CNCF Announces Graduation of in-toto Security Framework, Enhancing Software Supply Chain Integrity Across Industries
NYU Tandon-developed software security framework achieves highest CNCF maturity level, combating rising software supply chain attacks SAN FRANCISCO, CA, April 23, 2025 – The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native...
April 23, 2025
Istio publishes results of ztunnel security audit
Passes with flying colors Istio’s ambient mode splits the service mesh into two distinct layers: Layer 7 processing (the “waypoint proxy”), which remains powered by the traditional Envoy proxy; and a secure overlay (the “zero-trust tunnel”...
April 23, 2025 | Craig Box - Solo.io, for the Istio Product Security Working Group
CNCF Announces Open Observability Summit North America to Accelerate Open Source Innovation and Tame Infrastructure Complexity
New event will convene observability leaders, developers, and end users to advance open source observability tools and practices SAN FRANCISCO, April 22, 2025 — The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud...
April 22, 2025
Member Post
Building AuthZed with the power of cloud native: A CNCF success story
At the Cloud Native Computing Foundation (CNCF), we celebrate organizations that turn cloud native technologies into real-world impact. AuthZed, a CNCF Silver member, is one such story—a company built from the ground up on open source,...
April 22, 2025 | Jimmy Zelinskie, Cofounder at AuthZed
These Kubernetes mistakes will make you an easy target for hackers
Kubernetes is exceedingly powerful for orchestrating containerized applications at scale. But without proper monitoring and observability—especially in self-managed infrastructure—it can quickly become a security disaster waiting to happen. This is not due to inherent flaws in...
April 22, 2025 | Saqib Jan
Deep Dive into the Gateway API Inference Extension
Running AI inference workloads on Kubernetes has some unique characteristics and challenges, and the Gateway API Inference Extension project aims to solve some of those challenges. I recently wrote about these new capabilities in the kgateway...
April 21, 2025 | Christian Posta, Solo.io
Creating a ClickHouse Cluster on Raspberry Pis
Want a hands-on way to explore Kubernetes and ClickHouse®—without spinning up cloud VMs? In this post, we’ll build a home-lab cluster of Raspberry Pi 5 boards that mimics a high-availability setup. Whether you’re a cloud-native developer...
April 18, 2025
Ambassador Post
The CNCF TOC @ KubeCon + CloudNativeCon Europe 2025
The Technical Oversight Committee (TOC) provides technical leadership to the cloud native community. Strong TOC participation at this year’s KubeCon + CloudNativeCon Europe in London enabled in-person discussions and strategic planning for CNCF project technical priorities...
April 16, 2025 | Faseela K
The Morning Brew: “Kubernetes vulnerability found, patched after Wiz detection”
Tabitha Sable, a member of the Kubernetes Security Response Committee, told IT Brew that the exploitability of the vulnerability could allow access to clusters and the possibility of valuable information being exposed.
April 15, 2025
Project Post
Kagent: Bringing Agentic AI to Cloud Native
Solving Cloud Native Operation Challenges with AI Agents Oh no! Your application is unreachable, buried under multiple connection hops—how do you pinpoint the broken link? How do you generate an alert or bug report from Prometheus...
April 15, 2025