August 2025

👋 Intro

Welcome to the August edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

This month's issues is slightly lighter than previous as it seems as not as much has been going on this month (summer holidays for many people likely contributed to that) but it has been quite a busy month for me personaly.

I started off this month with a very lovely week off for my birthday where I visited Bristol, exploring all the increadible street art they have on offer there, followed by spending some time in the Peak District (near my hometown) visiting my friend. The rest of this month has been spent focussing on wrapping up my four years at Giant Swarm (😱) before starting my new role at Monzo! 🎉

I have also updated Ghost, which runs this newsletter, to the latest major release - Ghost 6.0. Right now you wont notice any changes but in the coming weeks I plan to migrate away from the Bitnami Helm chart and images (see news below) and attempt to anable the new analytics and social web features that this new version introduces. I am unsure yet if I'll be keeping the analytics enabled or not - I will only do so if they are sufficiently anonymous as I only really want to know what is working vs what is not so I can improve future issues.

I have also enabled a paid subscription tier for members that want to help cover the running costs of this newletter. It's set at £1/month and is very much an experiment right now but it does come with the ability to comment on posts. Just be aware that depending on how this goes I might end up dropping it. Feedback very much appreciated!

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• Kubernetes 1.34: Deep dive into new alpha features - Kirill Kononovich
  Prepare for the upcoming Kubernetes release by learning about the 13 alpha features it brings. They cover various areas of the project, from asynchronous API calls to the new KYAML format.
• User feedback Survey: Building Multi cluster Management and Monitoring tool - SIG Multicluster
  SIG Multicluster is building a tool for multi-cluster management and monitoring- and they're seeking user feedback! If you or anyone you know has experience with running multicluster setups, they'd love to hear from you! Share your insights in this survey!
• Upcoming changes to the Bitnami catalog - Bitnami
  Bitnami (Broadcom) gives everyone a months notice that their image registry (docker.io/binami) will be replaced with a new paid subscription repository (bitnamisecure) and the existing images will be archived to bitnamilegacy. If you use any Bitnami images in your cluster please take a look at this issue and tackle your migration NOW before things start to break!
  Rory McCune did an analysis of what the imapact of this is likely to look like. 😱 (Spoiler - it's likely to be messy). There is also a blog post from Broadcom where they outline some more details - including a "brownout" approach to make people aware of the change. (Not sure I'm keen on this approach, personally)
• Understanding the Kubernetes Pause Container: The Pod's Hidden Hero - James Spurin
  Engineers working with Kubernetes often focus on application containers and overlook the tiny pause container. Discover this component that quietly holds everything together in Kubernetes Pods.
• Introducing Headlamp AI Assistant - Joaquim Rocha
  To simplify Kubernetes management and troubleshooting, the Headlamp project is introducing the Headlamp AI Assistant: a powerful new plugin for Headlamp that helps you understand and operate your Kubernetes clusters and applications with greater clarity and ease.
• Health of External Secrets project - Gustavo Fernandes de Carvalho
  There's been some drama this month following a cry for help from the maintainers of the External Secrets project.
• Create encrypted Persistent Volumes on OVHcloud Managed Kubernetes clusters with LUKS - OVHcloud Blog - Aurélie Vache
  Since this summer, it’s possible to create encrypted OVHcloud Block Storage with OMK (OVHcloud managed key) in RBX, SBG, Paris & BHS regions. And the good news is that you can use encrypted Block Storage using Persistent Volumes in your OVHcloud Managed Kubernetes Service (MKS) clusters.
• Note from Teemu, Tim, and Torin to the Open Policy Agent community - Tim Hinrichs
  The creators of Open Policy Agent (along with many team members from Styra) have joined Apple.
• Are you chasing the 10x engineer dream — or building a 10x team? - Anastasija Uspenski
  Organizations built on heroes eventually break. You don’t need a 10x engineers — you need a 10x organization that scales sustainably.
• Kubernetes Isn't Enough for a Production-Ready Platform - Jennifer Riggins
  Kubernetes may be the reason you started with platform engineering, but it’s not enough to handle Day 2 ops and managing complexity at scale.
• The State of Commercial Open Source 2025 - Linux Foundation
  The latest report from the Linux Foundation on the state of commercial open source.

🔒 Security

• CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference - kubernetes
  A vulnerability exists in the NodeRestriction admission controller where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource.
• Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer - Nick Frichette & Brandon Dossantos
  Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
• Kubernetes 1.34: Top Security Features & Enhancements - Ben Hirschberg
  Improve your cloud security with the latest upgrades in Kubernetes 1.34, from mutual TLS and token hardening to CEL-based admission policies.
• User preferences (kuberc) are available for testing in kubectl 1.34 - Maciej Szulik
  Have you ever wished you could enable interactive delete, by default, in kubectl? Or maybe, you'd like to have custom aliases defined, but not necessarily generate hundreds of them manually? Look no further. SIG-CLI has been working hard to add user preferences to kubectl, and we are happy to announce that this functionality is reaching beta as part of the Kubernetes v1.34 release.

