We’re thrilled to announce the release of KubriX 3.0 — our most powerful and enterprise-ready version yet!

This release brings granular RBAC with OIDC integration, automated alerting for Kubernetes issues, and a host of internal security upgrades to streamline platform operations at scale.

What’s New in KubriX 3.0?​

Enterprise-Grade Team Isolation with OIDC & RBAC​

With KubriX 3.0, we’ve introduced centralized identity and access management across all major platform services. Teams and team members are now onboarded with roles like admin, editor, and viewer, giving them access only to what they need — nothing more.

Team-scoped access now works seamlessly across:

• Backstage
• ArgoCD
• Kargo
• Grafana
• Vault
• MinIO

This helps enforce least-privilege access and keeps environments clean, focused, and secure — whether you're part of a delivery team or the platform team.

Automatic Alerting: Be Informed When It Matters​

Stop staring at dashboards. KubriX 3.0 brings integrated Grafana Managed Alerts so teams get notified automatically when common Kubernetes issues occur — from misconfigured workloads to resource bottlenecks.

Each team can customize how and where they want to receive alerts — email, Slack, or any alerting backend. Stay ahead of issues before they impact users.

Improved Supply Chain Security​

We’ve also tightened security within the KubriX platform itself:

Our internal CI/CD pipeline now tracks CVE changes for every platform service update — helping prioritize critical patches faster.

Secrets management is smarter: more services now pull secrets securely from Vault — either user-defined or auto-generated and injected via push-secrets.

Always Up-to-Date​

KubriX 3.0 ships with the latest stable versions of all core platform services, including:

ArgoCD, Backstage, CloudNative-PG, External-Secrets, Falco-Exporter, Grafana, Ingress-nginx, K8s-Monitoring, Keycloak, Velero, Cost-Analyzer, Crossplane, Loki, PGAdmin4, PostgreSQL, Tempo, Trivy-Operator, KubeVirt, KubeVirt-Manager — and more.

Keeping platform services current is hard. With KubriX, it’s effortless.

Why This Release Matters​

• Stronger Access Controls: Least-privilege principles are enforced by design — boosting security and usability for every team.

• Proactive Operations: Built-in alerting means fewer surprises and faster recovery times.

• Secure by Default: From CVE tracking to Vault-based secrets, KubriX 3.0 strengthens your software supply chain.

• Future-Proof: You’re always running the latest and most secure platform stack — without the manual overhead.

Get Started with KubriX 3.0​

• Already a KubriX Prime customer? You’re getting KubriX 3.0 automatically via your Git update channel — no action needed.

• New to KubriX? Schedule a demo to see how we can accelerate your platform engineering journey.

• Like what we’re building? ⭐ us on GitHub!

KubriX 3.0 — Your internal developer platform for faster, smarter, and more secure application delivery.

Just one month after our major KubriX 2.0 release, we’re back with another power-packed upgrade: KubriX IDP-Distribution 2.1 is here!

This release brings enhanced automation, improved platform stability, stronger team isolation, and security features that help your application teams move faster — with confidence.

What’s New in KubriX 2.1?​

Automation, Automation, Automation​

We believe in empowering teams to focus on building, not configuring. That’s why we’ve taken automation to the next level:

• ArgoCD repo credentials are now created automatically for your team repos.
• Spoke cluster registration in Vault is fully automated, along with SecretStore creation in each team’s namespace. Teams just need to define ExternalSecret resources — no more manual Vault configuration!

Rock-Solid Stability​

We’ve tightened the bolts to ensure your GitOps flows are more robust and predictable:

• Crossplane health checks are now fully integrated into ArgoCD’s status evaluations.
• ArgoCD application health checks have been extended to verify complete sync status — especially useful when using sync-waves.

Stronger Team Isolation​

Secure, scalable, and clean boundaries between teams are key to platform success. With 2.1, we’re one step closer to full multi-tenancy:

• Each team now gets dedicated AppSet access tokens, eliminating the need for organization-wide tokens.
• Vault roles and policies are team-specific, ensuring secrets stay where they belong.
• Kargo Git credentials are scoped per team, isolating promotion pipelines to their respective repositories.

Sneak peek: KubriX 3.0 will bring even more powerful team isolation features!

Built-In Security​

Security shouldn’t be optional—it should be default. KubriX 2.1 introduces:

• A restructured Kyverno policy architecture
• The ability to auto-generate deny-all network policies to enforce micro-segmentation

Stay tuned — more default policies are coming in future releases to lock down your platform effortlessly.

