The Kubernetes image promoter no longer replicates container image signatures across regions. The rewrite drops that replication entirely, cuts latency, and simplifies the codebase, while keeping signature verification working seamlessly for end users. Next, the project is moving to OCI 1.1 referrer.. read more  

CoreDNS pods insecure option is the default in Kubernetes as it allows for the creation of arbitrary DNS A records. Combined with wildcard SSL certs, it poses a security risk, highlighted by Cilium's handling of network policies in the face of DNS manipulation. Time to shift to a more secure DNS con.. read more  

This post discusses the challenges of leveraging distributed resources for AI workloads and the role of Kubernetes in addressing these challenges. The k0smos stack is highlighted as a solution for operating geo-distributed AI infrastructure, divided into three technical layers: k0s, k0smotron, and k.. read more  

The Kubernetes Dashboard project has been archived, with Headlamp now carrying the legacy forward by offering a visual interface with enhanced capabilities like multi-cluster visibility and application-centric views. Headlamp keeps familiar workflows, while expanding to support multi-cluster environ.. read more  

Portworx released "virtbench," an open-source CLI that lets platform teams run reproducible KubeVirt benchmarks and assess VM readiness, rather than rely on pod health as a proxy... read more  

"Buzzing Beyond Clouds"continues the eBPF adventure with Obee as a Jedi bee, showcasing how Cilium powers networking, cluster mesh, observability, security, and service mesh in the Kubulous galaxy. Each chapter parallels Cilium's real-world functionalities, making complex concepts accessible to all .. read more  

With KubeVirt, enterprise platform teams can run VMs and containers on Kubernetes, so separate VM and container platforms remain a choice teams keep through habit... read more  

Kaspersky researchers explain how attackers use a compromised container to take over aKubernetescluster or host, with misconfigured APIs and permissions driving most escapes... read more  

Platform teams should verify side effects at the OS layer, separate from tool approvals and sandbox rules, because engineers cannot treat AI agent harnesses as security boundaries... read more  

In this walkthrough, you use eBPF to patch malformed flow-export packets before the host network stack drops them... read more