HashiCorp vs Kubernetes
Side-by-side trajectory, velocity, and editorial themes.
HashiCorp under IBM is doubling down on agentic IAM and enterprise-scale Terraform.
Now branded 'IBM Vault' in places, HashiCorp is rolling out its post-acquisition strategy on two fronts: native identity management for AI agents in Vault, and a coordinated Terraform refresh spanning 1.15, Enterprise 2.0, and Infragraph-powered HCP in public preview. Recent capability adds across Vault (envelope encryption for streaming workloads, Azure hub-and-spoke GA) and Terraform (cost visibility, project-level notifications) progress the existing surface while the strategic bets ship in parallel.
Two arcs are clearly pulling: Vault is repositioning as the identity plane for the AI-agent era — issuing, delegating, and tracing credentials for non-human actors — and Terraform is being reorganized around enterprise-scale governance with a single-source-of-truth graph (Infragraph) underneath HCP. The 'AI operating model' marketing layer signals that IBM and HashiCorp are telling enterprise buyers AI is now an operations problem, not an experimentation problem, and HashiCorp is the substrate to operationalize it on.
The AI-agent IAM story is the one to expand fastest — agent-policy primitives, OIDC-for-agents, tighter integration with Vault Secrets Operator and Boundary. On the Terraform side, Infragraph graduating from public preview is the next milestone to watch, and likely the moment 'HCP Terraform powered by Infragraph' replaces classic HCP Terraform as the default.
Kubernetes 1.36 leans into AI/ML scheduling and control-plane scaling.
The 1.36 cycle is graduation-heavy, with PSI metrics, declarative validation, and volume group snapshots all promoted to GA. Alongside that, the project is making architectural moves around workload scheduling (a new PodGroup API), API-server safety (Mixed Version Proxy on by default), and very-large-cluster scaling (server-side sharded list and watch in alpha). Etcd 3.7 has hit beta in parallel.
Kubernetes is repositioning the control plane for two pressures at once: AI/ML batch workloads, where gang scheduling and DRA are becoming first-class concerns, and very-large clusters, where the control plane itself needs to shard. The pattern across this cycle is consolidation — old experimental scaffolding is reaching GA or being removed (ExternalIPs), while new APIs land with explicit separation of static template from runtime state. Less feature sprawl, more API hygiene.
Expect 1.37 to push server-side sharded watch toward beta and to keep extending DRA's reach into native resources like memory and networking. Workload-aware scheduling will likely accumulate scheduler-plugin-level coordination patterns next, with downstream batch frameworks starting to converge on the PodGroup shape.
See more alternatives to HashiCorp →
See more alternatives to Kubernetes →