State of DevOps 2026

Three infrastructure shifts defined 2025: security vulnerabilities forced architectural change (IngressNightmare exposed 43% of cloud environments per Wiz analysis; ingress-nginx retires March 2026), AI moved from code suggestion to autonomous operation (GitHub Copilot coding agent, AWS Frontier Agents, Amazon Bedrock AgentCore), and supply chain attacks evolved into automated propagation (Shai-Hulud worm compromised ~800 npm packages across two waves via stolen credentials).

The 2025 DORA Report quantified the AI trade-off: positive correlation with throughput, negative correlation with stability. They added Rework Rate as a fifth metric to capture this. Dynamic Resource Allocation reached GA in v1.34; In-Place Pod Resize reached GA in v1.35. IBM completed the HashiCorp acquisition for $6.4B. GitHub Actions processes 71 million jobs daily with up to 39% price reductions effective January 2026.

Actions for 2026: Migrate from ingress-nginx to Gateway API before March 2026 retirement. Upgrade Kubernetes nodes to cgroup v2 and containerd 2.0+ before v1.36. Complete Grafana Agent to Alloy migration (EOL November 2025). Audit GitHub Actions self-hosted runner usage for pricing changes. Define human-approval boundaries for AI coding agents in production workflows. Track the DevOps Research and Assessment Rework Rate metric alongside throughput for AI-assisted development.

DevOps 2025 Timeline

Observability Survey Data (2025)

Grafana Labs 2025 Observability Survey:

• 71% use both OpenTelemetry and Prometheus
• 67% use Prometheus in production
• 41% use OpenTelemetry in production
• 38% investigating or building OTel POCs

M&A Summary (2025)

US M&A pace: ~$2.3 trillion (Harvard Law Forum). Global deal value: ~$4.8T (Bain).

Cloud Market Share (Q3 2025)

Top 3 hold ~63% of global cloud infrastructure spending.

DevOps 2026 Watchlist

1. ingress-nginx Retirement

When: March 2026. No releases, bugfixes, or security updates after this date.
Context: IngressNightmare (CVE-2025-1974) exposed architectural risks. Gateway API is the forward-looking standard.
Action: Inventory ingress-nginx deployments. Select Gateway API implementation (Envoy Gateway, NGINX Gateway Fabric, Cilium Gateway, Istio Gateway). Complete migration before deadline.

2. GitHub Actions Pricing

When: January 1, 2026. Up to 39% price reduction for GitHub-hosted runners. Actions cloud platform charge ($0.002/minute for private repo workflows) postponed from original March 1, 2026 date; revised timeline TBD. Charge already included in hosted runner rates; also applies to self-hosted runners.
Context: GitHub re-evaluating pricing model after community feedback. Public repos and GHES excluded.
Action: Audit self-hosted runner usage in private repos. Budget for eventual charges or review alternatives.

3. Kubernetes Node Requirements

When: Now (v1.35 released December 2025). containerd 1.x support ends after v1.35; next Kubernetes version (~April 2026) will require containerd 2.0+.
Context: kubelet blocks cgroup v1 nodes by default in v1.35 (override: failCgroupV1: false). v1.35 is last release supporting containerd 1.x. Metric: kubelet_cri_losing_support.
Action: Migrate nodes to cgroup v2. Upgrade containerd to 2.0+ before next Kubernetes version.

4. AI Agent Operational Boundaries

When: Ongoing. GitHub Copilot coding agent, AWS Frontier Agents, and Bedrock AgentCore available now. Adoption accelerating through 2026.
Context: DORA 2025 found AI correlates with increased throughput but decreased stability (more change failures, increased rework).
Action: Define automation boundaries (read-only vs. mutating). Require human approval for high-blast-radius changes. Track Rework Rate alongside throughput. Maintain error budget discipline.

5. Supply Chain Attestation

When: Now. Trusted publishing available: RubyGems (Dec 2023), crates.io (July 11, 2025), npm (July 31, 2025), NuGet (Sept 22, 2025). Docker Hardened Images with SLSA Build Level 3 available December 17, 2025.
Context: Shai-Hulud compromised 500+ npm packages via stolen maintainer credentials in September. Second wave in November compromised 796 more packages.
Action: Enable trusted publishing on all registries. Add SLSA attestation. Audit CI/CD secrets access. Rotate tokens.

6. OpenTofu vs. Terraform

When: Track through 2026. IBM completed HashiCorp acquisition February 2025; governance direction should clarify over next 12 months.
Context: Fidelity migrated to OpenTofu. OpenTofu provides Terraform-compatible open governance alternative.
Action: Track IBM's governance decisions. Review OpenTofu based on vendor lock-in tolerance.

7. Service Mesh Architecture

When: Review in 2026. Istio Ambient Mode GA since November 2024. Istio 2025-2026 roadmap focuses on sidecar-to-ambient migration path.
Context: Sidecarless architectures (Istio Ambient, Cilium) reduce resource overhead. Migration paths maturing.
Action: Review sidecarless architecture for resource reduction. Review migration path if running sidecar-based mesh.

8. Internal Developer Portals

When: Review when planning platform investments. Market actively consolidating.
Context: Backstage: 3,400+ adopters, 250+ plugins, requires investment to customize. Port: $100M Series C at $800M valuation, turnkey alternative.
Action: Review based on platform team capacity and customization requirements.

9. Hardware-Aware Kubernetes Scheduling

When: Now. Dynamic Resource Allocation GA in v1.34 (August 2025). In-Place Pod Resize GA in v1.35 (December 2025).
Context: DRA enables first-class GPU/TPU/NIC scheduling. In-Place Pod Resize allows CPU/memory changes without pod restarts after 6 years of development.
Action: Review DRA for GPU workloads. Test In-Place Pod Resize for variable workloads and cost optimization.

10. Multicloud Networking

When: AWS Interconnect with Google Cloud in preview now. Azure joining later 2026. GA timeline TBD.
Context: First-party multicloud networking between major cloud providers.
Action: Review for multicloud deployments when GA.