Jaeger 8.6x, AI-gated git, Argo CD 3.5

no‑mistakes sits between your local repo and remote, spinning up a disposable worktree that runs AI‑powered validation (tests, lint, docs) on every push. Only when all checks pass does it forward the branch and auto‑open a clean PR, while offering auto‑fixes for safe issues. It lets developers catch problems early without manual CI steps.

The release candidate drops a new ApplicationSet UI that shows deployment diffs before sync, letting teams catch mistakes early. It also promotes impersonation and source hydrator to beta, adds Helm 4 support, repo-server mTLS, and source integrity checks, tightening multi-tenant security. Test it now to shape the final 3.5 release.

Traditional API gateways choke on token‑based pricing, variable latency, and prompt routing that AI workloads demand. An AI gateway adds model‑aware routing, token cost tracking, semantic caching, and multi‑LLM federation, letting Kubernetes teams serve LLMs at scale without the performance and compliance pitfalls of classic gateways.

Jaeger 2.18 adds a native ClickHouse backend that compresses trace spans 8.6× and sustains over 50k spans per second in benchmarks with 10 million spans. The columnar design slashes storage costs and speeds up cross‑dimensional queries, letting teams keep billions of spans without the operational overhead of Cassandra or Elasticsearch.

Modelplane stitches together GPU clusters from any cloud, on‑prem, or edge into a single AI inference fleet, no custom controllers required. Built entirely with Crossplane compositions and functions, it lets platform teams expose OpenAI‑compatible endpoints while the control plane handles placement, scaling, and cost across diverse resources.

AWS, Microsoft, Google and Anthropic now treat an agent session as the fundamental unit of compute, moving beyond request‑level load balancing. Each platform implements its own isolation, microVMs, sandboxes or per‑session containers, making stateful, code‑executing agents a baseline requirement for production workloads.

Deploying thousands of AI agents creates a hidden security blind spot: undefined identities and over‑broad permissions. Without per‑agent workload identities and short‑lived credentials, audit trails vanish and least‑privilege enforcement collapses. The New Stack guide outlines four decisions developers must make to secure AI agents now.

The Linux Foundation announced Akrites, a shared Security Incident Response Team backed by Amazon, Anthropic, Google, Microsoft, and 17 other leaders. It will coordinate vulnerability discovery, disclosure, and remediation for critical open‑source projects before AI‑augmented attackers can exploit them, giving maintainers a single trusted partner.

Dapr 1.18 introduces optional cryptographic signing of workflow history events, letting sidecars produce a tamper‑evident signature chain for each step. This lets operators prove which code ran and what data was used, securing AI agents and complex workflows on Kubernetes. The release also adds access‑policy controls and other durability improvements.