Containerization & Orchestration

Managing Kubernetes cluster stability becomes increasingly critical as your infrastructure grows. One of the most challenging aspects of operating large-scale clusters has been handling List requests that fetch substantial datasets - a common operation that could unexpectedly impact your cluster's stability. Today, the Kubernetes community is excited to announce a significant architectural improvement: streaming encoding for List responses... View the full article

Kubernetes volume populators are now generally available (GA)! The AnyVolumeDataSource feature gate is treated as always enabled for Kubernetes v1.33, which means that users can specify any appropriate custom resource as the data source of a PersistentVolumeClaim (PVC). An example of how to use dataSourceRef in PVC:.. View the full article

Kubernetes has steadily evolved to reduce reliance on long-lived credentials stored in the API. A prime example of this shift is the transition of Kubernetes Service Account (KSA) tokens from long-lived, static tokens to ephemeral, automatically rotated tokens with OpenID Connect (OIDC)-compliant semantics. This advancement enables workloads to securely authenticate with external services without needing persistent secrets. However, one major gap remains: image pull authentication. Today, Kubernetes clusters rely on image pull secrets stored in the API, which are long-lived and difficult to rotate, or on node-level kubelet credential providers, which allow any pod running…

The new field, supplementalGroupsPolicy, was introduced as an opt-in alpha feature for Kubernetes v1.31 and has graduated to beta in v1.33; the corresponding feature gate (SupplementalGroupsPolicy) is now enabled by default. This feature enables to implement more precise control over supplemental groups in containers that can strengthen the security posture, particularly in accessing volumes. Moreover, it also enhances the transparency of UID/GID details in containers, offering improved security oversight. Please be aware that this beta release contains some behavioral breaking change. See The Behavioral Changes Introduced In Beta and Upgrade Considerations sections for d…

I am thrilled to announce that the feature to prevent PersistentVolume (or PVs for short) leaks when deleting out of order has graduated to General Availability (GA) in Kubernetes v1.33! This improvement, initially introduced as a beta feature in Kubernetes v1.31, ensures that your storage resources are properly reclaimed, preventing unwanted leaks... View the full article

Scheduling stateful applications reliably depends heavily on accurate information about resource availability on nodes. Kubernetes v1.33 introduces an alpha feature called mutable CSI node allocatable count, allowing Container Storage Interface (CSI) drivers to dynamically update the reported maximum number of volumes that a node can handle. This capability significantly enhances the accuracy of pod scheduling decisions and reduces scheduling failures caused by outdated volume capacity information... View the full article

Kubernetes Dynamic Resource Allocation (DRA) was originally introduced as an alpha feature in the v1.26 release, and then went through a significant redesign for Kubernetes v1.31. The main DRA feature went to beta in v1.32, and the project hopes it will be generally available in Kubernetes v1.34. The basic feature set of DRA provides a far more powerful and flexible API for requesting devices than Device Plugin. And while DRA remains a beta feature for v1.33, the DRA team has been hard at work implementing a number of new features and UX improvements. One feature has been promoted to beta, while a number of new features have been added in alpha. The team has also made pro…

Today, AWS announced Amazon EKS Hybrid Nodes support for Bottlerocket, the Linux-based operating system purpose-built for containers. EKS Hybrid Nodes unifies Kubernetes management across cloud, on-premises, and edge environments by enabling customers to use their on-premises infrastructure as nodes in EKS clusters. Customers can now use Bottlerocket as the node operating system for hybrid nodes running in VMware vSphere environments. EKS Hybrid Nodes customers get the security and efficiency benefits of the Bottlerocket operating system purpose-built for containers and supported by AWS. Customers can now use the same Bottlerocket operating system with EKS across their…

