5 min read

July 2025

A selfie of myself smiling, positioned to the left of the image. Behind me is a room full of people sat down facing me. Some people at the front are waving.
This month I had the pleasure of speaking at CNS Munich for the first time

👋 Intro

Welcome to the July edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

This month I attended Cloud Native Summit Munich for the first time and was able to give my Pod deep-dive talk to a mostly packed room. It was a fantastic event and I managed to have a lot of really great discussions with loads of people. A huge thank you to everyone involved in making the event what it was. It was also so lovely to have people come up to me and tell me they read this newsletter! 💙 Hiiiiii y'all! 👋

This months issue is slightly shorter (although still packed with plenty!) as it seems people are taking well deserved time off for the summer. 🏖️ I'm also going on a short holiday imediately after this post is published although with the inconsistent weather we've had here lately I'm not sure how summer-y it's going to be. 😅

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

  • Introducing First-Party Helm Charts for Chainguard Containers - Sam Katzen & Tazin Progga
    Chainguard first-party Helm Charts are designed to work seamlessly with their continuously updated container images.
  • Time-based deployments with Flux Operator - Matheus Pimenta & Stefan Prodan
    Update your Kubernetes workloads based on schedules with Flux Operator.
  • I shouldn’t have to read installer code every day - Brian Grant
    "I don’t want helm charts to be my interface to off-the-shelf components on a d§aily basis. Kubernetes resources are simpler." - I can certainly understand a lot of Brians frustrations.
  • Kubernetes List API performance and reliability - Ahmet Alp Balkan
    Another great technical post from Ahmet - this time looking at List API performance at scale.
  • DNS Hijacking in Kubernetes - Jan-Otto Kröpke
    Kubernetes DNS, while convenient, harbors a security risk: a lack of understanding regarding its resolution mechanisms permits attackers to redirect cluster traffic without exploits, simply by creating specific namespaces and services. Some good suggestions in this short post to make your clusters a little more secure.
  • Kubelet Tracing Coming in K8s 1.34! - David Flanagan
    Kubernetes 1.34 will deliver distributed tracing in the kubelet, providing unprecedented visibility into node-level operations that have been a debugging black box until now.
  • 2025 Docker State of App Dev: Key Insights Revealed - Olga Diachkova, Rebecca Floyd & Julia Wilson
    Explore Docker’s 2025 App Dev Report: Discover trends in developer productivity, AI adoption, and security practices shaping modern software development
  • Incidents/2025-05-08 Papal announcement traffic surge - Wikipedia
    A report from Wikipedia about how the new Pope announcement caused some issues for them due to traffic surge.
  • FluxCD: Why the GitOps Pioneer Remains Its Future - David Flanagan
    A definitive look at FluxCD's controller-first design and why its architectural alignment with Kubernetes offers [arguably] superior security, efficiency, and operational maturity over ArgoCD.
  • Under the hood: Amazon EKS ultra scale clusters - AWS
    Amazon Elastic Kubernetes Service (Amazon EKS) announced support for clusters with up to 100,000 nodes. This post takes a look under the hood of that achievement.
  • Post-Quantum Cryptography in Kubernetes - Fabian Kammel
    The world of cryptography is on the cusp of a major shift with the advent of quantum computing. While powerful quantum computers are still largely theoretical for many applications, their potential to break current cryptographic standards is a serious concern, especially for long-lived systems. This is where Post-Quantum Cryptography (PQC) comes in. In this article, I'll dive into what PQC means for TLS and, more specifically, for the Kubernetes ecosystem. I'll explain what the (suprising) state of PQC in Kubernetes is and what the implications are for current and future clusters.
  • Mid-Year 2025 CNCF Open Source Project Velocity - Chris Aniszczyk
    As we reach mid-year 2025, it’s time to reflect on the development velocity of CNCF, Linux Foundation, and the top 30 open source projects.
  • Kubernetes v1.34 Sneak Peek - Agustina Barbetta, Alejandro Josue Leon Bellido, Graziano Casto, Melony Qin & Dipesh Rawat
    Kubernetes v1.34 is coming at the end of August 2025. This release will not include any removal or deprecation, but it is packed with an impressive number of enhancements.
  • Prometheus Labels: Understanding and Best Practices - Neel Shah
    Some best practices for using labels in your metrics.

🔒 Security

🧑‍🏫 Tutorials, Videos & Podcasts

  • 📺 What Service Mesh Adds to Observability - Whitney Lee
    In this episode of 🌩️ Thunder, Whitney Lee and Abdel Sghiouar demystify the world of service mesh.
  • 📺 Using Chainguard's Helm Charts - Adrian Mouat
    Adrian takes a look at using the new Helm charts from Chainguard (see article above)
  • 🎙️ Cords, Cyborgs & Cold Cases: Grandpa Dancy’s Operating System for Life - Software Defined Talk
    Coté and Whitney speak with Chris Dancy as they wander delightfully through stories of Google Glass, Apple Vision Pro, Palmolive soap metaphors, and Grandpa Cyborg’s widget garage for municipalities. With sincerity and sparkle, Chris makes the case that life should be intentional, measurable, and ultimately — more loving.

🧰 Tools

  • octelium - octelium
    A next-gen FOSS self-hosted unified zero trust secure access platform that can operate as a remote access VPN, a ZTNA/BeyondCorp architecture, API/AI gateway, a PaaS, an infrastructure for MCP & A2A architectures or even as an ngrok-alternative and a homelab infrastructure.
  • seabee - National Security Agency
    SeaBee enforces policy-based access control on eBPF objects. Released by the NSA of all people.
Help me improve this newsletter:
Feedback Form

🎤 Events and CFPs

Events

  • 🇮🇳KubeCon + CloudNativeCon India - 6th → 7th August, 2025
  • 🇩🇪 ContainerDays - 9th 11th September, 2025
    I'll be speaking here on the final day. 😁
  • 🇧🇬 KCD Sofia - 18th September
    The first-ever KCD in Bulgaria! I'm sad to be missing this one, I'm sure it's going to be great!
  • 🇯🇵 KubeCon + CloudNativeCon Japan 2026 - 29th 30th July, 2026
    KubeCon will officially be back in Japan next year. This time in Yokohama.

CFPs

💬 Social Post of the Month

Bluesky post from Aurélie Vache with the following text: "My first PR in Kyverno GitHub organization has been accepted and merged 🎉 Nothing extraordinary but as usual it's in order to help on documentation to help users to adopt cool @cncf.io tools. #ThereIsNoSmallContributions"
I do love seeing documentation update PRs.

🤷 Misc & Fun

  • stacks·camera - Ben Foxall
    Collect a stack of photos by lining up your camera over the last picture you took.
  • SVGs that feel like GIFs - Vincent Warmerdam
    The moving image below is only 49Kb and has an incredibly high resolution. It's similar to a GIF but instead of showing moving images, it shows moving SVGs!
  • I displayed an open graph image and had to pay how much?! - Alistair Shepherd
    A media company demanded a license fee for an Open Graph image used on my twitter archive. I gave in and paid it, but what does that mean for open graph images and copyright?

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