KubeCon EU 2026 Recap: The Year AI Moved Into Production on Kubernetes Recap of KubeCon EU 2026 in Amsterdam: AI in production on Kubernetes, agentic AI identity, inference routing, and platform engineering.

Most orgs have experimented with AI workloads on Kubernetes, but very few run them in production daily. That gap defined KubeCon EU 2026.

llm-d, SPIFFE-based agent identity, inference gateways. The pieces are forming fast.

How We Eliminated Long-Lived CI Secrets Across 70+ Repos Learn how Pulumi eliminated static CI secrets across 70+ repos using Pulumi ESC and OIDC, reducing supply chain attack risk with short-lived credentials.

We eliminated all long-lived CI secrets across 70+ repos using Pulumi ESC and OIDC. Short-lived credentials mean a compromised GitHub Action gets nothing persistent. Here's how we did it:

Open source makes the world go around!

In honor of FOSS month, our SIGs wanted to thank the projects we're relying on most.

There are a ton, so please join us as we celebrate them all! 🙌

Schema Validation Comes to Pulumi ESC with fn::validate Validate configuration values against JSON Schema with fn::validate in Pulumi ESC.

Engineers waste deploy cycles on config typos and invalid values.

Pulumi ESC’s new fn::validate enforces JSON Schema at save time so misconfigurations fail early, not during a deploy. Define your rules once and catch errors before they hit stacks.

www.pulumi.com/blog/esc-sch...

How We Built Platybot: An AI-Powered Analytics Assistant How Pulumi built an AI-powered analytics assistant that lets any employee query data using natural language.

We let an LLM generate SQL for analytics. The answers looked right and were wrong. Missing joins. Bad filters. Wrong assumptions.

Our data team shares what failed and what worked instead 👇
www.pulumi.com/blog/how-we-...

Pulumi Neo Now Supports AGENTS.md Neo now reads AGENTS.md files to follow your project conventions automatically, using the same format as Cursor, GitHub Copilot, and other AI coding tools.

Does AI not remember your project rules? Stop repeating yourself!

Pulumi Neo now supports AGENTS.md so conventions like naming, structure, and required steps live in the repo and are reused automatically.

www.pulumi.com/blog/pulumi-...

Announcing OpenAPI support for the Pulumi Cloud REST API The Pulumi Cloud REST API now has an OpenAPI 3.0 specification you can fetch at runtime. Use it for client generation, validation, and discovery.

We heard you! The Pulumi Cloud REST API now has an OpenAPI 3.0 spec! Fetch the spec, generate clients, keep everything in sync.

www.pulumi.com/blog/announc...

Neo: Share Tasks for Collaborative AI Infrastructure Operations Collaborate on infrastructure operations by sharing Neo tasks with teammates for review and assistance.

Neo now supports task sharing.

Share any task with your team: the original prompt, Neo's reasoning, the actions it took, and the outcome. Full context preserved.

www.pulumi.com/blog/neo-tas...

Pulumi Agent Skills: Best practices and more for AI coding assistants Introducing packaged Pulumi expertise that works across Claude Code, Cursor, GitHub Copilot, and other AI coding assistants.

Pulumi Agent Skills are structured knowledge packages for AI coding assistants.

Install them once and get correct, idiomatic Pulumi guidance inside your preferred tool, including Claude Code, GitHub Copilot, Cursor, VS Code, Codex, and Gemini CLI.

www.pulumi.com/blog/pulumi-...

Deploy OpenClaw on AWS or Hetzner Securely with Pulumi and Tailscale Deploy OpenClaw (formerly Moltbot/Clawdbot), an open-source AI assistant, to AWS and Hetzner using Pulumi with Tailscale for secure private access.

How do you run an AI assistant without exposing it to the internet?

This walkthrough shows @openclaw-x.bsky.social on AWS or Hetzner using Pulumi and @tailscale.com for private access, reproducible infrastructure, and clean lifecycle control.

www.pulumi.com/blog/deploy-...

How Ralph Wiggum Built a Serverless SaaS with Pulumi See how an AI agent using the Ralph Wiggum loop built a full AWS serverless SaaS with Pulumi—unsupervised. Frontend, backend, tests, and CloudFront included.

What happens when AI isn’t babysat and infrastructure is written in familiar programming languages?
This experiment using the Ralph Wiggum loop shows Claude building and deploying a serverless SaaS on AWS with Pulumi.

www.pulumi.com/blog/how-ral...

New in Pulumi IaC: `replacementTrigger` Resource Option You can now use the `replacementTrigger` resource option to control when resources are recreated

Some infrastructure needs to be replaced on purpose.
Pulumi now lets you control when resources are recreated using the 'replacementTrigger' resource option, without manual flags or brittle workarounds.

www.pulumi.com/blog/trigger...

We'll be at @cfgmgmtcamp.bsky.social in Ghent!

If you’ll be there, stop by the Pulumi booth for a demo, meet the team, and learn more about how Pulumi fits into the config-management picture, helping drive tools like Ansible and manage complex Kubernetes deployments without wrestling with YAML.

Neo: Zero-downtime migration from CDK, Terraform & Azure ARM Neo automates migrations from CDK, Terraform, and ARM to Pulumi with zero downtime and verified safety.

Migrating from CDK, Terraform, or Azure ARM usually means risk, downtime, or both. Neo changes that.

It uses your existing IaC state to move infrastructure to Pulumi with zero downtime and a verified zero change preview.

www.pulumi.com/blog/neo-mig...

Pulumi IAM Now Available for Self-Hosted Pulumi Cloud Pulumi IAM with Custom Roles and scoped Access Tokens is now available for self-hosted Pulumi Cloud instances.

Running Pulumi Cloud self-hosted means stricter security and no room for shared credentials.

