June 2026

👋 Intro

Welcome to the June edition of CloudNative.Now - a monthly newsletter that covers all that has been happening in the cloud native world in the past month!

Phew! 🥵 It's been a hot one this month, right? I hope y'all have been coping with the heat wave better than I have. I'm very thankful to have bought some portable air con units last year but really not looking forward to my electricity bill this month! 😬

Not too many updates from my this month but next month I've got a couple things I'm really looking forward to! First, I'm going to be at EMF Camp for the second time - cannot wait! It's going to be a lot of fun and if you're also going please reach out and we can meet up! After that I'm heading to 🇯🇵 Japan for the first time ever! 😁 Very, very excited! I'll be heading to KubeCon Japan for a couple days (come find me if you're also there!) and then heading over to Tokyo for a week to celebrate my birthday. As such, there might be a delay in getting next months issue out.

As always, you’re invited to subscribe to the email newsletter or add the RSS feed to your favourite feed reader to make sure you don’t miss anything! And please help to spread the word and recommend this to your friends and network if you find the content useful! 💙

If you have any feedback or have any links you’d like to suggest please reach out on Bluesky or Mastodon! 💬

📰 News & Articles

• From Kubernetes Dashboard to Headlamp: Understanding the Transition - Will Case
  For many people, Kubernetes Dashboard was their first window into Kubernetes. It offered a simple visual way to see what was running in a cluster, inspect resources, and build confidence without relying on the command line. For years, it helped developers, students, and operators make sense of Kubernetes, and it served as an important onramp into the ecosystem. The Kubernetes Dashboard project has now been archived and this post looks into what the transition to Headlamp as the defacto UI for Kubernetes looks like.
  There has also been a few posts this month introducing specific plugins for Headlamp:
  • See your serverless: introducing the Headlamp plugin for Knative
  • Inspect Volcano workloads faster with Headlamp
  • Introducing the Cluster API plugin for Headlamp
• One Year Inside the Engine Room of Cloud Native Days Romania - Diana Todea
  Diana shares their experiences transitioning from a speaker to an organizer for Cloud Native Days Romania, highlighting the complexities of coordinating a large-scale community event.
• Kubernetes Autoscaling - Justin Garrison
  This article examines the complexities of Kubernetes autoscaling, highlighting how the shift from static to dynamic infrastructure introduces new engineering challenges and costs. Justin explores the "autoscaling tax" and the difficulties of managing scaling tools while seeking solutions for cost reporting and optimisation.
• Eliminating Kubernetes Image Signature Replication - Sascha Grunert
  The image promoter rewrite laid the groundwork for simplifying how Kubernetes delivers container image signatures. One of the rewrite phases separated image signing from signature replication into distinct pipeline stages. This follow-up covers the next step: eliminating signature replication entirely.
• Inspektor Gadget: Results from the first security audit - Brian Benz, Francis Laniel, Maya Singh, Helen Woeste & Pietro Tirenna
  Inspektor Gadget, the open source eBPF-based toolkit for Kubernetes observability and Linux host inspection, has completed its first independent security audit.
• I Tried MicroCloud and It Might Be Canonical's Most Interesting Home Lab Project Yet - Brandon Lee
  More home labbers are talking about MicroCloud. Here's why Canonical's lightweight private cloud platform is getting so much attention.
• Helm 3 End of Life - George Jenkins
