Cloud Native Weekly:Kubescape Becomes a CNCF Incubation Project

Open Source project recommendations

KubeAI

KubeAI is a Kubernetes-based AI inference operator designed to simplify the deployment and management of large language models (LLMs), vector embeddings, and speech processing models in production environments. It provides an OpenAI-compatible API, supports execution on both CPUs and GPUs, and features on-demand auto-scaling capabilities.

KubeAI operates independently of Istio, Knative, and other systems, allowing it to work out-of-the-box on almost any Kubernetes cluster. Additionally, it includes a built-in model proxy that optimizes key-value cache utilization, significantly enhancing system performance. KubeAI also offers a pre-configured model catalog, supports LoRA fine-tuning, and provides model caching, simplifying model deployment and management.

Spark Operator

Spark Operator is a Kubernetes-native open-source project designed to simplify the deployment and management of Apache Spark jobs on Kubernetes clusters. It leverages Kubernetes Custom Resources (CRDs) to define and manage Spark applications, allowing users to submit, monitor, and manage Spark jobs declaratively without manually configuring complex Kubernetes resources. The project supports automated resource management, job failure retries, log collection, and seamless integration with the Kubernetes ecosystem, making it ideal for large-scale data processing and machine learning applications.

Capsule

Capsule is an open-source multi-tenancy management project that enhances Kubernetes’ tenant isolation capabilities, enabling enterprises to securely and efficiently run applications for multiple tenants within the same cluster. Capsule utilizes native Kubernetes mechanisms such as namespaces, policies, and roles to provide fine-grained access control while supporting resource quotas, network isolation, and custom policies. This project is particularly suitable for SaaS providers, cloud service platforms, and large enterprises looking to manage multiple teams or customer resources efficiently on Kubernetes.

Technical recommendations

The Way Forward: Dealing with Kubernetes Sprawl and Supporting AI Workloads

This article explores the challenges of Kubernetes sprawl and how to better support AI workloads. As enterprises increasingly adopt Kubernetes, the number of clusters grows, leading to increased management complexity, resource wastage, governance difficulties, and rising operational costs. At the same time, AI workloads place higher demands on Kubernetes’ computing, storage, and scheduling capabilities, making cluster management even more challenging.

The article proposes key strategies to address these issues, including automated management, centralized governance, GPU resource optimization, hybrid cloud architectures, and cloud-native AI infrastructure. These strategies help enterprises scale Kubernetes efficiently while optimizing AI computing performance.

Five Common Mistakes to Avoid When Deploying Kubernetes

This article discusses five common mistakes in Kubernetes deployment and offers best practices for building scalable, secure, and production-ready Kubernetes clusters.

1.Lack of Resource Requests and Limits — Failure to configure resource requests and limits can lead to resource contention and performance issues. It is recommended to explicitly set CPU and memory requests/limits in deployment YAML files.
2.Ignoring Security Best Practices — Running containers as root or using default service accounts can pose security risks. Implementing Pod Security Standards, enabling Role-Based Access Control (RBAC), and following security best practices are essential.
3.Inadequate Logging and Monitoring — Without proper logging and monitoring, troubleshooting becomes difficult. Using centralized logging solutions and monitoring tools such as Fluentd, Elasticsearch, Kibana, or Prometheus is recommended.
4.Misconfiguring Ingress and Networking — Incorrect Ingress and networking configurations can cause connectivity issues or security vulnerabilities. Using appropriate Ingress controllers and implementing TLS encryption can help mitigate these risks.
5.Failure to Implement Auto-Scaling — Without cluster auto-scaling, resource utilization may be inefficient, leading to service disruptions. Kubernetes’ auto-scaling capabilities should be leveraged to optimize resource usage.

What’s new in cloud native

Kubescape Becomes a CNCF Incubation Project

The CNCF Technical Oversight Committee (TOC) has voted to accept Kubescape as a CNCF incubation project.

Kubescape is an open-source Kubernetes security project designed to provide comprehensive security coverage throughout the development and deployment lifecycle. It offers posture and vulnerability management, along with automated hardening policies. Additionally, Kubescape provides eBPF-based threat detection, enabling the identification of abnormal and suspicious behavior in cloud workloads.

Kubescape can function both as a CLI tool and as a Kubernetes operator. The CLI tool is used for manual scanning, scripting, and CI/CD integration, while the Kubescape operator consists of a set of microservices that internally monitor your Kubernetes cluster.

Keycloak JS 26.2.0 Released

Keycloak JS 26.2.0 was recently released, marking an important milestone in the development of the JavaScript adapter. This version does not introduce new features but establishes independence from the main project’s release cycle, allowing for more frequent feature updates, fixes, and faster responses to community feedback.

The codebase has been migrated to a separate repository, improving maintainability. In the future, the team will evaluate whether to continue refactoring Keycloak JS, collaborate with mature third-party libraries, or even replace it with an established community solution.

About KubeSphere

KubeSphere is an open source container platform built on top Kubernetes with applications at its core. It provides full-stack IT automated operation and streamlined DevOps workflows.

KubeSphere has been adopted by thousands of enterprises across the globe, such as Aqara, Sina, Benlai, China Taiping, Huaxia Bank, Sinopharm, WeBank, Geko Cloud, VNG Corporation and Radore. KubeSphere offers wizard interfaces and various enterprise-grade features for operation and maintenance, including Kubernetes resource management, DevOps (CI/CD), application lifecycle management, service mesh, multi-tenant management, monitoring, logging, alerting, notification, storage and network management, and GPU support. With KubeSphere, enterprises are able to quickly establish a strong and feature-rich container platform.

To stay updated, visit our official website or follow us on Twitter.