KubeCon + CloudNativeCon India 2025: Four standout Cloud-Native technologies

Introduction

KubeCon in Hyderabad this August brought together thousands of engineers to share ideas on how the cloud native ecosystem is evolving. Walking through the event, I found myself drawn to technologies that teams are adopting in new ways. These projects aren’t strictly “new”, but as a junior engineer, I was passionate about the problems they were solving.

This blog highlights four projects that I found interesting when attending talks and engaging in booth discussions at the event: Kyverno, Rook, Flatcar Container Linux and Harbor.

Kyverno: Policy as Code for Kubernetes

Overview

Kyverno is a CNCF Graduated project that provides policy management for Kubernetes using native YAML definitions. Unlike tools such as OPA/Gatekeeper, Kyverno doesn’t require learning Rego; instead, it allows policies to be expressed in the same format as Kubernetes resources.

Why it stood out at KubeCon

Kyverno featured prominently in multiple sessions at KubeCon India 2025, including talks we attended on Policy as Code and security enforcement. The emphasis was on embedding Kyverno policies directly into CI/CD and GitOps pipelines, ensuring security and compliance checks run automatically as part of the deployment workflow. This shifts enforcement to the platform layer, giving developers rapid feedback on policy violations without adding manual review steps or slowing release cycles.

How Kyverno works

Kyverno runs as an admission controller within Kubernetes. It validates, mutates, or generates resources based on defined policies. For example, it can enforce security best practices (blocking privileged containers), automatically mutate manifests (adding labels or annotations), or generate new resources (such as NetworkPolicies) when workloads are deployed.

Benefits of Kyverno

The talks I attended at KubeCon showed me that Policy as Code has been more widely adopted recently, so Kyverno is a great option for teams looking to manage Policy as Code consistently across multiple teams. Key benefits of Kyverno are that it:

• Simplifies policy enforcement with YAML based rules familiar to Kubernetes teams.
• Improves security posture by preventing misconfigurations and enforcing best practices.
• Integrates with GitOps workflows, making policies version controlled and auditable.

For more about Kyverno, see the talks below from KubeCon + CloudNativeCon India 2025:

• Kubernetes Policy as Code for Platform Engineers - Sonali Srivastava, Mohd Kamaal & Kushal Agrawal
• Guard Your Network With Kyverno and Envoy - Sanskar Gurdasani & Swastik Gour
• Keep Calm and Carry on Cluster Updates - Thanks To Kyverno Chainsaw - Vijay Dharap, Kubermatic
• Project Lightning Talk: Kyverno: Kubernetes Policy as Code Unleashed! - Mohd Kamaal, Contributor

You can find example policies in Kyverno’s website.

Rook: Storage Made Cloud-Native

Overview

Rook is a CNCF Graduated project that turns distributed storage systems such as Ceph into Cloud-Native services that can be deployed and managed within Kubernetes. It provides a Kubernetes operator to automate the tasks of provisioning, scaling, and maintaining storage clusters.

Why it stood out at KubeCon

Rook has been in the CNCF since 2018, but storage challenges in Kubernetes continue to be a barrier for adoption for companies. At its booth in Hyderabad, there were multiple conversations detailing how Rook simplifies running Ceph for production workloads, a topic which was raised by multiple engineers exploring or having challenges with stateful Kubernetes use cases.

How Rook works

Rook adds custom resources for storage clusters. Apply a manifest, and the operator provisions and manages Ceph on your behalf. It handles scaling, upgrades, and recovery, tasks that would otherwise require specialist knowledge.

Benefits of using Rook

Rook’s importance is growing as more organisations shift databases, AI/ML workloads, and analytics pipelines onto Kubernetes. Here is a list of some Rook benefits:

• It simplifies the management of complex distributed storage systems.
• It provides scalable and self-healing storage for databases, AI/ML pipelines, and data-heavy applications.
• It removes the barrier of deep Ceph expertise for platform teams

For more about Rook, see the talk below from KubeCon + CloudNativeCon India 2025:

• Rook: Intro and Deep Dive With Ceph storage - Subham Rai, Nikhil Ladha, Rakshith R, Nitin Goyal & Deepika Upadhyay

For more information you can go to Rook’s website

Flatcar Container Linux: Minimal, Secure, Immutable OS

Overview

Flatcar Container Linux is an open source, immutable Linux distribution designed for running containers at scale. It is a continuation of CoreOS Container Linux after its end of life, maintained to provide a secure, lightweight host OS optimised for Kubernetes.

