Week Ending November 30, 2025

https://lwkd.info/2025/20251203

Developer News

CVE-2025-13281: the in-tree Portworxs CSI driver exposes a security hole in the kube-controller-manager, which was patched for other storage drivers but not for Portworx. Vulnerable users are ones who still haven’t migrated to the external CSI StorageClass.

SIG-Scheduling has published their technical plan for Kubernetes 1.36.

Wei Fu was nominated as SIG-Etcd Tech Lead.

Release Schedule

Next Deadline: Release Highlights Complete, Dec. 9

We are in Code Freeze. Release highlight items need to be finished and fully edited by next week. Also, please be on the alert for any blocking test failures, and get them debugged quickly so we can release on time.

Friday is the cherry-pick deadline for the next set of patch releases.

Other Merges

Allow relaxed Ingress defaultBackend service names with RelaxedServiceNameValidation

Eliminate spurious warning log messages about enabled alpha APIs while starting API server

Prevent spurious namespace-not-found errors in admission

Version Updates

Go to 1.24.10 and distroless iptables for 1.32

Subprojects and Dependency Updates

cri-o v1.34.3 adds support for the external crio-credential-provider plugin, fixes CVE-2025-58183 by updating github.com/vbatts/tar-split to v0.12.2, introduces a new housekeeping option for the irq-load-balancing.crio.io annotation (surfacing housekeeping CPUs via OPENSHIFT_HOUSEKEEPING_CPUS and adjusting IRQ affinity behaviour), and refreshes core dependencies including the Kubernetes 0.34.1 stack and new Podman image/storage libraries.

cri-o v1.33.7 and v1.32.11 are focused patch releases that backport the CVE-2025-58183 tar-split update across the 1.33 and 1.32 lines, with v1.32.11 additionally fixing network cleanup failures when the network namespace path is empty on server teardown.

kops v1.35.0-alpha.1 advances the 1.35 line with etcd 3.5.23/3.5.24 updates, containerd v2.1.5, refreshed CNI plugin sources, AWS Karpenter v1.8.1 plus configurable feature gates, expanded scale and GCE/Azure testing, initial Ubuntu 25.10 support, tighter AWS IAM permissions, and deeper ClusterAPI integration including new toolbox commands and CAPI-oriented nodeup refactors.

cluster-autoscaler 1.34.2, 1.33.3, and 1.32.5 align the 1.34, 1.33 and 1.32 branches with common fixes: more robust proactive scale-up handling for scheduling-gated pods, a SimulateNodeRemoval panic fix for missing node info, Azure LTS test updates and refreshed static SKU lists, CI/lint cleanups, and Kubernetes dependency bumps to v1.34.2, v1.33.6, and v1.32.10 respectively.

cluster-api v1.12.0-rc.1 continues the v1.12 line toward GA with in-place update support for KCP and MachineDeployments, chained multi-minor Kubernetes upgrades for managed topologies, new InPlaceUpdates, MachineTaintPropagation, and ReconcilerRateLimiting feature gates, MachineHealthCheck condition-based health checks, plus a round of bugfixes across webhooks, e2e tests, runtime SDK, and condition handling on top of Go 1.24 and Kubernetes 0.34.x library bumps.

cluster-api-provider-vsphere v1.15.0-rc.0 tracks CAPI v1.12 and Kubernetes v1.35/cloud-provider-vsphere v1.35, introduces a dedicated CAPV ServiceAccount, and adds govmomi flags to tune CPU and memory shares, reservations, and limits, while also updating etcd/Kubernetes dependencies, bumping CPI/autoscaler versions, and hardening tests and CI (including network debug improvements and flake-focused timeouts).

prometheus v3.8.0 is the first release to mark Native Histograms as a stable opt-in feature via the new scrape_native_histogram config knob, updates Remote Write v2 to the 2.0-rc.4 spec, adds unified AWS service discovery (EC2, Lightsail, ECS), introduces OAuth2 JWT-bearer grant support, extends promtool with Remote Write 2.0 pushes, and delivers a broad set of PromQL, TSDB, and UI performance fixes (including faster large alerts/rules pages and improved NHCB handling).

