Week 10 - March 2026

👋 Welcome

This week in Cloud Native saw a flurry of activity, particularly around the intersection of AI and core infrastructure, alongside crucial security updates across the ecosystem. Kubernetes continues to evolve as a key platform for AI workloads, while community events and new tools underscore the vibrant innovation within the cloud native space.

🚀 Notable Releases

Orchestration

• Kubernetes v1.35.2 - A patch release providing important bug fixes and updates for the latest stable Kubernetes branch.
• Kubernetes v1.34.5 - Another patch release delivering stability improvements and essential fixes for the v1.34 series.
• Kubernetes v1.33.9 - This patch release focuses on maintaining the stability and security of Kubernetes v1.33.
• Kubernetes v1.32.13 - A maintenance release for the v1.32 branch, addressing various issues.
• Kruise v1.8.3 - A patch release that includes a fix to restrict the host field in probes.
• Kruise v1.7.5 - This patch release also restricts the host field in probes, improving security.

Monitoring

• Prometheus v3.10.0 - Introduces a distroless Docker image variant for enhanced security and a minimal base image, alongside the default busybox image.

GitOps

• Flux2 v2.8.1 - A patch release that includes various fixes, notably for Git commit status events and StatefulSet health checks.
• Flux2 v2.8.0 - A feature release bringing Helm v4 support, including server-side apply, and readiness evaluation of Helm-managed objects with CEL expressions.

Database

• Vitess v23.0.3 - A security-focused release addressing two recently reported CVEs and other security-related fixes, including preventing external decompressors from being read from backup manifests by default.
• Vitess v22.0.4 - This is also a security-focused release containing fixes for two CVEs and other security improvements, similar to v23.0.3.

Storage

• Rook v1.19.2 - A patch release focusing on feature additions and bug fixes for the Ceph operator, including CSI imagePullPolicy updates and OSD fixes.

Policy

• Open Policy Agent (OPA) v1.14.0 - This release offers new features, performance improvements (like improved rule indexing), and bug fixes, alongside support for --h2c with unix domain sockets.

Logging

• Loki v3.6.7 - A bug fix release that sets a limit on preallocations.
• Loki v3.5.11 - Another bug fix release for the v3.5 branch, addressing preallocation limits.

Runtime

• Dapr v1.17.0 - Introduces workflow versioning, new state retention policies, up to 41% higher workflow throughput, end-to-end tracing, stabilization of the Bulk PubSub API, and improved Placement service resilience.

Virtualization

• KubeVirt v1.7.1 - A patch release following v1.7.0, consisting of 75 changes contributed by 19 people, indicating numerous bug fixes and improvements.

Security

• cert-manager v1.19.4 - A patch release fixing reported vulnerabilities, notably CVE-2026-24051 and CVE-2025-68121.
• cert-manager v1.18.6 - This patch release fixes several reported vulnerabilities, most notably CVE-2025-68121.
• Secrets Store CSI Driver v1.5.6 - Includes a security fix by bumping to Go 1.24.13 to resolve CVE-2025-68121.
• Trivy v0.69.2 - A patch release that includes dependency bumps for security fixes.

Serverless

• Knative Serving knative-v1.21.1 - Introduces secure-pod-defaults with an AllowRootBounded setting for improved security posture.
• Knative Serving knative-v1.20.3 - A rebuild of the prior release with Go v1.25.7.

Developer Portal

• Backstage v1.48.3 - This patch release fixes issues related to @mui/material/styles shared dependency and entity page tab group ordering.
• Backstage v1.48.2 - Includes fixes for updated @microsoft/api-extractor, re-adding alpha exports, and performing search on first navigation.

Multi-Cluster

• Karmada v1.17.0 - A feature release with details available in its comprehensive CHANGELOG.
• Karmada v1.16.3 - A patch release with fixes and improvements.
• Karmada v1.15.6 - This patch release addresses various issues.
• Karmada v1.14.10 - Another patch release for the v1.14 branch.

Networking

• Kubernetes Gateway API v1.5.0 - A major release where TLSRoute v1alpha2 and XListenerSet have graduated to the Standard channel, bringing significant advancements in ingress management.

Development

• Telepresence v2.27.0 - Offers installers that include the option to run the root daemon as a system service, removing the need for elevated privileges during use.

Observability

• OpenObserve v0.60.3 - A patch release fixing router issues with base_uri.
• OpenObserve v0.60.2 - Includes fixes for batch size control, PostgreSQL sequence sync, and hit truncation limits in partitioned streaming search.
• OpenObserve v0.50.5 - Addresses logs field values caching and PostgreSQL sequence synchronization.
• OpenObserve v0.60.1 - Fixes for treating large numbers as strings, updates to schema inference, and adding a DeduplicationExec codec.

