We’re excited to announce a slew of graduated project updates. Read on for some, but not all, of the latest news from the project teams, or get the comprehensive details on the video (which will preview at KubeCon + CloudNativeCon Europe 2024.)

Cilium Project

We’ve just released 1.15, which brings lots of new features such as Gateway API support for routing traffic into your cluster session authentication for BGP. Look for lots of improvements to Hubble to help you debug network problems, a new provider for installing with Terraform or Open Tofu, and lots of scalability improvements. 


Unlike other projects, we’re going to take a very measured pace because CloudEvents is a set of conventions for interoperability and our job now as a project is to keep that foundation stable for everybody who built on it. There is an area where we are iterating very rapidly and that is X Registry. 


We have exciting updates for the Envoy proxy project. We have added an HTTP basic as an extension and we have switched to a new conduct type for H2 connections, which greatly improves security. We also have updates for the Envoy Mobile project. Mobile binary size is now substantially smaller and we have added XDS support for Envoy Mobile. 


So what does the future hold for Falco? We’re looking for deeper integrations across a wide variety of developer touchpoints. We want more detections, richer signals, and deeper integrations with things like version control systems and cloud logging. If you’d like to help with that, come and find us in the Project Pavilion at KubeCon + CloudNativeCon Europe 2024.


We are announcing Fluentd Version 3, which comes with exciting new features like higher performance, new support for HTTP Version 2, GRPC remote, a right extended processor for logs, metal and traces, and new metal collectors for Macs and Windows.


Recently we completed our second security audit and the big news is that there are no CVEs thanks to the CNCF, the Open Source Technology Improvement Fund, and Trail of Bits for keeping Flux safe. In December, we cut our first generally available release, Flux 2.2.0, and now we’re at version 2.2.03. 


In December 2023, we released Harbor 2.10. We started working on the SBO integration and we also added a new interface that sets up robot accounts to allow them full access so you can implement all your infrastructure needs. The major update here is the upcoming distribution release version 3.


Istio is now even better with ambient mode, which will be in beta in our upcoming release. Ambient uses a lightweight shared node proxy as a secure overlay to provide mutual TLS metrics and layer four authorization policies. By removing sidecars from the data plane, we decouple the lifecycle of Istio from the deployment of your application.


Over the last few months we spent time improving our authentication story, and now we have  solid support for all major cloud providers. We also extended our monitoring stack. Right now we support parameters, metrics, OpenTelemetry and ING cloud events.


We have two exciting announcements for you from the world of Linkerd. The first is the release of Linkerd 2.15 which adds mesh expansion. That’s the ability for Linkerd to take your off cluster applications running on legacy VMs or elsewhere and connect them into the mesh. The second announcement is the upcoming Linkered 2.16 release.

Open Policy Agent

This year we plan to release OPA version 1, which notably includes some changes to the Rego syntax. The new syntax is available in pre version 1 releases of OPA today, and you can use the OPA format command with a new Rego version 1 flag to update your existing policy files to be V1 ready. 


We’ve had a number of updates including multi-networking improvements, DR solutions for FRBD and FFS, as well as a number of other engineering improvements. Rook 1.14 will be coming out soon.


Since the last update the Vitess team has dedicated significant efforts to integrate foreign key support. Now it is possible to have foreign key managed mode for uncharted key spaces, enabling users to leverage foreign keys alongside other features. Additionally, we have now introduced native support for point in time recovery and made comprehensive improvements to both query compatibility and automated recovery. 

Kubernetes SIG Storage

We have some exciting updates for you. ReadWriteOncePod’s PV Access Mode is now in general availability. This ensures that only one pod can write to the volume at a time. Also, node expense is also now in general availability. And we have a brand new – feature warning attributes class – in addition to your resize. 

If you’re headed to KubeCon + CloudNativeCon Europe 2024, see the full video during the keynote on March 22. But also don’t miss the Project Pavilion where you can explore these breakthroughs in more depth, and even get a tour if you don’t know where to start.