Dragonfly's dfget now supports hf:// and modelscope:// with auth and revision pinning. The upside is simpler model distribution and lower origin egress, but benchmark claims still need real cluster data.
Microsoft disclosed a CVSS 10.0 privilege escalation vulnerability in Azure Kubernetes Service. Specific technical details are still sparse, but the confirmed characteristics make this one worth watching.
Kubernetes v1.36, releasing April 22, finalizes DRA to GA, graduates User Namespaces, enables HPA scale-to-zero by default, and formally retires Ingress-NGINX.
Istio's ambient mode gains multicluster support in beta with sidecar-free cross-cluster routing, and integrates the Gateway API Inference Extension for model-aware traffic management.
KubeVirt v1.8 introduces a hypervisor abstraction layer decoupling it from KVM, Intel TDX attestation for confidential VMs, and PCIe NUMA topology awareness for near-native GPU performance.
Kyverno reaches CNCF Graduated status with full CEL adoption, completing its journey from Kubernetes admission controller to a broader policy engine for the cloud native stack.
The distributed LLM inference engine co-created by Red Hat, Google Cloud, IBM Research, CoreWeave, and NVIDIA joins the CNCF, establishing an open standard for inference workloads on Kubernetes.
NVIDIA shifts governance of its Dynamic Resource Allocation driver for GPUs to the CNCF, gets KAI Scheduler accepted as a Sandbox project, and open-sources Grove for AI inference orchestration.
OpenAI announces acquisition of Astral, the company behind Python developer tools Ruff, uv, and ty, with hundreds of millions of monthly downloads. Tools will integrate with Codex.
Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI fund $12.5M through OpenSSF to help open source maintainers cope with the flood of AI-generated security reports and vulnerability discoveries.