Kubernetes v1.36 moves In-Place Pod-Level Resources Vertical Scaling to Beta and flips the feature gate on by default. Operators can patch a Pod's aggregate resource to resize running Pods. Often no container restart is needed. Kubelet breaks the Pod-level change into per-container resize events. It.. read more  

With the March 2026 retirement ofIngress NGINX, teams face an urgent compliance mandate. They must replace unpatched controllers. EnterHigress. Built onEnvoyandIstio. It unifies LLM protocols, enforces token rate limits, caches prompts, hostsMCP, and usesxDSfor zero-downtime. AnAI agentpaired withhi.. read more  

Kubernetes v1.36 rolls out Memory QoS (alpha). Opt-inmemory reservation. Tiered protection by QoS class. Kubelet observability metrics. Kernel-version warnings. It separatesthrottlingfromreservation. A feature gate enables throttling. A kubelet config field controls tieredcgroup v2protection:Guarant.. read more  

STCLab built an AI investigation pipeline withHolmesGPT, a 200-linePythonplaybook, andOpenTelemetry. It streamedMimir,Loki, andTempointo Slack threads. Metadata-driven markdownrunbookslimited tools per namespace, cut wasted tool calls from 16 to 2, and let the same model resolve alerts faster... read more  

Kubernetes v1.36 shipsclient-goatomicFIFOprocessing and cache-introspection APIs. Controllers detect stale informer state and skip acting on it. kube-controller-managerenables the capability by default for four high-contention pod controllers. It addsalpha metricsfor skipped syncs and informer resou.. read more  

The author left JVM monolith ops forKubernetes. They stacked certs:CKA,CKAD,CKS,KCNA,KCSA,CNCF Golden Kubestronaut. They treatPodsas the atomic deployable. They pick fights:IngressvsNodePort. They warn aboutConfigMapdrift. They spotlight runtime primitives:Horizontal Pod Autoscalerandservice meshfor.. read more  

Docker Sandboxes puts each agent session in a dedicatedmicroVM. Each microVM runs a privateDocker daemoninside the VM boundary. That blocks access to the host. A new cross‑platformVMMruns on macOS, Windows, and Linux hypervisors. It slashes cold starts and runs fullDockerbuild, run, and compose work.. read more  

Kubernetesv1.36promotesUser Namespacesto GA on Linux. It brings rootless workload isolation. Kubelet leans on kernelID-mapped mounts. It sidesteps expensivechownby remappingUID/GIDat mount time and confines privileged processes. No more mass-chown screams... read more  

AI modelslet non-experts craft real and fake vulnerabilities at scale. They spit out low-quality noise and the occasional high-value report. Reports floodOSS maintainers. Triage, patching, release cadences, and downstreamupgrade/compliancepipelines buckle under the load. Guidance recommends publishi.. read more  

Airbnb built a metrics system that ingests50M samples/s, stores2.5PBof logical time series, and hosts1.3B active series. They use tenant-per-service grouping andshuffle sharding. They enforce per-tenant guardrails and a consolidatedcontrol plane. They shard queries and compaction. They run zone-awar.. read more