Learn about the improved cgroup v1 CPU shares to v2 CPU weight conversion formula that fixes priority reduction and granularity issues for Kubernetes workloads on cgroup v2 systems.
This article explains the Node Readiness Controller, a Kubernetes tool that adds custom readiness gates and automated taint management for reliable node scheduling in complex environments.
Explore Kubernetes API Governance: goals, scope, and leadership. Jordan Liggitt shares insights on balancing stability and innovation across all API surfaces.
Kubernetes v1.36 adds alpha counter metric route_controller_route_sync_total to CCM for validating watch-based route reconciliation, reducing API calls in stable clusters.
Ingress-NGINX is retiring in March 2026. Learn about its surprising regex behavior (prefix-based, case-insensitive) and how to safely migrate to Gateway API without outages.
Announcing the Kubernetes AI Gateway Working Group to standardize networking for AI workloads: what it is, charter goals, and active proposals on payload processing and egress gateways.
Kubernetes image promoter kpromo got a stealth rewrite: 20% code deleted, faster, modular phases for rate limiting, interfaces, and pipeline. No impact on users.
Secure production debugging in Kubernetes by using least-privilege RBAC, short-lived credentials, and a just-in-time gateway with an access broker for policy enforcement.
Agent Sandbox is a new Kubernetes CRD designed for long-running AI agents, providing isolation, lifecycle management, and persistent storage for autonomous agent workloads.
Ingress2Gateway 1.0, announced by SIG Network, automates safe migration from Ingress-NGINX to Gateway API with 30+ annotation support, integrated testing, and clear error handling.
Kubernetes v1.36 introduces API deprecations, notably externalIPs, and retirement of Ingress NGINX. Learn about the deprecation policy and how to prepare.
Gateway API v1.5 promotes six experimental features to stable, introduces release train model, and enhances multi-tenancy with ListenerSet. Key updates include TLSRoute, CORS filter, client cert validation, and more.
Kubernetes v1.36 'Haru' ships 70 enhancements (18 stable, 25 beta, 25 alpha) inspired by spring and clear skies. Deprecations included. Theme logo reimagines Hokusai's Red Fuji.
Kubernetes v1.36 GA's SELinuxMount feature speeds volume mounting by using mount-level labeling instead of recursive relabeling. v1.37 will enable it by default, potentially breaking volume sharing between Pods with different SELinux labels. Audit and adjust before upgrading.
Kubernetes v1.36 GA brings User Namespaces for rootless security, ID-mapped mounts, and easy opt-in via hostUsers: false, enabling safer container isolation.
Kubernetes v1.36 makes fine-grained kubelet API authorization GA, replacing the broad nodes/proxy permission with granular RBAC to prevent RCE attacks and enhance least privilege.
Kubernetes v1.36 beta allows modifying container resources in suspended Jobs without recreation, enabling dynamic adjustments for batch and ML workloads.
Kubernetes v1.36 introduces Atomic FIFO processing in client-go to mitigate controller staleness, ensuring consistent cache state and better observability for highly contended controllers.
Kubernetes v1.36 enhances Memory QoS with opt-in tiered reservation, separating throttling from protection; Guaranteed Pods use hard memory.min, Burstable use soft memory.low, and BestEffort none.
Kubernetes v1.36 brings In-Place Pod-Level Resources Vertical Scaling to Beta, enabling dynamic adjustment of shared CPU/memory pool without restarting containers, simplifying sidecar-heavy Pod management.