What’s new with Microsoft in open-source and Kubernetes at KubeCon + CloudNativeCon Europe 2025

I am thrilled that the Microsoft Azure team is joining the community again at this year’s KubeCon + CloudNativeCon Europe 2025 in London! We have exciting new enhancements and innovations to share and can’t wait to showcase all the updates in Azure and Azure Kubernetes Service (AKS), as well as our ongoing contributions to the cloud native community.

I have talked previously on this blog about Microsoft’s commitment to supporting and driving innovation in the cloud native ecosystem through contributions and leadership from engineers across Azure. Since my last update at KubeCon + CloudNativeCon North America 2024, we have continued our investments in growing existing CNCF projects, while also launching new projects to meet the community’s evolving needs.

To that end, we turned to the recent Cloud Native Computing Foundation (CNCF) Ecosystem Gaps report, which highlights security, complexity, and cost management as the top three gap areas in the ecosystem. These areas are where our teams are focusing their efforts to help improve end user experiences.

Enhancing security for Kubernetes environments

In the context of today’s complex ecosystems, security is a fundamental necessity and undeniably a huge area of concern for teams building and running cloud native solutions. Microsoft has made several key contributions to enhancing security for Kubernetes environments:

• Istio’s ambient mode, now generally available, is a new feature that provides mTLS, traffic management, and observability with lower cost and operational overhead than ever before.
• Hyperlight (recently accepted into the CNCF Sandbox) is a Rust library for executing small, embedded functions using hypervisor-based protection for each function call at scale.
• Hyperlight-Wasm enables any programming language compiled to a WebAssembly component to execute in a protected Hyperlight micro-VM using Wasmtime.
• Ratify is a verification engine as a binary executable and on Kubernetes, which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create. We recently added capabilities to enhance Ratify’s contributions to supply chain security.
• Ensure Secret Pulled Images, in alpha, enhances security in Kubernetes by restricting Kubelet-pulled images to workloads sharing credentials in IfNotPresent/Never scenarios.
• Projected Service Account Tokens for Kubelet Image Credential Providers is another Kubernetes feature we’ve brought to alpha, which enables secure workload identity for image pulls by allowing Kubelet to exchange ServiceAccount tokens for credentials.
• ClusterTrustBundle, in beta, provides a more stable API for easier X.509 certificate trust distribution in Kubernetes.

Managing complexity in a cloud native ecosystem

The ever-increasing complexity of the cloud native ecosystem is a perennial challenge (we have all seen the CNCF’s expansive Cloud Native Landscape diagram), and projects and tools that streamline that complexity make it simpler to build, run, and manage Kubernetes workloads anywhere. Notable contributions to help address complexity include:

• Drasi (recently accepted as a CNCF Sandbox project) is a change data processing platform that automates real-time detection, evaluation, and meaningful reaction to events in complex, event-driven systems.
• KubeFleet (recently accepted into the CNCF Sandbox) is a cloud native solution tailored for the at-scale management of applications running in multiple Kubernetes clusters, providing orchestration and coordination of applications across a fleet of Kubernetes clusters.

Cost management capabilities

Evolving economic conditions mean that cost management is front of mind for many organizations and teams. We are active contributors to several features and projects that help with cost-management capabilities:

• Dynamic Resource Allocation (DRA) allows dynamic allocation of specialized hardware resources beyond traditional CPU and memory, like GPUs and FPGAs, enabling better resource usage and reducing idle hardware. The goal of this is to simplify the integration of specialized accelerators for hardware vendors without changing Kubernetes core components. In response to community feedback, DRA introduced a revised API in v1.31 and has reached beta in v1.32. We’re working with the community to improve DRA’s stability, aiming for general availability
• Karpenter enables maximally cost-efficient, fully automatic node infrastructure to run your workloads. The project continues to evolve at the speed of Kubernetes, incorporating the latest scheduling features (such as new topologySpread constraints), and focusing on stability and performance.
• Cluster Autoscaler continues to fulfill its role as the de facto Kubernetes node autoscaler, delivering functional support for DRA in its v1.32 release.
• SpinKube (newly joining the CNCF Sandbox) allows for running serverless WebAssembly workloads in Kubernetes, offering the option of more performant and secure serverless scenarios in Kubernetes.

Our commitment to building in the open

While I have highlighted some of our recent work on CNCF projects that help address the challenges of security, complexity, and cost-optimization here—this is certainly not an exhaustive view of the broader work that our team does in the community. In fact, Microsoft has been one of the most active contributors to CNCF projects over the last year! We create and contribute to several CNCF projects, including:

• Graduated (containerd, Cilium, Dapr, Envoy, Helm, Istio, KEDA, Kubernetes, and Open Policy Agent).
• Incubating (Flatcar, Notary Project, and OpenCost).
• Sandbox (Copa, Drasi, Eraser, Headlamp, Inspektor Gadget, KubeFleet, Kubernetes AI Toolchain Operator (KAITO), OCI Registry as Storage (ORAS), Radius, Ratify, SpinKube, VS Code Kubernetes Tools, and Hyperlight).