Since the addition of EndpointSlices (KEP-752) as alpha in v1.15 and later GA in v1.21, the Endpoints API in Kubernetes has been gathering dust. New Service features like dual-stack networking and traffic distribution are only supported via the EndpointSlice API, so all service proxies, Gateway API implementations, and similar controllers have had to be ported from using Endpoints to using EndpointSlices. At this point, the Endpoints API is really only there to avoid breaking end user workloads and scripts that still make use of it. As of Kubernetes 1.33, the Endpoints API is now officially deprecated, and the API server will return warnings to users who read or write End…

If you’ve ever created a website, built a backend API, or even deployed a simple app on your laptop or a cloud service, you know this: ✅ Apps need to run somewhere — a laptop, a server, or in the cloud ✅ You need to install dependencies (libraries, runtimes, etc.) for the app to work properly ✅ Moving your app from your laptop to another system often breaks things — different OS versions, missing libraries, and so on That’s where containers come in... View the full article

Learning Kubernetes and DevOps can be challenging, especially when juggling multiple resources—watching videos, switching between slides, and trying to copy commands from PDFs. We get it. That’s why we built KodeKloud Notes—a centralized, interactive, and user-friendly platform where you can access all the essential text-based content from our courses in one place... View the full article

We all know the feeling: the pit in your stomach when a critical application goes down (and you have no idea what went wrong). In today's always-on world, downtime isn't just inconvenient; it can be catastrophic to your reputation and even your business. So, how can you ensure your Kubernetes infrastructure is truly resilient? The answer might surprise you: test it with a Chaos Day. The post Is Your Kubernetes Infrastructure Resilient? Test It with a Chaos Day appeared first on Security Boulevard. View the full article

Docker Init is a game-changer for DevOps engineers who want to containerize applications with speed and precision. In this tutorial, we’ll explore what the docker init command does, why it’s important, and how to use it to containerize a Node.js app in seconds. We’ll also compare Docker Init vs Docker Compose vs Dockerfile approaches, list supported languages, and share pro tips for getting the most out of this Dockerfile generator CLI. Whether you’re looking to learn how to dockerize a Node.js app fast or understand where Docker Init fits in your workflow, this guide has you covered… View the full article

When it comes to AI, inference is where today’s generative AI models can solve real-world business problems. Google Kubernetes Engine (GKE) is seeing increasing adoption of gen AI inference. For example, customers like HubX run inference of image-based models to serve over 250k images/day to power gen AI experiences, and Snap runs AI inference on GKE for its ad ranking system. However, there are challenges when deploying gen AI inference. First, during the evaluation phase of this journey, you have to evaluate all your accelerator options. You need to choose the right one for your use case. While many customers are interested in using Tensor Processing Units (TPU), they …

Amazon Elastic Kubernetes Service (Amazon EKS) now offers Bottlerocket FIPS (Federal Information Processing Standards) AMIs for EKS managed node groups, helping customers to meet federal compliance requirements while leveraging the security of Bottlerocket and the operational benefits of EKS managed node groups. Bottlerocket is a Linux-based operating system optimized for running containers that follows a minimal, immutable design for enhanced security and performance. The FIPS-enabled Bottlerocket AMIs for EKS include FIPS 140-3 validated cryptographic modules and are configured by default to use FIPS-enabled AWS service endpoints, making it easier for customers in re…

Today, we’re excited to announce the public preview of Multi-Cluster Orchestrator, a new service designed to streamline and simplify the management of workloads across Kubernetes clusters. Multi-Cluster Orchestrator lets platform and application teams optimize resource utilization, enhance application resilience, and accelerate innovation in complex, multi-cluster environments. As organizations increasingly adopt Kubernetes to deploy and manage their applications, the need for efficient multi-cluster management becomes critical. Challenges such as resource scarcity, ensuring high availability, and managing deployments across diverse environments create significant operati…

At Google Cloud, we’re continuously working on Google Kubernetes Engine (GKE) scalability so it can run increasingly demanding workloads. Recently, we announced that GKE can support a massive 65,000-node cluster, up from 15,000 nodes. This signals a new era of possibilities, especially for AI workloads and their ever-increasing demand for large-scale infrastructure. In this blog post, we explore a benchmark that simulates these massive AI workloads on a 65,000-node GKE cluster. As we look to develop and deploy even larger LLMs on GKE, we regularly run this benchmark against our infrastructure as a continuous integration (CI) test. We look at its results in detail, as well…

