Every gateway ships with a set of built-in policies. Authentication. Rate limiting. Request routing. Prompt guards. These cover most use cases. But what about the ones they don’t cover? What if you need to add a custom header based on a database lookup? What if you need to transform a request body i.. read more  

kubectl debugsessions leave almost no forensic trace: by design,EphemeralContainerStatushas nolastStateorrestartCount, so the exit code, session duration, target container, and debugger logs disappear from the Kubernetes API the moment anything else updates the pod. That breaks incident handoffs (th.. read more  

Kubernetes v1.36 deprecatesService.spec.externalIPsand starts the removal path, finally closing CVE-2020-8554, the trust-everyone hole the field has carried since the early days. The project has recommended disabling it via theDenyServiceExternalIPsadmission controller since v1.21, but SIG Network h.. read more  

The KubeStellar Console team learned that AI coding agents improve after engineers build deterministic feedback loops into the codebase. Engineers who grant more autonomy give agents more room to guess, with no new correction signal... read more  

Mirantis has agreed to an acquisition by IREN. The companies have announced no customer-facing product changes... read more  

A throwaway GitHub account compromised CNCF projectAntrea's Jenkins infrastructure on May 2 by opening a malicious PR and firing/test-*slash-commands that detonated the workflow against PR-fork code with credentials in scope. The same operator ran parallel campaigns against at least seven other proj.. read more  

A vendor piece from Mirantis arguing that GPU multi-tenancy on Kubernetes is widely misrepresented, with most platforms shipping namespace-based isolation while production GPU clouds require hardware-enforced separation through MIG partitioning, cluster-per-tenant architecture, and DPU-based network.. read more  

Volume group snapshots reachedGAin Kubernetesv1.36, with the API promoted togroupsnapshot.storage.k8s.io/v1. The feature lets aVolumeGroupSnapshotobject take crash-consistent snapshots across multiple PVCs selected by label, removing the need to quiesce applications that span separate data and log v.. read more  

Declarative validation graduated toGAin Kubernetesv1.36, replacing handwritten Go validation with+k8s:marker tags on field definitions... read more  

Alpha inv1.36, server-side sharded list and watch adds ashardSelectorfield toListOptionsso the API server uses an FNV-1a hash onmetadata.uidormetadata.namespaceto send each controller replica only its slice of the resource collection. This eliminates the cost of every replica deserializing the full .. read more