← Blog
#Kubernetes#Cloud Native#Platform Engineering#DevOps#KubeCon

KubeCon Europe 2026 — Cloud Native Trends Developers Should Watch

webhani·

Introduction

KubeCon + CloudNativeCon Europe 2026 takes place March 23-26 in Amsterdam. The cloud-native ecosystem has matured to the point where the conversation has shifted from adoption to operational refinement. Containers, microservices, and Kubernetes are no longer differentiators — they are the baseline.

This post covers three trends worth paying attention to this year: Platform Engineering, Agentic DevOps, and Software Supply Chain Security. For each, we look at what is actually changing and how to apply it in practice.

Platform Engineering Goes Mainstream

IDPs as the Default Operating Model

Internal Developer Platforms (IDPs) give developers self-service access to infrastructure provisioning and deployment without requiring deep Kubernetes knowledge. In 2026, IDPs have moved from a nice-to-have to the standard operating model for mid-size and larger engineering organizations.

The driver is straightforward: Kubernetes keeps gaining features and complexity, but most application developers should not need to manage that complexity directly. An IDP provides the abstraction layer.

Building an IDP with Backstage

Backstage, the CNCF-incubated developer portal framework, remains the most widely adopted foundation for IDPs. Here is an example of registering a service in the software catalog:

# catalog-info.yaml
apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  name: order-service
  description: Order processing microservice
  annotations:
    backstage.io/kubernetes-id: order-service
    backstage.io/techdocs-ref: dir:.
  tags:
    - go
    - grpc
spec:
  type: service
  lifecycle: production
  owner: team-backend
  system: ecommerce
  dependsOn:
    - resource:default/postgres-order-db
    - component:default/payment-service

Measuring Service Maturity with Scorecards

The real value of an IDP is not just provisioning — it is continuous visibility into service health across the organization. Backstage Scorecards let you define and track production-readiness criteria:

# scorecard.yaml
apiVersion: backstage.io/v1alpha1
kind: Scorecard
metadata:
  name: production-readiness
spec:
  checks:
    - id: has-owner
      name: Owner team is assigned
      rule:
        metadata.annotations['team/owner']: { exists: true }
    - id: has-runbook
      name: Runbook is documented
      rule:
        metadata.links[?title=='Runbook']: { exists: true }
    - id: has-slo
      name: SLO is defined
      rule:
        metadata.annotations['slo/availability']: { exists: true }

This turns operational maturity from a subjective assessment into a measurable, trackable metric.

Agentic DevOps — AI in the CI/CD Pipeline

Beyond Simple Automation

According to industry surveys, roughly 76% of DevOps teams integrated some form of AI into their CI/CD pipelines during 2025. The emerging pattern goes beyond simple linting or auto-formatting. Teams are building AI agents that participate in pipeline decisions: triaging security scan results, analyzing test failures, and assessing deployment risk.

The term "Agentic DevOps" describes this shift — AI components that do not just execute tasks but make contextual decisions within the pipeline.

Practical Example: Risk-Based Pipeline Routing

Here is a GitHub Actions workflow that adjusts its behavior based on change risk analysis:

# .github/workflows/ai-assisted-review.yaml
name: AI-Assisted Pipeline
 
on:
  pull_request:
    branches: [main]
 
jobs:
  ai-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Analyze change risk
        id: risk-assessment
        run: |
          CHANGED_FILES=$(git diff --name-only origin/main...HEAD)
          HIGH_RISK_PATTERNS="migration|security|auth|payment"
          RISK_LEVEL="low"
          for file in $CHANGED_FILES; do
            if echo "$file" | grep -qiE "$HIGH_RISK_PATTERNS"; then
              RISK_LEVEL="high"
              break
            fi
          done
          echo "risk_level=$RISK_LEVEL" >> "$GITHUB_OUTPUT"
 
      - name: Run additional security scan for high-risk changes
        if: steps.risk-assessment.outputs.risk_level == 'high'
        run: |
          echo "High-risk changes detected. Running additional security scan."
          trivy fs --severity HIGH,CRITICAL .

This pattern — dynamically adjusting pipeline behavior based on change context — is the practical entry point for Agentic DevOps. Start simple, then layer in more sophisticated analysis as you build confidence.

Software Supply Chain Security

SBOM and SLSA Are No Longer Optional

The increasing frequency of supply chain attacks has made Software Bill of Materials (SBOM) generation and SLSA (Supply-chain Levels for Software Artifacts) compliance essential rather than aspirational. In the Kubernetes ecosystem, image signing and verification are becoming standard practice.

Image Signing with Cosign

# Dockerfile (multi-stage build)
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -o /app/server ./cmd/server
 
FROM gcr.io/distroless/static-debian12:nonroot
COPY --from=builder /app/server /server
USER nonroot:nonroot
ENTRYPOINT ["/server"]
# Sign the built image
cosign sign --key cosign.key ghcr.io/myorg/order-service:v1.2.0
 
# Verify the signature
cosign verify --key cosign.pub ghcr.io/myorg/order-service:v1.2.0
 
# Generate and attach SBOM
syft ghcr.io/myorg/order-service:v1.2.0 -o spdx-json > sbom.json
cosign attach sbom --sbom sbom.json ghcr.io/myorg/order-service:v1.2.0

Enforcing Signatures at the Cluster Level

Combine signing with an admission controller to reject unsigned images cluster-wide:

# Kyverno ClusterPolicy
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: verify-image-signature
spec:
  validationFailureAction: Enforce
  rules:
    - name: check-signature
      match:
        any:
          - resources:
              kinds:
                - Pod
      verifyImages:
        - imageReferences:
            - "ghcr.io/myorg/*"
          attestors:
            - entries:
                - keys:
                    publicKeys: |-
                      -----BEGIN PUBLIC KEY-----
                      ...
                      -----END PUBLIC KEY-----

What This Means for Mid-Size Projects

At webhani, we frequently work with mid-size consulting projects — teams of 5 to 20 engineers. Here is how these trends translate to that scale:

  • Platform Engineering: You do not need a full IDP from day one. Start with templated Helm charts and GitOps via ArgoCD. Even a lightweight service catalog improves developer experience significantly.
  • Agentic DevOps: Begin by adding security scans and change-risk analysis to your CI/CD pipeline. The risk-based routing pattern above requires no AI vendor dependency and delivers immediate value.
  • Supply Chain Security: Container image signing has low adoption cost and high impact. Adding SBOM generation is a single CI step. Both are easy wins.

Conclusion

The themes at KubeCon Europe 2026 reflect a cloud-native ecosystem that has moved past adoption and into operational maturity. Platform Engineering improves developer experience at scale. Agentic DevOps brings intelligent automation to pipelines. Supply chain security hardens the software delivery process.

All three are approachable incrementally. Start small, measure the impact, and expand from there. That pragmatic approach tends to work better than attempting a wholesale transformation.

← Back to Blog