My fourth time, but still just as passionate#
KubeCon 2026 took place this year in Amsterdam for three days, from 24 to 26 March. This kind of event is definitely not to be missed if you want to hear the latest announcements from the Cloud Native Computing Foundation (CNCF) ecosystem!
Beyond the purely marketing aspect, it’s also an opportunity to chat with enthusiasts and software publishers about various use cases, not to mention keeping up with the latest tech trends!
For this edition, I was lucky enough to be accompanied by my colleague Mickaël, for whom it was his first KubeCon, meaning it was a big new experience for him. I’d also like to thank my company, Piguet Galland, for allowing me to attend once again. Yes, this is now my fourth KubeCon, time flies!
This year, Artificial Intelligence (AI) was everywhere, but with more concrete and successful use cases than last year, giving me a few ideas. Not to mention topics such as European sovereignty, security and many others.
In this article, I’ll be giving you an overview of the Keynotes, rich in announcements, and then I’ve selected five talks or tools that I found interesting and relevant to my day-to-day work.
If you’d like to experience or relive this event with me, let’s get started…
Keynotes and a few announcements…#
This year’s event kicked off to a packed house, as is always the case: 13,000 attendees from over 100 countries. The CNCF quickly set the tone: the ecosystem has never been in better shape, with over 230 projects and a community of contributors numbering nearly 300,000 people worldwide, absolutely stunning!
Projects are well on track#
As with every year, the fact that certain projects have moved up to the next level is a strong indicator of the ecosystem’s health. This time around, two major projects have reached Graduated status:
Kyverno: The security policy engine that needs no further introduction, confirming its status as the standard for governance and security;
Dragonfly: The OCI image distribution solution via P2P, essential for large-scale clusters.
On the incubation front, we note the arrival of Tekton and Fluid, demonstrating that innovation continues to attract new projects into the CNCF fold.
AI: from buzzword to production infrastructure#
If 2025 was the year AI made its breakthrough, 2026 marks the year of its industrialisation on Kubernetes. Nvidia, now a Platinum member, has made a big splash by announcing a $4 million investment in GPUs for the community and the open source release of its drivers, whilst emphasising that Kubernetes has become the platform of choice for AI.
The Inference Gateway is now becoming the standard as an extension of Gateway API, the new industry standard for exposing applications or tools outside the cluster.
Unlike a traditional load balancer, this Gateway is designed for LLM (Large Language Model) workloads with body-based routing capability. It enables requests to be intelligently distributed to model servers (vLLMs) based on the content.
llm-d, the newcomer#
Another interesting announcement is that the llm-d project has officially joined the CNCF Sandbox, illustrating perfectly this drive to industrialise AI on Kubernetes.
Unlike traditional load-balancing solutions, llm-d offers an architecture optimised for the specific requirements of inference.
Its main role is to maximise GPU efficiency by separating the computation phases: prefill (initial request processing) and decode (token generation). This approach, known as disaggregation, prevents long requests from blocking the generation of short responses, thereby drastically reducing the time to first token (TTFT).
One of llm-d’s key strengths lies in its intelligent scheduler based on Envoy and the Kubernetes API Gateway. It is capable of cache-aware routing: if a node already has part of a document or a system prompt in its memory cache (KV cache), llm-d will send similar requests there to avoid unnecessarily recalculating the same data.
This is why llm-d transforms the infrastructure into a system capable of understanding the real needs of language models, enabling companies such as Uber to handle colossal volumes of 30 million predictions per second with maximum efficiency.
Scalable inference with Kueue#
Large-scale inference requires careful orchestration of resources, often very expensive such as GPUs. During his presentation, Wayne highlighted the central role of Kueue in this ecosystem, making it possible to address this challenge.
Kueue is a native queue manager for Kubernetes that provides intelligent scheduling of workloads by job.
Unlike the default scheduler, that processes Pods individually, Kueue manages resources at a more global level and allows for the definition of priorities, quotas and resource-sharing mechanisms between different users or teams.
From diagnosis to auto-remediation with HolmesGPT#
AI isn’t limited to application workloads; it’s also making its way into the day-to-day work of Ops teams to transform incident management. The HolmesGPT project, now operational in operator mode, marks a transition that will benefit many of you: the shift from simple reactive diagnosis to proactive remediation.
Rather than waiting for an alert to trigger before manually digging through logs, HolmesGPT can monitor cluster events in real time.
Thanks to its analytical capabilities, based on observability tools, it is able to identify the root cause of a problem and suggest concrete remediation steps.
This approach drastically reduces the noise generated by alerts (alert fatigue) while accelerating the resolution of the most common incidents, paving the way for the auto-remediation that many have long dreamed of.
