April 2025

👋 Intro

Welcome to the April edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

I'm not sure about all of you but KubeCon London was a fantastic, albeit very busy, week for me! So many people I wanted to catch up with from the community, both old friends and new. It was lovely to see everyone and just wish I had more time to catch everyone I wanted to talk with.

This month's issue includes several announcements and updates from KubeCon and related events so if you weren't able to make it don't feel like you're missing out!

On a personal note, I also spoke at the first ever KCD Budapest 🇭🇺 this month and had a fantastic time.
Lots of great talks and a really good turn out with almost 300 attendees! 🤯

I'm also still looking for feedback on this newsletter. I've had some great feedback so far, both in person and via the form, but would really like to get as much as possible to make it great for all of you!
So if you have a few minutes to spare I'd love it if you could share your thoughts:

➡️ Feedback Form ⬅️

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Protecting NATS and the integrity of open source: CNCF’s commitment to the community
  It seems Synadia is trying to take back the NATS project after donating it to the CNCF back in 2018! Looks like they're trying to now change it to a BUSL license (i.e. not truely open source) and the CNCF and Linux Foundation is fighting back. This is going to be interesting to see how it unfolds.
• Cloud Native 2024: Approaching a Decade of Code, Cloud, and Change - CNCF
  A PDF report containing the annual CNCF survey data for 2024. Lots of insight and analysis of the current state of cloud native.
• Multi-Cluster Orchestrator for cross-region Kubernetes workloads - Nick Eberts
  The new Multi-Cluster Orchestrator service helps platform and application teams manage workloads across Kubernetes clusters across regions.
• The Super Helm Chart: To Deploy or Not To Deploy? - Utku Darılmaz
  Dig into the pros, cons and real-world implications of trading multiple Helm charts for a single, structured chart that manages all K8s applications.
• Honeycomb Acquires Grit: A Strategic Investment in Pragmatic AI and Customer Value - Christine Yen
  Honeycomb has completed our first-ever acquisition: we’re joining forces with Grit, bringing on board not only a strong team, but also compelling technology.
• Simple, scalable, and global: Containers are coming to Cloudflare Workers in June 2025 - Mike Nomitch & Gabi Villalonga Simón
  Cloudflare Containers are coming this June. Run new types of workloads on our network with an experience that is simple, scalable, global and deeply integrated with Workers.
• Dependabot version updates now support Helm - GitHub
  Developers can now use Dependabot to automatically keep their Helm dependencies up to date.
• Optimizing Our E2E Pipeline - Engineering at Slack - Dan Carton
  I look at some of the improvements Slack made to their E2E pipelines to cut the time they take in half.
• How Much Should I Be Spending On Observability? - Charity Majors
  In this update to her 2018 post, Charity Majors explains how much teams should spend when it comes to observability costs. Part 2 is available here.
• Kelsey Hightower on Nix vs. Docker: Is There a Different Way? - David Cassel
  In a recent talk, Kubernetes expert Kelsey Hightower explored the Docker alternative Nix, recognizing its potential for improved software reproducibility and supply chain security.
• A Kubernetes Journey - Gabriel Quennesson
  A great look at Michelin's Kubernetes journey dating back from 2018 to today.
• Introduction to Gitless GitOps: A New OCI-Centric and Secure Architecture - Tetsuya KIKUCHI
  Exploring Gitless GitOps, which is driven by OCI registries instead of Git, offering enhanced security and simplified operations.
• Top 10 Platform Engineering Takeaways from PlatEngDay & KubeCon London 2025 - Daniel Bryant
  Platform Engineering was the hottest topic in the room at KubeCon, even edging out AI from Daniel's perspective! Here are his top 10 observations.
• Kubernetes 1.33: Top 8 Security Features You Need to Know - Matthias Bertschy
  Explore the key security improvements in Kubernetes 1.33 including fine-grained Kubelet authorization alongside other features like topology-aware routing and more.
• DevOps vs SRE vs Platform Engineering - Ikpemosi Victoria Braimoh
  DevOps, SRE, and platform engineering are three closely related but different disciplines that solve software development problems in three different ways.

🔒 Security

• The Collapse of CVE: How a Funding Failure Threatens Global Cybersecurity - Sal Kimmich
  The Common Vulnerabilities and Exposures (CVE) program will no longer be funded by the U.S. government, a serious concern for global vulnerability coordination. As a response, some of the board members have started the CVE Foundation in an attempt to keep things going.
• ⚠️ Argo Events CVE-2025-32445
  A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges.
• ARMO CADR Detects and Contains Kubernetes Crypto Mining Attacks - Amit Schendel
  Learn how ARMO CADR uncovered and prevented two distinct crypto-mining attack campaigns targeting a vulnerable Kubernetes deployment, providing valuable insights and IOCs.
• clusterfuck: attack sims on k8s clusters - bilal
  clusterfuck is a multi-stage attack simulation against k8s environments. It performs executing privilege escalation, container escape, credential theft, lateral movement, and crypto mining techniques. It’s designed to validate detection capabilities in your cloud security posture management (CSPM) and endpoint detection and response (EDR) tools.
• Kubectl Get Hacked - Iain Smart
  Discussing some ways kubeconfig files can bite and taking a look specifically at the exec capabilities.

