February 2025
👋 Intro
Welcome to the February edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!
Thank you so much to everyone who provided feedback and kind words on last months issue. I really appreciate it and would love for it to continue!
I'm getting excited for KubeCon London that is fast approaching (and will be upon us when i send out the next issue of this newsletter). It's going to be nice to have it in my own country for a change and I think with how accessible London is from around the world it's going to be a very large event. I'll be there with several of my Giant Swarm colleagues as we have a sponsor booth (location N450) so do stop by and say "Hi 👋" if you're going to be there! (Not got a ticket? See below for a chance to win one!) Reach out to me on Bluesky, Mastodon or LinkedIn if you want to meet up while there - I'll be at Rejekts, Maintainer Summit and KubeCon all week. As I have done in the past I'll have some ✨ custom stickers ✨ with me to give out so come find me if you want any!
As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙
If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬
📰 News & Articles
- ⚠️ CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API - Kubernetes
A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk. Please make sure you update to the latest patch releases (see below). - Why Observability 2.0 Is Such a Gamechanger - Erwin van der Koogh
In this blog, Erwin articulates just how much of a difference Honeycomb/observability 2.0 makes compared to your current way of working. - Seeking Support After Equinix Metal Sunsets - Alpine Linux
Alpine Linux are seeking support to help with their hosting followig the end of support from Equinix due to them sunsetting their bare-metal offering. - Reused AWS S3 buckets a weak link in supply chain security - The Register
A look at the risk of being able to reuse S3 bucket names and how they can lead to potential supply chain attacks. - CNCF End User Case Study Contest - CNCF
CNCF are looking for end user case studies that might be used during the keynotes at this years KubeCon in London.
(Deadline: March 7, 2025, 11:59 PM PT) - How to Set Up RWX Volumes on VKE with Vultr File System - Vultr
Vultr introduces ReadWriteManay compatible volumes to their Kubernetes platform. - Cloudflare incident on February 6, 2025 - CloudFlare
On Thursday, February 6, 2025, Cloudflare experienced an outage with their object storage service (R2) and products that rely on it. Here's what happened and what they're doing to fix this going forward. - Kelsey Hightower joins Civo - Civo
Kelsey Hightower joins Civo as board director, guiding Civo’s next phase of growth and product innovation. - WASM will replace containers - Creston Bunch
A look at the future and how WASM may replace containers. - Docker Announces Don Johnson as New CEO, Succeeding Scott Johnston - Docker
Docker Announces Don Johnson as New CEO - The Cloud Controller Manager Chicken and Egg Problem - Kubernetes
Kubernetes 1.31 completed the largest migration in Kubernetes history, removing the in-tree cloud provider. While the component migration is now done, this leaves some additional complexity for users and installer projects. This post goes over those additional steps and failure points and make recommendations for cluster owners. This migration was complex and some logic had to be extracted from the core components, building four new subsystems. - Canonical Extends Kubernetes Distro Support to a Dozen Years - Steven J. Vaughan-Nichols
Canonical is now offering 12 years(!!) of long term support for it's Kubernetes distribution. That's quite a bit more than the measly 14 months offered upstream from Kubernetes. It'll be interesting to see how this turns out. - What is Continuous Delivery & How Does It Work? - Control Plane
An exploration of what Continuous Delivery is, how it differs from related concepts, and how Flux can help. - A Simple Definition Of “Platform” - Charles Betz
The folks at Forrester make a compelling argument for their standard definition of what a "platform" is. - Revisiting Docker Hub Policies: Prioritizing Developer Experience - Docker
Docker announced some new pull rate limits which wasn't well recieved. They quickly put out this announcement responding to feedback and tweaking the limits that will be coming into force from April 1st. - Debugging Hetzner: Uncovering failures with powerstat, sensors, and dmidecode - Burak Yucesoy
About a year ago, Hetzner launched the AX162 server line. It offered better price / performance than its predecessor, AX161. Ubicloud was very excited to adopt it, but they soon encountered serious reliability issues. Ubicloud observed that the new servers had 16 times higher annual failure rates. - Every pod eviction in Kubernetes, explained - Ahmet Alp Balkan
Anyone who is running Kubernetes in a large-scale production setting cares about having a predictable Pod lifecycle but pod evictions happen and for a variety of reasons. This article covers each in details. - NFTables mode for kube-proxy - Dan Winship
A new nftables mode for kube-proxy was introduced as an alpha feature in Kubernetes 1.29. Currently in beta, it is expected to be GA as of 1.33. The new mode fixes long-standing performance problems with the iptables mode and all users running on systems with reasonably-recent kernels are encouraged to try it out. - HashiCorp officially joins the IBM family - Armon Dadgar
HashiCorp is now officially part of IBM with the deal finally being completed.
