A PR comment just pwned your K8s tokens

Terraform v1.15.0 Stable: Module Source Variables, deprecated Block, convert() GA

• Terraform v1.15.0 shipped April 29 — the stable release previewed at rc1 in Issue #7. The headline change: variables and locals in module source and version attributes (source = var.module_path) eliminate per-environment module forks; most CLI commands now accept variable values to support this.
• deprecated on variable and output blocks emits plan-time warnings when deprecated inputs are passed or outputs referenced; new convert() function enables inline type conversions (convert(var.value, string)); output blocks accept explicit type constraints for compile-time interface safety (v1.15.0 release).
• terraform validate now checks the backend block — verifies type exists, required attributes are present, and internal validation passes; previously skipped the backend entirely. S3 backend gains aws login auth for AWS Identity Center credential-less flows (v1.15.0 release).
• New since rc3: apply raises an explicit error when a plan file targets a different workspace than the current one; PowerShell re-enabled for SSH-based file and remote-exec provisioners; terraform fmt now handles .tfquery.hcl files.
• Breaking: AWS_USE_FIPS_ENDPOINT and AWS_USE_DUALSTACK_ENDPOINT now accept only true/false for the S3 backend — any non-empty string no longer accepted; aligns with the AWS SDK for Go.

---

Karpenter v1.12.0; containerd v2.3.0-rc.0 First Annual LTS RC

• Karpenter v1.12.0 released April 24 — adds a grace period for the do-not-disrupt annotation (RFC #2942), fixes a race condition in static provisioning predicates (#2956), and ensures node labels re-sync after cloud provider registration hooks complete (#2980). An RFC on a balanced consolidation policy is bundled as documentation.
• containerd v2.3.0-rc.0 tagged April 29 — first RC for the first annual LTS release, aligned with the Kubernetes release cadence and carrying a minimum two-year support window. Additions include transfer types for container filesystem copy, shim bootstrap protocol, zstd-wrapped EROFS layer support, OTel trace propagation in outgoing RPCs, and CRI support for user namespaces with host networking — the containerd-side requirement for the HostNetwork + UserNamespaces alpha in Kubernetes v1.36 (covered in Issue #8).
• CVE-2026-35469 (spdystream) was patched April 14 across v2.2.3, v2.1.7, v2.0.8, and v1.7.31; teams on the 2.x stable branch should confirm they are on the patched minor before adopting v2.3.

---

EKS Hybrid Nodes Gateway; GKE NodeLocal DNSCache Now Default

• Amazon EKS Hybrid Nodes Gateway (launched April 21) automates pod networking between the EKS VPC and on-premises Hybrid Nodes — no on-prem routing changes required. Covers pod-to-pod cross-environment traffic, control-plane-to-webhook communication, ALB/NLB, and Amazon Managed Service for Prometheus traffic from on-prem nodes. Deployed via Helm; codebase open source; no additional charge beyond underlying EC2 and data transfer.
• GKE NodeLocal DNSCache is now enabled by default for new Standard clusters running ≥1.34.1-gke.3720000 — previously required explicit opt-in. Upgrades pod DNS from UDP to TCP between node and central CoreDNS (eliminating 5-second conntrack timeout failures) and adds per-node caching (first detailed in Issue #4's CoreDNS hardening section).
• Same GKE release window: GKE Slurm Operator add-on enters Preview for clusters ≥1.35.2-gke.1842000; H4D machine series (HPC-optimized) reached GA; TPU v7x (Ironwood) entered Preview; AI Zones introduced for dense accelerator workload placement.

---

Supply Chain: elementary-data Targets K8s Tokens; Aviatrix Agent Containment GA

• elementary-data==0.23.3 was compromised April 24 via GitHub Actions script injection — a crafted PR comment triggered arbitrary code execution with the repo's GITHUB_TOKEN, producing a malicious release. Exposure window: ~8–10 hours; CVSS v4.0: 9.3.
• Malicious code in elementary.pth auto-executes at interpreter start without import — same .pth auto-execution vector used in the LiteLLM compromise (Issue #5). Explicitly targets Kubernetes ServiceAccount tokens, dbt/data-warehouse credentials (Snowflake, BigQuery, Redshift, Databricks), AWS/GCP/Azure keys, container registry creds, SSH keys, and .env files. Detection: $TMPDIR/.trinny-security-update marker on Linux/macOS. Fix: upgrade to ≥0.23.4; rotate all credentials accessible from affected CI environments.
• Aviatrix launched Zero Trust for AI Workloads (GA) and AgentGuard (Early Access) today — network-layer containment for AI agent workloads across VMs, Kubernetes clusters, and serverless, without code or infrastructure changes (Aviatrix announcement). Zero Trust enforces allowlist-based WebGroups blocking shadow AI; AgentGuard discovers authorized and shadow agents across compute types, maps LLM/tool/data reach for risk profiling, and blocks common exfiltration vectors by default. One customer running a compromised component during the TeamPCP "Cascade" campaign reported zero credential exfiltration due to workload-level containment. Prompt injection detection and DLP guardrails planned for Q3 2026.

---

OTel eBPF DNS Tracing; OpenChoreo 1.0 in CNCF Sandbox

• The OpenTelemetry eBPF instrumentation project (formerly Grafana Beyla, donated to OTel mid-2024) presented at KubeCon NA on April 27: eBPF-based DNS tracing that captures dns.lookup.duration histograms (query name, latency, K8s workload identity) and optional child spans nested inside existing OTel traces — no code changes, no service restarts. Deployed as a DaemonSet; taps ports 53/5353 in the kernel ring buffer, correlates DNS request/response pairs via DNS ID, enriches with Kubernetes metadata. Primary value: identifying which pods generate excessive NX domain lookups or search-domain chain storms — these resolve successfully (invisible to application-level metrics) but are the dominant source of client-side CoreDNS overload. RC for the upstream project targeted this year; Grafana Beyla remains the supported downstream product.
• OpenChoreo 1.0 shipped and entered CNCF Sandbox — open-source IDP from WSO2 with 785 contributors across 240 organizations. A programmable control plane translates abstractions into Kubernetes manifests without exposing raw K8s primitives to developers. v1.0 highlights: MCP servers exposing platform state to AI agents; built-in SRE agent for LLM-based log/metric/trace root cause analysis; FluxCD GitOps as default; Backstage-based console installable as plugins into existing Backstage; API gateway support for Kong, Envoy, kgateway, and Traefik. Source at github.com/openchoreo/openchoreo.