Ever deployed a config without semantic validation—only to break a critical API or route? Or seen staging pass while production fails due to policy mismatches? Imagine if Agentic AI could proactively validate configs and explain risks in natural language.

In this talk, we share how we enhanced our GitOps-based internal developer platform by integrating AI agents into the deployment workflow. Our platform uses the GitOps model to declaratively manage environments from Git, ensuring consistency and repeatability. However, the absence of semantic validation meant misconfigurations—such as resource requests exceeding quotas or Kyverno policy conflicts—would occasionally slip through. These issues led to failed scheduling, degraded availability, or blocked rollouts. Using kagent, our agents analyze the live cluster, Git state, and runtime config to detect semantic issues—like resource quota violations or Kyverno policy conflicts—and surface them in PRs with human-readable feedback.

Large Language Models (LLMs) have evolved far beyond simple chatbots. The next frontier is LLM-powered agents, autonomous systems that take action, reason across tools and APIs, and collaborate with other agents. Yet, many AI agent frameworks aren’t designed to run natively on Kubernetes.

In this talk, we’ll introduce Kagent, a CNCF sandbox project offering a Kubernetes-native framework for building, deploying, and managing AI agents. Kagent makes it easy to define agents declaratively and manage them with familiar Kubernetes tools.

We’ll demo debugging agents built with Kagent that integrate with CNCF projects like Kubernetes, Argo, and Cilium. We’ll also show how Kagent supports flexible agent workflows across a variety of environments and use cases. Kagent provides a path to operationalize AI agents in cloud-native infrastructure, integrating with the CNCF ecosystem while supporting scalable, secure, and observable AI systems.

What’s all the buzz around “agents”? How does AI fit into Kubernetes? And more importantly, how can they help make your job easier?

Step 1: Understand agents
Step 2: Deploy them on Kubernetes
Step 3: Profit (less hassle, more automation)

This session will introduce AI agents, programs that use LLMs, interact with tools, retrieve data, and communicate with other agents. We will cover what agents are, why you might need one, and how to build a Kubernetes-native agent using CNCF tools such as Kagent. We’ll also explore emerging protocols like MCP (Model Context Protocol) and A2A (Agent to Agent), and share how the CNCF’s Working Group on AI (WG-AI) is working to build guidelines and publish whitepapers on security, sustainability and agents in this space.

Whether you're new to Kubernetes, AI, or both, this talk bridges the gap between AI concepts and practical cloud native implementations, giving you the foundational knowledge to start building autonomous cloud-native AI applications.

Can we secure AI workloads, agents, and MCP servers the same way we secure traditional microservices? Are established tools and standards—such as SPIFFE identities, mutual TLS, authorization policies, and supply chain security—sufficient, or do AI workloads require a fundamentally different approach?

This panel discusses the unique challenges AI introduces across multiple dimensions: model selection, enterprise operations, hardening and red teaming, end-user management, model compute optimization, and long-running, context-heavy sessions. We’ll also explore disaster scenarios such as multi-cluster/region failovers, and what they mean for securing distributed AI applications.

Join our panel of AI and security experts for a dynamic discussion that clarifies what can be reused and what must be reimagined to effectively protect AI workloads.

AI workloads look like traditional micro-services in many ways: they run a variety of workloads, connected over the network, and require security, observability, and traffic management. Exactly what Istio does! So, can Istio solve all of our AI infrastructure problems? Not so fast.

While sharing some similarities with traditional workloads, AI brings a number of new requirements onto the infrastructure to effectively manage and control.

In this talk, I will cover the new problems AI workloads bring, and where Istio fits in, including what Istio can manage today, what is on the roadmap, and what is left out of scope. We will cover optimized inference load balancing, LLM protocol awareness, and more.

‍

Is it possible to migrate from a legacy ingress and sidecar-based service mesh to a modern Kubernetes Gateway API and sidecar-less architecture—without any downtime, and across multiple availability zones? Can we ensure traffic routing prioritizes locality to minimize latency and network costs? How can we maintain advanced observability using HTTP request metrics for autoscaling with KEDA, instead of relying solely on CPU or memory-based Horizontal Pod Autoscaling (HPA)? And what about preserving request authentication and JWT validation? Can we continue to strengthen resilience between AI workloads and LLMs?

