Hey, I'm Brian and this is Ship It Weekly by Tellers Tech. This week is pretty stacked for anyone running Kubernetes or building internal platforms. We've got Kubernetes officially retiring Ingress Engine X, CNCF, tightening up what platform engineering actually means and a new Kubernetes AI conformance program that lines up with a bunch of SRE in the age of AI conversations.
Then I'll hit a few quick links worth bookmarking and we'll close with a short piece on fixation during incidents and how that messes with our thinking. Let's start with the big one if you run clusters Ingress Engine X. Kubernetes maintainers have announced that the community Ingress Engine X project is being retired. The official Kubernetes blog and follow -up posts spell it out like this.
Ingress Engine X is moving to best effort maintenance until March, 2026. After that, there will be no new releases, no bug fixes, and no security patches. The manifests and code will still be there, but you're on your own if any new vulnerability or bug shows up. The reason they give is pretty straightforward. SIG Network and the Security Response Committee want to prioritize the safety and security of the ecosystem.
Keeping such a widely used Ingress on life support without enough dedicated maintainers is a risk, so they're drawing a clear line and telling people to move before that date. If you're running Kubernetes, you probably already know why this matters. Ingress Engine X is one of the most common Ingress controllers out there. It shows up in old blog posts, helm charts, getting started guides, everywhere.
For a lot of teams, it's just assumed to be the default. So what do you do with this? First, don't treat March 2026 as we'll worry about it then. You need real runway for this migration. This is not just swapping an image tag. You're picking a new edge component and threading that change through your environments. There are a few broad paths you can take.
You can move towards Gateway API based solutions and treat this as a chance to modernize your traffic routing story. You can adopt one of the vendor controllers that support Gateway properly, or if you're already using a cloud provider's ingress, load balancer integration, you might lean further into that and simplify.
The right answer depends on whether you want portability, deep integration with your cloud, or something more like a full -blown API gateway at the edge. Either way, I'd frame it like this internally. This is a real time -boxed infra -migration with risk and planning required, not a background refactor.
You want a plan for where you're migrating to, how you're going to test behavior and rules, how you'll roll out by environment, and how you'll roll back if things go sideways. Also, if you have clusters owned by different teams or old clusters that nobody touches because they just work, those are exactly the places that are going to bite you when Ingress Engine X is out of maintenance.
It's a good excuse to inventory where you're using it and pull those into the same migration plan. The bigger lesson here is that Kubernetes is not just the API server and Kubelet. The ecosystem around it has a life cycle too. You can't treat community projects as permanent infrastructure. They age, they lose maintainers, and they get retired.
All right, let's zoom out from Ingress and talk about platform engineering in general. The CNCF just published a new What is Platform Engineering post that's worth a read, especially if your team already has platform in the name. Their definition is pretty close to how a lot of us have been using the term, but it's nice to see it formalized.
They describe platform engineering as a discipline focused on building and maintaining software development platforms that provide self -service for developer teams. In other words, your job is to give product teams a coherent way to provision infrastructure, deploy, test, observe, and operate their apps without each team reinventing that stack from scratch. A few things they emphasize.
Platform teams should be reducing developer cognitive load, not adding to it. They talk about internal developer platforms, golden paths, paved roads, and treating the platform as a product with clear users and feedback channels. Compliance and policy enforcement are built into the platform, not bolted on as a separate gauntlet that devs have to run at the end.
What I like about this writeup is that it gives you language you can point at when your platform team is really just a rebranded ops team doing tickets and fighting fires. If your day to day is mostly people open a Jira, we click buttons in the console. That's not what CNCF is doing. Describing here. They're talking about a team that builds and evolves a product. Internal APIs, templates.
Pipelines, and tooling that developers can use themselves. You can use this in a few practical ways. If you're trying to justify time to work on self -service, developer portals, or opinionated templates, you now have a reference that says, this is not a vanity project. This is literally what this discipline is meant to do.
If you're inheriting a mess of unstructured Kubernetes, Terraform, and CI builds, you can point at the CNCF definition and say, here's what platform engineering actually looks like, and here's the gap between that and what we have. And if leadership wants platform engineering because it's a buzzword, this is a nice way to align them on what that implies. Roadmaps.
UX, and internal customers, not just more infra people. They also recently published a top five hard earned lessons piece from Kubernetes experts that lines up nicely with this. It talks about life cycle pain, upgrade complexity, and how that lack of guardrails and policies burns teams over time. That's basically the problem space that platform engineering is trying to address.
Now let's take that platform story and connect it to where the industry is clearly heading. AI running on all of this. CNCF has now formally launched the certified Kubernetes AI conformance program. This came out of KubeCon North America and has been picked up in places like Forbes and other coverage. The idea is pretty simple.
Everyone is trying to run AI and ML workloads on Kubernetes now, but every environment is slightly different. Different operators, different GPU scheduling strategies, different ways of handling storage and networking for models. The conformance program defines a shared set of capabilities and configurations that a platform needs to meet to be considered. AI conformant on Kubernetes.
