Agent Sandbox unveils the Sandbox CRD to map long-lived, singleton AI agents onto Kubernetes. It adds stable identity and lifecycle primitives. It supports runtimes like gVisor and Kata Containers. It enables zero-scale resume. It includes SandboxWarmPool with SandboxClaim and SandboxTemplate to kil.. read more  

The Register contrastszramandzswap. It flags a patch that claims up to 50% fasterzramops. It notes Fedora enableszramby default. It details thatzramprovides compressed in‑RAM swap (LZ4).zswapcompresses pages before writing to disk and requires on‑disk swap... read more  

The post prescribes an on-demand SSH gateway pod. It usesshort-lived, identity-bound credentialsandKubernetes RBACto grant scoped, auditable debug sessions. It recommends anaccess brokerthat binds Roles to groups, issues ephemeral certs and OpenSSH user certificates, rotates CAs, enforces command-le.. read more  

SIG Release rewrote theimage promotercore. It cut 20% of the code. It added apipeline engine,cosignsigning, andSLSAattestations. Signing now sits separate fromsignature replication. Registry reads run in parallel - plan time dropped ~20m → ~2m. Per-request timeouts, retries, and HTTP connection reus.. read more  

Kubernetes v1.36 (Apr 22, 2026) enablesHPAScaleToZeroby default. That lets theHPAuseminReplicas: 0and read only controller-owned pod metrics. The release swaps long-lived image-pull secrets forephemeral KSA tokens. It deprecatesIPVS, retiresIngress NGINX, and aligns withcontainerd 2.x. The release f.. read more  

Ingress2Gateway 1.0 has been released to aid migration from Ingress-NGINX to Gateway API before its retirement in March 2026. The tool translates Ingress resources to Gateway API and highlights untranslatable configurations. The release features enhanced annotation support and thorough testing for reliable migration.

LLMs like Claude, Cursor, and ChatGPT help tackle complex problems, but prompting them like Google won't cut it. Use role-stacking for varied perspectives (e.g.: you are a senior security engineer and sr. software engineer with experience in Docker, Kubernete..) and always specify your tools for bet.. read more  

Author swappedDockerforPodman. The swap revealed CLI parity and minor networking and volume tweaks. Podmaneschews a centraldaemon. It runs containers as system processes and defaults torootlessviauser namespaces. That cuts privilege exposure and trims baseline overhead... read more  

After a year onNixOS, the author reverted toArch Linux. They blamed frequent breakage, rebuild loops, and unpredictable regressions after updates. They flaggedNixOS's reproducible config,isolated builds, and multi-generation installs. These swell disk use, force wideglibcrebuilds, and make updates s.. read more  

Kubernetes launched theAI Gateway Working Group. It will add standards and declarative APIs to make networking play nice with AI workloads and extend theGateway API. Active proposals attack two gaps.Payload processinginspects and transforms full HTTP payloads using declarative configs, ordered pipel.. read more