KubeCon + CloudNativeCon Europe 2026 wrapped up in Amsterdam on March 26. Over 10,000 engineers, 15 co-located events, and hundreds of sessions across five days. We were there all week at Booth #820, and our team presented across multiple tracks.
Here’s what mattered, what surprised us, and what you should be paying attention to over the next 12 months.
The Future of Cloud Native Is Agentic
The thesis was serious: cloud native is moving from containers and microservices to autonomous agents that compose tools, call APIs, and act on infrastructure.
This wasn’t confined to the AI+ML track. MCP (Model Context Protocol, donated to the Linux Foundation in December 2025) appeared in sessions across every track. Akuity and Intuit presented an open source MCP server for Argo CD enabling agent-driven rollbacks and multi-environment coordination. Linkerd presented MCP routing support, making it the first service mesh to detect MCP servers and manage routing at the tool and resource level.
The CNCF created an entirely new co-located event for this: Agentics Day, a full half-day dedicated to MCP and AI agents on Kubernetes. When CNCF creates a dedicated event for something, it’s no longer experimental. It’s the next primitive.
But the hard problem isn’t running agents. It’s governing them. Session after session tackled the same questions: How do you authorize an agent? How do you give it a stable identity? How do you stop it from acting outside its intended scope when it has access to your production API?
The OWASP MCP Top 10 is already published. “Shadow MCP” (developers deploying unmanaged MCP servers on laptops to connect AI assistants to production databases) was flagged as a real and present security risk. Solo.io’s agentgateway and kagent emerged as infrastructure primitives for governing agent-to-tool communication.
Our take: MCP is at the HTTP moment. The protocol is settling. The identity, authorization, and audit layers don’t exist yet. The teams that build those layers will define how agents operate on infrastructure for the next decade.
Europe Is Building, Not Buying
The sovereignty narrative went from theoretical to production-proven at this KubeCon. Three co-located events reflected this: Open Sovereign Cloud Day, Platform Engineering Day (now two tracks, full day), and Cloud Native Telco Day.
The keynotes told the story through case studies:
- SNCF (France’s national railway) presented running 200+ clusters across Azure and AWS, with a private cloud on OpenStack + Kubernetes for sovereign control.
- Saxo Bank keynoted on “Digital Sovereignty by Design”, sharing how Kubernetes operators + GitOps delivered 1,800 automated operations, reducing provisioning from weeks to minutes.
- BWI (German federal IT) presented on building a sovereign multi-cloud strategy with cloud native technologies.
- Swisscom published its full sovereign Kubernetes architecture as a CNCF reference architecture, the first of its kind on architecture.cncf.io. Built on KubeOne, KKP, KubeVirt, Kyverno, and ArgoCD, Swisscom migrated 60% of internal workloads within nine months of launch.
The pattern is clear. European regulated enterprises (telcos, banks, railways, defense) are assembling sovereign platforms from CNCF open-source components rather than buying from hyperscalers. The recipe is converging: KubeVirt for VMs, Kyverno for policy, ArgoCD for GitOps, KubeOne for cluster lifecycle, KKP for multi-tenant management.
The driver isn’t ideology. It’s jurisdiction. Under the US CLOUD Act, American authorities can compel US providers to disclose data stored anywhere in the world. Swiss, German, and French institutions are building independent stacks to stay outside that reach.
We wrote more about the Swisscom architecture in our newsletter deep dive.
The CRA Changes the Rules
Greg Kroah-Hartman, lead maintainer of the Linux stable branch, took the keynote stage to explain what the EU Cyber Resilience Act means for open source.
The timeline is concrete:
- September 11, 2026: Mandatory vulnerability reporting begins for manufacturers and Open Source Stewards (foundations like CNCF and Linux Foundation).
- December 11, 2027: Full enforcement of all CRA requirements, including CE marking and conformity assessments.
Individual open source contributors are explicitly exempt. The CRA targets companies shipping products and foundations providing ongoing support for projects.
Kroah-Hartman argued the CRA correctly places responsibility on the companies shipping products, not the maintainers who write the code. His advice for sustainable open source was “enlightened self-interest”: companies should contribute to solve their own problems (sovereignty, compliance), which benefits the broader community.
The CRA doesn’t just affect compliance teams. SBOM (Software Bill of Materials) generation is becoming a legal requirement, and as the “SBOOM” session revealed, current open-source tools frequently generate conflicting package lists for the same container image. The tooling needs to catch up to the regulation.