Pulumi IAM now supports self-hosted deployments with scoped tokens, custom roles, and least-privilege access for teams and automation.

www.pulumi.com/blog/pulumi-...

The new Pulumi ESC Web Editor is live. Switch between YAML and a rich UI to manage secrets, providers, and exports with full visibility into your environment. It makes setting up OIDC, editing secrets, and sharing config much easier.

Learn more at www.pulumi.com/blog/new-esc...

Introducing the Stash Resource in Pulumi IaC The new Stash resource lets you save computed values directly to your stack's state, making them persist across deployments.

Ever need a value to stick around between pulumi up runs? Meet Stash, a new built-in resource to Pulumi IaC for persisting data in your stack's state.

www.pulumi.com/blog/introdu...

How to Move to the Gateway API: post ingress-nginx Retirement With ingress-nginx retiring in 2026, this post explores the technical shift to Gateway API and evaluates kgateway as a production-grade successor.

Ingress NGINX is retiring in 2026. Kubernetes teams should start planning now. The Gateway API offers a standard, expressive model for traffic management, and kgateway provides a production-ready path for migration with lower risk.

www.pulumi.com/blog/ingress...

From 'Works on My Machine' to Production-Ready: Building AI Agents with Amazon Bedrock AgentCore Transform local AI agent prototypes into production-ready deployments using Amazon Bedrock AgentCore, Strands SDK, and Pulumi.

Moving AI agents from local prototypes to production is where most teams struggle. This walkthrough shows how to deploy agents with Amazon Bedrock AgentCore using real infrastructure patterns for security, identity, and runtime management.

www.pulumi.com/blog/from-wo...

CDKTF is deprecated: What's next for your team? The deprecation of CDKTF has left many teams without a clear path forward. This post outlines the options and shows what it's like to move from CDKTF to Pulumi.

CDKTF is deprecated. Teams using TypeScript or Python for infrastructure now need a path forward. Options range from returning to HCL to moving to a language-first IaC model that can coexist with Terraform. Follow along 👇

www.pulumi.com/blog/cdktf-i...

Superintelligence Infrastructure Manage AI infrastructure with code, not static configuration. From 100,000+ GPU training clusters to billions of inference requests.

Your GPUs might be burning money right now without you knowing. Idle clusters and forgotten experiments add up fast.
What if your infrastructure warned you before the cost hit your bill?

www.pulumi.com/product/supe...

Build a multi-service app with Azure Container Apps In this workshop, you will learn the fundamentals of Infrastructure as Code through a series of guided exercises using Pulumi’s Cloud Engineering platform. You will be introduced to Pulumi, an infrast...

Learn how to deploy a multi service application on Azure Container Apps in a live workshop on January 15. See how to structure services, handle configuration, and ship a real cloud application on Azure.

Register here: www.bigmarker.com/pulumi/build...

AWS built an integrated AI Agent training pipeline and they want you to rent it At re:Invent 2025, AWS revealed a vertically integrated AI training pipeline. Here's who it's actually for.

AWS re:Invent 2025 introduced major shifts in AI and cloud infrastructure. Nova Forge, Trainium 3, and AgentCore point toward more integrated, automated systems.

Pulumi’s roundup breaks down what these launches mean for engineers: www.pulumi.com/blog/aws-rei...

Pulumi + cursor through Remove MCP server integration

Bring Cursor into your cloud workflow with the Pulumi Remote MCP Server. Let Cursor inspect stacks, flag drift or issues, and pass complex updates to Pulumi Neo for automated execution.

Ready to try it? 👉 www.pulumi.com/blog/remote-...

Change Management with the Pulumi Kubernetes Operator and Kargo Use Kargo with the Pulumi Kubernetes Operator to control how infrastructure changes are promoted across environments.

Pulumi Kubernetes Operator + Kargo turn infra-as-code updates into a real promotion pipeline—staged rollouts, approvals, verification, and audit history without “deploy everywhere at once” chaos.
👉 www.pulumi.com/blog/pulumi-...

The cloud you know is changing fast. AI, IaC, Kubernetes, and platform engineering are rewriting how teams build and operate infrastructure. Don’t fall behind.

See the 10 trends shaping 2026 and beyond at www.pulumi.com/blog/future-...

All Pulumi CLI flags are now supported as environment variables You can now configure all Pulumi CLI flags via environment variables, and use tools like direnv to define project-wide settings

All Pulumi CLI flags now support environment variables! Set any flag with PULUMI_OPTION_*. Combine with direnv to version-control your team's CLI configuration. Available in v3.208.0+

Learn more at www.pulumi.com/blog/control...

From Zero to Production in Kubernetes In this workshop, you will learn the fundamentals of Infrastructure as Code through a series of guided exercises using Pulumi’s Cloud Engineering platform. You will be introduced to Pulumi, an infrast...

Join now and learn how to take Kubernetes from zero to production with AI workflows, GitOps, Argo CD, and real cluster patterns.

www.bigmarker.com/pulumi/from-...

Meet Pulumi at AWS re:Invent Booth 1127! 🚀

See how AWS + Pulumi enable 5x faster deployments, AI-powered automation with Neo, and secure, cost-efficient cloud ops.

Learn how to claim $500 in AWS credits and pick up exclusive swag!

Beyond YAML in Kubernetes: The 2026 Automation Era Discover how AI and automation are shaping Kubernetes in 2026. See Pulumi Neo in action and learn how to simplify multi-cluster operations with code.

Kubernetes in 2026: Are you ready for what’s next?
The latest CNCF report shows 15.6M developers now building with cloud-native tech, and the ecosystem is shifting fast.

With AI agents, policy, and code gaining momentum… is YAML’s dominance coming to an end?

👉 www.pulumi.com/blog/beyond-...