  Helm 3 is approaching end-of-life. A final, limited Helm 3 feature release will be September 9th, 2026, with security patches continuing to be provided through February 2027. Be sure to upgrade to Helm 4 as soon as you can.
• Securing CI/CD for an open source project: Locking down dependencies - André Martins & Feroz Salam
  This is the second post in a three-part series on how Cilium hardens its CI/CD pipeline. Part 1 covered access control: who can trigger builds and what code CI is allowed to execute. This post covers locking down of dependencies.
• Athena: Chainguard announces an industry coalition - Chainguard
  Chainguard has announced the launch of Athena, an industry coalition dedicated to the orchestrated defense of open-source software. The initiative allows members to collaborate on vulnerability findings in the hope of getting fixes out faster and to more people.
• Docker-in-Docker Security Risks and How to Escape Them - James Petersen
  Docker-in-Docker forces a choice between socket mounting and privileged containers. This post covers how Edera eliminates both risks with hardware-enforced workload isolation. I'll admit this is pretty much a product pitch for Edera but their technology is super interesting and worth a read.
• Making HTTP requests from a container that has no curl, using bash /dev/tcp - Marek Šuppa
  Minimal container images often ship without curl, wget, or any HTTP client at all. Bash can open a TCP socket through /dev/tcp, which is enough to write a tiny HTTP/1.1 request by hand for quick checks. I had no idea this was possible and there have for sure been some times in the past where this would have been really useful.
• Configuration management at Giant Swarm: a historical overview - Laszlo Uveges
  Three eras, two painful failure modes, and the lessons that forced Giant Swarm to rethink configuration management from the ground up. I was at Giant Swarm for some of this work and I can tell you it was quite a rollercoaster of ups and downs at times.
• Open source maintainership in the age of AI - Kevin Hannon
  AI has really changed the game around software development. More people are leveraging AI than ever to contribute patches to projects they use. To Kevin, this is a good thing as more folks will contribute patches rather than fork or not fix them. The main problem is that AI has made generating code fast but there has been very little improvement in maintaining code bases. In this post, Kevin highlights the ways the Kubernetes community is adapting to the world of AI assisted coding.
• Spotlight on WG Device Management - Natalie Fisher
  The rising popularity of AI, Edge, and Telecommunications workloads on Kubernetes has led to new requirements for hardware management. We now need hardware specification beyond CPU time and memory allocations. This includes allocating GPUs, TPUs, network interfaces, and other hardware, sometimes after pod start and occasionally through time-sharing. Efficiently managing this specialized hardware is the mission of the Device Management Working Group. Their cornerstone project, Dynamic Resource Allocation (DRA), recently graduated to GA, marking a fundamental shift in how the project handles hardware-intensive workloads at scale.
• How Netflix Simplified Batch Compute with Kueue - Alvin Bao, Alex Petrov, Jennifer Lai, Aidan Sherr & Samartha Chandrashekar
  Netflix describes its migration of batch compute workloads to Kueue, a Kubernetes-native job queuing system, to simplify large-scale batch processing and leverage advanced scheduling features.
• Minimus Community Edition: Free Hardened Container Images - John Morello
  Get free hardened container images from the entire Minimus gallery. Built from source, near-zero CVEs, no signups, and enterprise-grade compliance. This is awesome to see but in all honesty I'm wary thanks to what we've seen in the past with Docker Hub and Bitnami changing the terms of these kind of things at short notice.

