Docs
Curated Kubernetes content from AKS, EKS, GKE, OpenShift, Rancher/K3s and more—auto‑aggregated daily.
- 2026-01-27Nirmata Blog
Kyverno Security Advisory: Cross-Namespace Privilege Escalation
Kyverno Security Advisory: Cross-Namespace Privilege Escalation Kyverno Security Advisories (Jan 27, 2026) Remediation Paths Cross-Namespace Privilege Escalation Explanation Mitigations Denial of Service via Context Variable Amplification Explanation Mitigations Need Help Securing Older Versions? Nirmata OSS engineers, alongside OSS security researchers, have identified and issued fixes for one critical and one high-severity CVE that impact all versions of Kyverno. At this time, we have no evidence of these vulnerabilities being actively exploited in the wild but request that all users upgrade their deployments.
#nirmata #kubernetes - 2026-01-27VMware Cloud Foundation Blog
Building an AI Ready Factory: How Software Defined Production Is Transforming Manufacturing
Edge Cloud for Production in Large Scale Manufacturing From Hardware Centric to Software Defined Production Operating in Highly Automated Production Environments Why Infrastructure Matters for AI in Manufacturing Enabling IT/OT Convergence with an Edge Cloud Foundation What You’ll Learn in the ARC White Paper Read the ARC Advisory Group White Paper: Building Audi’s EC4P Platform for Shop Floor Virtualization Learn More: Discover more from VMware Cloud Foundation (VCF) Blog Related Articles VCF Breakroom Chats Episode 82 – Beyond DevOps: What is Platform Engineering? Building an AI Ready Factory: How Software Defined Production Is Transforming Manufacturing The CFO’s Case for On-Premises DBaaS: Repatriation and Cost Control Manufacturing automation is at an inflection point. AI is rapidly moving from experimentation to expectation, yet many factories still operate on hardware centric architectures designed for a different era.
#vmware #cloud-foundation #kubernetes - 2026-01-27Kubernetes Blog
Cluster API v1.12: Introducing In-place Updates and Chained Upgrades
Cluster API v1.12: Introducing In-place Updates and Chained Upgrades Emphasis on simplicity and usability In-place Updates Chained Upgrades Release team What’s next? Cluster API brings declarative management to Kubernetes cluster lifecycle, allowing users and platform teams to define the desired state of clusters and rely on controllers to continuously reconcile toward it. Similar to how you can use StatefulSets or Deployments in Kubernetes to manage a group of Pods, in Cluster API you can use KubeadmControlPlane to manage a set of control plane Machines, or you can use MachineDeployments to manage a group of worker Nodes.
#kubernetes - 2026-01-27CNCF
Navigating the ingress-nginx archival: why now is the time to move to Cilium
Archival of Ingress-nginx: What Does This Mean for You? What Are Your Options? Option 1 – Quickest: Moving to Cilium Ingress Option 2 – Recommended: Upgrading to Cilium’s Gateway API Implementation Why Choose Cilium’s Gateway API Implementation? What Are the Key Features Over Ingress? Migrating to Cilium’s Gateway API Implementation: Use the Ingress-to-Gateway Migration Tool Which Path Should You Take First? Why Cilium Is a Sensible Default: Preparing for the Future Posted on January 27, 2026 by Dean Lewis, Senior Technical Marketing Engineer, Isovalent CNCF projects highlighted in this post This Member Blog was originally published on the Isovalent blog and is republished here with permission. If you’re running Kubernetes, there’s a good chance you rely on ingress-nginx to route external traffic to your workloads.
#cncf - 2026-01-27VMware Cloud Foundation Blog
NVMe Memory Tiering Design and Sizing on VMware Cloud Foundation 9 Part 7: Advanced Configuration
Adjusting the DRAM:NVMe Ratio Securing the Tier: Encryption Option A: Host-Level Encryption Option B: Per-VM Encryption Opting Out: Disabling Memory Tiering for Critical VMs Summary of Advanced Parameters Final Thoughts Discover more from VMware Cloud Foundation (VCF) Blog Related Articles NVMe Memory Tiering Design and Sizing on VMware Cloud Foundation 9 Part 7: Advanced Configuration Automating Desired State Configuration using vSphere Configuration Profile APIs - Part 1 SAP HANA and SAP NetWeaver Support for vSphere in VMware Cloud Foundation 9.0 on Intel Xeon 6 CPUs with P-core and older CPUs This is the final installment of our series on Memory Tiering. In previous posts, we covered the architecture, design, sizing, and basic setup among other topics.