Shoutouts

Petr Mullar – Shoutout for organizing a meeting to support new contributors in Prow, gathering ideas to improve onboarding and reduce entry barriers for newcomers.

via Last Week in Kubernetes Development https://lwkd.info/

December 03, 2025 at 05:00PM

Will Agentic AI Pay Off? Cybersecurity Shifts and EU Cloud Pressure | TSG Ep. 973

https://chrisshort.net/video/techstrong-gang-ep973/

The gang then looks at how AI is about to transform cybersecurity before examining why the European Union is investigating Amazon Web Services and Microsoft.

via Chris Short https://chrisshort.net/

November 24, 2025

Ep41 - Ask Me Anything About Anything with Scott Rosenberg 📱

There are no restrictions in this AMA session. You can ask anything about DevOps, AI, Cloud, Kubernetes, Platform Engineering, containers, or anything else. Scott Rosenberg, a regular guest, will be here to help us out.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Sponsor: Octopus 🔗 Enterprise Support for Argo: https://octopus.com/support/enterprise-argo-support ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=mKvsQW6GBRg

Ep41 - Ask Me Anything About Anything with Scott Rosenberg

There are no restrictions in this AMA session. You can ask anything about DevOps, AI, Cloud, Kubernetes, Platform Engineering, containers, or anything else. Scott Rosenberg, a regular guest, will be here to help us out.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Sponsor: Octopus 🔗 Enterprise Support for Argo: https://octopus.com/support/enterprise-argo-support ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

via YouTube https://www.youtube.com/watch?v=L4RZXAKGb6M

A Journey Through Kafkian SplitDNS in a Multitenant Kubernetes, with Fabián Sellés Rosa

https://ku.bz/NsBZ-FwcJ

Fabián Sellés Rosa, Tech Lead of the Runtime team at Adevinta, walks through a real engineering investigation that started with a simple request: allowing tenants to use third-party Kafka services. What seemed straightforward turned into a complex DNS resolution problem that required testing seven different approaches before a working solution was found.

You will learn:

Why Kafka's multi-step DNS resolution creates unique challenges in multi-tenant environments, where bootstrap servers and dynamic broker lists complicate standard DNS approaches

The iterative debugging process from Route 53 split DNS through Kubernetes native pod DNS config, custom DNS servers, Kafka proxies, and CoreDNS solutions

How to implement the final solution using node-local DNS and CoreDNS templating with practical details including ndots configuration and Kyverno automation

Platform engineering evaluation criteria for assessing solutions based on maintainability, self-service capability, and evolvability in multi-tenant environments

Sponsor

This episode is sponsored by LearnKube — get started on your Kubernetes journey through comprehensive online, in-person or remote training.

More info

Find all the links and info for this episode here: https://ku.bz/NsBZ-FwcJ

Interested in sponsoring an episode? Learn more.

via KubeFM https://kube.fm

December 02, 2025 at 07:11AM

Deploy AI Agents and MCPs to Kubernetes: Is kagent and kmcp Worth It?

This video explores kagent and kmcp, two tools that promise to bring AI agents and MCP servers into Kubernetes using cloud-native principles. kagent lets you define AI agents as custom resources with YAML manifests, connect them to MCP servers for tools, and manage them like any other Kubernetes workload. kmcp deploys MCP servers to Kubernetes clusters using simple custom resources. The concept sounds appealing for platform engineers: create agents declaratively, give them specific tools, let them communicate through open protocols like A2A, all running in your existing infrastructure.

However, the reality reveals significant gaps. While kagent successfully deploys agents to Kubernetes and connects them to MCP tools, its web interface is severely lacking compared to modern coding agents like Claude Code or Cursor. Tool execution is unreliable, there's no built-in user confirmation before calling tools, and the choice to expose agents via the A2A protocol instead of MCP limits integration with existing coding tools. kmcp works for deploying MCP servers but offers limited value beyond what standard Kubernetes manifests or Helm charts already provide. The video demonstrates both tools in action—creating agents, connecting to MCP servers, and troubleshooting Kubernetes issues—while honestly examining whether these projects solve real problems or just add unnecessary complexity to workflows that modern coding agents already handle better.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Sponsor: RavenDB 🔗 Meet the new AI Agent in RavenDB: https://ravendb.net/ai-agent-creator?utm_source=youtube&utm_medium=influencers&utm_campaign=devops_toolkit 🔗 Visit RavenDB's homepage: https://ravendb.net/?utm_source=youtube&utm_medium=influencers&utm_campaign=devops_toolkit ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

KubernetesAI #MCPServers #AIAgents

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/kubernetes/deploy-ai-agents-and-mcps-to-k8s-is-kagent-and-kmcp-worth-it 🔗 kagent: https://kagent.dev

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 AI Agent and MCPs in Kubernetes 01:01 RavenDB (sponsor) 02:25 Kubernetes AI Agents with kagent 11:42 Integrating External MCP Servers 16:23 Deploying MCP Servers with kmcp 22:31 Should You Use kagent and kmcp?

via YouTube https://www.youtube.com/watch?v=3jkGJvmUMYE