🔒 Security

• Do containers still contain? - Rory McCune
  The questions of whether containers really contain has been an active topic of debate since pretty much as long as containers have been in use and the answer, like most things in security, is it depends!
• Container Escape Benchmark: Zero Escapes Against Edera Zones - Jed Salazar
  A recent security benchmark demonstrates that frontier LLMs can successfully achieve container escapes in standard Docker environments roughly 50% of the time. In contrast, testing the same 18 attack scenarios against Edera Zones resulted in zero successful escapes, showcasing the security benefits of Edera's hardware-isolated, per-workload architecture much more effectively.
• BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME
  I have no words for this. Just go look at it!

🧑‍🏫 Tutorials, Videos & Podcasts

• SOPS + Age and Sealed Secrets - Jonas Hietala
  This tutorial discusses using SOPS and Age alongside Sealed Secrets to manage Kubernetes secrets both inside and outside the cluster, providing a more comprehensive GitOps workflow.
• 📺 OpenFGA: Relationship-Based Authorization at Scale - Whitney Lee
  Whitney is joined by Reghd Hazeh to explore OpenFGA, a high-performance authorization engine designed for fine-grained, relationship-based access control at scale. It explains how OpenFGA uses a model of users, relations, and objects to provide efficient authorization for complex use cases, such as nested resource sharing and delegating access to sensitive information.
• 📺 How we solved AKS cluster sprawl - Kube & Tell - Azure Kubernetes Service
  In this episode of Kube & Tell, Vigh Madas discusses strategies for managing AKS cluster sprawl within large organizations. They present production-grade Azure Kubernetes and security, versioning, and cost control for highly regulated environments.
• 🎙️ From Platform Engineering to Stand-Up Comedian, with Lian Li - Software Defined Talk
  In this episode, Whitney and Coté interview tech veteran Lian Li about her unique career transition from platform engineering to stand-up comedy and performance art. The conversation explores her passion for community building, her improv workshops for engineers, and the intersection of professional tech life with creative pursuits.
• 📺 Cilium Explained: eBPF-Powered Kubernetes Networking - Whitney Lee
  Whitney is joined by the lovely Duffie Cooley to explain how Cilium leverages eBPF technology to provide advanced networking, observability, and security for Kubernetes environments. It highlights why Cilium has become one of the most widely adopted Container Networking Interfaces (CNIs) for production-grade Kubernetes clusters.

🧰 Tools

• seebom - seebom-labs
  A standalone, Kubernetes-native Software Bill of Materials (SBOM) visualization and governance platform.
• CompanyStats - CNCF DevStats Company Search - Mario Fahlandt
  CompanyStats is an unofficial tool that provides a fuzzy search across companies contributing to CNCF projects by leveraging DevStats data. It helps users discover the landscape of company-led contributions within the cloud-native ecosystem.
• container - Apple
  Apple's container project is one year old! Release 1.0.0 is now available, introducing significant updates such as the new "container machine" feature for long-lived Linux environments with tight host integration. This release also includes a transition to TOML-based configuration files, the addition of a container cp command, and various improvements to the tool's CLI and API.
• helm-tview - Arjun Dandagi
  helm-tview is a Helm plugin that renders helm template output into a split-view Tui, allowing users to browse and preview generated manifest files directly in the terminal.
• sem - Ataraxy Labs
  sem is a tool that brings semantic understanding to Git by providing entity-level diffs, blame, and impact analysis across 26+ programming languages.
• renovate-operator - mogenius
  Operator to streamline renovate executions in Kubernetes.
• mocker - Recep S
  Docker-compatible container CLI built on Apple's Containerization framework. Same commands, same flags - mocker run, ps, stop, build, compose, stats - all working on macOS 26.
• virtrigaud - projectbeskar
  Virtrigaud v0.3.11 introduces updates to the Kubernetes operator for managing virtual machines across multiple hypervisors. The release focuses on maintaining the platform's ability to provide a unified, declarative API for provisioning VMs on vSphere, Libvirt/KVM, and Proxmox VE.
• webernetes - ngrok
  Webernetes is a browser-based simulator that runs a Kubernetes cluster entirely within the web browser without the need for backend infrastructure. It allows users to boot clusters and manage resources like Pods, Services, and Deployments while visually observing HTTP and DNS traffic between components.
• CEL finds a new home at github.com/cel-expr! - Olena Huang
  The official Common Expression Language (CEL) repositories have moved to the new cel-expr GitHub organization.

🎤 Events and CFPs

Events

• 🇺🇸 KubeCon + CloudNativeCon NA - Nov 9th → 12th
  You can get a 25% discount on tickets using this code - KCNA26AMB25

CFPs

• 🌐 kcpCON - Deadline 12th July
• 🇮🇳 KCD Gujarat - Deadline 14th July
• 🇧🇬 KCD Sofia - Deadline 18th July

💬 Social Post of the Month

🤷 Misc & Fun

• CollectorGame
  CollectorGame teaches you the OpenTelemetry Collector through hands-on challenges. You write real YAML configs, redacting PII, filtering noise, transforming telemetry, and the app validates them against a live collector. Each correct answer earns points, unlocks harder challenges, and builds your OTEL skills.
• 6 lessons learned from 6 years of building relationships with events - Julia Hahn
  Julia breaks down how Giant Swarm runs small, intimate events to build real relationships with folks rather than going for large numbers. I always really liked this approach.
• illust - aoi1
  Repository for Illustration Assets that you are free to use these for presentation materials and more!

That's all for this month!
Thank you for reading! 💙

If you enjoyed this post, please spread the word and share with your friends.

~ Marcus 👋