CI/CD

• Tekton Pipeline v1.10.0 - This release, codenamed “LaPerm Little Helper,” announces the migration of Tekton Pipelines to OpenTelemetry for enhanced observability.

Service Mesh

• Kuma 2.9.12 - A patch release with security updates.
• Kuma v2.13.2 - This release includes multiple security updates.
• Kuma v2.12.7 - Contains several security updates.
• Kuma v2.11.10 - Another patch release with security updates.
• Kuma v2.10.11 - This version provides security updates.
• Kuma v2.7.22 - A security update release for the v2.7 branch.

Identity

• Dex v2.45.0 - Bumps the major version of gomplate to v5.0.0, which includes breaking changes and notes known CVEs in the gomplate binary.

Container Tools

• Skopeo v1.9.5 - Includes backports, bumps to ocicrypt and go-jose to address CVE-2024-28180, and removes square/jose.

📰 This Week in Cloud Native

The cloud native landscape this week was heavily influenced by the accelerating integration of AI, significant security discussions, and continued maturation of the Kubernetes ecosystem. A major theme was Kubernetes’ increasing role as the “operating system for AI,” highlighted by the conclusion of the Kubernetes WG Serving after successfully advancing AI inference support, and signals from the v1.35 release. Red Hat also made waves by introducing its first dedicated AI platform, signaling a clear strategic direction for vendors in this space. The conversation extended to practical applications, with discussions around AI agents in Jira, AWS Strands Labs offering a sandbox for agent experiments, and the critical need for robust data foundations and infrastructure to support the “agent sprawl” without incurring hidden costs or compromising security.

Security remained a paramount concern, underscored by the ongoing fallout from the XZ Utils backdoor and the broader mission to prevent future global supply chain attacks. Open Source SecurityCon is returning, co-located with KubeCon + CloudNativeCon Europe 2026, emphasizing the community’s commitment to securing the open source ecosystem. Many projects, including Vitess, cert-manager, Kuma, and the Secrets Store CSI Driver, released security-focused patches addressing various CVEs and improving overall posture. The retirement of Ingress-NGINX by Kubernetes in March 2026 also prompted advice for users to understand migration implications and unexpected behaviors.

The Kubernetes ecosystem continues to expand and refine, with significant developments in networking and community engagement. The Gateway API reached v1.5.0, graduating TLSRoute v1alpha2 and XListenerSet to the standard channel, offering a more robust and flexible approach to exposing services. CNCF announced its participation in Google Summer of Code 2026 and revealed the full list of Kubernetes Community Days (KCDs) for the second half of the year, fostering global community growth. Beyond core Kubernetes, projects like Flux2 introduced Helm v4 support, Tekton Pipelines migrated to OpenTelemetry for improved observability, and Dapr released workflow versioning, showcasing continuous innovation across the cloud native stack.

Observability and developer experience also saw notable advancements. OpenTelemetry’s roadmap promises sampling rate and collector improvements, reinforcing its role as a key standard. Tools like Netdata were highlighted for impressive server monitoring capabilities, and the concept of internal platforms as “products” gained traction, urging platform teams to adopt product management principles. Discussions also touched on the challenges of migrating observability platforms, emphasizing the importance of tools like Prometheus, OpenTelemetry, and Fluent Bit.

💬 Community Buzz

Hacker News was buzzing with discussions centered heavily on the rise of AI agents and their implications for development. Numerous “Show HN” posts showcased new tools for building, orchestrating, and managing AI coding agents, including Kubernetes-native frameworks like Axon, local-first context engines like Context Harness, and deployment platforms like Crewship. The community debated the architectural challenges of running agents in resource-constrained environments and the need for robust memory and dependency management tools to prevent “memory poisoning” or “refactoring blind.” Concerns about AI’s impact on job security were also voiced, reflecting a shift from skepticism to apprehension about AI’s capabilities. Beyond AI, there was interest in self-hosted monitoring solutions like Pongo, database scaling with PgDog, and the evolution of container tools, particularly Red Hat’s venture into the developer desktop market with Podman Desktop as an alternative to Docker.

📊 Week in Numbers

• 44 stable releases across 23 projects
• Kubernetes continues to lead with 4 patch releases, emphasizing stability.
• A strong focus on security, with 12 releases directly addressing CVEs or enhancing security features.

📚 View all articles from this week →