Kyverno 1.17 stabilizes its next-gen CEL policy engine. That’s more than a version bump: it’s a signal that policy-as-code is shifting toward faster, more standardized evaluation across Kubernetes platforms.
The Collector is easy to deploy but surprisingly easy to misconfigure at scale. This guide focuses on the practical knobs—pipelines, batching, tail sampling, memory limits, and auth—to turn ‘telemetry works’ into ‘telemetry is reliable.’
Kubernetes v1.35 is a reminder that runtimes are part of the platform contract: it’s the last Kubernetes release to support containerd v1.x. Here’s a pragmatic, low-drama way to plan the move to containerd 2.0+ without turning node upgrades into incident response.
KubeCon + CloudNativeCon Europe heads back to Amsterdam on March 23–26, 2026. Here’s a practical preview of the themes to track—platform engineering, security, observability, and AI—and how to get more value out of the week.
Cilium 1.18.7 adds pragmatic improvements—safer default label handling and better Hubble Relay logging options—plus bugfixes that matter in real clusters. Here’s what to pay attention to and how to roll it out without surprises.
OpenStack’s latest security advisory (OSSA-2026-001) describes a privilege escalation path involving identity headers in external OAuth2 tokens. Here’s the bigger lesson: identity boundaries are where multi-cloud platforms most often leak.
Kubernetes shipped same-day patch releases across four supported branches plus a new v1.36.0 alpha. Here’s how to turn ‘release day’ into a repeatable upgrade workflow: risk triage, conformance gates, and rollback-ready rollouts.
Kubernetes’ Node Ready condition is a blunt instrument. The new Node Readiness Controller adds declarative, taint-based readiness gates so nodes only enter the scheduling pool when platform-specific dependencies (CNI, storage, GPU drivers, local agents) are truly healthy.
Gateway API keeps moving from “promising” to “practical.” Here’s how to evaluate popular implementations in 2026, focusing on operational fit, multi-tenancy, and day-2 upgrades.
Kubernetes SIG Network is retiring the ubiquitous Ingress NGINX controller in March 2026. Here’s how to inventory impact, choose a replacement, and migrate safely—ideally to Gateway API—without breaking traffic.
Envoy Gateway v1.7 lands with a dense set of Gateway API-adjacent upgrades: richer policy controls, better OTLP export options, safer extension defaults, and breaking changes that signal maturity.
Kubernetes’ new Node Readiness Controller proposes a more nuanced readiness model that reflects real dependency chains (network, storage, security agents). Here’s what it changes and how platform teams can operationalize it.
Envoy Gateway v1.7 is another sign the Gateway API ecosystem is moving from ‘early adopter’ to ‘default’. We walk through what a v1.7-style platform setup looks like, plus common pitfalls in production.
The OpenInfra community is entering election season and the roadmap toward the OpenStack 2026.1 ‘Gazpacho’ cycle continues. Here’s what stands out for operators: governance cadence, retiring/at-risk services, and upgrade planning.
ingress-nginx is heading into retirement in 2026. Here’s a practical, low-drama playbook to inventory your current usage, choose a target (Ingress controller vs Gateway API), and migrate with controlled risk.
Kubernetes has long treated node readiness as a single binary signal, but modern nodes depend on a stack of agents (CNI, CSI, GPU, security) that fail independently. The new Node Readiness Controller introduces a more expressive model—here’s what it changes, how to adopt it, and what to watch for in your SLOs.
Multiple fresh ingress-nginx CVEs are forcing teams to re-check a long-assumed ‘safe default’: the ingress controller. Here’s what the advisory says, what’s exploitable in real deployments, and a pragmatic patch + mitigation plan you can execute today.
Gateway API is the direction of travel, but teams still need an implementation that can survive production traffic. Envoy Gateway is quietly becoming that default. Here’s what’s maturing, what’s still sharp, and how to adopt it without breaking every app team.
OpenInfra is leaning into a wave of interest from organizations rethinking virtualization and private cloud economics. Between community visibility (FOSDEM) and vendor migration announcements, 2026 is shaping up to be a ‘prove it in production’ year for OpenStack operators.
The OpenInfra community’s January 2026 update reinforces a theme that’s accelerating: organizations want sovereign, vendor-neutral infrastructure that still moves fast. Here’s what to take from the month’s signals—especially if you run OpenStack or adjacent open infrastructure at scale.