What is Docker Bake?Docker Bake is a powerful utility introduced by Docker as part of the docker buildx plugin. Inspired by tools like make and docker-compose, Docker Bake lets you define and run multiple Docker builds in parallel using a single configuration file (docker-bake.hcl or docker-bake.json). If you're managing multiple Docker images, especially in a microservices setup, Docker Bake simplifies your build process dramatically... View the full article

This blog post was co-authored by Alex Kestner, Sr Product Manager – EKS; Todd Neal, Sr. Software Engineer – EKS; Neelendra Bhandari, Sr Software Dev Manager – EKS; and Sai Vennam, Principal Specialist Solutions Architect. At re:Invent 2024, we launched Amazon Elastic Kubernetes Service (Amazon EKS) Auto Mode, a new feature that provides a production-ready, Kubernetes conformant cluster that is ready to host your workloads out of the box. In this post, we dive into what this means for your Kubernetes workloads and look under the hood of EKS Auto Mode clusters. Introduction to EKS Auto Mode EKS Auto Mode is a streamlined way to run applications on Kubernetes. It autom…

This post was jointly authored by Elizabeth Fuentes (Developer Advocate), Ikenna Izugbokwe (Principal SA), and Steven David (Principal SA). Amazon Elastic Kubernetes Service (Amazon EKS) provides add-ons that streamline supporting operational capabilities for Kubernetes applications. Still, customers rely on a wide range of Kubernetes add-ons to run their containerized applications. These add-ons come from different sources such as Amazon Web Services (AWS), AWS Partners, and the open-source community, each bringing specialized expertise to solve specific user problems. However, to consume these, customers discover various sources, navigate multiple deployment tools, m…

Today, Amazon Elastic Kubernetes Service (EKS) announced a new catalog of community add-ons that includes metrics-server, kube-state-metrics, cert-manager, prometheus-node-exporter, and external-dns. This enables you to easily find, select, configure, and manage popular open-source Kubernetes add-ons directly through EKS. Each add-on has been packaged, scanned, and validated for compatibility by EKS, with container images securely hosted in an EKS-owned private Amazon Elastic Container Registry (ECR) repository. To make Kubernetes clusters production-ready, you need to integrate various operational tools and add-ons. These add-ons can come from various sources includin…

Kubernetes has transformed how we build and manage cloud-native applications. But when it comes to networking — especially handling ingress traffic — the traditional Ingress API has shown limitations. That’s where the Gateway API steps in — a powerful evolution designed to handle modern traffic routing needs with more flexibility, extensibility, and control. In this blog, we’ll explain what the Gateway API is, how it differs from the old Ingress API, why it matters, and how to get started... View the full article

Today, Amazon Elastic Kubernetes Service (EKS) announced a new control to prevent accidental cluster upgrades when issues are already detected that may impact application compatibility with the next Kubernetes version. This feature leverages EKS upgrade insights and is significant step towards giving cluster administrators confidence with Kubernetes version upgrades. EKS upgrade insights automatically scan clusters against a list of potential Kubernetes version upgrade impacting issues such as deprecated Kubernetes API usage. EKS periodically updates the list of insight checks to perform, based on evaluations of changes in the Kubernetes project, as well as changes int…

