K8s 1.36: User Namespaces GA, ExternalIPs Deprecated
AWS Transform custom lets organizations convert legacy Excel VBA applications into clean Python code using AI‑guided chunking and validation, shrinking months‑long rewrite projects to hours. The service creates reusable transformation definitions, enabling consistent, cloud‑native deployments across entire portfolios.
GitLab 19.0 introduces a Components Analytics view in the CI/CD Catalog, letting platform teams see which shared pipeline components are used, their versions, and which projects depend on them. Available across all tiers for overall adoption metrics and on Ultimate for detailed per‑component drill‑downs, the feature improves maintenance, security audit, and deprecation planning.
CircleCI’s new Chunk sidecar lets developers run a scoped microbuild that validates AI‑generated changes in seconds, providing immediate feedback before code is pushed. The tutorial shows how to install the Chunk CLI, set up a demo React app, and trigger automatic tests from an AI coding agent, accelerating the inner‑loop development cycle.
Kubernetes v1.36 marks the Service spec.externalIPs field as deprecated and plans its removal, addressing known security exploits. Users are urged to enable the DenyServiceExternalIPs admission controller and adopt safer alternatives like manually managed LoadBalancer services.
Kubernetes 1.36 ships General Availability for Linux‑only user namespaces, letting pods run with hostUsers set to false and gain true rootless isolation. The feature leverages ID‑mapped mounts to avoid costly chown operations, offering efficient UID/GID translation for volumes and expanding secure workload patterns without changing container images.
Kubernetes v1.36 promotes in‑place vertical scaling of pod‑level resources to beta, letting you adjust a pod’s aggregate CPU and memory limits on the fly. When containers inherit those limits, the Kubelet applies changes in‑place or restarts them based on each container’s resizePolicy, reducing downtime for scaling workloads.
Grafana launched Pyroscope 2.0, a rearchitected continuous profiling database that reduces cost and improves scalability. It adds native OpenTelemetry Protocol support, letting teams ingest profiles via the emerging OTLP standard and gain fine‑grained CPU and memory insight across services.
Grafana’s Adaptive Logs now offers drop rules in public preview, letting teams automatically discard low‑value logs, such as health checks, debug chatter, or repetitive messages, before they reach Grafana Cloud. By defining label, level, or content criteria, organizations can reduce log volume, improve signal‑to‑noise, and decrease observability spend.
The AWS DevOps Agent builds a topology graph of services and runs parallel hypothesis generation to counter confirmation bias in incident investigations. Its multi‑agent architecture delivers fast triage, deep root‑cause analysis, remediation, and prevention, turning telemetry into actionable reasoning for on‑call teams.
Grafana open‑sources o11y‑bench, a benchmark that runs AI agents against a real Grafana stack to grade their ability to query metrics, logs, traces, investigate incidents, and modify dashboards. By using the Harbor framework, it provides reproducible, realistic tests to differentiate helpful demos from trustworthy agents in production observability workflows.
AWS adds the Fn::GetStackOutput intrinsic function to CloudFormation and CDK, allowing templates to reference outputs from stacks in any account or Region without using exports. This streamlines multi-account, multi-Region architectures by eliminating manual value passing and reducing configuration drift.
Kubernetes v1.36 introduces an alpha feature that loads admission webhook and CEL policies from static manifest files at API server startup, making them undeletable and eliminating the boot‑strapping security gap. Policies are stored in a directory with a .static.k8s.io suffix, ensuring they’re always enforced.
The guide shows how to build a fully automated pipeline that signs AWS Lambda deployment packages with AWS Signer and enforces verification at runtime, using Terraform for repeatable infrastructure. Integrating code signing into CI/CD protects serverless functions from tampering and meets compliance requirements.
GitLab 19.0 introduces security configuration profiles in the UI, letting teams centrally define SAST, dependency scanning, and secret detection policies that automatically apply to all projects. This eliminates per‑project .gitlab‑ci.yml edits and delivers full scanner coverage across the codebase in minutes.
Datadog now publishes OpenVEX exploitability assessments for its own artifacts, detailing whether listed CVEs are truly at risk. By exposing this data on the Public Artifact Vulnerabilities page and offering machine‑readable VEX files, teams can filter out noise from SCA scans and focus on actionable vulnerabilities.
Subscribe free