🧑🏫 Tutorials, Videos & Podcasts
- kind + CAPI vclusters + GPU - Martin Proffitt
This GitHub Gist walks through the steps needed to setup a Kind cluster with GPU support and share that to a vCluster running within. - 🎙️ 10x People, AI Trends, and Career Management, with Richard Seroter - Software Defined Talk
Whitney and Coté talk with Richard Seroter from Google about the myth of the 10X developer and his perspective on hiring and managing tech talent. - 📺 Sandbox environments - creating efficient and isolated testing realms - Victor Bucicovschii
A sandbox environment enables engineering teams to develop, test and experiment with new features in an isolated, controlled space. Watch this webinar to learn how to create sandbox environments using Kubernetes, explore a step-by-step workflow and gain insight - k8s v1.32 + Cilium v.17.0 + illumos = true? - Tony Norlin
A great look at Tony's Kubernetes homelab setup running the l. - 📺 Shopify’s Journey to Planet-Scale Observability - OpenObservability Talks
Shopify operates at massive scale, running thousands of services and processing billions of events per second. To tackle the challenges of observability at this scale, they built Observe—an in-house observability stack that makes use of open-source tools and specifications. In fact, they replaced an older vendors-based system, in an awe-inspiring migration project. But why build their own stack? Which open source tools did they use? How did they shape the user experience to their needs? - Enhancing Kubernetes Security: Detecting Threats in OVHcloud Managed Kubernetes cluster (MKS) Audit Logs with Falco - Aurélie Vache
In this article, Aurélie explores the integration of Falco, an open-source intrusion detection system, with OVHcloud's MKS (Managed Kubernetes Service) audit logs to monitor if everything is ok within the cluster. - 📺 One-Shot Actions (CI) - Feat. GitHub Actions, Argo Workflows, Tekton - You Choose!
In this episode, Whitney & Viktor and this weeks guests go through one-shot actions tools typically used to execute tasks like workflows, CI, etc. The tools covered are GitHub Actions, Argo Workflows, and Tekton.
Also check out Graphical User Interface - Feat Backstage & Port. - Docker Bake and Chainguard Images - Adrian Mouat
Docker Bake is a great resource to define build configuration using a declarative file that integrates well with Chainguard Images. See how in this post. - Tolerating full cloud outages with Monzo Stand-in - Monzo
A look at how Monzo handles the impact of full cloud outages with their Monzo Stand-in atchitecture. - Demo an automated canary deployment with Kubernetes - Whitney Lee
A great walkthrough on how to use Argo Rollouts, Isto and Prometheus to automate canary deployments on Kubernetes. - Scaling Beyond Limits: Harnessing Route Server for a Stable Cluster - Zalando
A proxy server contributing to a stable Kubernetes cluster and scaling ingress controller. - 📺 7 Ways to Secure Your Clusters - Drewbernetes
In this video Drew takes a look at some of the things you can do to help lock down and secure you Kubernetes clusters.
