Week 4 - January 2026

This week: 50 releases, 165 news items.

👋 Welcome

This week in Cloud Native saw a flurry of activity, with a strong focus on the burgeoning intersection of AI and cloud native technologies. We celebrate the graduation of a key project within the CNCF, alongside significant updates across a wide array of cloud native tools, from service meshes to security frameworks. Performance, efficiency, and enhanced developer experience were also prominent themes in the latest releases and news.

🚀 Notable Releases

Networking

  • Envoy v1.37.0 - Introduces dynamic modules expansion for network, listener, UDP listener, and access logger filters, along with streaming HTTP callouts and HTTP/2 performance optimizations.
  • CoreDNS v1.14.1 - Primarily addresses security vulnerabilities in underlying Go versions and includes performance improvements to the proxy plugin via multiplexed connections.
  • Cilium v1.18.6 - Major changes include publishing Helm charts to OCI registries and improvements to Cilium Preflight checks.
  • Cilium v1.17.12 - Also publishes Helm charts to OCI registries and includes bugfixes for proxy iptables rules and IPCache leaks.
  • Cilium v1.16.19 - Features publishing Helm charts to OCI registries and bugfixes for IPCache leaks and xDS nil-pointer issues.

GitOps & Package Management

  • Argo CD v3.2.5 - A stable patch release, with all container images signed by cosign and provenance generated.
  • Argo CD v3.2.4 - This release is noted as invalid, with users encouraged to use v3.2.5 instead.
  • Argo CD v3.0.22 - A patch release for the v3.0 branch, with signed container images and provenance.
  • Helm v4.0.5 - A patch release, encouraging users to upgrade for the best experience.
  • Helm v3.19.5 - A patch release for the v3.19 branch, also encouraging users to upgrade.

Observability

  • OpenTelemetry Collector v0.144.0 - Introduces breaking changes related to metric verbosity and removes deprecated feature gates.
  • OpenObserve v0.50.0 - Includes fixes for unauthorized login redirects, dashboard refresh warnings, and dashboard configuration height issues.

Security & Policy

  • SPIFFE/SPIRE v1.14.1 - Changes the uptime_in_ms metric to float64, allows persistent arguments for SPIRE Server on Windows, and fixes incorrect logic in aws_kms KeyManager and JWT-SVID caching.
  • Open Policy Agent (OPA) v1.12.3 - A bug fix release addressing misconfigured bundle polling and decision log issues.
  • Paralus v0.3.0 - Focuses on dependency updates, bumping versions for security tools like sigstore/cosign-installer, docker/build-push-action, and aquasecurity/trivy-action.

Service Mesh

  • Istio v1.28.3 - A patch release for the 1.28 branch.
  • Meshery v0.8.200 - Features UI improvements like enabling React strict mode and migration to TypeScript, alongside CLI fixes.
  • Meshery v0.8.199 - Reverts to React 17 and fixes fallback image paths in the Dashboard UI.
  • Meshery v0.8.198 - Bumps axios dependency and includes CLI updates for design command unit tests and connection management.
  • Meshery v0.8.197 - Contains various internal changes and attendance updates.

Storage & Registry

  • TiKV v8.5.5 - Delivers new features, improvements, and bug fixes, with detailed notes available in the TiDB v8.5.5 release.
  • Rook v1.18.9 - A patch release for the Ceph operator, adding features like disabling read affinity for Ceph v20.2.0 and allowing skipping CephCluster reconcile.
  • Harbor v2.14.2 - Includes component updates, a UI version bump, and bug fixes.
  • Harbor v2.13.4 - A patch release for the v2.13 branch, with component updates and bug fixes.
  • Crate v6.2.0 - Provides new features, improvements, and bug fixes, with detailed release notes available on their documentation site.

Messaging

  • Strimzi Kafka Operator v0.50.0 - Introduces a new v1 API version for all Strimzi custom resources, urging users to upgrade CRDs as part of the operator upgrade.

