KubeCon Wrap Up

Last week, CIQ participated in KubeCon + CloudNativeCon North America 2025 in Atlanta, Georgia. CIQ's very own Chris Short hosted a talk during the event, participated in the CNCF Maintainers Summit, helped host a panel in the Project Pavilion at KubeCon, ran the Kubernetes SIG Meet & Greet, participated in an episode of Techstrong Gang, and spent time in the CIQ booth.

MAINTAINER SUMMIT (SUNDAY)

The first-ever CNCF Maintainers Summit took place at KubeCon EU in London earlier this year. The CNCF Maintainer Summit is an exclusive event for the people behind Cloud Native Computing Foundation (CNCF) projects to gather face-to-face, collaborate, and celebrate the projects that make "Cloud Native." The event happened on the Sunday before KubeCon, as many maintainers are busy on "Day 0" of KubeCon with other collocated events.

During the Maintainer's Summit, I had conversations with multiple maintainers and contributors about the challenges they face today, ranging from recruiting new contributors to improving communication across the CNCF ecosystem. Still, one impromptu conversation stood out from the others, as it became a significant news item from this KubeCon: Ingress NGINX will be officially retired in March 2026.

Ingress NGINX is one of the most popular Kubernetes ingress controllers due to its flexibility and its early support for Kubernetes. As I discussed with one of the maintainers, this decision was not easy. Despite its popularity, the past few years have seen only one or two people doing development work. Despite significant effort from the Kubernetes SIG Network and the maintainers themselves, the difficult decision to retire the controller is in the interest of the broader Cloud Native ecosystem's safety and security.

The community blog about Ingress NGINX retirement is a must-read. If you're looking for a replacement ingress controller, I recommend one that uses Kubernetes' Gateway API, as that is the strategic direction Ingress controllers are moving toward. The Kubernetes Ingress controller documentation includes a good list of potential replacements for NGINX Ingress.

DAY 0 (MONDAY)

On Monday, Day 0 of KubeCon, I kicked off my day by attending the CNCF Project Lightning Talks. These lightning talks are for CNCF projects to provide updates to the large on-site audience. The CNCF Landscape added a new filter feature that will help folks more easily discover projects to meet their specific needs.

The External Secrets Operator project lightning talk covered their August operational pause and the path forward—how new maintainer commitments and commercial backing revived the project, stabilized the community, and resumed active development. I know that the External Secrets Operator is widely used in critical infrastructure globally, including government systems. Hearing the story of the community's revival was a stark contrast to my conversation about Ingress NGINX the day before. It also provided a source for accomplishing this in the future.

Monday afternoon, I had the pleasure of attending the latest edition of the Atlanta Kubernetes Meetup, where developers from Apple's Containerization Framework and Apple Container project demonstrated their work bringing containers to macOS in a more native manner. Apple's Containerization Framework is written in Swift and built on top of Apple's Virtualization Framework. This macOS implementation creates a separate lightweight VM (similar to Kata Containers) for each Linux container on your Mac. The reasoning behind this method aligns with Apple's long-standing privacy initiatives. One VM to run all containers, as is the case with nearly every other tool for building containers on macOS, provides a single point of compromise for data used across all that system's underlying containers. Apple's VM-per-container architecture eliminates this shared security boundary, creating stronger isolation layers for data moving in and out of each container (each container gets its own dedicated IP address).

I installed this pre-release version from the Apple Container GitHub (go to Releases to get the installer) and was able to spin up every container I could think of to test out the container tool. The networking stack in macOS Tahoe (v26) provides container network management, but I wasn't able to test that on my work machine, as it is still on the latest release of macOS Sequoia. I'm very optimistic that the future of containers on macOS is in good hands, and I hope other container tools embrace the framework once it hits maturity.

Day 1 (TUESDAY)

I was fortunate to have my talk on the first full day of sessions at KubeCon. As a speaker, it's always nice to get that out of the way so you can enjoy the rest of the conference. I am also thankful to speak alongside Kaslin Fields. Together, we lead the Kubernetes Contributor Comms subproject. Communication within an open source project is already a challenge. The more contributors a project has, the harder it is to make sure everyone is on the same page. We dived into the nuts and bolts in our talk, "Comms & Social Media: Why Does a Project Need It."

It's always interesting to hear what folks are struggling with and figuring out ways to move more quickly and efficiently. I had a brief chat with one attendee about the time it takes to fully configure the systems powering their GPUs with the correct kernel and dependency versions. For a new cluster of systems, the time it took to get everything up and running was measured in weeks or months, not days or hours. When I explained why we built Rocky Linux from CIQ - AI (RLC-AI), which incorporates NVIDIA CUDA Toolkit (as well as the DOCA-OFED drivers) out of the box, the attendee's eyes lit up, they said, "That would save me so much time and eliminate a lot of the trial and error." Making people's lives easier brings me great joy, and RLC-AI is definitely one of those products. For those interested in testing RLC-AI against their actual AI infrastructure, there's currently a technical preview program available. You can join by visiting the RLC-AI product page.

I rounded out my Tuesday at KubeCon by participating in something new our community hadn't done before. Four other contributors and I hosted an "Ask Us Everything: Contributor Edition" on the Project Pavilion stage. We discussed how we got started on the project and shared many lessons learned from our own journeys in the Kubernetes community.

One question I fielded was about how a new contributor discusses working in open source with their employer. I might have been a little cavalier in my response, but the gist was: if there isn't a provision in your employment agreement that prohibits you from contributing to open source in your own time, why do you need permission to do so? If your company is building a competing product, you should not contribute to an open source project that would be considered a conflict of interest. I'm sure some employment agreements still include such provisions, but I haven't fielded this question in a very long time. I hope those days are behind us.

Regardless, be sure you comply with any workplace policies or intellectual property clauses you may have previously agreed to. One thing I'd mention to a manager about contributing to open source is that it's much easier to get certain features upstreamed if you're already an active member of an open source community. By enabling staff to contribute to open source projects, companies gain a seat at the table to help steer the billions of dollars in community R&D toward solving their actual business problems.

Day 3 (WEDNESDAY)

One thing I've really enjoyed about KubeCon over the years is the "Kubernetes SIG/WG Meet + Greet, Lunch and Learn." Kubernetes is a big project; getting into the groove of contributing takes some time and effort, which the Meet + Greet aims to accelerate. The goal of the Meet + Greet is two-fold: to welcome new contributors to SIGs and WGs that align with their skills and to create opportunities for contributors to meet with a given group's existing members and leaders. It's an informal but high-value working session for a given group to help new contributors get to the business of contributing. I participated in my first one back in 2018, and ever since then, this session has been a highlight of my KubeCons. Helping new folks get into the project always brings me joy.

Techstrong gang video

https://youtu.be/GWlaMJuL32g