👋 Welcome

This week in Cloud Native saw a flurry of activity, particularly with numerous patch releases across core Kubernetes, K3s, and various ecosystem projects, ensuring stability and security. The community also engaged in significant discussions around the evolving role of AI in development workflows and renewed focus on cloud native security initiatives.

🚀 Notable Releases

Orchestration & Edge

• Kubernetes v1.35.1, v1.34.4, v1.33.8, v1.32.12
• Multiple patch releases across various stable branches, focusing on bug fixes and maintenance.
• K3s v1.35.1+k3s1, v1.34.4+k3s1, v1.33.8+k3s1, v1.32.12+k3s1
• Multiple patch releases updating Kubernetes to their respective latest stable versions and addressing issues like high CPU usage in etcd after restart. ### Storage & Databases
• etcd v3.6.8, v3.5.27, v3.4.41 - Maintenance updates across several stable branches of the distributed key-value store, including bug fixes.
• Vitess v23.0.2 - A patch release for the sharding middleware for MySQL, including 16 merged Pull Requests for bug fixes and improvements.
• Kubernetes CSI External Snapshotter v8.5.0 - Supports CSI Spec v1.0-1.12, with VolumeGroupSnapshot moving to GA, and updates the minimum Kubernetes version to 1.25.

Networking & Service Mesh

• Cilium v1.18.7 - Includes minor changes like excluding certain Kubernetes labels from security labels and bug fixes.
• Cilium v1.17.13 - Adds libatomic1 for cilium-envoy dependency and other minor changes.
• Istio 1.27.6 - A maintenance release for the service mesh.
• Kuma v2.13.1, v2.12.6, v2.11.9, v2.10.10, v2.7.21 - Multiple maintenance and security updates across various stable branches, including dependency bumps and bug fixes. ### Observability & Monitoring
• Loki v3.5.10 - This patch release updates to Go 1.25.7 and includes bug fixes.
• Thanos v0.41.0 - Introduces batched Series and Query RPCs for drastic improvements in network bandwidth and CPU/Memory usage, alongside several bug fixes.
• Kepler v0.11.4 - Adds features like updating the energy interface to expose a power method and implementing a device reader for architectures with hwmon sensors.
• Inspektor Gadget v0.49.1 - A bug fix release that escapes strings before printing them in pkg:columns.
• OpenObserve v0.60.0 - Focuses on bug fixes, including redirects to the login page on unauthorized errors and dashboard refresh warnings.

Developer Tools & Ecosystem

• Helm v4.1.1 - A patch release that encourages users to upgrade for the best experience, indicating bug fixes and minor improvements.
• Telepresence v2.26.2 - A patch release providing official release artifacts for various platforms.
• Trickster v2.0.0 - A major release introducing significant new features and changes from Trickster 1.x, with an emphasis on performance and caching improvements.
• Kustomize v5.8.1 - Completes a fix for namespace propagation, addresses breaking changes with Helm v4, and includes other bug fixes.
• Kustomize kyaml/v0.21.1 - A minor release for the kyaml library component.
• Kustomize cmd/config/v0.21.1 - Updates kyaml to v0.21.1.
• Kustomize api/v0.21.1 - Includes fixes for empty patches files, Helm v4 support, and namespace propagation.
• Nuclio 1.15.17 - Adds streamingFlushPeriodDuration configuration and bumps Go version to 1.25.7, along with other dependency updates.
• Skopeo v1.22.0 - A new minor release for the container image inspection and transfer tool.
• Podman v5.8.0 - Introduces new features such as installing multiple Quadlet files and supporting AppArmor configuration in .container files. ### Security & Cost Management
• Kubescape v4.0.1 - Enhances version testing in smoke tests and fixes a bug in isRuleKubescapeVersionCompatible.
• OpenCost v1.119.2 - Introduces configurable metrics emitter query windows and includes fixes for propagating request context and Kubernetes secret mount paths.

Batch Processing & Runtimes

• Volcano v1.14.1 - A bug fix release addressing issues with job scheduling and AllocatedHyperNode recovery for sub-jobs.
• Dapr Runtime v1.16.9 - A bug fix release that upgrades Go to 1.24.13 to address vulnerabilities and resolves issues like ignored Pulsar PubSub subscription options.

📰 This Week in Cloud Native

The cloud native landscape continues to evolve at a rapid pace, with this week highlighting significant advancements in core Kubernetes functionalities, the pervasive integration of AI, and a strong emphasis on security. Multiple patch releases for Kubernetes and K3s underscore the ongoing commitment to stability and reliability across various versions, while Cluster API v1.12 introduced powerful features like in-place updates and chained upgrades, simplifying Kubernetes cluster lifecycle management. The CNCF further showcased the ecosystem's breadth with a deep dive into Telco Day at the upcoming KubeCon + CloudNativeCon Europe, signaling growing adoption in specialized industries.

A dominant theme this week was the increasing influence of AI across the development lifecycle. New tools and platforms are emerging, focusing on "agentic workflows" where AI agents assist or even autonomously handle coding tasks, debugging, and infrastructure management. GitHub's Agentic Workflows and various "Docker for Code" initiatives aim to streamline CI/CD with continuous AI. However, this trend isn't without its challenges; concerns about "AI slop" (low-quality AI-generated code) and the complexities of auditing and safely shutting down misbehaving AI in production were widely discussed. The industry is actively seeking ways to ground AI agents in accurate data and build AI-ready infrastructure to harness their potential effectively.

Security remains a top priority, with the CNCF announcing the return of the Security Slam, now open to all open-source projects, emphasizing a broader community effort towards supply chain security. This comes alongside discussions around the security of platforms like Deno and the ongoing "hunt for truly zero-CVE container images" championed by projects like Chainguard. New tools leveraging eBPF, such as Azazel for malware analysis and Buildcage for restricting network access during Docker builds, demonstrate innovative approaches to enhancing cloud native security postures. Simultaneously, observability projects like Thanos, Loki, and OpenObserve released updates, with Thanos v0.41.0 bringing significant performance improvements through batched RPCs, crucial for monitoring complex cloud environments.

Finally, the developer experience continues to be refined with updates to essential tools. Podman v5.8.0 introduced improvements for Quadlet files and AppArmor integration, enhancing container runtime management. Helm v4.1.1 received a patch release, and Kustomize v5.8.1 addressed critical issues including namespace propagation and compatibility with Helm v4. On the cloud provider front, LocalStack's changes to its community edition sparked developer conversations, while AWS highlighted enhanced Kubernetes high availability with Application Recovery Controller and Karpenter integration. These developments collectively point towards a more mature, secure, and AI-augmented cloud native ecosystem.

💬 Community Buzz

Hacker News was abuzz with discussions around the practicalities and pitfalls of integrating AI into development. Topics ranged from new open-source AI agent frameworks and "semantic containers" for isolating AI logic, to critical conversations about the quality of AI-generated code ("AI slop") and strategies for shutting down misbehaving AI in production. There was also keen interest in Kubernetes-native tools like a Renovate Operator and discussions on cloud-native security and advanced monitoring solutions.

📊 Week in Numbers

• 40 stable releases across 24 projects

📚 View all articles from this week →