2026-06-15 00:00
π In our latest SIG Spotlight, we explore SIG Storage, a pivotal group in the Kubernetes community. Co-Chair Xing Yang discusses its role in managing persistent data and integrating storage for Kubernetes workloads. Key features like Volume Group Snapshot and Changed Block Tracking are enhancing data protection and efficiency. As Kubernetes evolves, SIG Storage is adapting to support AI workloads, emphasizing intelligent data management and low-latency performance. Interested in contributing?...
Source: Kubernetes Blog
2026-06-01 18:00
Kubernetes Dashboard has been archived, marking the end of an era for many users. It provided an intuitive way to manage Kubernetes clusters. Enter Headlamp, which builds on this foundation. It offers a familiar interface while adding features like multi-cluster visibility and application-centric views. Headlamp supports existing workflows and enhances user experience with plugins and flexible deployment options. As you transition, you'll find many tasks from Dashboard remain while new...
Source: Kubernetes Blog
2026-05-26 17:30
π¨ Important Update for Kubernetes Users π¨ The Kubernetes project is correcting CVE records for several unfixed vulnerabilities. These updates, effective June 1, 2026, will ensure accurate documentation and enhance security awareness. Key vulnerabilities include: - **CVE-2020-8561**: Medium severity issue with webhook redirects. - **CVE-2020-8562**: Low severity proxy bypass via DNS. - **CVE-2021-25740**: Low severity cross-namespace forwarding flaw. These changes aim to improve automation...
Source: Kubernetes Blog
2026-05-20 00:00
π Exciting news from SIG-Etcd! The first beta release of etcd v3.7.0 is now available for testing. This update introduces the RangeStream feature, improving how large result sets are handled, enhancing security, and refining legacy components. π
Note: Version 3.4 has reached its end of life. Users are encouraged to upgrade to ensure continued support. For details and to provide feedback, check the documentation and reach out via GitHub or the #SIG-etcd Slack channel. #etcd #Kubernetes...
Source: Kubernetes Blog
2026-05-15 18:35
Kubernetes v1.36 has introduced a new alpha counter metric, `route_controller_route_sync_total`, to the Cloud Controller Manager. This metric tracks route syncs with the cloud provider. The addition supports the CloudControllerManagerWatchBasedRoutesReconciliation feature, which optimizes route reconciliation by responding only to actual node changes. This reduces unnecessary API calls and helps manage API quotas more effectively. For A/B testing, compare sync rates with the feature gate...
Source: Kubernetes Blog
2026-05-15 18:00
π Exciting news for Kubernetes users! The Mixed Version Proxy (MVP) has graduated to Beta in Kubernetes v1.36 and is enabled by default. MVP enhances cluster upgrades by routing requests for unknown resources to newer API servers, preventing 404 errors and ensuring smoother operations. Key improvements include a shift from StorageVersion API to Aggregated Discovery, allowing for a unified view of all available APIs across the cluster. For those running multi-master clusters, review your API...
Source: Kubernetes Blog
2026-05-14 18:35
π¨ Kubernetes 1.36 has officially deprecated the .spec.externalIPs field for Services. This change addresses security issues related to trusting users within a cluster, which could lead to vulnerabilities (CVE-2020-8554). π Instead, users are encouraged to explore better alternatives for load balancing in non-cloud clusters, such as using manually-managed LoadBalancer Services or the Gateway API. β οΈ For those still using .spec.externalIPs, enabling the DenyServiceExternalIPs admission...
Source: Kubernetes Blog
2026-05-13 18:35
π Kubernetes v1.36 introduces major advancements in workload-aware scheduling, addressing unique challenges posed by AI/ML and batch workloads. Key updates include the new Workload API as a static template and the PodGroup API for runtime management. This architecture improves scheduling efficiency and scalability. Additionally, features like topology-aware scheduling and workload-aware preemption enhance overall capabilities, making scheduling more efficient for complex workloads. π Learn...
Source: Kubernetes Blog
2026-05-12 18:35
π Kubernetes v1.36 has introduced Pressure Stall Information (PSI) metrics, which offer crucial insights into resource saturation before outages occur. Unlike traditional metrics, PSI highlights stalled tasks and time lost across CPU, memory, and I/O. π Performance tests confirm that the Kubelet's overhead is minimal, ensuring safe production use even under high-density workloads. π To utilize PSI metrics, ensure your nodes are running a compatible Linux kernel and cgroup v2. For more...
Source: Kubernetes Blog
2026-05-08 18:35
π Exciting news for Kubernetes users! The Kubernetes v1.36 release has moved Volume Group Snapshots to General Availability (GA). This feature allows for crash-consistent snapshots of multiple volumes, enhancing data integrity during recovery. Volume Group Snapshots rely on new APIs and are supported only for CSI volume drivers. They enable users to restore workloads efficiently by grouping PersistentVolumeClaims for snapshotting. For more details on using this feature, check out the...
