AI agents are now running your Kubernetes cluster

SUSECON 2026: K3s in NVIDIA Agent Runtimes, MCP Across SUSE Portfolio, Coriolis for VMware Exit

• NVIDIA's new NemoClaw and OpenShell agent runtimes run on K3s as their Kubernetes execution layer — the SUSE AI Factory stack bundles SLES 16, Rancher Prime, K3s, NIM microservices, Nemotron models, NeMo toolkit, and Run:ai for GPU orchestration into a single validated stack; hardware-neutral from Dell/HPE/Lenovo/Cisco/Supermicro/Fujitsu RTX Pro workstations to Blackwell racks, with Vera Rubin support planned for late 2026 (SUSE AI Factory announcement). Customer data and models stay in customer infrastructure, explicitly tied to EU AI Act compliance.
• SUSE deployed MCP servers across its full product portfolio — Multi-Linux Manager, Rancher, SLES, Rancher Prime Liz assistant, and observability/security tools each expose MCP endpoints; the SUSECON keynote demo showed an operations agent querying Trento for SAP HANA topology, Multi-Linux Manager for patch baselines and drift status, enforcing scheduling constraints ("patches only Friday 02:00–04:00 UTC, no simultaneous HANA replica changes"), and routing a proposed rolling plan through a Liz approval gate before execution (SUSECON technical coverage).
• Craig McLuckie (Kubernetes co-founder, Stacklok CEO) cited the Stacklok Registry of verified MCP servers as including SUSE Multi-Linux Manager — enabling third parties to embed SUSE infrastructure management in their own agent workflows without building custom integrations; n8n, Revenium, Amazon, and Fsas Technologies (Fujitsu) also announced as ecosystem partners (SUSECON press release).
• SUSE integrated Cloudbase Coriolis for zero-downtime VMware migration — warm migration replicates data while the source VM continues running, then cuts over; verified for SAP HANA on SUSE Linux Enterprise for SAP Applications under KVM, filling a migration path gap vs. Red Hat OpenShift Virtualization and Nutanix AHV (SUSECON technical coverage).
• SUSE Industrial Edge (built on the Losant acquisition completed February 2026) targets resource-constrained Tiny Edge devices — OPC UA, Siemens, Beckhoff, and HVAC protocol support, a no-code workflow engine, and on-premises inference; currently processing 2 billion workflow transactions/month; Losant technology to be open-sourced; SUSE joined the Margo initiative Steering Committee for industrial edge interoperability standards (SUSECON technical coverage).
• A SUSE survey of 309 IT leaders across Germany, France, India, Japan, and the US found 98% prioritize digital sovereignty but only 52% are executing on it — sovereignty requirements now appear in vendor RFPs; transparency and control over AI models is the top-cited driver for long-term digital resilience (SUSE sovereignty research).

---

KubeCon NA 2026: K Agent as MCP Server, Agentic Networking WG, Istio Ambient + SPIFFE Zero Trust

• Lin Sun (solo.io) demoed K agent (CNCF Sandbox) exposed as an MCP server — an AI agent in Cursor created an Argo CD application via the Argo CD MCP server, then queried K agent for available Kubernetes agents, which constructed and submitted a pull request for an HTTPRoute to a frontend service; all traffic secured via Istio Ambient mTLS with SPIFFE workload identity, no sidecars (CNCF keynote).
• The demo establishes an emerging pattern: agent gateway proxying MCP servers as the governance layer for agentic Kubernetes access — Gateway API routing combined with Istio mTLS enforcement at every agent-to-server boundary, making zero-trust apply to the agentic control plane, not just application traffic (CNCF keynote).
• A Kubernetes Agentic Networking Working Group is defining the next API layer for agent-to-agent traffic — enabling service meshes to apply zero-trust security, routing, and observability to multi-agent communication, with Istio and agent gateway as reference implementations (CNCF panel).

---

Open Source AI Infra Stack Convergence and HomesGPT Operator Mode

• Brian Stevens (Red Hat/Neural Magic) confirmed VLM as de facto single-node inference engine and LLM-d as the cluster-scale disaggregated layer above it — contributors work across both projects simultaneously alongside kgateway and KServe with no project boundaries; Kubernetes is the substrate that makes enterprise-grade deployment viable across the stack (CNCF panel).
• Mark Collier (PyTorch Foundation executive director) called for cross-foundation co-design rather than independent assembly — VLM (PyTorch Foundation) and LLM-d (CNCF) as the model for co-evolving projects; Uber cited as running thousands of production models on PyTorch + Ray + VLM on Kubernetes as the concrete example (CNCF panel).
• HomesGPT launched operator mode, which continuously monitors production deploys from AI coding agents without human triggering — a live demo showed the agent using Inspector Gadget's eBPF TCP dump to identify a service name typo, generate a root cause analysis, submit a PR, and sync through Flux GitOps in 2 minutes with no prior codebase knowledge (CNCF keynote).
• HomesGPT announced self-mutating agents: the SRE agent can write, sandbox-test, and deploy its own API integrations without a human developer in the loop — conceptually demoed as the agent writing an entire external API connector on demand, with general availability not yet confirmed (CNCF keynote).