May 2025

👋 Intro

Welcome to the May edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

I don't know about y'all but this has seemed like a very looooonnngggg month for me! 😅 Been a lot going on for me it seems and the weather, at least here in the UK, has been a bit all over the place. Not sure if it's spring, summer or winter right now! 🤣

If any of y'all are going to be at KCD Czech & Slovak in Bratislava next week please do come find me and say hi! 👋 I'll be giving a talk Thursday afternoon about all the weird, wonderful and WTF things I discovered about Kubernetes Pods after doing a deep-dive to learn all I could about them.

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬
Alternatively, I'd appreciate if you took a couple minutes to fill out this feedback form so I know what is and isn't working. 🙏

📰 News & Articles

• CNCF and Synadia Align on Securing the Future of the NATS.io Project - CNCF
  Following on from the article featured in last months issue it seems that an agreement has been reached to secure the future of the NATS project.
• Dragonfly Is Not Redis: An Open Letter to the Community - Roman Gershman
  Dragonfly is often mistaken for Redis, to the point where Redis's lawyers have accused the Dragonfly team of misleading users. This post aims to set the record straight and make it clear that Dragonfly is not Redis.
• Gateway API or Ingress: A Developer’s Guide to Kubernetes Routing - Janakiram MSV
  The Kubernetes Gateway API is a more powerful and standardized successor to the Ingress API, addressing its limitations in handling advanced routing and portability.
• Scaling with safety: Cloudflare's approach to global service health metrics and software releases - Cloudflare
  Learn how Cloudflare tackles the challenge of scaling global service health metrics to safely release new software across our global network.
• VMware perpetual license holders receive cease-and-desist letters from Broadcom - Scharon Harding
  Broadcom says it may audit VMware users.
• Kubernetes v1.33: Image Pull Policy the way you always thought it worked! - Ben Petersen, Stanislav Láznička
  Some things in Kubernetes are surprising, and the way imagePullPolicy behaves might be one of them. Given Kubernetes is all about running pods, it may be peculiar to learn that there has been a caveat to restricting pod access to authenticated images for over 10 years in the form of issue 18787! It is an exciting release when you can resolve a ten-year-old issue.
• Kubernetes v1.33: From Secrets to Service Accounts: Kubernetes Image Pulls Evolved - Anish Ramasekar
  On a similar note to the above article some more improvements to Image Pulls come in v1.33 - Service Account Token Integration for Kubelet Credential Providers.
• Incident Report: Spotify Outage on April 16, 2025 - Spotify Engineering - Spotify Engineering
  On April 16, Spotify experienced an outage that affected users worldwide. Here is what happened and what they are going to do about it.
• Report calls for regulation of “legally and ethically flawed” VMware - Scharon Harding
  It seems the Broadcom / VMWare drama never ends. Now there's calls forregulatory action against the way Broadcom are handling their VMWare customers.
• In-depth look at CRDs and how they work under the hood - Gergely Brautigam
  A walk through how a CRD looks like, what it does, what it contains, how it works and how it alters Kubernetes. The design, the api extension and links and snippets to the code (accurate at the time of writing) where it happens. I do love a deep dive post!

🔒 Security

• European Union Vulnerability Database (EUVD)
  While the US CVE programme is undergoing budget difficulties and uncertainties (see last months issue) the EU have the EUVD as an alternative to ensure this critical service continues.
• Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images - Daniel Velikanski
  Wiz now offers minimal, near-zero CVE images for their customers as WizOS, which is now available in private preview.
• Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production - Michael Donovan & Nikhil Kaul
  Everyone is getting into the hardened container image game recently it seems (like the Wiz post above this one) and now Docker has announced it's offering.