Source: Kubernetes Blog
2026-05-07 18:35
π The Kubernetes v1.36 release enhances Dynamic Resource Allocation (DRA), introducing new features and improvements for managing hardware accelerators and resources. Key updates include: - **Prioritized List**: Define fallback preferences for device requests, improving scheduling flexibility. - **Extended Resource Support**: Bridges traditional systems while transitioning to DRA. - **Partitionable Devices**: Share hardware accelerators efficiently across Pods. For more insights on DRA and...
Source: Kubernetes Blog
2026-04-29 18:35
π Exciting updates in Kubernetes v1.36 for Memory QoS! The new release introduces opt-in memory reservation and tiered protection based on QoS class. Guaranteed Pods now have hard protection, while Burstable Pods enjoy soft protection. This enhances memory management and reduces the risk of OOM kills. Additionally, observability metrics and kernel-version warnings are included. #Kubernetes #MemoryQoS #CloudComputing #DevOps #K8sUpdates
Source: Kubernetes Blog
2026-04-28 18:35
Kubernetes v1.36 introduces significant updates to address staleness in controllers, a common issue that can lead to incorrect actions being taken. With this release, improvements in both client-go and kube-controller-manager enhance the accuracy of controller actions by ensuring they check for the latest resource versions before acting. π οΈ Key updates include atomic FIFO processing in client-go and new capabilities for the DaemonSet, StatefulSet, ReplicaSet, and Job controllers. These...
Source: Kubernetes Blog
2026-04-27 18:35
Kubernetes v1.36 introduces a significant update: the ability to modify resource requests and limits for suspended Jobs, now in beta. This feature allows adjustments to CPU, memory, and GPU specifications while the Job is paused. Previously, resource settings were fixed, necessitating Job deletion to make changes. This update benefits batch and machine learning workloads where resource needs can vary. Clusters running v1.36 can use this feature by default, enabling better resource management....
Source: Kubernetes Blog
2026-04-24 18:35
π Exciting news for Kubernetes users! The fine-grained kubelet API authorization feature has officially graduated to General Availability (GA) in Kubernetes v1.36. This enhancement enables precise access control over the kubelet's HTTPS API, improving security by eliminating the need for broad nodes/proxy permissions. Previously, monitoring tools required nodes/proxy access, which exposed them to significant security risks. The new approach allows for least-privilege access, reducing the...
Source: Kubernetes Blog
2026-04-23 18:35
π Kubernetes v1.36 has officially launched User Namespaces as a General Availability (GA) feature! This Linux-only advancement allows for "rootless" security isolation for workloads. π By setting hostUsers: false, capabilities like CAP_NET_ADMIN can be namespaced, enabling new use cases while maintaining security. βοΈ The implementation leverages ID-mapped mounts, making file ownership transparent and efficient, enhancing performance. For detailed usage, check the documentation! #Kubernetes...
Source: Kubernetes Blog
2026-04-22 18:35
π Exciting news for Kubernetes users! The upcoming Kubernetes v1.37 release is set to enable the SELinuxMount feature gate by default. This change aims to speed up volume setup for most workloads. However, it may impact applications relying on the old recursive relabeling model. π It's essential to audit your clusters with v1.36 to identify any potential issues, especially if you're using SELinux in enforcing mode. If your nodes donβt use SELinux, you can ignore this update. #Kubernetes...
Source: Kubernetes Blog
2026-04-22 00:00
π The Kubernetes v1.36 release is here, featuring 70 enhancements! π± This update includes 18 features graduating to Stable, 25 to Beta, and 25 to Alpha. Highlights include fine-grained API authorization and new workload-aware scheduling capabilities. πΎ The release is symbolized by the βHaruβ logo, inspired by Japanese art, representing collaboration and community support. π Donβt miss the deprecations and removals in this version. Check out the full release notes for more details! #Kubernetes...
Source: Kubernetes Blog
2026-04-21 16:30
π Exciting news from the Kubernetes SIG Network community! The Gateway API has released version 1.5, focusing on promoting several Experimental features to Stable. Key updates include ListenerSet, TLSRoute, HTTPRoute CORS Filter, and more. A new release process has also been introduced to enhance reliability. Special thanks to all contributors for their hard work! π #Kubernetes #GatewayAPI #CloudComputing #TechNews #DevOps
Source: Kubernetes Blog
2026-03-30 00:00
π Kubernetes v1.36 is set to launch on April 22, 2026, featuring significant enhancements, removals, and deprecations. π Key updates include the retirement of Ingress NGINX and deprecation of the .spec.externalIPs field in Services, which has raised security concerns. π Other enhancements will focus on improving security and performance, including external signing of ServiceAccount tokens and support for partitionable devices. Stay tuned for more updates! #Kubernetes #KubernetesRelease...