Updates Galore​

We’ve refreshed the entire KubriX stack with the latest upstream Helm charts, so you’re always running the latest and greatest:

• falco, grafana, loki, trivy-operator, kargo
• argo-cd, cert-manager, external-dns, external-secrets
• k8s-monitoring, cost-analyzer, and more

Why This Release Matters​

• Instant secrets access: Teams can immediately use Vault secrets from spoke clusters—no manual config needed.

• Improved GitOps reliability: ArgoCD now waits for real readiness before marking apps as healthy.

• Secure by default: Automated deny-all network policies and scoped permissions reduce blast radius and human error.

• Frictionless onboarding: New teams and clusters can be onboarded and deployed without platform team intervention.

Getting Started with KubriX 2.1​

• Already a KubriX Prime customer? You’ll receive KubriX 2.1 automatically via your Git update channel — upgrade today!

• Curious about KubriX? Reach out to us to schedule a demo.

• Love what we’re building? Show your support with a ⭐ on our GitHub repo!

Experience faster, smarter, and more secure application delivery with KubriX 2.1 — your cloud-native developer platform, reimagined.

We are thrilled to announce the release of KubriX IDP-Distribution 2.0! Following the successful launch of version 1.0 in January, our February release takes the platform to the next level with game-changing features, enhanced automation, and seamless enterprise integration.

What’s New in KubriX 2.0?​

Cutting-Edge Platform Updates​

KubriX 2.0 brings dozens of updates to the latest and greatest versions of our underlying platform services, including ArgoCD, Crossplane, Grafana, Mimir, Tempo, Vault, Velero, and more. Expect improved stability, performance, and security with this release.

Seamless Hub & Spoke Support for Developers​

We’ve made Hub & Spoke topologies first-class citizens in KubriX, simplifying application deployment and team collaboration across different environments.

• Out-of-the-box support for Hub & Spoke setups across team onboarding, app onboarding, and app delivery workflows.

• Cluster label-based targeting, allowing you to select target clusters effortlessly.

• Automatic propagation of cluster-specific information (like ingress domains) to apps, removing the need for developers to handle complex configurations.

ArgoCD SSO with Keycloak – Now Built-In​

Identity management just got easier! ArgoCD SSO with Keycloak is now integrated out of the box, ensuring a seamless authentication experience for your teams.

Why Does This Matter?​

For enterprises managing multiple clusters and applications, a Hub & Spoke architecture is the gold standard. In KubriX 2.0:

• The central hub hosts core services like KubriX Delivery, KubriX Observability, and KubriX Portal.

• The spokes run customer applications and KubriX spoke agents, providing clear separation of concerns and scalable operations.

Without KubriX, deploying applications across multiple environments can mean complex and repetitive configurations. Developers often need to manage tedious details like cluster names, API URLs, and ingress domains manually.

With KubriX 2.0, developers only define app deployment stages (e.g., test → nonprod, QA → nonprod, prod → prod) in their GitOps repo — everything else happens automatically. This removes unnecessary complexity, boosting developer productivity and streamlining delivery pipelines.

And of course, KubriX Observability and Security detect new applications automatically, providing instant insights via Grafana dashboards.

How to Get Started​

• Existing KubriX-Prime customers will receive KubriX 2.0 automatically through their Git update channel and can apply the upgrade today.

• Interested in KubriX? Contact us to learn more and leave us a ⭐ on our GitHub repo!

Experience faster, smarter, and more efficient application delivery with KubriX 2.0 — your cloud-native developer platform, redefined!

At kubriX, we hold a strong belief in the transformative power of Open Source software. Our commitment goes beyond just using these tools — we actively contribute to the Open Source projects that drive our platform forward.

However, as anyone familiar with Open Source knows, new releases sometimes come with unexpected bugs. This is a natural part of the development process, and it’s up to the community to address and improve these issues. As the saying goes, "Open Source software is free as in freedom, not free as in free beer."

kubriX is designed to help platform teams manage these risks and reduce the effort required to update OSS platform services. Our goal is to make platform updates smooth and hassle-free for our customers.

Here are two recent examples of how kubriX has proactively supported our customers during Open Source updates:

ArgoCD v2.13.0 Bug Mitigation​

The release of ArgoCD v2.13.0 introduced a bug where Pod Disruption Budgets (PDBs) led to degraded applications. This issue, documented in this GitHub issue, had the potential to disrupt application health. At kubriX, we took a proactive approach, ensuring our customers’ environments were not affected. Instead of updating directly to v2.13.0, we held back until the release of ArgoCD v2.13.1, which included a fix for the PDB issue. By doing so, we saved our customers from experiencing this problem and the time-consuming process of troubleshooting it.

