Cloud, Kernel & Models: What Changed This Week (Feb 16–22, 2026)
A compact, practitioner-focused digest of the week's most impactful releases, updates, and strategic shifts across AWS, Azure, GCP, Kubernetes, Linux, CI/CD, and AI-driven infrastructure.
The One-Line Takeaway
AI moved from a workload to an infrastructure primitive this week — and your toolchain, certifications, and cloud bill are all changing because of it.
☁️ Cloud Platforms: AWS, Azure & GCP
AWS
Amazon had a dense week focused on compute and AI inference.
EC2 Hpc8a instances are now GA. Built on AMD EPYC Gen 5 with 300 Gbps EFA networking, they deliver up to 40% higher performance for HPC workloads — CFD, FEA, risk simulations — without moving to GPU-heavy stacks. If you run tightly coupled simulations on EC2, this is a direct upgrade path.
SageMaker Inference for custom Amazon Nova models is live. You can now deploy your own fine-tuned Nova-based models with configurable instance types, autoscaling, and concurrency controls — treating large-model inference the same as any other managed service. No custom inference server. No Kubernetes YAML sprawl. Just a policy, an endpoint, and autoscaling rules.
Nested virtualization on EC2 C8i, M8i, R8i — AWS quietly unlocked nested KVM/Hyper-V support on Xeon 6–based mainstream instances, not just bare-metal. Run complex testbeds, WSL inside Windows dev boxes, or Docker-on-VM lab environments directly inside EC2 without provisioning bare-metal.
💡 For your DevOps/Cloud transition: AWS is treating AI inference as a tunable, scalable building block — the same way Lambda abstracted functions in 2015. Start designing for it now.
Azure
Microsoft shipped a dense set of operational updates, mostly GA:
AKS Fleet Manager namespace-scoped resource placement (preview) — Multi-cluster, multi-tenant scheduling is getting more granular. If you manage multiple AKS clusters, Fleet Manager is the path to GitOps-style cross-cluster placement without custom operators.
Azure Container Storage v2.1.0 GA — Full Elastic SAN integration with on-demand install. Better storage ergonomics for stateful AKS workloads.
WAF Default Ruleset 2.2 GA + X-Forwarded-For–based rate limiting for Application Gateway WAF v2. Better bot and DDoS mitigation without custom rules.
Serverless Workspaces in Azure Databricks GA — No cluster management for ad-hoc data engineering. Relevant if your team runs mixed ML + infra workflows.
New reference architectures published: Highly available multi-region AKS deployments, and an Azure AI hub-and-spoke landing zone. If you're designing greenfield Azure environments in 2026, these are worth bookmarking before you start the Terraform.
Azure Copilot Data Connector for Microsoft Sentinel (public preview) — You can now ingest Copilot activity as security events into Sentinel. AI assistant actions are officially part of your attack surface. Model them accordingly.
Google Cloud
Google Cloud's updates this week center on economics and developer experience:
Cloud Run now supports Ubuntu 24 LTS base images GA for source deployments. Standardize your Cloud Run builds on Ubuntu 24, align them with your GKE node base, and carry consistent patching across both.
Expanded Compute CUDs covering Cloud Run — Flexible committed use discounts now apply across Compute Engine, GKE, and Cloud Run together, which simplifies cost governance for mixed serverless + container workloads.
GKE Dynamic Default StorageClass — GKE now auto-selects between Persistent Disk and Hyperdisk based on node hardware in mixed-generation clusters. Your PVC manifests stay cleaner and more portable.
Google Cloud Innovators Program going "Legacy" — No new members. Existing members keep their 35 monthly Skills Boost credits and Innovator badge. The program is being replaced by the GEAR (Gemini Enterprise Agent Ready) AI-agent community. If you're already in the program, keep redeeming. If you're not, expect Google's learning initiatives to be increasingly AI/agent-centric.
🐳 Kubernetes, Containers & CI/CD Tooling
Kubernetes: Patch Storm
This week's Kubernetes patch wave was broad:
K8s v1.35.1, 1.34.4, 1.33.8, 1.32.12 all released within the same window, mostly for stability, with notable fixes for high etcd CPU usage after restart in K3s.
If you run any of these series in production, schedule maintenance windows. This wasn't a security-critical release, but etcd stability fixes are worth treating as priority patches.
CSI External Snapshotter v8.5.0
VolumeGroupSnapshot moves to GA. Minimum supported Kubernetes is now 1.25. If you rely on application-consistent snapshots across multiple PVCs (e.g., a database data + WAL volume), this is the release to move to.
Docker Engine 29.x
The 29.x line is now on hosted runners and worth your attention:
nftables backend (experimental) replacing iptables for Docker networking.
