Skip to main content

Introducing KubriX 2.1 – Smarter Automation, Stronger Security, Seamless Scaling!

· 3 min read
Johannes Kleinlercher
Johannes Kleinlercher
kubriX Dev, platform engineer, systems architect

Just one month after our major KubriX 2.0 release, we’re back with another power-packed upgrade: KubriX IDP-Distribution 2.1 is here!

This release brings enhanced automation, improved platform stability, stronger team isolation, and security features that help your application teams move faster — with confidence.

What’s New in KubriX 2.1?

Automation, Automation, Automation

We believe in empowering teams to focus on building, not configuring. That’s why we’ve taken automation to the next level:

  • ArgoCD repo credentials are now created automatically for your team repos.
  • Spoke cluster registration in Vault is fully automated, along with SecretStore creation in each team’s namespace. Teams just need to define ExternalSecret resources — no more manual Vault configuration!

Rock-Solid Stability

We’ve tightened the bolts to ensure your GitOps flows are more robust and predictable:

  • Crossplane health checks are now fully integrated into ArgoCD’s status evaluations.
  • ArgoCD application health checks have been extended to verify complete sync status — especially useful when using sync-waves.

Stronger Team Isolation

Secure, scalable, and clean boundaries between teams are key to platform success. With 2.1, we’re one step closer to full multi-tenancy:

  • Each team now gets dedicated AppSet access tokens, eliminating the need for organization-wide tokens.
  • Vault roles and policies are team-specific, ensuring secrets stay where they belong.
  • Kargo Git credentials are scoped per team, isolating promotion pipelines to their respective repositories.

Sneak peek: KubriX 3.0 will bring even more powerful team isolation features!

Built-In Security

Security shouldn’t be optional—it should be default. KubriX 2.1 introduces:

  • A restructured Kyverno policy architecture
  • The ability to auto-generate deny-all network policies to enforce micro-segmentation

Stay tuned — more default policies are coming in future releases to lock down your platform effortlessly.

Updates Galore

We’ve refreshed the entire KubriX stack with the latest upstream Helm charts, so you’re always running the latest and greatest:

  • falco, grafana, loki, trivy-operator, kargo
  • argo-cd, cert-manager, external-dns, external-secrets
  • k8s-monitoring, cost-analyzer, and more

Why This Release Matters

  • Instant secrets access: Teams can immediately use Vault secrets from spoke clusters—no manual config needed.

  • Improved GitOps reliability: ArgoCD now waits for real readiness before marking apps as healthy.

  • Secure by default: Automated deny-all network policies and scoped permissions reduce blast radius and human error.

  • Frictionless onboarding: New teams and clusters can be onboarded and deployed without platform team intervention.

Getting Started with KubriX 2.1

  • Already a KubriX Prime customer? You’ll receive KubriX 2.1 automatically via your Git update channel — upgrade today!

  • Curious about KubriX? Reach out to us to schedule a demo.

  • Love what we’re building? Show your support with a ⭐ on our GitHub repo!

Experience faster, smarter, and more secure application delivery with KubriX 2.1 — your cloud-native developer platform, reimagined.