Heading into the future#
Finally, the first keynote concluded with a vision of the future where AI becomes “agent-based” (capable of making decisions and taking action via tools). Google’s demo on GKE, showing the use of the MCP (Model Context Protocol) to dynamically create resources via Argo CD, reinforces the idea that AI can be used as an assistant to help Ops teams
More good news: the future locations of the next KubeCons have been revealed:
- Barcelona for 2027 (information already shared at KubeCon 2025, so this is now officially confirmed);
- Berlin for 2028.
One thing is certain: Kubernetes is no longer just a container orchestrator; it is the universal API, no matter the use case.
Sovereignty at the centre of the challenges#
Another key topic at this year’s event was digital sovereignty and the role of open source in an increasingly regulated world. This topic was discussed in depth on the second day.
The stakes are high: how can we maintain global technological collaboration whilst building solutions capable of adapting to local regulations?
The Cyber Resilience Act (CRA) was at the centre of discussions. This regulation now requires a comprehensive list of components (the well-known SBOM) to ensure the security of software components. In this context, open-source foundations (such as the CNCF) act as stewards, ensuring the provision of secure software and serving as a point of contact for security vulnerabilities.
Although the final standards are not expected until December 2027, the path forward is clear: transparency is becoming the norm.
Feedback from major European companies has highlighted this growing need for sovereignty:
Saxo Bank has unveiled its “Service Blueprint”, an automated reconciliation system for all external services (databases, message queues) required for cloud-native workloads. The aim? Zero manual intervention after initial approval and, above all, complete freedom to switch providers;
The SNCF, for its part, is focusing on solutions that are robust, reliable, interchangeable and non-toxic. Their vision of sovereignty is based on carefully considered hosting choices and advanced modularity.
To meet modern civil and military challenges, multi-cloud sovereignty now rests on three pillars: data sovereignty, component modularity and system interoperability.
Sovereignty is not merely a matter of using local infrastructure; it is also the ability to deploy software solutions in such a way as to avoid being tied to a particular infrastructure or provider.
My selection of talks and tools#
After a real AI overdose during the keynotes, it’s now time to highlight five talks or tools!
Kyverno-authz and Agentgateway: the principle of least privilege applied to AI#
Title : Least-Privilege for AI: Authorizing Agents and MCP Tools with Agentgateway and Kyverno Speakers : Nina Polshakova and Luc Chmielowski
Securing AI agents has become a key topic at this year’s KubeCon. The talk Least privilege for AI perfectly illustrated this concern: how can we prevent an AI agent from carrying out destructive actions, such as deleting users from a database, using external tools?
The answer lies in using the Model Context Protocol (MCP) combined with Kyverno-authz and Agentgateway.
Another component used to demonstrate all this is Agentgateway, a high-performance data plane written in Rust, ideal for handling the massive data flows generated by AI workloads.
It acts as a stateless reverse proxy for MCP and enables fine-grained routing based on request content (body-based routing) and the tokens consumed, rather than simply the number of HTTP requests. It can be deployed anywhere, even outside a Kubernetes cluster.
The key benefit of Kyverno-authz is that it utilises the Kyverno engine as close as possible to the call. It intercepts MCP calls and uses familiar Kyverno objects (such as ValidationPolicy) to validate the arguments of functions called by the AI via CEL expressions.
This approach avoids reinventing the wheel by relying on tried-and-tested IAM tools and security policies, whilst enabling the principle of least privilege to be applied to AI agents.
This is therefore the first step towards safeguarding production and gaining peace of mind, with the MCP protocol utilised across a range of tools.
Talos and Zarf: declarative Kubernetes at the edge#
Title : Declarative Edge Kubernetes: Immutable Clusters with Talos + Zarf Speakers : Merijn Keppel and Brandt Keller
Deploying Kubernetes at the edge, often in isolated air-gapped environments with no internet access, poses significant challenges in terms of dependency management and inventory.
The talk Declarative Edge Kubernetes highlighted an interesting combination to address these issues: Talos Linux and Zarf.
The first, Talos Linux, stands out as the ideal operating system for the edge thanks to its minimalist, immutable and fully declarative nature.
But how do you get the images and configurations into an environment with no internet access? That’s where Zarf comes in.
Zarf, for its part, can package an entire Kubernetes cluster, including its components (such as OCI images) and applications, into a single self-contained bundle.
During the demos, I saw the power of this method with the deployment of Doom (the game that needs no introduction) but also, more impressively, a complete update of Talos carried out entirely offline via Zarf.
Finally, on the GitOps side, Zarf integrates seamlessly with Flux CD by embedding its own image registry, thereby transforming the complexity of the airgap into a headache-free and, above all, reproducible process.
Cluster API: In-place updates and chained upgrades#
Title : In-place Updates with Cluster API: The Sweet Spot Between Immutable and Mutable Infrastructure Speakers : Stefan Büringer and Fabrizio Pandini
Immutability is one of the cornerstones of Cluster API (CAPI): until now, every machine update involved creating a new one and deleting another, much like a Pod.
However, this approach can be slow depending on the infrastructure provider, or problematic for certain applications that are sensitive to frequent restarts.
