惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
P
Privacy International News Feed
Security Latest
Security Latest
H
Hacker News: Front Page
T
Tenable Blog
The Hacker News
The Hacker News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Security @ Cisco Blogs
Project Zero
Project Zero
O
OpenAI News
AI
AI
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
The Last Watchdog
The Last Watchdog
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
NISL@THU
NISL@THU
A
Arctic Wolf
T
Threat Research - Cisco Blogs
PCI Perspectives
PCI Perspectives
N
News and Events Feed by Topic
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
Simon Willison's Weblog
Simon Willison's Weblog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
罗磊的独立博客
L
LINUX DO - 最新话题
U
Unit 42
S
Security Affairs
有赞技术团队
有赞技术团队
WordPress大学
WordPress大学
博客园 - 【当耐特】
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
月光博客
月光博客
Engineering at Meta
Engineering at Meta
腾讯CDC
F
Full Disclosure
Cyberwarzone
Cyberwarzone
S
SegmentFault 最新的问题
Recorded Future
Recorded Future
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
The Cloudflare Blog

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Kubernetes 1.36: What Actually Changed for Enterprise Platforms
vmwareblogs · 2026-04-29 · via VMware Blogs

The release of Kubernetes 1.36 includes dozens of enhancements, updates, and deprecations. But for most enterprise teams, the details of each individual feature aren’t the most important part. What matters more is the direction these changes point to and what that means for Kubernetes’s evolution as a platform.

Kubernetes Is Becoming the Control Plane for AI Infrastructure

One of the clearest signals in 1.36 is the continued investment in how Kubernetes handles specialized hardware, particularly GPUs.

Work like Dynamic Resource Allocation (DRA) is about more than improving scheduling; it reflects a broader shift toward standardizing how Kubernetes interacts with high-value, constrained resources.

A key advancement in 1.36 is the introduction of Structured Parameters for DRA. Previously, requesting complex resources often required opaque, vendor-specific blobs that were difficult for the scheduler to optimize. By moving toward a more structured approach, Kubernetes is making it easier for the scheduler to “understand” the specific requirements of a GPU or AI accelerator—drastically reducing the complexity of multi-node AI deployments.

This shift matters because AI workloads behave very differently from traditional applications. Unlike standard web services that follow predictable, request-response patterns, AI workloads are often probabilistic and computationally “bursty.” They involve different sets of inputs and outputs that require massive, parallel infrastructure demands; failing to place a pod correctly doesn’t just cause a slow response; it can stall an entire multi-node training job.

Furthermore, AI introduces a much higher dependency on data gravity. These workloads require high-speed access to massive datasets and constant updates to those sources, making data locality and network throughput just as critical as raw CPU. Finally, while a traditional app might stay “static” once deployed, AI models require constant monitoring for drift and frequent retraining loops. This means the platform must treat the workload not as a one-time deployment, but as a continuous, resource-heavy lifecycle that demands far tighter control over performance and isolation.

This transition is meaningful because it introduces new complexity. Questions around GPU sharing, workload placement, and consistency across environments don’t have simple answers. They extend beyond Kubernetes itself and into the design of the platform that sits around it.

This is where we’re seeing increased focus on how platforms integrate infrastructure-level controls with Kubernetes-native scheduling. In environments like VMware Cloud Foundation (VCF) with VMware vSphere Kubernetes Service (VKS), that means aligning upstream capabilities like DRA with underlying placement, isolation, and lifecycle controls so that these workloads can be managed consistently, not just scheduled successfully.

And as Kubernetes takes on a more central role in how complex workloads are run, it also raises the stakes for how those environments are configured and secured.

Security Is No Longer a Choice

Kubernetes continues tightening security expectations, reinforcing that flexibility without guardrails is no longer acceptable for production environments. The defaults are becoming safer, the tolerances for misconfiguration are shrinking, and the expectation is that clusters are secure by design and not by afterthought.

