Announcing the Kubernetes AI Gateway Working Group to standardize networking for AI workloads: what it is, charter goals, and active proposals on payload processing and egress gateways.
Kubernetes image promoter kpromo got a stealth rewrite: 20% code deleted, faster, modular phases for rate limiting, interfaces, and pipeline. No impact on users.
Secure production debugging in Kubernetes by using least-privilege RBAC, short-lived credentials, and a just-in-time gateway with an access broker for policy enforcement.
Agent Sandbox is a new Kubernetes CRD designed for long-running AI agents, providing isolation, lifecycle management, and persistent storage for autonomous agent workloads.
Ingress2Gateway 1.0, announced by SIG Network, automates safe migration from Ingress-NGINX to Gateway API with 30+ annotation support, integrated testing, and clear error handling.
Kubernetes v1.36 introduces API deprecations, notably externalIPs, and retirement of Ingress NGINX. Learn about the deprecation policy and how to prepare.
Gateway API v1.5 promotes six experimental features to stable, introduces release train model, and enhances multi-tenancy with ListenerSet. Key updates include TLSRoute, CORS filter, client cert validation, and more.
Kubernetes v1.36 'Haru' ships 70 enhancements (18 stable, 25 beta, 25 alpha) inspired by spring and clear skies. Deprecations included. Theme logo reimagines Hokusai's Red Fuji.
Kubernetes v1.36 GA's SELinuxMount feature speeds volume mounting by using mount-level labeling instead of recursive relabeling. v1.37 will enable it by default, potentially breaking volume sharing between Pods with different SELinux labels. Audit and adjust before upgrading.
Kubernetes v1.36 GA brings User Namespaces for rootless security, ID-mapped mounts, and easy opt-in via hostUsers: false, enabling safer container isolation.
Kubernetes v1.36 makes fine-grained kubelet API authorization GA, replacing the broad nodes/proxy permission with granular RBAC to prevent RCE attacks and enhance least privilege.
Kubernetes v1.36 beta allows modifying container resources in suspended Jobs without recreation, enabling dynamic adjustments for batch and ML workloads.
Kubernetes v1.36 introduces Atomic FIFO processing in client-go to mitigate controller staleness, ensuring consistent cache state and better observability for highly contended controllers.
Kubernetes v1.36 enhances Memory QoS with opt-in tiered reservation, separating throttling from protection; Guaranteed Pods use hard memory.min, Burstable use soft memory.low, and BestEffort none.
Kubernetes v1.36 brings In-Place Pod-Level Resources Vertical Scaling to Beta, enabling dynamic adjustment of shared CPU/memory pool without restarting containers, simplifying sidecar-heavy Pod management.
DNA-based molecules targeting PCSK9 reduce LDL cholesterol by nearly 50% without statins, offering a breakthrough alternative for heart disease prevention.
Discover the tiny wall-dwelling spider Pikelinia floydmuraria, named after Pink Floyd, that hunts ants six times its size, controls urban pests, and has a mysterious link to Galápagos spiders.
Learn how to defeat the Priestess boss in Saros with these expert Q&A tips on handling clones, tuning fork attacks, and winning strategies.
Supply chain attack targets SAP-related npm packages with credential-stealing malware dubbed Mini Shai-Hulud. Multiple security firms report infected packages, risking enterprise ERP systems.
This week's cybersecurity threats include SMS blaster scams, OpenEMR vulnerabilities, 600K Roblox account hacks, millions of passwordless servers, and new developer-targeted attacks.