- Velero Project Advances Toward CNCF Sandbox Governance
- VMware vSphere Kubernetes Service 3.6 Enhances Enterprise Operations with Improved Upgrades, Performance Tuning, and Ecosystem Flexibility
- New Partnerships with F5, Kong, and Tigera Expand Platform Capabilities
AMSTERDAM—KUBECON EUROPE 2026—At KubeCon + CloudNativeCon Europe 2026, Broadcom is demonstrating its commitment to the Kubernetes ecosystem through upstream community contributions, platform innovations that address real-world enterprise operational challenges, and an expanding partner ecosystem that gives customers greater choice and flexibility.
“We’re not just users of Kubernetes, we're builders and we make Kubernetes easier to run, not harder,” said Dilpreet Bindra, senior director of engineering, VMware Cloud Foundation Division, Broadcom. “As one of the top five long-term contributors to CNCF projects, our upstream work focuses on reliability, lifecycle management, and security, helping to shape how Kubernetes evolves for enterprise scale and operational resilience. From advancing Velero toward CNCF stewardship to delivering vSphere Kubernetes Service 3.6 with real operational improvements platform teams need, to opening our ecosystem to validated partners, every enhancement we ship strengthens the value of VMware Cloud Foundation for platform engineers and infrastructure professionals alike.”
Advancing Velero Toward CNCF Stewardship
Broadcom has contributed Velero to the CNCF Sandbox, where it has been accepted, marking its transition to vendor-neutral, community-driven governance. Velero is the Kubernetes-native backup, restore, and migration project. It provides platform teams with the ability to protect cluster state and persistent data, enable disaster recovery and rollback workflows, and migrate workloads across clusters and environments. Operating at the Kubernetes API layer rather than the control-plane datastore level, Velero delivers portable, application-aware backup and recovery that works consistently across cloud providers, on-premises environments, and Kubernetes distributions.
Transitioning Velero to CNCF governance will expand the project's contributor base, support open technical direction under community stewardship, and reinforce long-term sustainability. As the project progresses through the CNCF Sandbox application process, contributors and maintainers are collaborating to align governance and contribution processes with CNCF standards.
“As organizations scale their cloud native workloads, the focus is shifting from simple orchestration to long-term resilience and data management,” said Chris Aniszczyk, CTO, CNCF. “Velero provides a vital layer for backup and disaster recovery, ensuring that stateful applications remain protected. By joining the CNCF Sandbox, Velero gains a vendor-neutral home to foster community collaboration and growth.”
Making Enterprise Kubernetes More Flexible and Easier to Operate
VMware vSphere Kubernetes Service (VKS) 3.6 introduces enhancements designed specifically for the challenges platform teams face after day one—upgrading clusters safely, operating them predictably, and supporting workloads like databases and regulated applications without fragile scripts or one-off exceptions. VKS 3.6 delivers on these key capabilities and benefits:
- Kubernetes 1.35 Built for Enterprise Operations: VKS 3.6 adds support for Kubernetes version 1.35, continuing Broadcom's commitment to delivering CNCF-certified Kubernetes designed for enterprise use. Broadcom provides 24-month extended support per Kubernetes version, with overlapping version support, allowing large organizations to move teams forward on their own timelines without forcing fleet-wide upgrades or compressed maintenance windows.
- An Open, Extensible Networking Ecosystem: A supported path for partner networking add-ons allows Container Network Interface (CNI) plugins to integrate natively with VKS while staying within lifecycle and support boundaries. Platform teams can use partner-validated networking add-ons while remaining within normal lifecycle, upgrade, and support boundaries.
- Performance Tuning for Data-Intensive and Latency-Sensitive Workloads: Declarative TuneD profiles enable safe kernel and sysctl tuning for databases and high-throughput applications without unsupported host customization. This makes common scenarios straightforward and supportable—optimizing nodes for high-throughput networking, tuning memory behavior for databases and caching systems, and adjusting kernel settings for latency-sensitive workloads. The result is consistent, upgrade-safe performance tuning applied through standard Kubernetes workflows.