Source: Kubernetes Blog
2026-03-20 19:00
π Exciting news for Kubernetes users! The Ingress2Gateway 1.0 has been released, aiding your transition from Ingress-NGINX to Gateway API before its retirement in March 2026. This tool simplifies migration by translating Ingress resources and annotations into Gateway API while highlighting any unsupported configurations. Key features include support for over 30 Ingress-NGINX annotations and comprehensive integration testing to ensure consistency in behavior. For more details, check the...
Source: Kubernetes Blog
2026-03-20 18:00
π The AI landscape is evolving with the rise of long-running, autonomous agents. Traditional models are being replaced by coordinated AI agents that maintain context and communicate over time. Kubernetes is emerging as the preferred platform for hosting these workloads, but new abstractions are needed. Enter the Agent Sandbox project under SIG Apps, which introduces a standardized API for stateful AI agent runtimes. Key features include strong isolation for untrusted code, efficient lifecycle...
Source: Kubernetes Blog
2026-03-18 18:00
π During production debugging in Kubernetes, broad access can lead to challenges in auditing and security. The article highlights three key practices for improving security: 1οΈβ£ Implement least privilege with RBAC. 2οΈβ£ Use short-lived, identity-bound credentials. 3οΈβ£ Utilize a just-in-time access gateway for secure debugging. These strategies help control access and ensure sessions are temporary and accountable. #Kubernetes #DevOps #Security #RBAC #CloudNative
Source: Kubernetes Blog
2026-03-17 00:00
π The Kubernetes image promoter, kpromo, has undergone a significant rewrite to improve efficiency. Originally launched in 2018, this tool ensures container images are copied, signed, and verified across multiple registries. The recent update has cut the codebase by 20% while boosting performance. Key changes include a new architecture with seven distinct phases for image promotion and enhanced features like vulnerability scanning. No user-facing changes were made, meaning workflows remain...
Source: Kubernetes Blog
2026-03-09 18:00
π Exciting news from the Kubernetes community! The AI Gateway Working Group has been formed to establish standards for networking infrastructure that supports AI workloads. This group aims to enhance the Gateway API with AI-specific capabilities like token-based rate limiting and fine-grained access controls. Their mission includes developing declarative APIs and fostering discussions around best practices. Active proposals focus on payload processing and egress gateways for secure traffic...
Source: Kubernetes Blog
2026-02-27 15:30
π¨ Kubernetes is set to retire Ingress-NGINX in March 2026, revealing unexpected behaviors that could affect your cluster. This article outlines five key behaviors to be aware of, including regex handling and URL normalization. It provides insights on migrating to Gateway API while preserving critical functionalities. Stay informed and prepare for a smooth transition! ππ #Kubernetes #IngressNGINX #CloudComputing #GatewayAPI #DevOps
Source: Kubernetes Blog
2026-02-12 00:00
π Dive into the latest SIG Architecture Spotlight featuring Jordan Liggitt, lead of the API Governance sub-project! Jordan has been involved with Kubernetes since 2014, focusing on enhancing API stability while fostering innovation. He emphasizes the importance of various APIs, including command-line flags and configuration files, not just the REST API. The API Governance project aims for consistency in API design, ensuring quality through guidelines and review processes during the Kubernetes...
Source: Kubernetes Blog
2026-02-03 02:00
π Exciting news for Kubernetes users! The Node Readiness Controller has been introduced to enhance node management in complex environments. This new system allows operators to define custom readiness criteria and dynamically manage node taints, ensuring workloads only run on fully operational nodes. Key features include: - Custom Readiness Definitions - Automated Taint Management - Declarative Node Bootstrapping The controller utilizes the NodeReadinessRule (NRR) API for effective node...
Source: Kubernetes Blog
2026-01-30 16:00
π’ A new conversion formula for cgroup v1 CPU shares to cgroup v2 CPU weight has been implemented, addressing key issues in CPU priority allocation for Kubernetes workloads. The previous formula reduced priority for Kubernetes containers and limited granularity for resource distribution. The updated formula enhances priority alignment and improves resource management. Adoption depends on OCI runtimes like runc (v1.3.2) and crun (v1.23). Testing in non-production environments is recommended...