Kyverno’s graduation to a CNCF graduated project during KubeCon week was well-timed. Policy engines aren’t optional in a CRA world.
GPU Infrastructure Is Industrializing
Dynamic Resource Allocation (DRA) went GA in Kubernetes 1.34, and KubeCon 2026 was the vendor adoption wave. NVIDIA and Google donated their respective GPU and TPU DRA drivers to the CNCF, establishing Kubernetes as the neutral AI infrastructure control plane.
The conversation moved well past “can Kubernetes schedule GPUs?” into production optimization:
- Kueue for gang scheduling (ensuring all pods in a distributed training job get GPUs simultaneously, or none do)
- Volcano’s AgentCube for serverless agent sandboxes with millisecond startup via WarmPools
- CoHDI (CNCF Sandbox) for cross-cluster GPU lending via DRA
- Slinky (Google + SchedMD) bridging Slurm and Kubernetes scheduling, signaling HPC convergence
Jonathan Bryce, CNCF Executive Director, framed the stakes in his keynote: 82% Kubernetes adoption, but only 7% deploy AI to production daily. He argued that optimizing for open models could unlock $24.8 billion in annual global AI savings.
Platform Engineering: Architecture, Not Tooling
Platform Engineering Day ran two tracks all day. The conversation has decisively shifted from “should we build a platform?” to “why isn’t our platform being adopted?”
Abby Bangser from Syntasso keynoted on Thursday with a thesis that stuck. When platform engineering fails, the problem is architectural, not about effort or tooling. Netlify CEO Mathias Biilmann introduced Agent Experience (AX) as a framework for designing platforms where agents are first-class consumers alongside humans.
The scale numbers from other talks were staggering:
- Airbnb: 1,000 services migrated with zero downtime, 5-person team
- Walmart: 5,000 edge clusters, 5-minute deploys
- Allianz: 1,000+ Kubernetes control planes
- DigitalOcean: 20,000+ clusters managed by 4 engineers
The CNCF Platform Engineering Maturity Model v2 was released during the conference, marking the transition from portal-centric thinking to industrialized backend orchestration.
Kubermatic at KubeCon EU 2026
Here’s what we presented:
Marvin Beckers presented the kcp CVE-2025-29922 deep dive in the Security track (stepping in for Marko Mudrinic, who was ill). A full public walkthrough of how a virtual workspace isolation flaw in kcp was initially scored as Medium, then reclassified to CVSS 9.6 Critical when the true blast radius became clear. Responsible disclosure at its best: discover, report, patch, disclose, then educate publicly at the biggest conference in the ecosystem.
Koray Oksay delivered Beyond Match & Pattern: Mastering Kyverno with CEL, a lightning talk. showing how CEL (Common Expression Language) unlocks dynamic, context-aware logic in Kyverno policies. From validation conditions to preconditions and match logic, CEL enables cleaner, smarter policies for security, governance, and multi-tenant control that go beyond boilerplate YAML.
Mario Fahlandt presented three times across the week:
- SIG Contributor Experience panel on guiding contributors through the project, alongside engineers from Broadcom and SUSE
- TAG Operational Resilience session on sustainability release guidelines
- Advancing Kubernetes AI Conformance session on the Certified Kubernetes AI Conformance Program, defining what “AI-ready” means for a Kubernetes platform
Karol Szwaj led the kcp Contribfest, a hands-on session guiding first-time contributors from zero to their first pull request alongside Nelo-T. Wallus from SAP.
Five Trends for the Next 18 Months
If we had to distill the week into durable signals:
Agents are the new microservices. MCP is the protocol. Kubernetes is the runtime. Authorization is the unsolved problem. Every platform team needs an agentic strategy.
Sovereignty is an architecture, not a contract. European enterprises are building independent stacks from CNCF components. The recipe is converging. The question is no longer “is it technically viable?” but “who builds next?”
The CRA changes how we maintain open source. Documentation, vulnerability handling, and SBOM generation aren’t optional anymore. September 2026 is six months away.
GPU scheduling is standardizing. DRA is GA. NVIDIA and Google donated drivers. Kueue is the job scheduler. The “artisanal GPU management” era is ending.
Platform engineering is a governance problem. The tools are mature. Backstage, Crossplane, GitOps, self-service blueprints. The missing piece is organizational authority backed by architectural enforcement.
Amsterdam was a good week. The cloud native ecosystem just got a lot more serious about running AI safely, governing infrastructure for Europe, and building platforms that actually get adopted.
See you at KubeCon North America in Salt Lake City.