- Enterprise OS Choice with Support for RHEL: Red Hat Enterprise Linux (RHEL) 9 joins Photon OS 5, Ubuntu 22.04 and 24.04, and Windows Server 2022 as supported operating systems for VKS cluster nodes. RHEL can be used for both control plane and worker nodes. To support diverse application requirements within a single cluster, VKS continues to allow different node pools to run different operating systems, enabling heterogeneous clusters and gradual OS migration over time.
- Smoother Upgrades and Safer Day-2 Operations: Building on previously introduced PodDisruptionBudget pre-checks, VKS 3.6 expands upgrade readiness checks to surface common configuration conflicts before an upgrade begins. Rather than discovering blockers mid-upgrade, platform teams can identify and fix issues ahead of maintenance windows. These checks run continuously, exposing upgrade risks through the SystemCheckSucceeded Condition instead of only during upgrade execution, reducing failed upgrades and unplanned disruption.
- Security, Compliance, and Governance: VKS 3.6 makes it easier to support regulatory and security requirements without locking clusters into rigid hardening. AppArmor profile management is simplified—administrators can now define AppArmor profiles as Custom Resources and have them automatically loaded and kept in sync across all worker nodes of a cluster or for specific node pools. VKS 3.6 also improves operational autonomy, as workload cluster owners can now generate VKS support bundles without vCenter credentials, reducing friction between Kubernetes and infrastructure teams while maintaining least-privilege security.
- Centralized Firewall Management: VKS 3.6 introduces centralized, API-driven management of node-level firewall rules across all supported operating systems. Platform teams can now open required ports for HostPorts and NodePort Services through cluster configuration, instead of relying on privileged init containers or DaemonSets. For Linux nodes, VKS 3.6 also adds support for the nftables backend for kube-proxy, delivering better performance and scalability.
New Kubernetes Ecosystem Collaborations
Broadcom is expanding the VMware vSphere Kubernetes Service ecosystem with validated compatibility with many third party solutions that provide customers with greater choice and flexibility for networking, API management, and security. These partnerships reflect Broadcom's commitment to an open platform approach that supports the tools and technologies platform engineers expect.
- F5 BIG-IP Container Ingress Services (CIS): BIG-IP CIS brings enterprise-proven traffic management directly to VKS environments, enabling platform engineering teams to bridge modern containerized applications with F5 infrastructure. By connecting Kubernetes workloads to BIG-IP's advanced capabilities—intelligent load balancing, SSL/TLS offloading, web application firewall (WAF) protection, and multi-cluster traffic distribution—organizations gain consistent application delivery policies across hybrid environments. This integration ensures mission-critical Kubernetes workloads benefit from the same high availability, performance, and security controls that have protected traditional enterprise applications for decades.
- Kong API Gateway: Part of Kong Konnect, it provides a standardized ingress and traffic management layer for microservices and AI-enabled workloads running on Kubernetes environments like VKS. It combines a high-performance runtime with a SaaS-based management plane to enable secure traffic routing, policy enforcement, and governance at scale. The platform allows teams to standardize connectivity, enforce consistent policies, and gain visibility while accelerating the delivery of reliable, scalable services.
- Tigera Calico Enterprise: Built on trusted open source technologies including Calico Open Source, Istio, Envoy, and eBPF, the Calico platform combined with VKS provides platform engineering teams with a single management plane to enforce, observe, and troubleshoot all workload communication across every cluster and environment. Calico extends native VKS capabilities with enterprise-grade networking—including ingress, egress, service mesh, and multi-cluster connectivity—integrated with advanced security controls and deep observability.
Together, these validated solutions enable customers to leverage best-in-class networking, API management, and security solutions while maintaining the operational consistency and support guarantees of the VKS platform.