Do you work with Kubernetes every day? Want to learn about the latest advancement in Kubernetes and the Cloud Native Space? Come join us for KubeCon + CloudNativeCon Europe 2025 in London (April 1-4), the premier event for folks running Kubernetes in the cloud! As the creator of the Kubernetes project and a key leader in this space, Google Cloud is excited to showcase the latest contributions and our commitment to the Kubernetes community. Join us at booth S100 to discover our sessions, lightning talks, hands on labs, and demos — plus, some friendly competition in a game of Kubernetes Family Feud! We will begin the week with our pre-conference Google Container Day on Apri…

dacadoo is a global Swiss-based technology company that develops solutions for digital health engagement and health risk quantification. Their products include a software-as-a-service (SaaS)-based digital health engagement platform that uses behavioral science, AI, and gamification to help end users improve their health outcomes. The company embarked on a journey to modernize an API to quantify health and lifestyle data plus a risk engine to calculate mortality and morbidity probabilities based on years of scientific research data. To transform a virtual machine–based API service into a globally redundant, scalable health score and risk calculation solution dacadoo ch…

This post was co-authored by Henrique Santana, Container Specialist, AWS and Luis Felipe, Principal Solutions Architect, AWS. Introduction Many organizations have built their infrastructure using Amazon Elastic Compute Cloud (Amazon EC2) and Network Load Balancer (NLB), often with security policies built around the NLB’s static IP addresses. As these organizations adopt containerization and move to Amazon Elastic Kubernetes Service (Amazon EKS) for their modern applications, they face a significant challenge with preserving their existing endpoint configurations. This can make the modernization complex and risky, because changing the load balancer setup may disrupt cli…

Artificial Intelligence (AI) and Machine Learning (ML) are transforming industries — from healthcare and finance to retail and transportation. But as models become more complex and datasets grow larger, data scientists and engineers need powerful, scalable, and automated infrastructure to manage their workloads. Enter Kubernetes and Kubeflow. In this beginner-friendly guide, we’ll explore how Kubernetes and Kubeflow work together to simplify and scale AI/ML workflows — with examples, architecture insights, and essential concepts you need to know... View the full article

Amazon Elastic Container Service (Amazon ECS) today launched 8 new service-specific condition keys for Identity and Access Management (IAM). These new condition keys let you create IAM policies as well as Service Control Policies (SCPs) to better enforce your organizational policies in containerized environments. IAM condition keys allow you to author policies that enforce access control based on API request context. With today’s release, Amazon ECS has added condition keys that allow you to enforce policies related to resource configuration (ecs:task-cpu, ecs:task:memory, and ecs:compute-compatibility), container privileges (ecs:privileged), network configuration (ecs…

We are excited to announce that the HCP Terraform Operator for Kubernetes (formerly known as Terraform Cloud Operator) is now certified for Red Hat OpenShift. This certification marks a significant milestone in our commitment to provide reliable, scalable, and secure integrations between Terraform and Kubernetes for streamlined workflows across hybrid and multi-cloud environments... View the full article

The Kubernetes v1.32 release marks another significant step forward in the evolution of this powerful platform. With a total of 44 enhancements, this release includes: ✅ 13 Stable Features 🟡 12 Beta Features 🔴 19 Alpha Features These updates continue to reflect the strong commitment of the Kubernetes community to deliver high-quality, feature-rich releases... View the full article

Kubernetes version 1.32 introduced several new features and bug fixes, and AWS is excited to announce that you can now use Amazon Elastic Kubernetes Service (EKS) and Amazon EKS Distro to run Kubernetes version 1.32. Starting today, you can create new EKS clusters using version 1.32 and upgrade existing clusters to version 1.32 using the EKS console, the eksctl command line interface, or through an infrastructure-as-code tool. Kubernetes version 1.32 introduces several improvements including stable support for custom resource field selectors and auto removal of persistent volume claims created by stateful sets. This release removes v1beta3 API version of FlowSchema and…

We are organizers of Kubernetes Upstream Training in Japan. Our team is composed of members who actively contribute to Kubernetes, including individuals who hold roles such as member, reviewer, approver, and chair. Our goal is to increase the number of Kubernetes contributors and foster the growth of the community. While Kubernetes community is friendly and collaborative, newcomers may find the first step of contributing to be a bit challenging. Our training program aims to lower that barrier and create an environment where even beginners can participate smoothly... View the full article