Join us on our real-world migration journey at Harri, as we transition our production environment from ingress controllers and sidecars to Kubernetes Gateway API and sidecar-less model. We'll share key discoveries, challenges, and lessons learned to help you plan a possible zero-downtime migration.

As the industry's infrastructure requirements have progressed over time, so have its proxies. Apache Traffic Server gave way to Nginx as traffic scales increased, with Envoy eventually joining the picture to fill in the gaps of high scale micro-service architectures. A similar shift is happening today with the dramatic surge in AI infrastructure, which have unique requirements to efficiently run. Intelligent request batching, model-aware load balancing, and token-based rate limiting are table stakes. Traditional proxies weren't designed for any of this. Like Envoy was built to fill the need for a micro-service optimized proxy, a new data plane is needed to fill the need for an AI optimized proxy.

In this talk, I'll walk through the design decisions behind a new CNCF AI proxy built as part of kgateway. We'll explore what makes AI traffic unique, as well as lessons learned from existing proxies, and explore the tradeoffs needed to build an optimal AI data plane.

Curious about how we build the most powerful and innovative service mesh available? Want to get started as an open source contributor in a popular CNCF graduated project, learn about the codebase underlying the mesh or simply take a peek behind the curtain to see how it’s done? This is your chance! Join Istio maintainers for a session diving into the codebase and learn how you can join us to help shape the future of Istio.

During this session we’ll cover the architecture of the two primary operating modes for Istio, how to set up your development environment, how to interact with the community and start contributing your first PR to Istio.

How do you test the resilience of your environment without risking an outage? Stress testing is often a one-time pre-production task, immediately forgotten due to the complexity of keeping it current.
In this tutorial, we’ll show how to automate stress testing using AI to adapt to your ever-changing Kubernetes environment. Attendees will learn to deploy a repeatable, low-effort system using Kagent and Kgateway as the human-friendly control plane, Fortio for load generation, and Istio Ambient Mesh for enhanced observability. Think of it as your eager assistant continuously probing your system until cracks appear. You'll leave with a working knowledge of how to set up and run the tools to create intelligent, production-grade stress tests anytime.

Looking for the perfect way to unwind after a full day at KubeCon + CloudNativeCon? Come hang out with the Kagent community at one of Atlanta’s most iconic spots: Skyline Park at Ponce City Market.  With stunning city views, Skyline Park is the ultimate place to connect with friends old and new in the cloud-native world.

Your AI inference workloads need more GPUs than any single cluster can provide. Sound familiar? When demand exceeds local capacity and your resources are spread across multiple clusters, intelligent routing becomes critical.

This talk introduces Multi-Cluster Inference Gateway, a new part of the open-source Inference Gateway project that tackles distributed AI infrastructure head-on. We'll show you how it leverages existing Gateway API and multi-cluster patterns to dynamically shift traffic where GPUs are available.

Solving your GPU scarcity problem starts here. We'll share practical deployment strategies, show you how to optimize costs by intelligently utilizing GPUs, and ensure your AI workloads remain highly available across clusters. Get ready for real-world examples that illustrate how to scale AI serving beyond the confines of a single cluster, empowering you to maximize utilization and minimize latency for your distributed AI workloads.

Agentic AI is evolving from hype to hands-on reality—no longer just copilots, but autonomous actors in Kubernetes clusters. But how effective are these AI agents in real-world ops?

This panel brings together builders and operators who've deployed LLM-powered agents at scale in production to share what worked, what broke, and what surprised them. Expect a candid, high-signal conversation on the true strengths and sharp limitations of AI agents for Kubernetes.

SREs, platform engineers/operators—come with questions, leave with a clearer sense of where AI can reduce toil, when it still needs babysitting(human-in-the-loop), and how to experiment and deploy safely.

We’ll cover:

- High-efficacy use cases: RCA, triage, incident summarization
- Common failure patterns: hallucinations, context loss, unpredictability, alert attention
- Evaluation strategies in dynamic prod environments
- Design trends: agent chaining, feedback loops, safety guardrails

‍