Grafana Tempo v2.6.1 Breaking Change​

Another instance occurred with the release of Grafana Tempo v2.6.1. This update introduced a breaking change in the configuration for tempo queries. While the Grafana Tempo Helm Chart v1.14.0 updated to the new tempo binary (v2.6.1), it still assumed compatibility with the previous configuration. As a result, deployments failed to start correctly, causing a complete service disruption for affected users.

kubriX identified this issue early and took swift action. We decided to withhold updates to the new Helm Chart version until a proper fix was available. In the meantime, we have been actively supporting the maintainers of Grafana Tempo to resolve the issue.

How kubriX Supports Your Platform Stack​

These examples illustrate why kubriX is a vital partner in maintaining and updating your platform stack. We go beyond providing software updates — we provide proactive support, risk mitigation, and community contributions that ensure your platform runs smoothly. With kubriX, your platform teams can focus on innovation instead of firefighting unexpected issues from OSS updates.

kubriX is a curated, opinionated, and highly flexible distribution for Internal Developer Platforms (IDPs). But why do platform teams need an IDP distribution in the first place?

If you recognize that platform engineering and modern platforms—often referred to as Internal Developer Platforms—can help you deliver exceptional digital products faster, more securely, reliably, and at a lower cost, the next question is: how do you get started?

Building an Internal Developer Platform (IDP) requires many building blocks. Nowadays, the foundational operational platform is typically Kubernetes or OpenShift, as it provides an excellent abstraction layer for the underlying infrastructure, allows for full automation through APIs, and is highly extensible. However, this foundation alone isn’t sufficient to fully leverage the benefits of a platform.

To address this, an entire ecosystem of projects and products has emerged under the Cloud Native Computing Foundation (CNCF), each catering to various aspects like security, observability, cost management, application delivery, and more.

As a platform or infrastructure team within an organization, you're often faced with a mountain of new—and sometimes quite complex—tasks, along with a completely new way of managing infrastructure and applications. You need to evaluate tools, understand how to install and maintain them, integrate them together, and configure everything so that it functions as intended.

This process can take years before your organization has a fully operational platform that is embraced by developers and engineers and runs smoothly.

With kubriX, we can shorten this timeline from years to weeks or just a few months. We pre-select the tools, integrate them, and configure them to work seamlessly together, creating a comprehensive solution. Our extensive expertise in software delivery, security, compliance, and observability ensures that these tools provide real value to the organization, adhering to best practices and state-of-the-art standards. In essence, kubriX makes numerous open-source projects "production and enterprise ready" for your platform.

Moreover, kubriX reduces ongoing operational costs associated with platform management. We handle component updates, quality assurance, and vulnerability management while also alerting you to breaking changes. When bugs are discovered, we often take on the communication with project maintainers, which can be a significant burden for platform teams.

Despite its comprehensive nature, kubriX remains highly flexible and customizable to meet your specific needs. If you already have an observability tool in place, for instance, we can integrate it and disable our default component.

Much like Red Hat provides a Linux distribution that saves you the hassle of compiling the kernel and selecting necessary additional tools for your operating system, kubriX offers an IDP distribution that can be quickly and easily installed on your infrastructure, allowing you to enjoy the benefits of a modern platform right away.

As for the name: we refer to these predefined, curated components of our platform as "Bricks," and that’s how we arrived at the product name "kubriX."

An IDP often consists of several products or opensource projects. Updating those components is one thing your platform team needs to do regularly for several reasons:

• get the newest features
• get bug fixes to increase stability
• get security fixes to fulfill your vulnerability mgmt

Those updates can be time-consuming and error-prone. However, kubriX keeps your platform up-to-date and our quality checks dramatically reduce your efforts and deployment risks.

As the following real life example shows, sometimes updates can be really hard.

Recently a new version from Grafana Mimir Helm-Chart 5.5.0 was released. I don't know wether you are a person who really evaluates changelogs before updates, but also if you did read the Changelog for 5.5.0, you won't recognize any breaking changes.

However, the first time you would probably recognize a problem is that your Grafana Mimir ArgoCD application stays OutOfSync forever. If you take a closer look to the diff, you will see:

green (right side) is desired state, left is current state.