Amazon Elastic Container Registry (Amazon ECR) provides a fully managed container registry service, offering high-performance hosting for reliably deploying application images anywhere. Amazon ECR service requires repositories to pre-exist before pushing container images. In this post, we explore a dynamic solution that leverages AWS CloudTrail, Amazon EventBridge, and AWS Lambda functions to automatically create Amazon ECR repositories on demand. This solution gives you the ability to implement UPSERT in Amazon ECR. By default, detailed events for actions taken in an AWS environment are integrated from CloudTrail into EventBridge. EventBridge is a service that provides…

Interviewer: Welcome back to our CNCF Tool Interview Series Episode 04, where today we're setting sail with Docker, a name that's synonymous with container technology in the cloud-native world. Docker has not only simplified the development process but has also been a cornerstone in the journey of many developers and organizations towards achieving a streamlined DevOps culture. Let's dive in. 💡 Insight for our readers: DevOps is a set of practices and philosophies that aim to shorten the development life cycle, provide continuous delivery with high software quality, and encourage closer collaboration between development and operations teams. It emphasizes automation, moni…

Amazon Elastic Container Service (Amazon ECS) has now enhanced its functionalities by integrating support for Amazon Elastic Block Store (Amazon EBS) volume attachment to Amazon ECS tasks. This feature simplifies using Amazon ECS and AWS Fargate with Amazon EBS. Amazon ECS facilitates seamless provisioning and attachment of EBS volumes to ECS tasks on both Fargate and Amazon Elastic Cloud Compute (Amazon EC2) platforms. In Amazon ECS tasks, you have the flexibility to select EBS volume attributes, such as size, type, IOPS, and throughput, tailoring the storage to meet the specific needs of your application. Additionally, the capability to create volumes from snapshots all…

Today, Amazon CodeCatalyst announces a new runtime docker image for customers to use with their build and test actions within workflows, along with the ability to choose between curated images. The new image contains updated tooling, including Node18. View the full article

We are excited to announce that AWS Fargate for Windows containers on Amazon ECS has reduced infrastructure pricing by up to 49%. Fargate simplifies the adoption of modern container technology for ECS customers by making it even easier to run their Windows containers on AWS. With Fargate, customers no longer need to set up automatic scaling groups or manage host instances for their application. View the full article

Amazon Elastic Container Services (Amazon ECS) launches support for configuring timeout for service-to-service communication with its networking capability called ECS Service Connect. This feature enables you to set custom timeouts for Amazon ECS services running with Service Connect, supporting applications serving long-running requests. Amazon ECS is a fully managed container orchestration service that makes it easier for you to deploy, manage, and scale containerized applications. Customers can use ECS Service Connect capability to easily configure service discovery, connectivity and traffic observability for services running in Amazon ECS. This helps build application…

Amazon Elastic Container Service (Amazon ECS) launches support for automatic traffic encryption with Transport Layer Security (TLS) certificates for its networking capability called ECS Service Connect. With this support, ECS Service Connect allows your applications to establish a secure connection by encrypting your network traffic. Automatic traffic encryption with ECS Service Connect uses industry-leading encryption capabilities to secure your inter-service communication that helps you meet your security requirements. View the full article

Today, Amazon Elastic Container Services (Amazon ECS) announced managed instance draining, a new capability that facilitates graceful shutdown of workloads deployed on Amazon Elastic Compute Cloud (Amazon EC2) instances by safely stopping and rescheduling workloads to other, non-terminating instances. This capability enables customers to simplify infrastructure maintenance workflows, such as rolling out a new Amazon Machine Image (AMI) version, without needing to build custom solutions to gracefully shutdown instances without disrupting their workloads. View the full article

Customers running applications with more than one containers on Amazon Elastic Container Service (ECS) with AWS Fargate can now leverage Seekable OCI (SOCI) to lazily load specific container images within the Amazon ECS task definition. This eliminates the need to generate SOCI indexes for smaller container images within the task definition, while still getting the benefits of SOCI with larger container images, improving the overall application deployment and scale-out time. View the full article