Developer Portal

  • Backstage v1.46.3 - Fixed an issue that caused the catalog-graph plugin to display an empty graph.

Batch Scheduling

  • Volcano v1.12.3 - Contains bug fixes, including the addition of an hcclrank job plugin and resolution of hierarchical queue validation issues.

Chaos Engineering

  • LitmusChaos v3.25.0 - Addresses fixes for clusterrole permissions, adds a new adopter, and corrects documentation typos.

Backup & Recovery

  • Velero v1.17.2 - Includes fixes for tracking actual resource names with GenerateName in restore status, managed fields patching, and security context handling.

Serverless

  • Nuclio v1.15.13 - Features bug fixes related to authentication propagation to MLRun Project Leader and dependency updates.

Build Tools

  • Buildah v1.29.7 - Addresses several security vulnerabilities (CVE-2025-49713 for x/crypto and CVEs for runc) by bumping component versions.

📰 This Week in Cloud Native

This week highlighted the accelerating integration of Artificial Intelligence with cloud native practices, alongside significant advancements in ecosystem maturity and security. The CNCF announced the graduation of Dragonfly, its distributed image and file distribution system, marking a major milestone in its production readiness and capability to power container and AI workloads at scale. This underscores the growing demand for efficient data distribution as AI models become larger and more prevalent.

The symbiotic relationship between AI and cloud native technologies was a recurring theme. Discussions explored how AI can transform SRE by preventing failures rather than just fixing them, and the critical role of orchestration in integrating AI with existing legacy systems. The optimal use of GPU resources in Kubernetes clusters for AI workloads was also addressed, with insights into reclaiming underutilized GPUs using scheduler plugins. Furthermore, the debate between Smaller Language Models (SLMs) and Large Language Models (LLMs) for business applications gained traction, emphasizing efficiency and cost-effectiveness.

Security and operational resilience remained a top priority. CRI-O, a key Kubernetes Container Runtime Interface implementation, completed its second OSTIF security audit, reinforcing its robustness. New security threats were identified, particularly those where attackers “blend in” with legitimate traffic, necessitating more sophisticated detection mechanisms. Innovations like Arcjet’s Python SDK aim to embed security directly into code, while Anthropic’s commitment to Python security signals a broader industry push. Cloud providers also made moves, with AWS enhancing network segmentation for Outposts racks and optimizing storage performance for EKS on Outposts, demonstrating a commitment to hybrid cloud capabilities. AWS also continued to roll out its European Sovereign Cloud, with discussions around BSI testing and data residency in Germany.

The Kubernetes ecosystem itself continued to evolve with practical guidance for developers. A Kubernetes blog post detailed how to achieve uniform API server access using clientcmd, simplifying interaction for custom tooling and kubectl plugins. The CNCF also released its “Top 28 Kubernetes resources for 2026” to help practitioners stay current in the rapidly changing landscape. Projects like Backstage, LitmusChaos, and Volcano also released updates, focusing on bug fixes, performance, and community contributions.

💬 Community Buzz

Hacker News discussions this week centered on practical tools and emerging trends in the cloud native space. A desktop application called “Luxury Yacht” for managing Kubernetes clusters sparked interest, highlighting the ongoing need for intuitive cluster management solutions. The community also explored innovative security approaches, with a “Show HN” for AIOStack, which uses eBPF to discover and secure AI services within Kubernetes clusters. Docker-related topics were highly active, ranging from detailed guides on cutting Docker image sizes by up to 99.7% to the release of Docker’s free hardened images and discussions around running LLMs in Docker containers for various languages. Other notable projects included Minikv, a distributed key-value and object store in Rust, and Mist, a lightweight, self-hosted PaaS, indicating a strong interest in efficient, controlled infrastructure.

📊 Week in Numbers

  • 32 stable releases across 23 projects
  • CNCF Dragonfly graduated, demonstrating production readiness for container and AI workloads.
  • CRI-O successfully completed its second OSTIF security audit.

📚 View all articles from this week →