The talk In-place updates with Cluster API presented two new features of Cluster API version v1.12.0: In-place updates and chained upgrades.
Thanks to the new Update extensions component, Cluster API is now able to update an existing machine without destroying it, provided the change allows for this, such as a system configuration modification that does not require a reboot (e.g. adding an SSH key).
The user experience remains the same, as CAPI automatically decides between an in-place update or a full replacement based on the defined strategy (maxUnavailable, maxSurge) and the cluster’s health status.
As for the other new feature: Chained upgrades, this functionality greatly simplifies major version upgrades (for example, from v1.30 to v1.34).
Previously a tedious process, this is now automated: control planes chain minor versions sequentially to ensure stability, while worker nodes can move directly to the final target version.
These two features confirm the maturity of Cluster API, offering increased flexibility regardless of infrastructure or system constraints.
Security supporting velocity at Shopify#
Title : Kubernetes Security at Shopify Scale: Automating Security Across an Infrastructure Monorepo Speakers : Pulkit Garg and Jie Wu
With 60,000 deployments a week and over 500 clusters worldwide, implementing proactive security at Shopify is no walk in the park.
The talk Kubernetes Security at Shopify Scale highlighted a major challenge: managing a single source of truth via a mono repo to deploy Helm charts, another significant source of risk.
The infrastructure is organised into shared application and service folders: a single template change can therefore impact hundreds of services instantly. This can have extremely critical repercussions.
Faced with a constant flow of 1,000 PRs per week, Shopify had to give up manual reviews, which were too inconsistent, with the aim of implementing automated safeguards.
To do this, they use Semgrep as a code inspector, capable of applying over 50 rules to prevent excessive privileges in the securityContext or the use of host namespaces. They also use regular expressions to ban the use of the latest tag.
This policy-as-code approach extends to Terraform, where OPA (Open Policy Agent) analyses plans in continuous integration (CI) to detect any anomalies before they reach the production environment.
The key idea is to treat security rules with the same rigour as production code, starting with a warm mode to identify false positives before actually blocking deployments.
By providing remediation steps in the event of a problem and automating scans, Shopify has managed to maintain its deployment speed with zero incidents related to misconfiguration, as well as accustoming its developers to industry best practices (CIS Benchmarks, MITRE, OWASP).
Beyond the use of Semgrep or OPA, there is a genuine focus on implementing security measures prior to deployments to minimise collateral damage.
Kargo: The production challenge#
Kargo is no longer a newcomer to this blog; I’ve already mentioned it in a dedicated post (Kargo, deploy from one environment to another with GitOps), and I had the chance to chat with a few people at the Akuity booth about its latest developments.
I’m a big fan of this tool and have been following the project’s progress closely since version 0.3.0. Today, with version 1.9.5, Kargo confirms its status as the toolset of choice for orchestrating environment deployments.
As a reminder, Kargo does not replace your GitOps deployment tools such as Argo CD, but sits on top of them to manage the transition of an image version or configuration from one environment to another (for example, from staging to production) in a fully declarative manner.
One of Kargo’s key strengths lies in its wealth of features, particularly through its promotion steps. Whether you need to update an image tag, modify a configuration via Kustomize or Helm, or trigger a health check via an external job, Kargo offers a wide range of ready-to-use integrations.
This flexibility makes it possible to build deployment pipelines tailored to the most complex business requirements.
But what really takes Kargo to the next level is its agent-based architecture. This approach allows you to deploy a control plane within a cluster whilst having agents in the form of Kargo controllers in each of your Kubernetes clusters.
This architecture provides the best balance for managing the promotion of your images and configurations across all your Kubernetes clusters without compromising their security. Indeed, Kargo controllers use the phone home method to communicate with the control plane. This means that the control plane does not have access to the controllers.
All these elements, from the wealth of integrations to the architectural possibilities, make Kargo a natural choice for organisations looking for a promotion solution within a GitOps framework.
A few words to sum up#
KubeCon 2026 in Amsterdam marked a decisive turning point: the Kubernetes ecosystem is no longer merely maturing; it has become the essential foundation for the industrialisation of AI and a strategic lever for digital sovereignty!
Whether through the optimisation of the Inference Gateway with llm-d, intelligent scheduling with Kueue, or self-healing with HolmesGPT, Kubernetes proves it is capable of handling the most complex and demanding workloads.
But beyond AI, this edition highlighted major advances on fundamental topics: preventive security at Shopify scale, the flexibility of updates with Cluster API, and the power of Kubernetes in the edge era with Talos and Zarf. Tools such as Kargo also confirm that the promotion of GitOps environments is now possible.
Once again, KubeCon was an exceptional opportunity for networking with a community that remains as passionate as ever! It is also this collective energy that continues to drive the future of Cloud Native and transform the way we design infrastructure.
Can’t wait to see you all at the next edition in Barcelona!