Better encrypted overlay network stability and Swarm networking reliability.
cgroup v1 deprecation — officially deprecated, supported through at least 2029. If your hosts are still on cgroup v1 kernel configs, start tracking the migration path.
GitHub Actions hosted runners (Ubuntu, Windows) moved to Docker 29.1 + Compose v2.40 on Feb 9. If your CI pipelines rely on deprecated Docker flags or old Compose behaviors, now is the time to test and fix.
Red Hat OpenShift 4.21 GA
Built on Kubernetes 1.34 + CRI-O 1.34, this release is now generally available:
Includes Kueue integration for batch/AI orchestration (relevant for ML pipelines on OpenShift).
CIFS/SMB CSI driver operator + Kernel Module Management operator on IBM Power.
Continued push toward unified VM + container management and AI workload support via OpenShift Platform Plus.
Strategic signal: Red Hat is betting heavily on "one control plane for everything" — VMs, containers, edge, AI. Migration Toolkit for Virtualization (MTV) is their answer to VMware migration anxiety.
GitHub Actions: Big Changes for CI/CD Budgets
Two things to know:
Pricing shift (effective now & March 1): Hosted runner prices dropped up to 39% starting Jan 1, 2026. But from March 1, 2026, self-hosted runners on private repos will incur a $0.002/min cloud platform charge. Public repos stay free. If you're on self-hosted, run the math now.
Feature updates (early Feb): Custom runner autoscaling now supports containers, VMs, and bare metal with multi-label support and explicit agentic workflow support (GitHub Copilot coding agent jobs). Allowed actions allowlists are now available to all plans, improving supply-chain control for small teams too.
Cloudflare Terraform Provider v5.17.0
Adds ai_search_instance and ai_search_token resources, plus state migration upgraders for the v4 → v5 transition. If you manage Cloudflare infra as code, you can now provision AI search infra alongside your DNS, Workers, and WAF config. The v4 → v5 migration path is also smoother now — good time to make that upgrade if you've been delaying.
Datadog Feature Flags GA
Datadog shipped Feature Flags as a first-class product, tying each flag directly to APM and RUM signals. You can now see in real-time whether a flag change correlates with error rate spikes or latency increases — and roll back in the same interface where you're already watching your services. This collapses the gap between release management and observability. Datadog DASH 2026 (June 9–10, NYC) is also now open for registration — the year's biggest AI + observability + security event.
🐧 Linux & Server Management
Security: Patch Week Across the Board
This was an active security advisory week for both major enterprise Linux families:
Ubuntu: Multiple kernel security advisories covering 16.04, 18.04, 20.04, 22.04, 24.04, and 25.10 were issued. If you run unattended-upgrades, it should have already pulled these. If you manage fleets manually, verify kernel package versions now.
→ Check: https://ubuntu.com/security/noticesRHEL 9 (RHSA-2026:2722): A moderate-impact kernel security update was released Feb 15. Standard patching cycle, but review the associated CVEs against your workload's code paths.
→ Check: https://access.redhat.com/errata/RHSA-2026:2722Fedora CVE-2025-1272 (High): Kernel lockdown mode is disabled on some Fedora builds running 6.12+, exposing Secure Boot assumptions and allowing unsigned kernel modules. If you run Fedora with Secure Boot enabled, verify your lockdown configuration explicitly — don't assume it's on.
Kernel Direction
Linux 6.12 LTS remains the stable long-term support kernel (supported through Dec 2026+), shipping real-time PREEMPT_RT, sched_ext, eBPF improvements, and hardware support updates. Most enterprise distros will continue riding 6.12.x for the near term.
Linux 7.0 is the next major release — Torvalds has announced the version bump after 6.19, expected around April 2026.
Podman v5.8.0
Better handling of multiple Quadlet files and new support for AppArmor configuration in .container files. If you use Podman + Quadlet for systemd-managed containers on RHEL/Fedora servers, this release makes per-container AppArmor profiles much more ergonomic.
🎓 Career & Learning: What the Market Wants in 2026
Skills That Are Actually Getting You Hired
Based on multiple 2026 skills analyses published this week, the non-negotiable stack for a DevOps engineer role in 2026 is:
Tier | Skills |
|---|---|
Table stakes | Cloud (AWS/Azure/GCP), Kubernetes, Linux, Git |
Strong differentiator | GitOps + Platform Engineering, Terraform/IaC, CI/CD (GitHub Actions, ArgoCD) |
Fast-rising demand | DevSecOps, Chaos engineering, AI-augmented workflows |
Emerging expectation | Prompt engineering, AIOps tooling, self-healing system design |
My current trajectory — Windows Admin → Linux → AWS/Docker/Kubernetes → DevOps — directly maps to the "table stakes + differentiator" tier. The AI-augmented layer is where to invest next.