#vmware #cloud-foundation #kubernetes - 2026-01-27VMware Cloud Foundation Blog
The CFO’s Case for On-Premises DBaaS: Repatriation and Cost Control
Enter VMware Data Services Manager: Public Cloud Experience, Private Cloud Economics Conclusion: Cloud is an Operating Model, Not a Location Discover more from VMware Cloud Foundation (VCF) Blog Related Articles The 75% Productivity Gain: Moving to Policy-Based Database Management 5 Key Principles of Modern Applications VCF Breakroom Chats Episode 73 - Next-Gen Data Services: The DBaaS Revolution with VCF 9 For years, the “cloud first” directive assumed that modernization required exiting the data center. That binary thinking is now obsolete.
#vmware #cloud-foundation #kubernetes - 2026-01-27Redhat Blog
Sovereign AI architecture: Scaling distributed training with Kubeflow Trainer and Feast on Red Hat OpenShift AI
Sovereign AI architecture: Scaling distributed training with Kubeflow Trainer and Feast on Red Hat OpenShift AI User story: The dilemma of "AI independence" 3 pillars of sovereign AI Technical sovereignty (the foundation) Data sovereignty (the asset) Technical solution The open blueprint for AI sovereignty: Red Hat AI Integrated compute: Kubeflow Trainer Sovereign data: Feast Feature Store Completing the lifecycle: Sovereign model serving Architecture Wrapping up Ready to build your own sovereign AI factory? The adaptable enterprise: Why AI readiness is disruption readiness About the author Umberto Manganiello More like this Context as architecture: A practical look at retrieval-augmented generation Red Hat Enterprise Linux now available on the AWS European Sovereign Cloud Technically Speaking | Build a production-ready AI toolbox Technically Speaking | Platform engineering for AI agents Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share As AI becomes an engine of national competitiveness, the concept of sovereign AI—the capacity to operate AI systems free from external influence—is increasingly relevant, but the path to adoption is filled with challenges. A recent survey of over 900 IT leaders and AI engineers about AI adoption exposes a significant "value gap," showing that, despite high enthusiasm (72%), only 7% of Europe, the Middle East, and Africa (EMEA) organizations are delivering results.
#kubernetes - 2026-01-26VMware Cloud Foundation Blog
Unlock Hyper-Density: Cosmonic Wasm on vSphere Kubernetes Service
What is Cosmonic Control? Key Benefits Why Wasm + vSphere Kubernetes Service? Use Cases: Cosmonic Control on VMware VCF Installation: Deploying Cosmonic Control on VCF 1. Prepare your VKS cluster 2.
#vmware #cloud-foundation #kubernetes - 2026-01-26Nirmata Blog
Centralized Application Authorization with Kyverno and Istio
Centralized Application Authorization with Kyverno and Istio Why is Kubernetes Authorization so Complex What are the Challenges with OPA Sidecar Authorization in Kubernetes? Why Choose Centralized Kyverno for Sidecarless Authorization? Advantages: How Does Centralized JWT Authorization with Kyverno and Istio Work? Key Technologies for Kyverno-Istio Authorization Prerequisites Environment Setup Kubernetes cluster options: Step-by-Step Instructions Step 1: Create Local Kubernetes Cluster Step 2: Deploy Keycloak Identity Provider Step 3: Install Certificate Management Step 4: Install Kyverno Authorization Server Step 5: Install Istio Service Mesh Step 7: Configure Authorization Policies Step 8: Test Authorization Step 9: Advanced Policy Patterns Step 10: Production Hardening The Future of Kubernetes Authorization is Centralized Next Steps and Resources Central Authorization for Kyverno and Istiopng Securing Kubernetes API access is complex. After a user is authenticated (verifying who they are), an application’s authorization workflow determines what specific actions and data that user is permitted to access by checking their credentials against a set of predefined access rules.
#nirmata #kubernetes - 2026-01-26CNCF
k0s in 2025: A year of community growth, governance, and Kubernetes innovation
Major features and releases k0s recent and upcoming highlights k0s joining the CNCF sandbox k0s CNCF incubation application Community growth and adoption Events and community activities Looking ahead: What’s on the horizon for 2026 Deeper community collaboration Enhanced operational capabilities Transparent roadmap Gratitude and invitation k0s community Posted on January 26, 2026 by Prithvi Raj, CNCF Ambassador As we begin 2026, it’s worth reflecting on the remarkable progress we made with k0s as a project and as a community during 2025. Last year brought exciting advancements, adoption, and stronger community engagement.
#cncf