Whether it be serving on the CNCF’s Technical Oversight Committee, as Special Interest Group Chairs and Tech Leads, or contributing as maintainers on a wide variety of ecosystem projects, Azure team members chop wood and carry water to keep our open source communities running smoothly.

You can meet many of our contributors in the Azure booth and Project Pavilion at KubeCon!

Azure Kubernetes Service announcements

In addition to our work in the upstream community, I am happy to share several new capabilities in Azure Kubernetes Service (AKS). Our customers can take advantage of improved AI capabilities, enhanced security and networking, simplified multi-cluster operations, and better cost efficiency.

Improved AI capabilities

AI continues to play a pivotal role in driving innovation and maintaining competitiveness. We are introducing several new AI capabilities that underscore the importance of advanced search, high-throughput model inferencing, and customizable setup, including:

• Retrieval-augmented generation (RAG) in the Kubernetes AI Toolchain Operator (KAITO) enables advanced search capabilities using open-source KAITO on your AKS cluster.
• Default inference with vLLM with the AI toolchain operator add-on offers significantly faster time to process incoming requests and greater flexibility in API and model selection.
• The ability to install custom GPU drivers for a more customizable setup.

Enhanced networking and security

Robust security and reliable networking are critical not only for protecting applications and data, meeting compliance requirements, and ensuring seamless connectivity, but are also essential for maintaining trust with users and stakeholders. Some recent networking and security enhancements in AKS include:

• Network isolated clusters, now generally available, simplify the process of restricting network access and reduce the risk of unintentional exposure of public endpoints.
• Improved load balancing and support for multiple load balancers allow for better scalability and flexibility.
• Improved network endpoint management with Cilium Endpoint Slices and broader networking improvements, including support for dual-stack networking.
• Advanced Container Networking Services enhancements provide fine-grained control over application traffic and detailed network traffic logs for better security auditing and performance analysis.

Simplified operations management at scale

Managing multi-cluster Kubernetes environments at scale means keeping configurations consistent and secure across clusters, while also ensuring smooth monitoring and data handling. New capabilities to enable teams to manage more efficiently at scale include:

• Multi-cluster auto-upgrade in Azure Kubernetes Fleet Manager, now generally available, makes it simpler to safely and predictably update Kubernetes and node images in multi-cluster environments. Additionally, multi-cluster workload rollout strategies and eviction controls improve operational efficiency and control.
• Deployment recommendations ensure seamless cluster creation, even when the selected SKU is unavailable, by suggesting alternative SKUs based on available capacity.
• AKS communication manager simplifies maintenance notifications and monitoring by providing timely alerts and detailed failure reasons, reducing operational hassles and enhancing observability.

Greater visibility and cost efficiency

AKS is also introducing additional metrics and efficiency features to enable advanced observability and cost management. These include cost recommendations tailored to your cluster configuration, new Azure platform metrics for monitoring control plane components, and seamless monitoring for Java and Node microservices through auto-instrumentation.

Additionally, the Microsoft GitOps team is announcing the Private Preview of ArgoCD, delivered as a cluster extension across AKS and Arc-enabled Kubernetes, offering easy deployment, official support, and enhanced security for an enterprise-grade GitOps experience from cloud to edge.

We’re excited to meet up with you at KubeCon + CloudNativeCon

The Azure team is excited to be at KubeCon + CloudNativeCon Europe 2025, and I hope that you are too! There are many ways you can connect with our team in London:

• Don’t miss the keynote with Microsoft speaker: On Wednesday, April 2, 2025, at 9:49 AM BST, Andrew Randall will deliver a keynote on evolving the Kubernetes user experience.

• Swing by the Expo Theatre for a demo of KubeFleet—The Future of Multi-Cluster Kubernetes Application Management on Thursday, April 3, 2025, at 1:15 PM BST.
• Visit our booth (N150): Watch live demos, chat with experts, enjoy cool swag, and compete in Kubernetes Trivia for exclusive prizes!
• Check out these sessions: Microsoft has speakers in over 35 sessions throughout the conference on a variety of topics, including:
  • Sidecarless Service Mesh
  • Copacetic
  • Identity-based Authorization
  • Ratify
  • WebAssembly
  • containerd
  • Notary Project
  • Headlamp
  • OpenTelemetry
  • confidential containers
  • Inspektor Gadget

And more!

The team can’t wait to meet you and hear your thoughts.

Happy KubeCon + CloudNativeCon!

Microsoft Azure at KubeCon Europe 2025

Join us at KubeCon Europe 2025 in London, UK, from April 1-4.

Join us here

Brendan Burns

Corporate Vice President, Azure OSS and Cloud Native, Microsoft

Brendan Burns is a co-founder of the Kubernetes open source project and corporate vice president for Azure cloud-native open source and the Azure management system including Azure Arc. He is also the author and co-author of several books on Kubernetes and distributed systems. Prior to Microsoft he worked on Google web search infrastructure and the Google cloud platform. He has a PhD in Robotics from the University of Massachusetts Amherst and a BA in Computer Science and Studio Art from Williams College.

See more articles from this author