With Kubernetes 1.30, we (SIG Auth) are moving Structured Authorization Configuration to beta. Today’s article is about authorization: deciding what someone can and cannot access. Check a previous article from yesterday to find about what’s new in Kubernetes v1.30 around authentication (finding out who’s performing a task, and checking that they are who they say Read more about Kubernetes 1.30: Multi-Webhook and Modular Authorization Made Much Easier[…]

With Kubernetes 1.30, we (SIG Auth) are moving Structured Authentication Configuration to beta. Today’s article is about authentication: finding out who’s performing a task, and checking that they are who they say they are. Check back in tomorrow to find about what’s new in Kubernetes v1.30 around authorization (deciding what someone can and can’t access). Read more about Kubernetes 1.30: Structured Authentication Configuration Moves to Beta[…]

On behalf of the Kubernetes project, I am excited to announce that ValidatingAdmissionPolicy has reached general availability as part of Kubernetes 1.30 release. If you have not yet read about this new declarative alternative to validating admission webhooks, it may be interesting to read our previous post about the new feature. If you have already Read more about Kubernetes 1.30: Validating Admission Policy Is Generally Available[…]

Author: Akihiro Suda (NTT) Read-only volume mounts have been a feature of Kubernetes since the beginning. Surprisingly, read-only mounts are not completely read-only under certain conditions on Linux. As of the v1.30 release, they can be made completely read-only, with alpha support for recursive read-only mounts. Read-only volume mounts are not really read-only by default Read more about Kubernetes 1.30: Read-only volume mounts can be finally literally read-only[…]

Author: Frederico Muñoz (SAS Institute) This is the third interview of a SIG Architecture Spotlight series that will cover the different subprojects. We will cover SIG Architecture: Code Organization. In this SIG Architecture spotlight I talked with Madhav Jivrajan (VMware), a member of the Code Organization subproject. Introducing the Code Organization subproject Frederico (FSM): Hello Read more about Spotlight on SIG Architecture: Code Organization[…]

Author: Andrei Kvapil (Ænix) Approaching the most interesting phase, this article delves into running Kubernetes within Kubernetes. Technologies such as Kamaji and Cluster API are highlighted, along with their integration with KubeVirt. Previous discussions have covered preparing Kubernetes on bare metal and how to turn Kubernetes into virtual machines management system. This article concludes the Read more about DIY: Create Your Own Cloud with Kubernetes (Part 3)[…]

Author: Andrei Kvapil (Ænix) Continuing our series of posts on how to build your own cloud using just the Kubernetes ecosystem. In the previous article, we explained how we prepare a basic Kubernetes distribution based on Talos Linux and Flux CD. In this article, we’ll show you a few various virtualization technologies in Kubernetes and Read more about DIY: Create Your Own Cloud with Kubernetes (Part 2)[…]

Author: Andrei Kvapil (Ænix) At Ænix, we have a deep affection for Kubernetes and dream that all modern technologies will soon start utilizing its remarkable patterns. Have you ever thought about building your own cloud? I bet you have. But is it possible to do this using only modern technologies and approaches, without leaving the Read more about DIY: Create Your Own Cloud with Kubernetes (Part 1)[…]