🧑‍🏫 Tutorials, Videos & Podcasts

• Using Pinniped for authentication against Talos-based Kubernetes clusters - Simon Weald
  Usinig Pinniped to access Kubernetes on Talos; what it is, how it works and why Simon chose it.
• The Guide to Kubernetes Debugging - Rox Williams
  Kubernetes debugging is how you diagnose and resolve issues within your clusters. Learn how to debug Kubernetes in this guide.
• 📺 How Thanos Helps Scale Prometheus for Kubernetes Monitoring - Whitney Lee
  🌩️ Thunder is back with a new episode! This time, they're talking about how Thanos extends Prometheus.
• 🎙️ The Business of Open Source | How to be Successful when Donating a Project to the CNCF with Liz Rice
  Emily Omier talks with Liz Rice about how to be successful as a company that has donated their project to the CNCF. Seems like this is a bit of a hot topic currently so well worth a listen!
• End to end argo-workflow for CI/CD - Afzal Ansari
  If you're just getting started with GitOps or CI/CD pipelines in Kubernetes, Argo Workflows offers a powerful and Kubernetes-native way to automate your build pipelines.
• Understanding and optimizing resource consumption in Prometheus - Vladimir Guryanov
  Explore the Prometheus design and see which components consume the most resources. Find out why it happens, what affects it, and how you can optimize your setups to get the best performance in monitoring.
• 📺 What Is Cortex? Scalable, Multi-Tenant Storage for Prometheus Metrics - Whitney Lee
  Another issue of 🌩️ Thunder - this one has Whitney speaking with Friedrich Gonzalez from Adobe to break down what Cortex is, how it works and where it shines!
• How to Harden GitHub Actions: The Unofficial Guide - Rami McCarthy & Shay Berkovich
  Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.
• 📺 Secret Code to Synchronizing Business Outcomes with Platform Engineering Initiatives - Cloud Native Podcast
  Saim talks with Nicki Watt about the friction between business goals and platform roadmaps, missing concepts in our platform engineering vocabulary and how platform engineering is or isn't guiding the modernisation of the classic dev and ops workflows.

🧰 Tools

• Redis is now available under the the OSI-approved AGPLv3 open source license - Rowan Trollope
  Anyone else struggling to keep up with all these license changes lately? 😅 It looks like Redis has gone back to being Open Source as of release 8.0.0.
• Announcing etcd v3.6.0 - Benjamin Wang
  It's been 4 years since the last feature release of etcd (wow!) but this one comes packed with some fantastic performance improvements, among other things.
• renovate-pretty-log - Jamie Tanna
  Two utilities for exploring Renovate debug log files.
• azflow - Iliabuleh
  A CLI tool to detect and analyze cross–availability-zone pod-to-pod network traffic in Kubernetes using Cilium Hubble.

🎤 Events and CFPs

Events

• 🇸🇰 KCD Czech & Slovak - June 5th
  I'll be here giving my "Pod Deep Dive" talk. Come say hi 👋 if you're about!
• 🇮🇹 Cloud Native Days Italy - June 24th
  You can get a discount using code community-speaker-earlybird-43CE13 ✨
• 🇳🇱 KCD Utrecht - July 3rd
  I reviewed some of the CFPs for this and I can tell you... it's going to be an amazing event! So many high quality submission. Grab your ticket while you can!
• 🇩🇪 Cloud Native Summit Munich - July 21st
  I'll also be here giving my "Pod Deep Dive" talk. Come say hi 👋 if you're about!
• 🇩🇪 ContainerDays - September 9th - 11th
  I'm going to be speaking about Kubernetes admission logic at this along with a huge line up of amazing talks spread over 3 days! 😮
• 🇬🇧 Civo Navigate London - September 30th
  Grab a ticket for only $25 with promo code KUNAL25 ✨

CFPs

• 🇬🇧 KCD UK Edinburgh - Closes 🔜 June 8th
• 🇵🇱 KCD Warsaw - Closes 🔜 June 15th
• 🇳🇴 Cloud Native Day Bergen - Closes July 1st
• 🇸🇻 KCD El Salvador - Closes July 6th
• 🇱🇰 KCD Sri Lanka - Closes August 4th

💬 Social Post of the Month

🤷 Misc & Fun

• My tips on giving technical talks - Marcus Noble
  A personal plug from my own blog (sorry, not sorry 😅) where I share my tips on giving talks at technical events such as meetups and conferences. I have also started including tips from others as well so please reach out if you have some advice to share.
• Notable People - Topi Tjukanov
  A fascinating interactive map of the world that highlights where famous or notable people were born.
• Ground control to Major Trial - Olivier Lambert
  An interesting look at how an unnamed company was using free trials for years be cycling through all their email addresses.

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