Week 6 - February 2026

👋 Welcome

This week in Cloud Native brought significant shifts and updates across the ecosystem. A major announcement from the Kubernetes Steering and Security Response Committees regarding the archival of Ingress NGINX has sparked critical discussions on migration strategies. Meanwhile, the integration of AI continues to accelerate, with new projects emerging for LLM inference and a strong focus on the security and operational implications of AI agents.

🚀 Notable Releases

Policy & Security

• Open Policy Agent v1.13.1 - A bug fix release addressing an issue in the array.flatten built-in function.
• Open Policy Agent v1.13.0 - Introduces a new immediate upload trigger mode in the Decision Logger, a new array.flatten built-in function, and various performance improvements.
• Kyverno v1.16.3 - Implements failureActionOverrides namespaceSelector, fixes cross-namespace access in apiCall, and adds a context size limit.
• Kyverno v1.15.3 - Provides fixes for background controller automountServiceAccount logic, namespace checks, and label exclusion.
• Falco 0.43.0 - A new stable release for the cloud native runtime security project.
• Trivy v0.69.0 - A new stable release for the comprehensive vulnerability and misconfiguration scanner.

Observability & Tracing

• Grafana Tempo v2.10.0 - Introduces breaking changes by validating tenant ID in the frontend and distributor, and completely removes vParquet2 encoding support.
• Inspektor Gadget v0.48.1 - A bugfix release, removing the possibility to customize CFLAGS from build.yaml.

Serverless

• Knative Serving v1.21.0 - Introduces secure-pod-defaults with AllowRootBounded for improved workload security, though it remains disabled by default in this release.
• Knative Serving v1.20.2 - Drops support for OpenCensus in favor of OpenTelemetry, a notable breaking change.
• Knative Serving v1.19.9 - Also drops OpenCensus support in favor of OpenTelemetry.
• Knative Eventing v1.21.0 - Includes dependency updates and minor improvements.
• Knative Eventing v1.20.1 - Adds support for using Pod default credentials in AWS IntegrationSource and IntegrationSink resources and includes the Distributed Tracing extension in JobSinks.
• Nuclio 1.15.14 - Features service account authentication, enhanced scaler functionality, and improved propagation of request context ID to the Project Leader Service.

Storage

• Longhorn v1.11.0 - Marks a significant milestone with the V2 Data Engine officially entering Technical Preview, alongside general system stability, resource observability, scheduling, and utilization optimizations.
• Longhorn v1.10.2 - Delivers several improvements and bug fixes aimed at enhancing system quality, resilience, stability, and security, including a fix for RWX Volume unavailability after node drain.

Messaging

• NATS Server v2.12.4 - Updates Go version and dependencies, and adds tls_cert_not_after to monitoring metrics.
• NATS Server v2.11.12 - Updates Go version and dependencies.

Application Runtime & Development

• Dapr Runtime v1.16.8 - A bug fix release addressing a panic issue with RabbitMQ PubSub concurrent map writes and an optional issuer file credential for Pulsar.
• Backstage v1.47.2 - A patch release that rolls back an immediate breaking change related to API factory conflicts and updates the zod library dependency.
• Telepresence v2.26.1 - A new stable release for the cloud native development tool.

Multi-Cluster & Orchestration

• Karmada v1.16.2 - A patch release focusing on various improvements.
• Karmada v1.15.5 - A patch release.
• Karmada v1.14.9 - A patch release.
• Volcano v1.14.0 - Establishes Volcano as a unified scheduling platform with a scalable multi-scheduler architecture, dynamic node scheduling shard, and a new Agent Scheduler for latency-sensitive AI Agent workloads.

Networking

• Kube-VIP v1.0.4 - Brings improved leader election context and ingress comparison, fixes the preserveVipOnLeadershipLoss setting in manifest generation, and introduces configurable DHCP retry.

CI/CD

• Tekton Pipeline v1.9.0 - Introduces hostUsers support and digest validation for the HTTP resolver.

Service Mesh

• Meshery v0.8.202 - Includes a fix for local provider assumption of user accounts and a billboard.js dependency bump.
• Meshery v0.8.201 - Features improved error output readability for mesheryctl connection delete commands and adds Docker Extension UI package compatibility.

📰 This Week in Cloud Native

The cloud native landscape saw significant developments this week, particularly around Kubernetes infrastructure and the burgeoning role of AI. A major announcement from the Kubernetes Steering and Security Response Committees confirmed the archival of Ingress NGINX, a critical component for many, urging users to consider alternatives like Cilium. This move underscores the importance of staying current with community-supported projects and planning for infrastructure evolution. Complementing this, Cluster API released v1.12, introducing powerful features like in-place updates and chained upgrades, enhancing the declarative management of Kubernetes cluster lifecycles. There were also updates on experimenting with Gateway API using kind, signaling continued innovation in Kubernetes networking.

Security remains a paramount concern, with a critical blog post highlighting a Kubernetes telemetry feature that could fully compromise clusters, emphasizing the need for rigorous security practices. In policy, AWS’s open-source policy language, Cedar, joined the CNCF as a Sandbox project, offering a new tool for fine-grained authorization. Projects like Falco, Kyverno, OPA, and Trivy also released updates, reinforcing the community’s commitment to robust security and policy enforcement within cloud native environments. Chainguard’s EmeritOSS initiative further highlighted efforts to provide security and sustainability for critical, sometimes orphaned, open-source projects.

The intersection of AI and cloud native continues to be a hotbed of innovation. The Volcano community announced Kthena, a new sub-project dedicated to LLM inference for the cloud native era, showcasing efforts to integrate large language models into existing cloud native workflows. This trend extends to various aspects of development and operations, with tools like Gemini CLI integrating into agentic development loops and discussions around securing AI pipelines, particularly with Google Cloud tools for Vertex AI. The concept of “AI agents” is gaining traction, with a focus on how they can streamline software development, incident management, and even SRE tasks, though questions around managing secrets and the overall impact on developer roles are actively being debated.

Beyond core infrastructure and AI, the developer experience and community growth were also in focus. Insights into organizing KCD Sri Lanka 2025 demonstrate the global expansion and grassroots efforts within the CNCF community. Reflections on k0s’s growth in 2025 highlighted the importance of community and governance. Discussions around “developer fatigue” and the emergence of “forward-deployed engineers” point to an evolving landscape where platforms are adapting to improve developer productivity. Furthermore, AWS announced increased payload sizes for serverless services up to 1MB, providing more flexibility for cloud applications. In the broader cloud market, the financial performance of major players like Microsoft and SAP saw shifts, with investor reactions tied to cloud growth outlooks and the perceived impact of AI.

💬 Community Buzz

The Hacker News community was abuzz with the Kubernetes Ingress NGINX archival, with many discussions revolving around the implications and necessary migration strategies. A significant amount of conversation also centered on AI agents, from their potential to revolutionize development and operations to critical questions about managing secrets, ensuring security through sandboxing, and their long-term impact on developer careers. Beyond AI, there was lively debate on Kubernetes operational patterns, including the merits of running PostgreSQL on Kubernetes versus VMs, and the emergence of new open-source DevOps control planes and tools aimed at simplifying Kubernetes environments.

📊 Week in Numbers

• 29 stable releases across 13 projects
• Kubernetes Ingress NGINX, a critical component for about half of cloud native environments, is being retired.
• AWS serverless services now support payloads up to 1MB.

📚 View all articles from this week →