CKA: Updated for Kubernetes 1.34
The Linux Foundation's CKA exam is now based on Kubernetes v1.34, with a significantly updated scope:
Exam weight distribution: Troubleshooting 30% · Cluster Architecture 25% · Networking 20% · Workloads & Scheduling 15% · Storage 10%
New emphasis: Helm, Kustomize, Gateway API, NetworkPolicy, CRDs, and extension interfaces (CNI/CSI/CRI) now account for roughly half the exam.
Old prep guides are outdated. freeCodeCamp just released a fully updated CKA prep course (2026) sponsored by Linux Foundation:
→ https://www.youtube.com/watch?v=l57xKN6OBhY
AWS Certification Shifts
ML Specialty retires end of March 2026. If you're mid-study, plan around this.
New AWS Certified Generative AI Developer–Professional is rolling out (beta from late 2025).
Best DevOps path in 2026: Developer Associate → DevOps Engineer Professional (for automation/release engineering roles), or CloudOps Engineer Associate → DevOps Engineer Professional (for operations-heavy roles).
🤖 AI in Infrastructure: It's Not "Coming" Anymore
The theme this week wasn't "AI is coming to DevOps." It was "AI is already a system component — start treating it like one."
AI as an Infrastructure Primitive
AWS SageMaker Inference for custom Nova models means you configure LLM deployments the same way you configure EC2 autoscaling groups — instance type, scaling policy, concurrency limits. Infra-as-code for models is now just IaC.
Cloudflare AI Search in Terraform (
ai_search_instance,ai_search_token) means AI search backends are provisioned alongside your security and networking config in the sameterraform apply.
AI-Augmented CI/CD
GitHub Actions autoscaling runners now explicitly support agentic workflows — pipelines where a Copilot coding agent proposes changes, opens PRs, and runs tests end-to-end. This week's update bakes the required telemetry and autoscaling directly into the runner pool, not as a bolt-on.
The cloud-native community is also raising flags: "AI slop" (low-quality AI-generated code entering pipelines) and lack of auditability for AI agents in production are now active engineering concerns, not theoretical ones. Safe shutdown mechanisms and policy-as-code are going to matter.
AI Observability is a Product Category Now
Datadog Feature Flags (above) is one piece of this. Datadog's broader direction — Toto foundation model for telemetry, BOOM benchmark for AI forecasting, LLM cost/latency tracking — shows observability vendors are treating AI workloads as a first-class monitoring target.
DASH 2026's full AI observability track (June, NYC) will likely establish the best-practice playbook for LLM/agent monitoring in production.
Security: AI Actions Are Attack Surface
Azure Copilot → Sentinel connector (public preview): AI assistant actions are now loggable as security events. Your SIEM needs to understand what your AI tools are doing, not just your users.
Google's GTIG AI Misuse Report (Feb 11): Documents how threat actors are actively exploiting AI tools for phishing, recon, and code generation. If your team is integrating AI agents into CI/CD or operations workflows, threat model them — not just the code they produce, but the actions they can take.
✅ Actions for This Week
If you're actively building toward a DevOps/Cloud engineering role, here's what to do with this week's information:
Patch your Linux systems. Ubuntu (all supported) and RHEL 9 both received kernel updates. If you self-manage any servers, this is the week to run
apt upgradeordnf update kernel.Test your CI pipelines against Docker 29.1. GitHub-hosted runners already upgraded. Check for broken flags, removed behaviors, or cgroup v2 assumptions.
Review the March 1 GitHub Actions self-hosted pricing change. If you run self-hosted runners on private repos, calculate your monthly exposure now.
Bookmark the updated CKA prep course. The new exam scope (Helm, Kustomize, Gateway API, NetworkPolicy) is meaningfully different from pre-2025 guides. Align your study material.
Read the Datadog Feature Flags launch page. Even if you don't use Datadog, the model of "tie every flag to your observability telemetry" is becoming an industry expectation.
If you're on Fedora: Explicitly verify kernel lockdown + Secure Boot status (CVE-2025-1272). Don't assume lockdown mode is active on 6.12.x builds.
Follow along for weekly DevOps/Cloud briefings, practical career guides, and infra deep-dives. What from this week are you acting on? Drop it in the comments.
#DevOps #CloudEngineering #Kubernetes #Linux #AWS #Azure #GCP #Docker #GitOps #DevSecOps #SRE #Infrastructure #CareerInTech