🧑‍🏫 Tutorials, Videos & Podcasts

• Kubernetes: Admission Control - Márk Sági-Kazár
  Dive deep into Kubernetes admission control with hands-on examples. Learn how admission controllers influence cluster behavior, apply default configurations, and enforce policies for consistency and compliance.
• 📺 Episode 190: Enigma Machine in eBPF - eBPF & Cilium Community
  Liz talks through implementing the Enigma machine in eBPF. 😮
• 🎙️ Communications Skills, Ultrarunning, and Whacky YouTube Thumbnails, with James Eastham - Coté & Whitney Lee
  In this episode, Whitney and Coté talk with James Eastham about developing social skills through reading, the importance of deep work in productivity, and the mental challenges of ultrarunning.
• 📺 From Chaos to Clarity: Mastering Distributed Systems with Jaeger - Whitney Lee
  In this episode of 🌩️ Thunder, Whitney Lee and Jonah Kowall explain what Jaeger does, why it exists, and how this powerful tool helps teams understand complex microservices architectures and solve problems across distributed systems. From spans and traces to storage backends, sampling, and scaling, this short recap shows how Jaeger and OpenTelemetry work together to make distributed tracing practical for modern microservices.
• 📺Understanding Perses: Open Standards for Observability Dashboarding in CNCF - Whitney Lee wiggitywhitney
  In this episode of 🌩️ Thunder, learn about Perses, the innovative open standard for observability dashboarding, with Eric Deschabelle from Kronosphere and CNCF Ambassador Whitney Lee. Discover how this tool integrates with existing CNCF technologies and enables automated dashboard management. What sets Perses apart?: dashboards as code, built-in validation, and a Prometheus-native workflow that plays nicely with GitOps. We also talk about what makes a dashboard useful in the first place, and how teams can avoid the common trap of collecting metrics they never actually look at.
• Kubernetes: Runtime Class - Márk Sági-Kazár
  Learn how to configure and use Kubernetes Runtime Classes to specify different container runtimes for your workloads. Explore different OCI runtimes and their scheduling constraints.

🧰 Tools

• Kubernetes v1.34.0
  The latest and greatest version of Kubernetes is now available.
• Kind v0.33.0
  This is small release containing patched dependencies and Kubernetes 1.34, as well as a bugfix for Kubernetes v1.33.0+ cluster reboots.
• helm-chart-toolbox - Grafana
  This repository provides a set of tools and utilities to help with the development, testing, and management of Helm charts. It includes features for generating documentation, schemas, running tests, and more!
• Announcing Kyverno Release 1.15! - Kyverno
  Kyverno 1.15 makes policy management more modular, streamlined, and powerful. This release includes new MutatingPolicy, GeneratingPolicy and more!
• Kubernetes Spec v1.33: Reference Guide and Documentation - Aptakube
  Not new but something I re-discovered this month and wanted to share. Kubespac provides a really nice UI explorer for Kubernetes resources with syntax highlighting and change history. It also include some populare 3rd-party CRDs such as Kyverno.
• KYAML - kubernetes
  A new output format is being introduced into Kubectl - "KYAML"!
  This format is a strict subset (aka "dialect") of standard YAML, and so should be parseable by the existing ecosystem. This dialect seeks to emphasize syntactical choices which avoid many of the most common traps in YAML. For example, unlike standard YAML output, this dialect is not whitespace-sensitive, which makes it vastly easier to patch correctly in things like Helm charts.
• Caddy HTTP handler module for Kubernetes admission webhooks - Márk Sági-Kazár
  Caddy HTTP handler module for Kubernetes admission webhooks.
• Kaniuse - Kubernetes Feature Status Tracker - Kaniuse
  Track and discover Kubernetes features across different lifecycle stages - Alpha, Beta, GA, Deprecated, and Removed. Stay updated with K8s feature status changes.
  Please note: this currently isn't available on mobile / small displays. Take a look on your laptop for the full goodness!

🎤 Events and CFPs

Events

• 🇩🇪 ContainerDays - 9th → 11th September, 2025
  I'll be speaking here on the final day. 😁 Come say Hi! 👋
• 🇬🇧 KCD UK - 21st October
  The agenda for KCD UK in Edinburgh is now available
• 🇺🇸 KubeCon + CloudNativeCon North America 2025 - 10th → 13th November
  Get 15% off ticket price with discount code: KCNA2515AMB
  • The schedule for the Maintainer Summit is also now available.

CFPs

• 🇨🇭 KCD Suisse Romande (CERN) 2025 - Deadline 15th Septemer
• 🇳🇱 KubeCon + CloudNativeCon Europe 2026 - Deadline 12th October

💬 Social Post of the Month

🤷 Misc & Fun

• TIL that You can spot base64 encoded JSON, certificates, and private keys - Thibault Martin
  A colleague was able to spot that a long string of gibberish was base64 encoded json. I couldn't believe he was base64 decoding on the fly without tools, so I asked him how he did it. It turns out that everyone can spot base64 encoded json.
• Go Concurrency Rocks - Go Concurrency Rocks
  Interactive exploration of Go concurrency patterns
• ohyaml.wtf | YAML Quiz -
  YAML is known to be nobody's friend and almost everyone's enemy. Try this to see if it's your friend or foe!
• Offline QR Codes - Ben Foxall
  Have you tried using a QR Code for that?
• An Interactive Guide to SVG Paths • Josh W. Comeau - Josh W. Comeau
  SVG gives us many different primitives to work with, but by far the most powerful is theelement. Unfortunately, it’s also the most inscrutable, with its compact Regex-style syntax. In this tutorial, we’ll demystify this infamous element and see some of the cool things we can do with it!
• Bsky-screenshot - Marcus Noble
  A web app to generate screenshots of Bluesky posts. You can see this in action above.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