82% run K8s in prod. GPU scheduling breaks them.

AWS Interconnect reached GA with two capabilities: Interconnect – multicloud (private VPC-to-VPC links between AWS and other clouds) and Interconnect – last mile (private connections from branch/DC to AWS via telco partners). Traffic stays exclusively on AWS and partner private backbones; IEEE 802.1AE MACsec encrypts physical links.
Multicloud currently covers AWS ↔ Google Cloud across 5 region pairs (us-east-1, us-west-1, us-west-2, eu-west-2, eu-central-1); Microsoft Azure and OCI support is coming later in 2026. The specification is published on GitHub under Apache 2.0.
The last-mile option auto-provisions 4 redundant connections across 2 physical locations, auto-configures BGP, enables MACsec and Jumbo Frames by default, and supports 1–100 Gbps without reprovisioning. SLA is 99.99%. Lumen Technologies is the initial partner; AT&T and Megaport are in progress.

An AWS containers deep dive on EKS Auto Mode networking (April 14) details the VPC CNI defaults. Prefix delegation is the default mode — assigning /28 prefixes to ENIs instead of individual IPs. A c5.4xlarge supports 110 pods vs. 58 in secondary IP mode. Auto Mode falls back to secondary IP if prefix assignment fails (first covered in Issue #3 as an architecture overview; this is the networking-specific operational detail).
DNS Network Policies filter outbound traffic at Layer 7 by FQDN — enabling allow outbound to api.example.com rules without IP-based allowlists. Admin Network Policies centralize cross-namespace control; Cluster Network Policies set cluster-wide security rules. eBPF-backed Kubernetes Network Policies ship enabled by default.
SNAT is configurable per NodeClass: random SNAT by default, disableable for full source IP traceability in hybrid/on-prem routing. CNI upgrades are managed by AWS with compatibility validation, automatic rollback, and rolling node replacement.

AKS one-command backup collapsed an 8-step workflow into a single az dataprotection enable-backup trigger --datasource-type AzureKubernetesService call — replacing the previous 15+ command sequence covering extension install, storage account, vault, policy, trusted access, and backup instance. Four built-in strategies: Week (7-day op store), Month (30-day), DisasterRecovery (7-day op + 90-day vault, cross-region), and Custom (BYO vault/policy).
Pod CIDR expansion in AKS CNI Overlay reached GA on April 7 — clusters can now expand pod address space post-creation without node pool recreation.
Disable HTTP proxy in AKS also reached GA April 7 — clusters deployed with HTTP proxy can disable it in place, enabling egress simplification as network controls mature. Observability in AKS Namespace and Workload Views is GA, surfacing per-namespace and per-workload metrics natively in the portal.

Manifest-based Admission Control Config (alpha) moves AdmissionConfig from etcd to a file-based manifest in kube-apiserver — eliminating the startup gap where admission policies are briefly unavailable at control plane restart, and preventing etcd-stored policy deletion as an attack vector. Removes etcd as a hard dependency for admission.
service.spec.externalIPs deprecation (warning added in rc.0, covered in Issue #4) now has a confirmed removal schedule across v1.40, v1.43, and v1.46. Audit for externalIPs usage now; the field enables man-in-the-middle attacks on ClusterIP services.
HostNetwork + UserNamespaces alpha — pods with hostNetwork: true can now set hostUsers: false. These pods only schedule to nodes explicitly flagged for support; limits container escape blast radius on host-networked pods. Distinct from UserNamespacesSupport GA (covered in Issue #4), which applies to non-host-networked pods.
StrictIPCIDRValidation beta (on by default): values with leading zeros, IPv4-mapped IPv6 addresses, and other ambiguous forms now hard-error. Check admission webhooks, controllers, and operators that generate or accept CIDR values before upgrading.

The CNCF Annual Cloud Native Survey (April 15) shows 82% of container users run Kubernetes in production — up from two-thirds in 2023. 94% are actively using, piloting, or evaluating it; 98% of organizations employ cloud-native techniques.
66% of organizations now run generative AI workloads on Kubernetes (consistent with CNCF data cited at KubeCon EU). GPU scheduling, autoscaling configuration, and shared-cluster governance — policy drift, cost attribution, noisy-neighbor effects — are the top operational friction points as AI workload density increases.

Get Platform and Infra Briefing in your inbox