Kubernetes is mission critical

The New Stack column published Mar. 20, 2026 positions Kubernetes as the de‑facto host for distributed AI inference and argues platform engineering must abstract Kubernetes complexity to enable scalable model serving. (thenewstack.io)) A CNCF/HyperFRAME analysis of the CNCF 2026 survey shows Kubernetes at 82% production usage and lists “cultural friction” — not technical debt — as the leading blocker to wider, safer adoption. (cncf.io)) A separate New Stack piece on Mar. 20 warns that flat NetworkPolicy models lack precedence, making it hard to predict rule outcomes and producing audit gaps and change‑gridlock in large, multi‑team clusters. (thenewstack.io)) Tigera/Calico documents and product notes describe policy tiers as an explicit mechanism to order global, platform, and team policies and to bind tier management to RBAC for controlled precedence. (docs.tigera.io)) Calico and Antrea now expose hierarchical constructs: Calico’s staged/tiered policies include a policy preview (dry‑run) capability and Antrea supports tiered Antrea‑native policy CRDs for prioritized rules. (youtube.com)) Calico v3.30+ added staged policy previews and a Whisker UI to visualize flows and simulate enforcement to reduce accidental outages when promoting policies to enforce mode. (youtube.com)) Kubernetes upstream docs remind operators that NetworkPolicy is additive and egress is permissive by default, meaning platform‑level ordered policies and enforced default‑deny are required to harden inference nodes that rely on GPU pass‑through. (kubernetes.io))