejekts is now live
  If you're going to be at Rejekts in London I'd love it if you could come and see myself and my colleague Joe each giving a talk! Rejekts is one of my favourite conferences and I highly recommend this free event if you're able to make it!
  (Registration is also open, but waitlist only now.)
• KCD Sofia tickets now available
  Taking place September 18th.

CFPs open this month

• 🇨🇭 Cloud Native Zürich - Closes March 31st
• 🇳🇱 KCD Utrecht - Closes April 15th
• 🇮🇳 KubeCon India - Closes March 23rd
• 🇳🇱 Open Source Summit Europe - Closes April 14th

💬 Social Post of the Month

🤷 Misc & Fun

• ISBN Visualization
  An interesting visualization of all books with ISBNs and the unassigned ranges
• Online Safety Act - Neil Brown
  OK, this one isn't actually fun but I think relevant for a lot of people. Neil has been collecting his thoughts (he's a lawyer, but this is legal advice) and resources on the upcoming Online Safety Act UK law being brought in by Ofcom. This law is likely to impact a lot of online services in a fairly bad way so if you run any form on online service for users its good that you make youself aware of whats coming and what is needed to comply. (Spoiler: a lot of work)
• Floor796
  Floor796 is an animated scene showing the lives of characters from various works on the 796th floor of a huge space station. The animation is regularly expanded with new blocks (rooms) and characters from movies, TV series, games, anime, memes, etc.
  This is a lot of fun to scroll around and you can click on the characters to find out who they are and where they're from.
• Beej's Guide to Git - Beej
  A very detailed guide to Git, including what is is, what it isn't and all the features it has, available in multiple formats.
• Is ops a bullshit job? - Dan Slimmon
  A fun little read about Ops being a "bullshit job" as defined in David Graeber’s 2018 book "Bullshit Jobs: A Theory".
• The reality of long-term software maintenance from the maintainer's perspective - Ashley
  I'm not entirely sold on the analogy uses in this post but I fully resonate with the point it's trying to get across.
• A Union for Hopeful Technologists
  What if progressive people who work in technology had an advocacy body? Going to be keeping an eye on this.
• How does learning debt impact engineering teams? - Lizzie Matusov
  We've all heard about tech depbt enough times but this is the first time I've come across the term "learning debt". It deserves a read.

Phew! That was a lot! That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to the very first edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

As this is the very first issue I feel like I should introduce myself and this newsletter a little bit. I’m Marcus Noble 👋 and I work as a Platform Engineer at Giant Swarm. This newsletter is my attempt at keeping myself, and others, up-to-date on all the latest news, tools and events happening in the cloud native world. A new issue will be published each month on the last Friday of that month and contain a roundup of articles, announcements, tools, tutorials, events and CFPs relating to cloud native technologies and the community.

You’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Announcing CloudNative.Now - Marcus Noble
  An overview from myself on the technologies, decisions and architecture behind setting up this new newsletter and what is planned for the future.
• Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online - The Hacker News
  As many as 296,000 Prometheus instances are exposed online, leaking credentials and risking RCE attacks.
• ⚠️ CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API - kubernetes
  If you run Windows nodes in your Kubernetes cluster please make sure to take a look at this vulnerability that could allow for abritrary commands being run.
• How CERN uses Grafana and Mimir to monitor the world's largest computer grid - Grafana Labs
  Learn how CERN uses Grafana and Mimir to help 12,000 global researchers access data from the world's largest particle physics lab.
• Dark Side of Open Source: The Community Strikes Back - Dotan Horovits
  2024 saw great disturbance in the force with FOSS like Redis and Wordpress. But it also saw successful community forks and resilience.
• Reddit No Longer Haunted by Drifting Kubernetes Configurations - Joab Jackson
  Three years ago, Reddit's infrastructure engineers team spent most of its time putting out fires. Here's how developing a platform abstraction streamlined operations and put them back in charge.
• Confidential computing at 1Password - 1Password
  Confidential computing is a new technology that enables 1Password to bring its end-to-end encryption model into the cloud.
• Exploring the Kubernetes API Server Proxy - raesene
  A look into the Kubernetes API server proxy and some interesting security implications that you might want to be aware of.
• Understanding Kubernetes: part 54 – StatefulSet - Aurélie Vache
  Part 54(!!) of a series of sketchnotes from Aurélie, this one covering everything StatefulSet.
• Six Sins of Platform Teams - Sergey Tselovalnikov
  In this article, Sergey shares their personal mental model for platform teams' sins (anti-patterns), and how you can avoid them.
• Kubernetes 1.30 on EKS - Alberto Llamas
  Everything you need to know about Kubernetes 1.30 on EKS and the new default of Amazon Linux 2023
• 📺 Internal Developer Platforms Intro (You Choose! Ch. 5, Ep. 0) - DevOps Toolkit
  New chapter of the popular “You Choose” series starting soon, focussing on Internal Developer Platforms (IDPs).
• CloudNativeAfrica
  A new website and community championing cloud native adoption, development, and growth, in Africa.
• A new era for Helm - Cloud Native Computing Foundation
  As cloud native heads into its second decade, we’d like to spend some time talking about Helm and its future.
• 🎙️ Cloud Native Compass | Navigating Kubernetes: Insights, Challenges, and the Release Cycle with Kat Cosgrove - David Flanagan & Laura Santamaria
  In this episode of the Cloud Native Compass podcast, hosts David Flanagan and Laura Santamaria dive deep into the complexities of the Kubernetes release cycle with guest Kat Cosgrove.

