containerd 2.3.0-beta.0: First LTS Under Kubernetes-Aligned Release Schedule
containerd 2.3.0-beta.0 is the first LTS release under the new Kubernetes-aligned schedule, with CRI improvements, EROFS support, and two-year support commitment.
Category: Kubernetes
IngressNightmare: Critical RCE Vulnerabilities in Kubernetes NGINX Ingress Controller
Five critical vulnerabilities dubbed IngressNightmare affect Kubernetes NGINX Ingress Controller versions prior to 1.12.1, with CVE-2025-1974 enabling unauthenticated RCE. Patch immediately.
How to Upgrade to containerd 2.3: First Annual LTS Release with Kubernetes-Aligned Cadence
containerd 2.3.0 introduces the project's first annual LTS release with a new 4-month cadence aligned with Kubernetes. Learn how to upgrade safely.
Kubernetes Image Promoter Quietly Rewritten: 20% Faster, 40% Smaller Codebase
The Kubernetes image promoter (kpromo) underwent an invisible rewrite that deleted 20% of the codebase while dramatically improving speed and reliability.
Dynamic Resource Allocation Goes GA: How to Run AI Workloads on Kubernetes the Right Way
Kubernetes 1.34 brings Dynamic Resource Allocation to GA, enabling proper GPU sharing, topology-aware scheduling, and gang scheduling for AI/ML workloads.
CiliumCon Returns to Amsterdam: Cilium v1.19 and the Future of eBPF Networking
Cilium celebrates 10 years at KubeCon Europe with CiliumCon 2026, featuring Cilium v1.19, Tetragon security advances, and sessions on multi-cluster networking at scale.
Kubernetes AI Gateway Working Group: Standards for AI Workload Networking
The Kubernetes community announces a new working group focused on developing standards and best practices for AI Gateway infrastructure, including payload processing, egress gateways, and Gateway API extensions for machine learning workloads.
Helm 4.1.3 and 3.20.1 are quiet patch releases, but they expose the upgrade checks that actually matter
Helm’s new patch releases do not scream for attention, but the fixes around OCI references, nil-value preservation, generateName handling, YAML post-render corruption, and upgrade wait behavior are exactly the kind that break chart pipelines in annoying, non-obvious ways. Treat this as a validation run, not a casual patch bump.
Kubernetes: etcd-diagnosis turns vague control-plane pain into an actual incident workflow
A new CNCF-highlighted write-up on etcd-diagnosis and etcd-recovery is really a reminder that most Kubernetes control-plane incidents are slowed down by evidence collection, not by lack of heroics. The smart move is to standardize fast checks, deeper diagnostics, and a hard rule that recovery comes last.
Kubernetes: authenticating private registry mirrors with namespace-scoped Secrets (via CRI-O credential provider)
A new CNCF deep-dive shows how CRI-O’s credential provider bridges a long-standing Kubernetes gap: mirror authentication that stays namespace-scoped, auditable, and multi-tenant friendly — without smearing credentials across every node.
AWS Copilot CLI is sunsetting: what it means for ECS teams and how to migrate without rewiring everything
AWS says Copilot CLI will reach end of support June 12, 2026. If you’ve standardized on Copilot’s manifests and workflows, now is the moment to choose a migration path that preserves your deployment ergonomics while improving infra visibility.
Why AI platforms keep landing on Kubernetes (and what platform teams should standardize next)
CNCF argues the AI stack is converging on Kubernetes—data pipelines, training, inference, and long-running agents. Here’s what’s actually driving the migration, the hidden operational tax it removes, and the platform-level standards teams should lock in before the next wave hits.
Ingress-NGINX Is Retiring: A Practical Migration Playbook to Gateway API (Without Surprises)
Ingress-NGINX’s March 2026 retirement is forcing real migrations. Here’s a field guide to the weird edge behaviors you must inventory before moving to Gateway API (or another controller) — and how to avoid silent traffic breaks.
Amazon EKS Hybrid Nodes: what ‘Kubernetes outside AWS’ really changes
EKS Hybrid Nodes lets you pair an AWS-managed control plane with on‑prem or edge worker nodes. Here’s what changes operationally, what doesn’t, and how to evaluate it against EKS Anywhere and plain upstream Kubernetes.
Kubernetes 1.35’s ‘Restart All Containers’: why in-place restarts matter for ops and AI workloads
Kubernetes 1.35 introduces an alpha ‘Restart All Containers’ capability that makes a whole‑Pod refresh a first‑class operation. Here’s where it helps, where it can hurt, and how to roll it out safely.
Kubernetes API Governance in 2026: Why ‘Stable’ APIs Still Need a Steering Wheel
Kubernetes keeps expanding its surface area—CRDs, admission policies, Gateway API, and now inference-focused extensions. SIG Architecture’s API Governance work is the quiet mechanism that keeps innovation moving without breaking users. Here’s what ‘API governance’ means in practice, and how platform teams can adopt the same discipline internally.
Amazon EKS Capabilities: Managed ACK + kro Bring a Kubernetes-Native Platform API to AWS
EKS Capabilities package Argo CD, AWS Controllers for Kubernetes (ACK), and Kube Resource Orchestrator (kro) as managed, Kubernetes-native building blocks. Here’s what changes when platform teams can compose AWS resources and Kubernetes resources behind custom APIs — without running the controllers themselves.
Amazon EKS Capabilities: What Managed ‘Kubernetes-Native Tools’ Means for Platform Teams
AWS is packaging common platform components (GitOps and infrastructure orchestration) as managed, Kubernetes-native ‘capabilities’ for Amazon EKS. Here’s what it changes for day-2 ops, how it compares to rolling your own controllers, and what to watch before you standardize on it.
Running Harbor in Production on Kubernetes: HA, Storage, and Supply-Chain Guardrails
Harbor is easy to install, hard to productionize. Here’s a practical checklist for HA, storage, signing/scanning, and day-2 ops when Harbor becomes your cluster’s artifact backbone.
Kubernetes v1.35 as an AI Workload Platform: What Actually Changes for Operators
Kubernetes v1.35 continues a trend: clusters are increasingly asked to run mixed AI workloads (training, batch, and latency-sensitive inference) alongside traditional services. Here’s what’s new that matters for platform teams—especially around scheduling, resizing, and safer config workflows.