Over the past two weeks, the DevOps and platform engineering ecosystem has shipped a remarkable cluster of major releases. Flux hit v2.9 with a brand-new CLI plugin architecture. Argo CD pushed v3.5 into release-candidate status with long-awaited UI and security features. Tekton Pipelines shipped v1.14 with nested pipeline composition. HashiCorp opened Infragraph to limited availability and published real-world patterns for its Terraform MCP server. And GitHub eliminated PAT friction for Copilot CLI in Actions.
For platform teams already juggling Kubernetes sprawl, AI workloads, and compliance mandates, these updates are not just version bumps. They represent a maturing of the GitOps operating model, better security defaults, and the first concrete signs of how AI agents will interact with infrastructure code.
Flux 2.9: A Plugin System and Smarter Drift Control
Flux v2.9, released June 30, ships with one of the most significant architectural additions to the project in years: a CLI plugin system. Built on RFC-0013, the system lets teams extend the flux command with independently versioned binaries that register as native subcommands. The project ships two official plugins out of the gate.
The Mirror plugin declaratively mirrors Helm charts, OCI artifacts, and container images between registries. It supports multi-architecture images, HTTP/S-to-OCI Helm chart conversion, signature verification, and cloud workload identity authentication. For teams running air-gapped clusters or maintaining private artifact caches, this removes the need for standalone mirror tooling.
The Schema plugin validates Kubernetes manifests against JSON schemas and CEL rules, shipping with built-in schemas for Kubernetes, OpenShift, Gateway API, and Flux CRDs. It integrates with CI via GitHub Actions or Docker, giving teams a schema-aware gate before manifests ever reach a cluster.
Installation is straightforward:
# Search available plugins
flux plugin search
# Install and pin a plugin
flux plugin install schema@0.5.0
Beyond plugins, Flux 2.9 introduces server-side apply field ignore rules. In previous versions, Flux would aggressively try to revert fields managed by other controllers, such as replicas touched by a Horizontal Pod Autoscaler or certificates injected by an admission webhook. The new Kustomization.spec.ignore API lets operators declaratively exclude specific fields from drift detection and apply, making it much easier to combine GitOps with autoscalers, service meshes, and mutating webhooks.
Security also gets a boost. SOPS decryption now supports the Age post-quantum cipher, and kustomize-controller can authenticate to OpenBao and HashiCorp Vault using Kubernetes Workload Identity, eliminating long-lived Vault tokens from cluster secrets.
Helm users should note a breaking change: the default Helm post-render strategy has shifted from nohooks to combined, meaning hooks are now included in post-rendering by default. Teams relying on the old behavior should set nohooks explicitly before upgrading.
Argo CD 3.5: Impersonation, Source Hydration, and a Real ApplicationSet UI
Argo CD v3.5 entered release candidate on June 16, with a GA target of August 4. The release addresses several long-standing community requests.
User impersonation is now in beta. In multi-tenant environments, Argo CD can assume different user identities when performing server-side operations like viewing logs, deleting resources, or syncing applications. This means actions execute with the correct user context for audit logging and RBAC enforcement, rather than running under the Argo CD service account.
The Source Hydrator also advances to beta, now supporting separate repositories for dry and hydrated manifests. Teams can keep source manifests in one repository while writing hydrated output to another, and configure source integrity checking to verify signed commits before hydration. This supports advanced multi-repository GitOps patterns without sacrificing supply-chain security.
Perhaps the most user-visible change is the new ApplicationSet UI. ApplicationSets have always been powerful but awkward to work with in the browser. The new UI adds a dedicated /applicationsets route with list views, filtering, and a resource tree showing each ApplicationSet and its generated child Applications. A Preview feature lets operators edit a generator spec and see a live diff of which Applications would change before committing anything to Git. This mirrors the CLI’s argocd appset generate but makes it accessible to operators who live in the UI.
Argo CD 3.5 also adds Helm 4 support, mTLS for repo-server internal communication, and source integrity validation with signing key verification, all strengthening the supply-chain security posture.
Tekton Pipelines 1.14: Composable, Observable Pipelines
Tekton Pipelines v1.14.0, also released June 30, focuses on two themes: composition and observability.