You then probably ask yourself and your team mates why the hack this app doesn't sync anymore. Are there some conflicts with another app overriding this configuration? Is the Grafana Agent Operator overriding the GrafanaAgent instance? Is your GrafanaAgent CRD not compatible with this new GrafanaAgent after update? Where is this CRD defined? Do I need to have a look at new sync options ArgoCD provides (and they provide a lot of them)?

Believe me, this problem will take you hours even though you are very experiences, unless you have the right guess in the first place.

The problem was, that the GrafanaAgent CRD supports the attribute topologySpreadConstraints, but the indentation in the GrafanaAgent CR was wrong in Mimir 5.5.0. So it was not compliant to the GrafanaAgent CRD spec.

However, why did ArgoCD just show a OutOfSync problem? This is actually an open issue in ArgoCD.

When you apply the manifests manually, you would see

Error from server (BadRequest): error when creating "STDIN": GrafanaAgent in version "v1alpha1" cannot be handled as a GrafanaAgent: strict decoding error: unknown field "spec.containers[1].topologySpreadConstraints"
and indeed topologySpreadConstraints is not a valid attribute inside containers attribute.

The benefits of kubriX

We do those update tests for you already and will check already lots of things what otherwise your platform team needs to do. Only when our quality gates show a green light we integrate those new versions in our kubriX platform.

When we recognize problems like this above, we will open an issue on the original upstream project and help to solve this problem together with the maintainers.

Only for this problem above you will save at least 3-4 days updates, troubleshooting, communication with the community, and fixing the updates.

You can see our real life tests and investigations in this renovate PR

Team Topologies gave the platform engineering topic a huge momentum in 2019. And it hasn't lost its popularity since then.

As Team Topologies say:

Organizations that adopt a "platform as a product" approach can fundamentally transform and accelerate the value realization from their digital product development.

What are the benefits?​

Implementing this platform principles leads to the following positive business impacts which are consistently seen:

• 30% faster transformation implementation with Team Topologies, enabling quicker time-to-market for new offerings.

• 25% reduction in context switching and a subsequent 20% increase in overall productivity among teams adopting Team Topologies.

• 40% drop in deployment failures and a 35% decrease in mean time to recovery, bolstering organizational resilience through the adoption of Team Topologies.

Which technology should we use?​

The platform manifest makes it clear that it is not about technology in the first place. Still, Kubernetes is widely being used as a base platform for very good reasons. It perfectly abstracts infrastructure and has a flexible API. However, it is not a software delivery platform by itself. Companies still need to build their platform on top of this base platform - a thing which is called nowadays "Internal Developer Platform" (IDP).

The building blocks of these platforms are often projects of the CNCF landscape or also commercial products in the cloud-native space.

However, CNCF doesn't give you advices which tools to use, and there are a lot! So it is still the companies job to evaluate projects and products, decide which ones are trustworthy and can help. Then they need to combine, configure and integrate them in a way that it feels like one curated product with high dev experience.

Build or buy - or both?

Building such a IDP takes time, expertise and experience - so it is worth to look for a company which helps you building such a product - an IDP distribution!

kubriX is a curated, opinionated, yet highly flexible IDP distribution, build from predefined bricks for Kubernetes.

We're thrilled to announce the official launch of our latest product - kubriX platform!

Introducing kubriX: Our exciting new platform!​

After months of hard work and dedication, we’re excited to share something that truly reflects our passion for innovation and our commitment to delivering open-source solutions.

What is kubriX?

kubriX is designed to streamline and enhance your workflow, making it easier than ever to deliver your software. Our curated set of tools is tested for compatibility across the entire application lifecycle. Whether you’re a small team or a large organization, kubriX adapts to your needs, helping you stay focused and productive.

Why we love kubriX?

From the very beginning, we poured our hearts into developing kubriX. We’re genuinely excited about how it empowers users to achieve their goals more efficiently. The positive feedback we’ve received from early testers has only fueled our enthusiasm. It’s rewarding to see our vision come to life!

A commitment to evolution

At our core, we believe that great products are never truly finished. With kubriX, we’re committed to continuous improvement. We have a roadmap filled with exciting updates and new features based on user feedback and industry trends. Your input will play a crucial role in shaping the future of the platform, and we can’t wait to see where it takes us!

Join us on this journey

We invite you to explore the kubrix Platform and discover its capabilities for yourself. As we embark on this journey, we’re excited to share updates, tips, and success stories from our customers and community.

Together, we can make kubriX even better!