🧰 Tools
- Kubernetes patch releases - Kubernetes
A new round of patch releases for Kubernetes has been released that fix CVE-2025-0426: v1.29.14, v1.30.10, v1.31.6 & v1.32.2 (as well as a new v1.33 alpha) - Cilium 1.17.0 - cilium
Lots of changes, fixes and improvements in this release. A total of 2761 new commit went into this release! - Announcing Flux 2.5 GA - FluxCD
Flux v2.5.0 is out! Take a look at the highlights of new features and improvements in this release. - khi: A transformative log viewer for Kubernetes - GoogleCloudPlatform
Kubernetes History Inspector (KHI) is a rich log visualization tool for Kubernetes clusters. KHI transforms vast quantities of logs into an interactive, comprehensive timeline view. Currently focussed on Google Cloud but other Kubernetes distros said to be supported in the future. - Weave-Gitops Release 0.39.0-rc.1 - Weave
The first release candidate of weave-gitops since the changeover to being a community run project. If you use Flux it would be good to give this a try and provide feedback. - Docker Bake is Now Generally Available in Docker Desktop 4.38! - Docker
Learn more about the new release of Docker Bake, including what it is, how it simplifies complex builds, and where to get started. - k0rdent: Distributed Container Management for Platform Engineering - Mirantis
k0rdent is an open-source, Kubernetes-native distributed container management environment for platform engineers. Design, automate, and manage Internal Developer Platforms (IDPs). - Go 1.24 is released! - The Go Programming Language
Go 1.24 brings generic type aliases, map performance improvements, FIPS 140 compliance and more. - DocumentDB: Open-Source Announcement - Microsoft Open Source Blog
I missed this announcement last month but Microsoft has made their DocumentDB project, which powers their vCore-based Azure Cosmos DB for MongoDB, available with an MIT open source license. - Tekton applying for incubation in the CNCF - Tekton
This one had completely gone unnoticed by me until now but it looks like progress is now being made to move the Tekton project from the CD.Foundation to being part of the CNCF. I feel this is quite a welcome move and would better suit Tekton as a cloud native CI/CD tool designed for Kubernetes. - komodorio/komoplane: 🍨 Crossplane Troubleshooting Tool - Komodor
Komodor's Crossplane Tool is a project to experiment with visualizing Crossplane resources. - BLAFS: A Bloat Aware Filesystem for Container Debloating - negativa-ai
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment.
Check the paper for more details: The Cure is in the Cause: A Filesystem for Container Debloating.
🎤 Events and CFPs
Events
- 🎟️ Want to win a ticket to KubeCon London?
Tech.tickets have a competition with the ability to win a ticket to KubeCon London in April! The competition closes March 17th so be sure to submit if you want a chance to win.
(Note: Only covers conference ticket, not travel and accommodation) - 🎉 KubeCon + CloudNativeCon London Parties & Socials - Conf.Party
If you're looking for parties, socials and events around KubeCon I run Conf.Party to help keep track of them. If you know of a party not listed, or your hosting one yourself, please do let me know and I'll get it added ASAP.
I also host a 🦋 Bluesky feed that attempts to list all posts related to KubeCon parties and the like. - The schedule for Cloud Native Rejekts is now live
If you're going to be at Rejekts in London I'd love it if you could come and see myself and my colleague Joe each giving a talk! Rejekts is one of my favourite conferences and I highly recommend this free event if you're able to make it!
(Registration is also open, but waitlist only now.) - KCD Sofia tickets now available
Taking place September 18th.
CFPs open this month
- 🇨🇭 Cloud Native Zürich - Closes March 31st
- 🇳🇱 KCD Utrecht - Closes April 15th
- 🇮🇳 KubeCon India - Closes March 23rd
- 🇳🇱 Open Source Summit Europe - Closes April 14th
💬 Social Post of the Month
🤷 Misc & Fun
- ISBN Visualization
An interesting visualization of all books with ISBNs and the unassigned ranges - Online Safety Act - Neil Brown
OK, this one isn't actually fun but I think relevant for a lot of people. Neil has been collecting his thoughts (he's a lawyer, but this is legal advice) and resources on the upcoming Online Safety Act UK law being brought in by Ofcom. This law is likely to impact a lot of online services in a fairly bad way so if you run any form on online service for users its good that you make youself aware of whats coming and what is needed to comply. (Spoiler: a lot of work) - Floor796
Floor796 is an animated scene showing the lives of characters from various works on the 796th floor of a huge space station. The animation is regularly expanded with new blocks (rooms) and characters from movies, TV series, games, anime, memes, etc.
This is a lot of fun to scroll around and you can click on the characters to find out who they are and where they're from. - Beej's Guide to Git - Beej
A very detailed guide to Git, including what is is, what it isn't and all the features it has, available in multiple formats. - Is ops a bullshit job? - Dan Slimmon
A fun little read about Ops being a "bullshit job" as defined in David Graeber’s 2018 book "Bullshit Jobs: A Theory". - The reality of long-term software maintenance from the maintainer's perspective - Ashley
I'm not entirely sold on the analogy uses in this post but I fully resonate with the point it's trying to get across. - A Union for Hopeful Technologists
What if progressive people who work in technology had an advocacy body? Going to be keeping an eye on this. - How does learning debt impact engineering teams? - Lizzie Matusov
We've all heard about tech depbt enough times but this is the first time I've come across the term "learning debt". It deserves a read.
Phew! That was a lot! That's all for this month!
Thank you for reading! 💙
If you enjoyed this post, please spread the word and share with your friends.
~ Marcus 👋