We see this clearly in 1.36 with the final removal of the legacy AppArmor annotations in favor of the formal appArmorProfile field. It’s a move away from “hacky” metadata toward first-class API support. Similarly, the graduation of User Namespaces to a more stable state provides a critical layer of isolation, ensuring that even if a container is compromised, the “root” inside the container doesn’t translate to “root” on the host.

For enterprise teams, this creates a familiar tension. Kubernetes is still incredibly flexible, but the cost of that flexibility is increasing. The more configurable a system is, the easier it is to drift into insecure states unless those configurations are actively managed.

This is why security is increasingly shifting out of “cluster setup” and into “platform responsibility.”

We have found that implementing these upstream security standards within a platform such as VKS reduces variability. Rather than relying on teams to configure security correctly each time, platforms like VKS focus on embedding those expectations into how clusters are provisioned and operated from the start to reduce variability and improve overall posture.

And as these expectations become more embedded into Kubernetes itself, they also increase the operational burden of keeping environments aligned with upstream changes.

Release Velocity Is Becoming an Operational Problem

Kubernetes continues to move quickly and that’s part of what makes the ecosystem so powerful. But it also introduces challenges for enterprise teams.

Each release brings new capabilities, evolving APIs, and the deprecation of older behaviors. None of this is surprising in isolation, but together, it creates pressure for teams trying to maintain stability over time.

At this point, keeping up with Kubernetes is no longer just about upgrading clusters. It’s about managing lifecycle complexity, deciding when to adopt new versions, understanding how changes impact existing workloads, and avoiding disruption as the platform evolves.

For many organizations, this means finding ways to separate upstream innovation from production stability, rather than trying to keep them perfectly in sync.

This is where more flexible lifecycle models become critical. With VKS, for example, asynchronous releases and extended support options are designed to give teams control over how and when they adopt change. This allows them to stay aligned with upstream Kubernetes without being forced into constant upgrades.

This approach ultimately reinforces a broader shift: Kubernetes is no longer something you simply deploy, but it’s something that needs to be continuously managed as a platform.

Kubernetes Is Becoming a Platform

As shown in the platform architecture above, the shift isn’t just about the core, it’s about the integration of governance and developer self-service.

If you step back from the individual changes in 1.36, a broader pattern starts to emerge.

  • Kubernetes is moving from a flexible framework toward more opinionated defaults for security and resource standards.
  • Workloads are becoming more complex. 
  • Operational expectations are increasing. 
  • Margin for error is shrinking.

Taken together, this represents a shift from Kubernetes as flexible infrastructure to Kubernetes as a platform that needs to be designed, governed, and operated with intent.

This is where platform engineering comes into focus. In reality, running Kubernetes at scale requires more than just deploying clusters. It requires consistency, guardrails, and a clear model for how teams consume and operate the platform.

This is also the direction we’ve been focused on with VKS: treating Kubernetes not just as something to deploy, but as a service that can be consistently delivered, governed, and consumed across teams and environments.

The question then becomes how to structure it in a way that consistently meets these growing expectations.

What This Means in Practice

For enterprise teams, the implications are becoming clearer. The challenges highlighted in Kubernetes 1.36, whether around AI workloads, security expectations, or lifecycle management aren’t things that can be solved by Kubernetes alone. They require a broader platform approach that brings structure to how Kubernetes is deployed and operated.

That’s why so much focus has shifted toward building platforms that stay aligned upstream while also providing the stability, governance, and flexibility enterprises need in practice. The goal is to make Kubernetes usable in environments where consistency and control matter just as much as innovation.

Looking Ahead

The continued evolution of device management, the tightening of security expectations, and the sustained release velocity all point toward a future where Kubernetes is more powerful, but also more demanding to operate.

Teams building platforms today need to design systems that can keep up with where Kubernetes is headed, and do so in a way that balances innovation with the realities of enterprise operations.

References


Discover more from VMware Cloud Foundation (VCF) Blog

Subscribe to get the latest posts sent to your email.