🧑‍🏫 Tutorials & Videos

• 📺 Is This the End of Crossplane? Compose Kubernetes Resources with kro - DevOps Toolkit
  A look at KRO (see below) and how it might compare to Crossplane for resource management in Kubernetes.
• 📺 Learn Kubernetes | A Comprehensive Guide - Drewbernetes
  Not a new series but if it's your New Years's resolution to learn Kuberentes then this playlist is for you!
• Bootstrapping a Civo cluster with OpenTofu and Flux - Marcus Noble
  A walkthrough of using OpenTofu and Flux to create a new, fully GitOps'd Kubernetes cluster on Civo.
• 📺 Top 10 DevOps Tools You MUST Use in 2025! - DevOps Toolkit
  Discover the top tools you should consider using in 2025! From AI and CI/CD to containers and developer portals.
• Designing and Implementing Platform Engineering - Microsoft
  A free Platform Engineering course from Microsoft
• Kubernetes RBAC: A Comprehensive Guide - Oshrat Nir
  A comprehensive guide of all things Kubernetes RBAC, why and how to use it.
• So you wanna write Kubernetes controllers? - Ahmet
  A very detailed write up of the best practices of building a Kubernetes controller and CRDs

🧰 Tools

• Helm TUI - Pidanou Eang
  Helm TUI (Terminal UI) is a text-based interface for managing Kubernetes Helm charts. With an intuitive and easy-to-use interface, it lets you search, install, upgrade, and delete charts with ease.
• KRO - Powerful Abstractions for Kubernetes - AWS
  Kube Resource Orchestrator (kro) is a new operator for Kubernetes that simplifies the creation of complex Kubernetes resource configurations. kro lets you create and manage custom groups of Kubernetes resources by defining them as a ResourceGroup, the project's fundamental custom resource. ResourceGroup specifications define a set of resources and how they relate to each other functionally. Once defined, resource groups can be applied to a Kubernetes cluster where the kro controller is running. Once validated by kro, you can create instances of your resource group. kro translates your ResourceGroup instance and its parameters into specific Kubernetes resources and configurations which it then manages for you.
• Reserved Capacity Manager for Kubernetes - ssbostan
  A new operator to help optimize the responsiveness of cluster-autoscaler by reserving low-priority resources on worker nodes as "hot spare" capacity. An interesting approach if scaling up quickly is important for you.
• OpenTofu 1.9.0 - OpenTofu
  New release introduces provider for_each.
• helm-cel - idsulik
  A Helm plugin that uses Common Expression Language (CEL) to validate values. Instead of using JSON Schema in values.schema.json, you can write more expressive validation rules using CEL in values.cel.yaml.
• kubezonnet: Monitor Cross-Zone Network Traffic in Kubernetes - Polar Signals
  A newly open sourced solution from Polar Signals for identifying and measuring cross-zone pod network traffic in Kubernetes clusters.

🎤 Events and CFPs

Events

• 🇬🇧 The Schedule for KubeCon CloudNativeCon Europe 2025 is now available.
  • Looking for Parties during KubeCon? Check out Conf.Party for all the latest details or follow on Mastodon or Bluesky.
• 🇺🇸 Civo Navigate NA - San Francisco - Civo
  Civo Navigate NA is happening next month in San Francisco.
  Not got a ticket yet? Get yours now for $25 code KKCIVONAV25 (Thank you Civo for providing us with this offer 💙)
• 🇳🇴 The Schedule for Cloud Native Day Oslo 2025 is now live.
  Both myself and my colleague Joe will be giving talks here. I hope to see some of y'all there!

CFPs open this month

• 🇫🇮 KCD Helsinki 2025 - closes February 7th
• 🇭🇺 KCD Budapest 2025 - closes February 8th
• 🇹🇷 KCD Istanbul 2025 - closes February 15th
• 🇨🇿 🇸🇰 KCD Czech & Slovak - Bratislava 2025 - closes March 14th
• 🇩🇪 ContainerDays Conference 2025 - closes March 31st
• 🇩🇪 Cloud Native Summit Munich 2025 - closes April 6th

🤷 Misc & Fun

• DOOM® CAPTCHA
  Solve a CAPTCHA by playing Doom.
• 📘 The Cloud Native Attitude - Container Solutions
  New book release from Jamie Dobson and Anne Currie.
• Seconds Since the Epoch - Aphyr
  Today I learnt that seconds since the epoch don't include leap seconds!
• Why We’re Bringing Pebble Back - Eric Migicovsky
  One of the original heros in the smartwatch scene looks like it will be making a comeback after more than a decade following Google making the code for PebbleOS open source.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋

Welcome to CloudNative.Now, a monthly roundup newsletter of all things happening in the Cloud Native world, lovingly collated by Marcus Noble.

This newsletter is my attempt at keeping myself, and others, up-to-date on all the latest news, tools and events happening in the cloud native world. A new issue will be published each month on the last Friday of that month and contain a roundup of articles, announcements, tools, tutorials, events and CFPs relating to cloud native technologies and the community.

Things will be up and running here shortly, but in the mean time you can subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

Also be sure to follow us on Bluesky or Mastodon for more updates throughout the month!