kubriX 7.0.0 - Open Source All the Way Down

April 14, 2026 · 4 min read

kubriX Dev, platform enthusiast

Some releases add features, others make bold architectural moves.

kubriX 7.0.0 does both: Replacing two core infrastructure components with better open-source alternatives, leveling up observability, extending high availability across even more services, and making Backstage a more powerful self-service hub.

This is the kind of release that takes courage to ship: real breaking changes, real migrations, real improvements.

🔓 Open Source First: Vault → OpenBao

The headline change in kubriX 7.0.0 is the replacement of HashiCorp Vault with OpenBao.

OpenBao is the community-driven, truly open-source fork of Vault (licensed under MPL 2.0), created after HashiCorp moved Vault to the Business Source License. For kubriX users this means:

No license restrictions - use it freely in any environment
API-compatible with Vault - familiar workflows, same secrets engine
Active community development and security maintenance

🚦 Modern Ingress: Traefik Replaces ingress-nginx

kubriX 7.0.0 ships Traefik as the new default ingress controller, replacing ingress-nginx.

Traefik brings a more cloud-native approach to ingress routing:

Native support for dynamic configuration
Built-in dashboard (optional) and observability
Better integration with the rest of the kubriX stack

A migration runbook is included in the release for existing deployments, and the kubriX support team is available to assist with a smooth transition.

📊 Observability Level-Up

Prometheus Blackbox Exporter - Now Integrated

The prometheus-blackbox-exporter is now a first-class kubriX citizen. Enable it to get out-of-the-box external probing for your services - HTTP, TCP, ICMP and more - with pre-configured dashboards and alerts.

This closes a long-standing gap: you now get both internal metrics and external availability checks from a single platform.

Grafana v11, Tempo 2.0 & More Flexible Alerting

Grafana 11.4 with a new plugin syntax and updated dashboards
Tempo 2.0 for distributed tracing - with updated configuration options
Loki topology improvements and updated scalable deployment
More flexible Grafana alert routing: alert rules are now simpler to define and can be fully managed in team-onboarding values - no more scattered configs

k8s-monitoring v4

The underlying Kubernetes monitoring chart has been upgraded to v4, bringing new features, improved stability, and a dedicated prometheus-operator-crds app to cleanly separate CRD management from the monitoring stack.

🎭 Backstage: Permissions, Policies & Better Grafana Integration

kubriX 7.0.0 lays the groundwork for fine-grained Backstage permission control:

Permission and conditional policies are now configurable - giving platform teams control over who can do what in the self-service portal
The Grafana proxy now uses a sensible internal URL default, reducing manual configuration
Global variables for catalog URLs make multi-cluster setups cleaner and less error-prone

🏆 HA for Everything

kubriX Prime customers get high availability extended to even more platform components in 7.0.0:

CloudNativePG HA configuration
Crossplane and Crossplane provider HA
Keycloak HA
Kyverno HA
External Secrets Operator HA
k8s-monitoring v4 HA settings

Combined with the HA work from kubriX 6.0.0, this means virtually every critical platform service now has a production-grade HA configuration available out of the box.

🔄 Other Upgrades

Multi-Cluster & Velero Backup for Spoke Clusters

Velero backup is now configurable for spoke clusters - data protection that follows your workloads across every cluster
Cluster-specific values files for spoke-applications give more flexibility in managing multi-cluster setups

Mimir & Loki Authentication

Mimir and Loki now support tenant credentials stored in OpenBao - making the observability stack more secure and ready for multi-tenant production environments.

E2E Testing with Playwright

The kubriX Prime CI pipeline now runs Playwright end-to-end tests, catching regressions across the full platform before they ever reach you.

Why kubriX 7.0.0 Matters

This release is about making principled choices:

Open-source where it counts → OpenBao over a BSL-licensed Vault
Better defaults → Traefik, blackbox probing, HA everywhere
Stronger operations → flexible alerting, Grafana v11, Tempo 2.0
Enterprise-ready resilience → HA for every Prime component

kubriX 7.0.0 is the most production-ready release we've shipped yet.

Upgrade to kubriX 7.0.0

Already a kubriX Prime customer? kubriX 7.0.0 is available via your Git update channel. Please review the breaking changes and migration runbooks before upgrading, or reach out to kubriX support for guided assistance.

New to kubriX? Let's talk about how to build an internal developer platform that's open, resilient, and ready for production.

kubriX 7.0.0 - open source all the way down. 🚀

🔓 Open Source First: Vault → OpenBao​

🚦 Modern Ingress: Traefik Replaces ingress-nginx​

📊 Observability Level-Up​

Prometheus Blackbox Exporter - Now Integrated​

Grafana v11, Tempo 2.0 & More Flexible Alerting​

k8s-monitoring v4​

🎭 Backstage: Permissions, Policies & Better Grafana Integration​

🏆 HA for Everything​

🔄 Other Upgrades​

Multi-Cluster & Velero Backup for Spoke Clusters​

Mimir & Loki Authentication​

E2E Testing with Playwright​

Why kubriX 7.0.0 Matters​

Upgrade to kubriX 7.0.0​