It's similar in spirit to the existing Kubernetes software conformance program, but focused on AI workloads. The goal is portability and predictability. If a vendor or platform is certified, you should be able to run common AI frameworks and workloads there without a ton of custom glue. For platform and SRE teams, there are a couple of implications.
First, AI and ML workloads are no longer pet projects off to the side. They're becoming first class citizens on your clusters and in your CI CD. You're going to deal with GPU capacity planning, noisy neighbors, model deployment pipelines, and data movement as real operational concerns. Second, standards like this give you something to anchor on.
Instead of every team building their own ad hoc pattern for running models, you can say, we want our platform to meet this conformance, or use the checklist as input to your own design. In parallel with that, there's a good article on DevOps .com titled SRE in the Age of AI, what reliability looks like when systems learn.
It talks about how SRE is shifting from guarding mostly deterministic systems to working with adaptive learning systems where behavior changes over time. Traditional SRE practices like SLOs, incident response, and postmortems still matter. But now you have extra dimensions, model drift, data quality, and feedback loops. You're not just measuring latency and error rates, you're worrying about correctness.
Bias, and how often the model does something unexpected. So if your org is doing AI, I'd be asking, who owns the reliability of those workloads? Is it the ML team, the platform team, or SRE? How are we observing model behavior, not just pod CPU? And are we going to align to something like this AI conformance program, or are we comfortable having a one -off AI setup for each team?
Big picture, all of this says the platform you build now has to support both normal services and AI workloads and the reliability story has to keep up with that. All right, that's the big three. Let's hit a few quick links worth saving. Quick lightning round. These are things you might want to throw into your read later queue or share with the team.
First one is from the CNCF top five hard earned lessons from the experts on managing Kubernetes. It's a short piece, but it reinforces what a lot of us already know. Most of the pain isn't in the initial cluster build, it's in upgrades, dependency sprawl, and lack of guardrails. Good thing to hand to leaders who think Kubernetes is set it and forget it.
From SRE Weekly, there's a nice database migration story from Tynes about zero downtime migrations. What I like there is they actually define what zero downtime meant for them and admit where they accepted some degradation. It's a solid template if you're trying to socialize realistic expectations around a big DB change.
There's also a piece about upgrading Postgres SQL with minimal downtime at something like 20 ,000 transactions per second. If you own Postgres in production, this is a good case study on planning, replication, and rollback.
And finally, there's a really interesting article on building a distributed priority queue on top of Kafka from the They talk about supporting different SLOs for different events and how they added a proxy layer to avoid head of line blocking within partitions. If you're using Kafka heavily and starting to bump into everything has the same priority, it's a worthwhile read.
I'll drop links to all of those in the show notes. Let's finish with something on the human side of incidents. In SRE Weekly issue 497, there's a piece by Lauren Hutchstein titled, Fixation, The Ever -Present Risk During Incident Handling. The core idea is simple, but important. During incidents, we tend to latch onto a single theory, a single plan. Or a single mental model of what's going wrong.
Once we're locked in, we ignore or downplay signals that don't fit that story. You've probably seen this, right? Someone says it's DNS or it's the database early in the incident. And from that point on, every log line and every graph gets interpreted as evidence for that. Even when it doesn't really fit, or the first mitigation we try becomes the plan and we keep pushing on it long after it's clear it's not working.
Lauren's point is that fixation is a normal human response under stress, but it's dangerous for incident handling. The way out isn't to pretend we won't do it, it's to structure our process so we catch it. A couple of simple things you can do. Make it someone's job in the incident to periodically ask, what else could this be? And what evidence would change our mind about the current theory?
It sounds basic, but actually saying that out loud gives people permission to raise alternate explanations. Also, be explicit when a hypothesis fails. Instead of silently shifting to a new theory, call it out. We tried X, it didn't change the symptoms, so we're going to park that and consider Y. That keeps the team from unconsciously dragging the old theory along.
The broader theme, which ties back to the outages and platform work we talked about earlier, is that incidents are not just technical events. They're also snapshots of how we think under pressure. How we reason about risk and how we handle uncertainty and whether our process helps or gets in the way.
I'll put a link to that fixation article and also the ongoing trade -offs and incidents as landmark piece from Fred Hebert in the notes if you want to go deeper on this. All right. That's it for this episode. We talked about the retirement of Ingress Engine X. And why that should trigger a real migration plan, not a to -do buried in confluence.
We walked through CNCF's updated framing for platform engineering and how it lines up with building actual internal platforms instead of just rebranding ops. And we looked at the new Kubernetes AI conformance program and some of the thinking around SRE in the age of AI and where models and data pipelines are part of the reliability.
In the show notes, I'll include links to the Ingress Engine X retirement posts and migration guides, the CNCF platform engineering blog, and the AI conformance program, the DevOps .com SRE in AI article, plus the SRE weekly links we talked about. If you found this useful, share it with someone on your team who's thinking about platform work or planning cluster changes.
I'm Brian and this is Ship It Weekly by Teller's Tech and I'll see you in the next one.
Scroll inside the box to read the full transcript.