Latest Cloud Native Updates: Istio Donation, Kotlin gRPC, Kubernetes Watch Cache, Knative 0.14, and More

Istio donation to an open‑source foundation

The Istio service‑mesh project will be transferred to an open‑source foundation, establishing a neutral governance model and a long‑term development roadmap.

Kotlin gRPC open‑source

Kotlin gRPC has been released under an open‑source license, enabling developers to implement gRPC servers and clients directly in Kotlin, which is now the second‑most popular language on the JVM.

Upstream Kubernetes API server enhancements

Dynamic watch‑cache sizing

The API server can now adjust the size of each resource’s watch cache at runtime based on observed write‑rate and memory pressure. This removes the need to set a static value with --watch-cache-sizes, reduces “resource version too old” errors during high‑frequency updates, and improves overall memory utilization.

Periodic watch bookmarks

To avoid client‑side watch failures when the watch cache shrinks, the API server emits a Bookmark event to every active watch once per minute. Clients that receive a bookmark can safely continue watching without re‑establishing the watch.

Dynamic authentication configuration

Authentication mechanisms (e.g., webhook token auth, OIDC) can now be modified through the Kubernetes REST API without restarting the API server. Administrators can POST or PATCH the authentication.k8s.io/v1 configuration resources to change auth providers on‑the‑fly.

Knative 0.14.0 release

Knative Serving

Version 0.14.0 was released on 14 April 2023.

The storage version for all custom resources is now v1, simplifying API compatibility.

Network integration components (e.g., net-istio, net-contour) have been moved to external repositories, allowing independent versioning.

Scaling improvements include more aggressive concurrency autoscaling and reduced cold‑start latency.

Knative Eventing

Version 0.14.0 adds multi‑tenant broker support, enabling isolated event pipelines for different teams or namespaces.

Istio xDS v3 implementation plan (Pilot 1.7)

The Istio community is debating whether Pilot should support both xDS v2 and xDS v3 or drop v2 entirely:

Support both v2 and v3 – Increases code size and test surface, creating technical debt and more complex upgrade paths.

Support only v3 – Simplifies the code base but requires users to adopt canary or revision‑based rollout strategies to handle the breaking change.

The discussion is ongoing.

Open‑source project recommendations

Gatekeeper – Uses OPA Rego policies to implement dynamic Admission Webhooks. Currently provides Validating Admission; Mutating support is under development.

Scheduler‑plugins – Extends the Kubernetes Scheduler via the new Scheduler Framework, allowing custom placement logic.

external‑dns – Automatically synchronizes Service and Ingress IP addresses to DNS providers across major cloud platforms.