PBS is a private, nonprofit corporation, founded in 1969, whose members are America’s public TV stations. They have been an AWS customer for over 10 years using around 100 services. This post about PBS’s success using Amazon Elastic Container Service (Amazon ECS) and AWS Fargate. This post covers their 10-year journey in the cloud. Also, we’ll cover how PBS evolved to use Amazon ECS and AWS Fargate to optimize their resilience, scalability, cost, and application development... View the full article

When it comes to container orchestration, K8s (Kubernetes) has become a de facto standard for managing applications and infrastructure at scale across on-premise data centers and public clouds. But as organizations look to deploy containerized workloads to devices at the edge of their network or for Internet of Things (IoT) applications, the full Kubernetes distribution can be overkill. This is where K3s comes in. Developed by Rancher Labs, K3s is a lightweight Kubernetes distribution designed specifically for resource-constrained edge and IoT environments. In this article, we'll walk you through the key differences between K3s and the upstream Kubernetes project to hel…

About a year ago, we published a post on how to Optimize your Spring Boot application for AWS Fargate, where we went into different optimization techniques to speed up the startup time of Spring Boot applications for AWS Fargate. We started the post with “Fast startup times are key to quickly react to disruptions and demand peaks, and they can increase the resource efficiency”. Seekable OCI (SOCI) is a new and simple way to reduce startup times for Java workloads running on AWS Fargate. It can be combined with the earlier optimizations, or you could just use SOCI for a simple win. Customers running applications on Amazon Elastic Container Service (Amazon ECS) with AWS Far…

Amazon Elastic Container Registry (ECR) Public has added new features that make it easier for customers to navigate the ECR Public Gallery and find the images they are looking for. New filters allow customers to search for images from well-known publishers such as Docker and Amazon, and a new landing page highlights those filters as well as other frequently used repositories. View the full article

Today, AWS announces the availability of AWS Fargate for Amazon ECS Windows containers in the AWS GovCloud (US) Regions. This feature simplifies the adoption of modern container technology for Amazon ECS customers by making it even easier to run their Windows containers on AWS. View the full article

In traditional business models, retailers handle order-fulfillment processes from start to finish—including inventory management, owning or leasing warehouses, and managing supply chains. But many retailers aren’t set up to carry additional inventory. The “endless aisle” business model is an alternative solution for lean retailers that are carrying enough in-store inventory while wanting to avoid revenue loss. Endless aisle is also known as drop-shipping, or fulfilling orders through automated integration with product partners. Such automation results in a customer’s ability to place an order on a tablet or kiosk when they cannot find a specific product of their choice …

Introduction Many applications built today or modernized from monoliths are done so using microservice architectures. The microservice architecture makes applications easier to scale and faster to develop, which enables innovation and accelerating time-to-market for new features. In addition, microservices also provide lifecycle autonomy enabling applications to have independent build and deploy processes, which provides technological freedom such that they can be implemented in different programming languages and provide scaling flexibility to scale up or scale down independently based on workload utilization. While microservices provide a lot of flexibility, the proc…

In 2022, we published Let’s Architect! Architecting microservices with containers. We covered integrations patterns and some approaches for implementing microservices using containers. In this Let’s Architect! post, we want to drill down into microservices only, by focusing on the main challenges that software architects and engineers face while working on large distributed systems structured as a set of independent services. There are many considerations to cover in detail within a broad topic like microservices. We should reflect on the organizational structure, automation pipelines, multi-account strategy, testing, communication, and many other areas. With this po…

The Hugging Face Hub is a platform that enables collaborative open source machine learning (ML). The hub works as a central place where users can explore, experiment, collaborate, and build technology with machine learning. On the hub, you can find more than 140,000 models, 50,000 ML apps (called Spaces), and 20,000 datasets shared by the community. Using Spaces makes it easy to create and deploy ML-powered applications and demos in minutes. Recently, the Hugging Face team added support for Docker Spaces, enabling users to create any custom app they want by simply writing a Dockerfile... View the full article