🧑‍🏫 Tutorials, Videos & Podcasts

• Container CPU Requests & Limits Explained with GOMAXPROCS Tuning - Phuong Le
  When running Go apps in Kubernetes, default CPU thread scheduling can conflict with cgroup CPU limits. The runtime sees all host CPUs, but the container may only be allowed a fraction of one. This often leads to early throttling. Properly configuring GOMAXPROCS avoids this waste and improves stability.
• Managing Applications across Fleets of Kubernetes Clusters - Brian Grant
  What tools are available to manage applications across a fleet of Kubernetes clusters?
• Kubernetes On Hetzner Cloud+Robot With Talos Linux - Caleb Woodbine
  A nice look at how Caleb runs Kubernetes on Hetzner with a look at some nice tools.
• Understanding Kubernetes Networking Internals - Santosh Kumar Perumal
  In Kubernetes, networking is a core concept that can feel like a black box until you crack it open and start digging into namespaces, CNI plugins, and virtual Ethernet interfaces.
• How To Build Scalable and Reliable CI/CD Pipelines With Kubernetes - Neha Surendranath
  By integrating CI/CD pipelines with Kubernetes, organizations can deploy applications in a scalable, consistent, and resilient manner. 
• 📺 Assessing Container Image Security with CHPs - Adrian Mouat
  In this video, Adrian covers Chainguard's new way to assess container image security: Container Hardening Priorities (CHPs).
• 📺 Prometheus Explained — Beginner-Friendly Recap - Whitney Lee
  Whitney is back with a new YouTube series - 🌩️ Thunder a brand-new streaming series that distills the best parts of her long-form show ⚡Enlightning into short, concentrated episodes. The first episode covers Prometheus in less than 20 minutes.

🧰 Tools

• Kubernetes v1.33: Octarine - Agustina Barbetta, Aakanksha Bhende, Udi Hofesh, Ryota Sawada, Sneha Yadav
  Similar to previous releases, the release of Kubernetes v1.33 introduces new stable, beta, and alpha features. The consistent delivery of high-quality releases underscores the strength of our development cycle and the vibrant support from our community.This release consists of 64 enhancements. Of those enhancements, 18 have graduated to Stable, 20 are entering Beta, 24 have entered Alpha, and 2 are deprecated or withdrawn.
• Nelm 1.0 released: Helm-chart compatible alternative to Helm 3 - Flant staff
  We mentioned this in last months issue but Flant have now put out a blog post introducing the v1.0 release of Nelm.
• Introducing kube-scheduler-simulator - Kensei Nakada
  The Kubernetes Scheduler is a crucial control plane component that determines which node a Pod will run on. Thus, anyone utilizing Kubernetes relies on a scheduler. kube-scheduler-simulator is a simulator for the Kubernetes scheduler that allows users to closely examine the scheduler’s behavior and decisions.
• Introducing vNode: Virtual Nodes for Secure Kubernetes Multi-Tenancy - Lukas Gentele
  Loft Labs introduces a new complimentary tool to their vCluster project that helps with node-level isolation - vNode.
• KubeFleet - Azure
  KubeFleet is an open source solution that works on any Kubernetes cluster. We are working towards the vision that we will eventually be able to treat each Kubernetes cluster as cattle.
• Koreo - Real Kinetic
  Koreo is a new approach to Kubernetes configuration management empowering developers and platform teams through programmable workflows and structured data
• Ksctl
  Ksctl aims to simplify a collection of kubernetes clusters running on different cloud providers. It provides a simple and intuitive interface for managing Kubernetes clusters and is designed to be efficient and can perform tasks quickly and without the need for additional tools.
• Comparing open source Cloud Native DBaaS solutions - Sergey Pronin
  Comparing open source Cloud Native database-as-a-service solutions that can help you to avoid vendor lock and run databases in Kubernetes with ease.
• Atuin Desktop: Runbooks that Run - Ellie Huxtable
  Atuin Desktop looks like a doc, but runs like your terminal. Script blocks, embedded terminals, database clients and prometheus charts - all in one place.

🎤 Events and CFPs

Events

• All the KubeCon London and related updates
  • 📺 Recordings of Cloud Native Rejekts talks
  • 📺 Recordings of KubeCon talks (all of the Co-located event recordings are also up in individual playlists)
  • 📸 Photos from KubeCon
  • 📸 Photos from Maintainers Summit
  • Keynote recap posts - Day 1, Day 2 & Day 3
• 🇺🇸 KCD San Francisco Bay Area - May 28th - 29th
  Use promo code FRIENDS25 for a 25% discount on tickets.
• 🇺🇸 OpenObservabilityCon and OTel Community Day - June 26th
• 🇬🇧 Civo Navigate London - September 30th
  Grab a ticket for only $25 with promo code KUNAL25 ✨

CFPs open this month

• 🇺🇸 OpenObservabilityCon and OTel Community Day - Closes May 11th
• 🇺🇸 KubeCon + CloudNativeCon North America - Closes May 27th
• 🇩🇰 Cloud Native Denmark - Closes June 15th
• 🇵🇹 KCD Porto - Closes June 30th

💬 Social Post of the Month

🤷 Misc & Fun

• GitJobs
  GitJobs is an open source job board focused on open source job opportunities. Replaces the old CNCF jobs board.
• Always deploy at peak traffic - Swizec Teller
  A very interesting take on when you should be deploying to production. Deploying at peak time helps with quick identification of issues and has the benefit of having plenty of support staff and engineers still working to deal with issues quickly.
• The Best Programmers I Know - Matthias Endler
  Matthias take a look at some traits noticed in some of the best engineers they've worked with over the years.
• Things I've learned about building + delivering software for other engineers while working in Engineering Productivity - Jamie Tanna
  13 lessons Jamie learned about building software for (internal teams of) software engineers.
• This blog is hosted on a Nintendo Wii - Alex Haydock
  A fun little experiment to use a salvaged Nintendo Wii as a web serever running NetBSD.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