The headline feature is Pipelines in Pipelines by ref, allowing a Pipeline to embed another Pipeline by reference rather than inlining all tasks. This makes it possible to build reusable pipeline libraries, compose complex CI/CD workflows from smaller, tested units, and reduce YAML duplication across teams.
On the observability front, the release adds OpenTelemetry tracing spans across PipelineRun cancel and timeout paths, TaskRun validation functions, CustomRun reconcilers, and notification events. Trace IDs and span IDs are now injected into structured log output, enabling correlation between logs and distributed traces in platforms like Jaeger or Grafana Tempo.
A fix for concurrent map writes during StepAction resolution also closes a controller crash vector that could trigger under specific parameter resolution conditions.
HashiCorp: Terraform MCP Server and Infragraph
HashiCorp continues to position Terraform as the infrastructure control plane for an AI-assisted future. On June 26, the company published four real-world patterns for the Terraform MCP Server, which grounds AI agents in organizational context from Terraform modules, policies, workspaces, and state.
The patterns cover no-code infrastructure workflows for onboarding new engineers, self-service provisioning through a private module registry, policy enforcement with Sentinel or OPA, and Day-2 lifecycle management including provider upgrades and breaking-change analysis. In each case, the MCP server provides the AI agent with authoritative data rather than relying on the LLM’s general training, significantly reducing hallucination risk in infrastructure decisions.
Separately, HCP Terraform powered by Infragraph entered limited availability on June 30. Infragraph provides a graph-based explorer for hybrid and multi-cloud infrastructure, connecting to AWS, Azure, GitHub, and Terraform Enterprise to surface resource relationships, unmanaged assets, and compliance gaps. Teams can build and share queries across the organization, turning infrastructure visibility into a collaborative activity rather than a periodic audit.
GitHub Copilot: Deeper CI/CD Integration
GitHub also made two Copilot announcements on July 2 that matter for DevOps teams.
First, Copilot CLI no longer needs a personal access token in GitHub Actions. Workflows can now use the built-in GITHUB_TOKEN, eliminating PAT management overhead and improving security posture. AI credits consumed in Actions are billed directly to the organization when the appropriate policy is enabled.
Second, Copilot agent session streaming entered public preview for GitHub Enterprise Cloud customers. Enterprise owners can now stream Copilot session data, including prompts, responses, and tool calls, to a SIEM endpoint or pull the last 48 hours via REST API. Microsoft Purview is supported as a streaming destination. This gives security and compliance teams visibility into how AI agents are being used across the development lifecycle.
What This Means for Platform Teams
Taken together, these releases paint a clear picture of where DevOps is heading in 2026.
GitOps is getting composable and pluggable. Flux’s plugin system and Argo CD’s ApplicationSet preview UI both reduce the friction of working with complex, multi-cluster deployments. Tekton’s pipeline-by-ref feature brings similar composability to CI pipelines. The days of writing thousand-line YAML monoliths are fading.
Security is moving left and getting automated. Source integrity validation in Argo CD, Age post-quantum encryption in Flux, workload identity for Vault, and mTLS for internal Argo CD components all raise the baseline without adding operator toil. The HashiCorp MCP server’s grounding of AI decisions in real policy and state data is another security win: it prevents AI agents from making confident but wrong infrastructure choices.
AI is becoming a first-class infrastructure consumer. Whether through GitHub Copilot in Actions, Terraform MCP server patterns, or the AI-assisted no-code workflows HashiCorp describes, the boundary between human and agent-driven infrastructure operations is dissolving. Platform teams should start thinking about audit trails, rate limits, and governance policies that cover both human and non-human actors.
For teams running Kubernetes at scale, this is a good time to review your GitOps tooling. Flux 2.9’s plugin system may replace standalone tools in your pipeline. Argo CD 3.5’s UI improvements might finally make ApplicationSets approachable for your application teams. And if you’re experimenting with AI agents for infrastructure, the Terraform MCP server offers a concrete pattern for doing it safely.
The summer of 2026 is shaping up to be an inflection point for the GitOps and platform engineering stack.
