Container Journal: "CNCF formally adopts CRI-O runtime for Kubernetes"
The Cloud Native Computing Foundation (CNCF) announced today that a container runtime designed specifically for Kubernetes has been formally accepted as an incubation project.
Today, the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) voted to accept CRI-O as an incubation-level hosted project. CRI-O, created by Red Hat, is an implementation of the Kubernetes Container Runtime Interface (CRI) designed…
Registry Mirror Authentication with Kubernetes Secrets
Part II: A Platform Integration Example In Part I, we explored the architecture of the CRI-O credential provider and walked through a manual setup. In this part, we’ll see how platforms like OpenShift and its upstream…
Registry mirror authentication with Kubernetes secrets
Part I: Architecture and Implementation In production Kubernetes clusters, pulling container images from private registries happens thousands of times per day. Kubernetes distributions from major cloud vendors provide credential providers for their respective registries like AWS…
Auditing user activity in pods and nodes with the Security-Profiles-Operator
Kubernetes’ native audit logs are essential for tracking control plane activities, but they fail to capture what happens inside a container or on the host node itself during kubectl debugging sessions. This creates a security and…
How OCI Artifacts will drive future AI use cases
In recent years, the software industry has seen a strong shift toward enabling and supporting Artificial Intelligence (AI) workloads. While a variety of high level tools like Large Language Models (LLMs) already exist to support generic…
Securing Kubernetes 1.33 Pods: The Impact of User Namespace Isolation
Kubernetes 1.33 was released on April 23, 2025, and, as usual, introduces a host of fixes and new features. Be sure to check out the release notes; I assure you, you won’t be disappointed! As the…
How to install and run Minikube with Rootless Podman on ARM-based MacBooks
minikube provides a local Kubernetes cluster on macOS, Linux, and Windows. minikube’s primary goals are to be the best tool for local Kubernetes application development and to support all Kubernetes features that fit into that environment….
Kubestronaut in Orbit: Sofonias Mengistu
Get to know Sofonias This week’s Kubestronaut in Orbit is Sofonias Mengistu, a DevOps Engineer at Gebeya.INC based in Addis Ababa, Ethiopia. With 14 years of IT experience—five of those dedicated to cloud-native technologies—Sofonias has led…
The Node Resource Interface says “hi” to WebAssembly
Community blog post by Sascha Grunert, CRI-O maintainer The Node Resource Interface (NRI) allows users to write plugins for Open Container Initiative (OCI) compatible runtimes like CRI-O and containerd. These plugins are capable of making controlled changes to containers at dedicated points in…