Source: Kubernetes Blog
2026-01-29 00:00
π¨ Important Update for Kubernetes Users π¨ Kubernetes will retire Ingress NGINX in March 2026. This affects about 50% of cloud-native environments. After retirement, there will be no updates or security patches, leaving users vulnerable to attacks. Now is the time to check if you rely on Ingress NGINX and plan your migration to alternatives like Gateway API or other third-party controllers. Don't wait until it's too late! π‘οΈ #Kubernetes #IngressNGINX #CloudNative #Security #Migration
Source: Kubernetes Blog
2026-01-28 00:00
π Setting up a local experimental environment with Gateway API on kind is now easier! This guide walks you through creating a Kubernetes cluster, deploying cloud-provider-kind, and configuring Gateway API resources for testing. Before starting, ensure you have Docker, kubectl, kind, and curl installed. π§ Key steps include: 1. Create a kind cluster. 2. Install cloud-provider-kind for LoadBalancer and Gateway API. 3. Deploy a demo application and test Gateway routing. Remember, this setup is...
Source: Kubernetes Blog
2026-01-27 16:00
π Exciting news for Kubernetes users! The Cluster API v1.12.0 release introduces in-place updates and chained upgrades, enhancing cluster lifecycle management. π In-place updates allow for efficient changes to existing machines without the need for deletion, optimizing resource management. π Chained upgrades let users upgrade multiple Kubernetes minor versions in one go, simplifying the upgrade process. For more details, check out the latest release notes! #ClusterAPI #Kubernetes...
Source: Kubernetes Blog
2026-01-22 02:00
π Exciting updates from Headlamp in 2025! Headlamp has officially joined Kubernetes SIG UI, enhancing its integration within the Kubernetes community. The project is reaching more teams and improving workflows through new plugins and features. Key highlights include a new multi-cluster view for easier management, an application-centric "Projects" feature, and an AI Assistant for natural-language queries. Learn more about the improvements and contributions from our talented mentees and...
Source: Kubernetes Blog
2026-01-21 18:00
π Exciting news for the Kubernetes community! We are launching the Checkpoint Restore Working Group to integrate Checkpoint/Restore functionality. Key scenarios include optimizing resource use, accelerating app startup, and enabling fault-tolerance for long-running workloads. Join us every second Thursday at 17:00 UTC to discuss and contribute! ποΈ #Kubernetes #CheckpointRestore #OpenSource #TechCommunity
Source: Kubernetes Blog
2026-01-19 18:00
π οΈ Interested in developing a command line client for Kubernetes? This article explores the use of the `clientcmd` library, which simplifies handling kubectl-style command line arguments in Go. It outlines how to configure settings, manage kubeconfig files, and bind command line flags. Key features include user impersonation and HTTP Basic authentication support. Check out how to streamline your API requests with Kubernetes! π #Kubernetes #ClientDevelopment #GoLang #DevOps #APIs
Source: Kubernetes Blog
2026-01-09 18:30
π Kubernetes v1.35 introduces a new feature: the credential plugin policy and allowlist. This enhancement allows users to control what executables kubeconfigs can invoke, improving security against potential supply-chain attacks. Users can manage this by editing the kuberc configuration file without writing code. For more details, check the official documentation! π #Kubernetes #DevOps #CloudSecurity #kubeconfig #TechUpdates
Source: Kubernetes Blog
2026-01-08 18:30
π Kubernetes v1.35 introduces mutable PersistentVolume node affinity in alpha, allowing more flexible online volume management. Previously immutable, this change lets administrators adapt to evolving storage needs without data loss. With features like live migration to regional disks, it's crucial for Pods to access the right nodes. However, caution is advised: race conditions may arise when updating node affinity. Future integration with CSI aims to streamline this process. π§ Feedback is...
Source: Kubernetes Blog
2026-01-07 18:30
π Kubernetes v1.35 introduces a significant update for CSI drivers using service account tokens. Previously, tokens were passed via the volume_context field, which is not ideal for sensitive data. With the new beta feature, tokens can now be sent through the secrets field in NodePublishVolumeRequest, enhancing security. π This opt-in mechanism allows existing drivers to continue functioning while enabling a smoother transition to safer practices for those ready to adopt it. π οΈ #Kubernetes...
Source: Kubernetes Blog
2026-01-05 18:30
π Kubernetes v1.35 introduces Extended Toleration Operators, allowing numeric comparisons for tolerations. With new Gt (Greater Than) and Lt (Less Than) operators, users can make smarter scheduling decisions based on specific thresholds, enhancing SLA-based placements and cost efficiency. This alpha feature aims to optimize workload distribution while maintaining the safety model of taints. For more info, check the Kubernetes community! π #Kubernetes #CloudComputing #DevOps #TechNews #OpenSource
Source: Kubernetes Blog
2026-01-02 18:30
π Kubernetes 1.35 introduces the Restart All Containers feature, enabling efficient in-place restarts of Pods. This is crucial for AI/ML workloads, reducing overhead and enhancing recovery processes. By allowing full resets without recreating Pods, developers can focus more on training logic while Kubernetes handles failures effectively. Enable this feature by activating the RestartAllContainersOnContainerExits gate. #Kubernetes #AI #MachineLearning #DevOps #CloudComputing
Source: Kubernetes Blog