A critical CVE-2025-7342 hauntsKubernetes Image Builder v0.1.44and earlier. It shipsNutanix/OVAimages with defaultWindows Administratorcreds intact. That slip-up invites root access on Windows nodes. Linux builds and other providers dodge this bullet. Mixed clusters run hot until images rebuild or p.. read more  

Amazon ECS tasks fire logs through a FireLens sidecar. Fluent Bit ships them into a shared Amazon OpenSearch Serverless domain. Cross-account IAM roles lock down access. The pipeline centralizes logs, unlocks full-text search, SQL and PPL queries, and slashes storage costs with on-demand indexing. .. read more  

Cloud Native Computing Foundation’s mid-year report drops.Kubernetescommands 3,500+ authors.OpenTelemetryrockets to 1,884 contributors, snagging second in PR velocity.Backstageclimbs to 649.Argo(860) andFlux(156) lock GitOps in place.Kubeflowbreaks into the top 30 with 302. Trend to watch:Internal .. read more  

EKS Hybrid Nodes corrals on-prem and edge servers as remote Kubernetes nodes over Direct Connect or VPN. It rides onCiliumorCalico, with BGP or static routes. For local load balancing, it spins upMetalLBat Layer 2/3. For NLB/ALB sync, it taps theAWS Load Balancer Controller. Workflows stay unified... read more  

ContainerHijack hijacksDocker Image Manifest V2 Schema 2. It taints images inDocker Hub,Amazon ECR,GCR. Scanners shrug. Signature checks buckle. Defenders deploypolicy-as-code admission controllers. They lock down Terraform ECR push policies.Falco rulesflag strange layers, ghost pushes, rogue proces.. read more  

KubeVirt spins up VMs inside Kubernetes clusters. It hooks intoPortworxfor stateful volumes. It tapsOpenShiftorRancherto match VMware’s arsenal. Declarative YAML meetsGitOpspipelines, unified schedulers and RBAC. Teams juggle VMs and containers on one toolchain. License bills shrink. Infra shift:Le.. read more  

ControlPlane Enterprise for Flux CD drops thed1 reference architectureandDesign 1 Reference Architecture Guide. It packs production-grade playbooks for sprawling multi-tenant, multi-cluster setups. The repo flexes real code:GitHub fine-grained Personal Access Tokens,Kubernetes RBAC, and auto-promoti.. read more  

Amazon EKS now powers IPv6 dual-stack VPC clusters. It doles out /80 prefixes via the VPC CNI flagsENABLE_V6_EGRESSandENABLE_V4_EGRESS.  AWS ships an Istio multi-cluster playbook—single-VPC to multi-VPC. It rigs remote reader secrets and east-west gateways, fusing IPv4 and IPv6 for service discovery.. read more  

Fluent Operator tapsCRDsto tameFluent Bitin Kubernetes. It channels inputs, filters, parsers, outputs into auto-generated configs. Then spins up the DaemonSet. TheFluent Bit Watcherwrapper hot-swaps configs on CRD tweaks. No pods restart... read more  

Kong offers three different helm charts for Kubernetes ingress, leveraging the new Gateway API. Kong Gateway Operator simplifies deployment and management by using CRDs instead of custom helm charts. Using GatewayClass and Gateway resources are essential for the operator to spin up dataplanes and co.. read more