What KubeCon EU 2026 told us about the next 12 months of cloud native infrastructure. ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
View in browser
kubermatic-1
> THE CONTROL PLANE
  Operational Intelligence for the Cloud Native Frontier
 
  Issue:         #2 — KubeCon Debrief (March 2026)
  Date:          2026-03-31
  Editor:        Abubakar Siddiq Ango @ Kubermatic
 

📟 The Editor's Shell

Three forces converging

Last month we covered the Virginia Problem - control planes living in a different jurisdiction than the data they govern. This week in Amsterdam, 10,000+ engineers gathered for KubeCon EU 2026, and the answer came back louder than expected: sovereignty isn't theoretical anymore. It's shipping.

 

Three forces dominated every hallway conversation, every keynote, and every sponsor booth this week:

Agents are becoming infrastructure consumers. MCP, Anthropic's Model Context Protocol, showed up in sessions across every track. Not just AI+ML. Argo CD shipped an MCP server. Linkerd presented MCP-aware observability for agent traffic. Solo.io flew a drone with one. Lin Sun opened the keynote by declaring "The Future of Cloud Native Is Agentic." The protocol war is over before it started.

 

Sovereignty is a competitive advantage. European enterprises aren't buying sovereignty, they're building it. SNCF (200+ clusters), Saxo Bank (1,800 automated operations), BWI (German federal IT), and Swisscom all presented production architectures. The CNCF published Swisscom's sovereign Kubernetes stack as an official reference architecture, the first of its kind.

 

The CRA is months from enforcement. Greg Kroah-Hartman stood on the keynote stage and told the room: the EU Cyber Resilience Act is real, it's coming September 2026, and it correctly puts security responsibility on the companies shipping products, not the open-source maintainers who write the code. Mandatory vulnerability reporting starts in six months, for manufacturers and foundations like the CNCF, not individual contributors.

 

This issue's Deep Dive unpacks the Swisscom blueprint. The War Story covers a kcp vulnerability that went from "Medium" to CVSS 9.6 Critical. And the Radar tracks the signals worth watching from a week that may have just defined the next year of cloud native.

🛠️  The Deep Dive

How Swisscom Built a Sovereign Kubernetes Platform in 9 Months
In August 2025, Swisscom (Switzerland's largest telco, partly state-owned) launched a sovereign Kubernetes platform built entirely on CNCF open source. By March 2026, 60% of internal workloads had migrated. The CNCF published the architecture as an official reference. It's the first peer-reviewed blueprint proving a full sovereign cloud can run on open-source components, no hyperscaler required.

Why Build Instead of Buy?
Jurisdiction. Under the US CLOUD Act, American authorities can compel US cloud providers to disclose data stored anywhere in the world, including servers in Zurich. Swisscom, as a Swiss-incorporated entity on independent infrastructure, isn't subject to these demands. Switzerland's nFADP adds personal criminal liability (up to 250K CHF) for individuals who mishandle sensitive data. Automated guardrails aren't optional. They're executive risk mitigation.

The Architecture
Swisscom separates infrastructure from platform through two teams:
  • Layer 1: CNIP, managed by the Pathfinders. Bare-metal Kubernetes
    bootstrapped and lifecycle-managed by KubeOne running KubeVirt v1.5.0 to manage VMs as standard Kubernetes objects. No VMware. VMs are ephemeral pods that serve as nodes for the layer above.
  • Layer 2: SKP, managed by the Guardians. Uses KKP (Kubermatic Kubernetes Platform) to provision isolated control planes per customer tenant. Each gets their own API server, etcd, and scheduler running as pods inside the CNIP seed cluster.
This is the decoupled control plane pattern from Issue #1, in production at telco scale.
  • KubeOne for cluster lifecycle management (bootstrap, upgrades, repair)
  • KubeVirt  for virtualization (VM-as-a-Pod for node lifecycle)
  • Kube-OVN for networking (VPC isolation on bare-metal)
  • KKP Enterprise for platform management (multi-tenant cluster management)
  • ArgoCD for GitOps (declarative state reconciliation)
  • Kyverno for policy (security and compliance guardrails)
  • CloudNativePG for database (managed PostgreSQL for platform data)
The CNCF projects are the skeleton. The real engineering is Swisscom's custom "glue": a NetBox Operator for PVC-style IP address management, Schema Driven Configuration replacing Jenkins/Ansible with declarative reconciliation, FRRouting for BGP edge routing, and a CNF Config Operator that assembles secrets from Vault + certs from internal PKI for 5G core workloads.
    The Takeaway
    The recipe converging across European enterprises at KubeCon: KubeOne for cluster lifecycle + KubeVirt for VMs + Kyverno for policy + ArgoCD for GitOps + KKP for multi-tenant management. Sovereignty isn't a product you buy. It's an architecture you assemble from open-source components, customized with domain-specific operators.
    Link to Swisscom Architecture

    📡  The Control Plane Radar

    Curated signals from a week that redefined cloud-native.
     
