AWS open sources Firecracker, the lightweight microVM technology behind Lambda and Fargate, designed for fast startup and strong isolation with minimal overhead.
Network Policies provide pod-level network segmentation in Kubernetes, enabling micro-segmentation and defense-in-depth security strategies.
Istio 1.0 graduates the service mesh to production readiness with stable APIs, security hardening, and Kubernetes-native operations.
Falco provides runtime security monitoring for Kubernetes, detecting anomalous behavior and security threats in real-time through system call monitoring.
Google open sources gVisor, a userspace kernel that sandboxes containers with stronger isolation than runc—useful for multi-tenant clusters, CI runners, and serverless-style workloads.
Kubernetes 1.10 promotes CSI and local persistent volumes to beta, introduces pod priority & preemption, dynamic kubelet configuration, and tighter security integrations for production clusters.
Cilium 0.9 delivers production-ready eBPF datapath, HTTP-aware network policy, and kube-proxy replacement previews—setting the stage for the 1.0 release.
Harbor 1.2 delivers role-based access control, vulnerability scanning and replication policies—turning the open-source registry into a production-ready companion for Kubernetes.
Role-Based Access Control (RBAC) reaches General Availability in Kubernetes 1.8, providing fine-grained authorization for users and service accounts.
Kubernetes 1.8 delivers major enhancements in security (RBAC GA, certificate rotation), workload APIs, runtime choices (CRI-O) and overall project maturity.