Why it stood out at KubeCon

The focus at its booth this year was on reliability and security in large scale fleets. With operating systems increasingly treated as part of the platform, Flatcar’s immutable design and automated patching continue to draw attention.

How Flatcar works

Flatcar is designed with immutability and automation in mind. It uses image based updates instead of package managers, ensuring nodes are consistent and easily reproducible. It integrates with configuration management tools and supports automatic updates, enabling zero touch patching in production environments.

Benefits of Flatcar

The project shows its continued relevance as Kubernetes moves deeper into enterprise and edge environments. Flatcar reduces configuration drift and ensures a secure baseline across clusters, which one could argue matters more in 2025 than when the project first launched. Flatcar key benefits are:

• Minimal attack surface due to its stripped down design.
• Reliable and repeatable deployments thanks to its immutable image model.
• Automated updates reduce operational overhead and improve security posture, particularly for edge and cloud deployments.

For more about Flatcar Container Linux, see the talk below from KubeCon + CloudNativeCon India 2025:

• Minimal OS, Maximum Impact: Journey To a Flatcar Maintainer - Sayan Chowdhury, Microsoft

For more information you can go to Flatcar’s website

Harbor: Trusted Container Registry

Overview

Harbor is a CNCF Graduated project that functions as a Cloud-Native registry, extending Docker Distribution with enterprise grade features for security, compliance, and multi-tenancy. It has been part of the CNCF since 2018 and is now a Graduated project.

Why it stood out at KubeCon

Harbor is not a new name, but its booth conversations reflected one of the strongest industry themes this year which was “supply chain security”. With growing regulatory pressure and compliance needs, Harbor has the ability to provide scanning, signing, and policy enforcement, features which are becoming essential when building platforms.

How it works

Harbor supports role based access control (RBAC), replication across multiple registries, and integration with vulnerability scanners such as Trivy. It can sign and verify images with Notary to ensure integrity. It can replicate registries across regions or clouds, keeping images close to where they run. This helps teams enforce policy while keeping delivery pipelines fast.

Benefits

Harbor still remains relevant in the Cloud-Native lansscape. Container images remain a major attack vector, and organisations are under pressure to prove compliance. Harbor provides the governance missing from plain registries as it.

• Protects the software supply chain through image scanning and signing.
• Enables governance with fine grained access control and audit logs.
• Supports multi cloud strategies with geo replication of container images.

For more about Harbour, see the talks below from KubeCon + CloudNativeCon India 2025:

• Project Lightning Talk: What’s new in Harbor Project Updates and New Features - Prasanth Baskar
• Harbor Maintainers Talk - Role of Harbor in AI, IOT Edge and the Future - Prasanth Baskar, 8gears Explore Harbor

For more information you can go to Harbor’s website.

Closing Thoughts from a Junior Engineer

The technologies selected highlights the underlying focus from KubeCon India 2025 which was addressing different but critical areas of Kubernetes operations.

• Kyverno empowers platform teams with policy automation, ensuring workloads follow security and compliance standards.
• Rook addresses one of Kubernetes longstanding gaps by making distributed storage systems like Ceph easier to deploy and manage, enabling stateful applications to run reliably in production.
• Flatcar Container Linux strengthens the foundation with an immutable, minimal OS that reduces operational overhead while improving security and consistency across clusters.
• Harbor tackles supply chain risk, providing trusted image distribution through scanning, signing, and replication features that support enterprise governance.

Each technology demonstrates innovation to solve real business challenges, ensuring Kubernetes remains secure, scalable, and ready for production use across diverse environments.