    KubeCon Coverage
    • KubeCon Europe 2026: The AI Execution Gap Meets Cloud-Native Reality
      - SiliconANGLE
      82% Kubernetes adoption, but only 7% deploy AI to production daily. Jonathan Bryce called this the "execution gap" and argued that optimizing for open models could unlock $24.8B in annual AI savings.
    • CNCF and SlashData: Platform Engineering Tools Maturing as Organizations Prepare for AI-Driven Infrastructure - CNCF
      19.9 million cloud-native developers globally, 7.3 million working on AI specifically. 88% converging on standardized platforms. The developer population data that frames every other KubeCon trend.

    Sovereignty

    • CLOUD Act, Data Sovereignty and Switzerland: A Turning Point - Markus Schall
      Clear-eyed analysis of why the CLOUD Act is the forcing function for European sovereign cloud. If you need to explain the business case to leadership, start here.
    • The Uncomfortable Truth About European Cloud Sovereignty  - Bram Verhagen
      The contrarian view: pure European providers guarantee jurisdiction but risk being outpaced by hyperscaler innovation. Worth reading alongside the Swisscom success story for a balanced perspective.

    Agentic Infrastructure
    • Shadow MCP: The New Security Risk of Unvetted AI Agent Tools - AquilaX
      Developers are deploying unmanaged MCP servers on laptops to connect AI assistants to production databases, bypassing IAM entirely. If your platform doesn't offer a sanctioned agent integration path, your developers will build an unsanctioned one. Already in the OWASP MCP Top 10.
    • DRA Goes GA in OpenShift 4.21: Smarter GPU Scheduling - Red Hat
      Dynamic Resource Allocation graduated to GA in Kubernetes 1.34 last year. KubeCon 2026 was the vendor adoption wave. NVIDIA and Google both donated their DRA drivers to the CNCF, and nearly every GPU scheduling talk built on the new attribute-driven claim model. The old device plugin "give me N GPUs" approach is officially legacy.

    🚀  Kubermatic Releases

    What shipped this month from the Kubermatic ecosystem.

    • KKP v2.30.0 (March 9)
      The headline release. Kubernetes 1.35 support, a GPU Machine Type Selector for comparing GPU-optimized instances across providers, and full Gateway API support as NGINX Ingress hits EOL. Also ships a Kubernetes MCP Server for managing clusters via LLM-powered assistants. Kyverno upgraded to v1.15.3 (CVE-2026-22039 fix), nftables as default proxy mode for non-Cilium clusters, and 100+ merged PRs. Blog - Release notes

    • kcp v0.30.1 (March 2)
      Rebased on Kubernetes 1.34.2. Cross-workspace ValidatingAdmissionPolicy is the notable addition, plus a new `kcp.io/path` annotation on APIBindings for resource tracking and geo-distributed deployment docs. Release notes

    • KubeLB v1.3.5 → v1.3.9 (March 10-30)
      Steady patch cadence through the month. The 1.3 series (launched February) brought WAF support (alpha), an Ingress-to-Gateway API migration tool (beta), and supply chain security (SBOM generation, Sigstore signing, automated vulnerability scanning). Blog

    🚨 The Panic Room

    A War Story from the trenches. Learn from failure.

    When a "Medium" CVE Becomes CVSS 9.6 Critical
    A security researcher found a flaw in kcp's APIExport Virtual Workspace, the mechanism that lets service providers share APIs across isolated workspaces. The bug: an attacker with access to one workspace could create and delete objects in arbitrary workspaces, breaking multi-tenant isolation entirely.

    The escalation: Initially scored as Medium (requires authenticated access, specific APIExport knowledge). But in a control plane managing hundreds of workspaces, this wasn't "modify some objects." This was: a single compromised tenant can take over every other tenant's workspace. Reclassified to CVSS 9.6 Critical.

    The fix: The kcp team patched the authorization logic and released the fix before public disclosure. Marvin Beckers from Kubermatic walked through the details at KubeCon EU 2026 (stepping in for Marko Mudrinic, who was ill). Discover, report, patch, disclose, then educate publicly. Responsible disclosure done right.

    The lesson: Multi-tenant isolation is only as strong as its least-tested boundary. Virtual workspaces, virtual clusters, and namespace isolation: these are all *logical* boundaries. When one has a bug, the blast radius isn't one tenant. It's every tenant. Ask your multi-tenancy solution: "What happens when the isolation mechanism itself has a vulnerability?" If the answer is "everything is compromised," rethink your blast radius model.
    kcp Security Advisories

    Kubermatic GmbH, Willy-Brandt-Straße 23, Hamburg, Hamburg 20457, Germany

    Unsubscribe Manage preferences