AWS ships GAGateway APIsupport in theAWS Load Balancer Controller. Teams can manageALBandNLBwith the SIG standard. The controller swaps annotation JSON for validated CRDs -TargetGroupConfiguration,LoadBalancerConfiguration,ListenerRuleConfiguration- and handles L4 (TCP/UDP/TLS) and L7 (HTTP/gRPC). M.. read more  

Cybersecurity researchers found malicious artifacts distributed via Docker Hub after the Trivy supply chain attack. Malicious versions 0.69.4, 0.69.5, and 0.69.6 of Trivy were removed from the image library. Threat actor TeamPCP targeted Aqua Security's GitHub organization, compromising 44 repositor.. read more  

This article introduces a tool called jsongrep, explains the internal search engine it uses, and outlines the benchmarking strategy used to compare its performance with other JSON path-like query tools. The tool parses the JSON document, constructs an NFA from the query, determinizes the NFA into a .. read more  

In large language model (LLM) inference workloads, a single monolithic serving process can hit its limits due to different compute profiles for prefill and decode stages. Disaggregated serving splits the pipeline into distinct stages to better utilize GPU resources and scale more flexibly on Kuberne.. read more  

Atlantis, a tool for planning and applying Terraform changes, faced slow restarts of up to 30 minutes due to a safe default in Kubernetes that became a bottleneck as the persistent volume used by Atlantis grew to millions of files. After investigation, a one-line change to fsGroupChangePolicy reduce.. read more  

Agent Sandbox unveils the Sandbox CRD to map long-lived, singleton AI agents onto Kubernetes. It adds stable identity and lifecycle primitives. It supports runtimes like gVisor and Kata Containers. It enables zero-scale resume. It includes SandboxWarmPool with SandboxClaim and SandboxTemplate to kil.. read more  

The post prescribes an on-demand SSH gateway pod. It usesshort-lived, identity-bound credentialsandKubernetes RBACto grant scoped, auditable debug sessions. It recommends anaccess brokerthat binds Roles to groups, issues ephemeral certs and OpenSSH user certificates, rotates CAs, enforces command-le.. read more  

SIG Release rewrote theimage promotercore. It cut 20% of the code. It added apipeline engine,cosignsigning, andSLSAattestations. Signing now sits separate fromsignature replication. Registry reads run in parallel - plan time dropped ~20m → ~2m. Per-request timeouts, retries, and HTTP connection reus.. read more  

Kubernetes v1.36 (Apr 22, 2026) enablesHPAScaleToZeroby default. That lets theHPAuseminReplicas: 0and read only controller-owned pod metrics. The release swaps long-lived image-pull secrets forephemeral KSA tokens. It deprecatesIPVS, retiresIngress NGINX, and aligns withcontainerd 2.x. The release f.. read more  

Ingress2Gateway 1.0 has been released to aid migration from Ingress-NGINX to Gateway API before its retirement in March 2026. The tool translates Ingress resources to Gateway API and highlights untranslatable configurations. The release features enhanced annotation support and thorough testing for reliable migration.