containerd CRI Vulnerabilities, Datadog PostgreSQL HA on Kubernetes, AWS DevOps Agent with Datadog MCP Server, EKS Control Plane Egress, and Why Users Feel the Wait
Try reloading the player or open this episode directly on YouTube.
This episode of Ship It Weekly discusses recent containerd CRI plugin vulnerabilities and Datadog's findings on PostgreSQL high availability failover safety.
Now Playing
containerd CRI Vulnerabilities, Datadog PostgreSQL HA on Kubernetes, AWS DevOps Agent with Datadog MCP Server, EKS Control Plane Egress, and Why Users Feel the Wait
Ship It Weekly
0:0019:24
Chapters
Jump to a section in this episode.
Speed & share
Transcript
This week, containerd disclosed a stack of CRI
plugin vulnerabilities in the runtime layer,
a huge number of Kubernetes nodes trust to start
your containers. Datadog ran a PostgreSQL
gameday and learned their database could fail over
just fine. It just couldn't do it safely. AWS
DevOps Agent and Datadog's MCP Server are both
now generally available. And the new AWS integration
means AI incident response just graduated from
demo to on-call rotation. And EKS will now route
your Kubernetes control plane's outbound traffic
through your own VPC, which is great, right up
until a stale route table quietly kills your
admission webhooks. Put those together and the
shape of the episode is pretty clear. The control
plane keeps getting wider. Runtimes. Databases.
Incident agents. API-server egress. credentials,
even the cloud console. One by one, they are
all sliding into your production blast radius.
And here's the part that matters. Your users
don't care which control plane failed. They just
feel the wait. I'm Brian Teller from Teller's
Tech, and this is Ship It Weekly. Welcome back
to Ship It Weekly, the show about the DevOps,
SRE, cloud, platform, and security stories that
actually matter when you are the person who has
to keep the thing running at 3 a.m. If you are
new here, follow or subscribe wherever you are
watching or listening. And if you want the weekly
story list and source links, check out OnCallBrief.com
For past episodes, full show notes, and
more from the show, head over to ShipItWeekly.fm
We open with the containerd CRI plugin vulnerabilities,
because your node runtime is the trust boundary
underneath the trust boundary. Then, Datadog's
PostgreSQL HA gameday, where the scary discovery
wasn't that failover was hard, it was that failover
was unsafe. After that, AWS DevOps Agent and
Datadog MCP Server going GA. And what it means
when an AI agent gets a seat near your control
plane. Then, EKS customer-routed control-plane
egress. Because your API server is now part of
your network perimeter, whether you plan for
it or not. In the lightning round, GitHub Credential
Revocation. AWS Console Private Access. Vercel
Connect, and S3 annotations. And we close with
Marc Brooker on waiting, on why your customers
live in the tail of your latency distribution,
even when your dashboards swear everything's
fine. Let's get into it. First up, containerd
has a batch of CRI plugin vulnerabilities. And
if you run Kubernetes, this one's yours. AWS
published a security bulletin spanning
containerd branches 1.7 through 2.3. And the list is
This episode is really about the control plane getting wider.
That sounds like a platform-engineering phrase, but it is becoming one of the more important ways to think about modern production systems.
A few years ago, when people said “control plane,” they usually meant something fairly specific. Kubernetes API server. Cloud API. CI/CD system. Maybe an internal deployment platform.
Now it is messier than that.
Your container runtime is part of the control plane because it decides how workloads actually start on the node.
Your database failover automation is part of the control plane because it decides whether recovery is safe or reckless.
Your AI incident-response agent is part of the control plane because it can inspect telemetry, summarize what changed, recommend action, and maybe someday trigger work directly.
Your Kubernetes API server egress path is part of the control plane because a stale route table or broken firewall path can stop admission webhooks, OIDC, and aggregated API calls from working.
Your credential revocation tooling is part of the control plane because compromised access has to be cut off fast.
Your cloud console is part of the control plane because operators still need a way to reach the environment during an incident.
Even object metadata starts to matter when data, AI, search, and agent workflows depend on understanding what an object is, not just where it lives.
That is the through-line in this episode.
containerd disclosed a batch of CRI plugin vulnerabilities, and the lesson is that Kubernetes security does not stop at pod specs, RBAC, admission control, or image scanning. Eventually the node runtime has to pull the image, unpack it, restore it, wire up devices, handle logs, and start the container. That runtime layer is not invisible plumbing. It is a trust boundary.
The Datadog PostgreSQL HA story is a different kind of control-plane lesson. Their gameday did not just ask whether PostgreSQL could fail over on Kubernetes. It exposed the harder question: can it fail over safely? If every standby is behind, promotion may be possible, but it may not be correct. And in databases, correct usually matters more than fast.
That is the part I love about the Datadog writeup. It is not the fantasy version of HA where automation magically fixes everything. It is the real version where replication lag, synchronous writes, RPO, RTO, and promotion safety all collide. Failover is only useful if the recovery path does not create a bigger problem.
The AWS DevOps Agent and Datadog MCP Server story pushes this same theme into AI operations. AI incident response is moving from demo to production workflow. That is exciting, but the question cannot just be “is the agent smart?” The better question is “what authority does it have?”
Can it only read?
Can it write?
Can it open tickets?
Can it trigger automation?
Can it roll back?
Can it page someone?
Can it make things worse quickly and very confidently?
That is the uncomfortable part. AI incident tooling can be genuinely useful, especially during the early chaos of an incident when everyone is jumping between dashboards, traces, logs, deploy history, and Slack threads. But once an agent sits near the operational control plane, it needs the same boring guardrails as any other production automation: least privilege, audit logs, approval boundaries, rollback rules, and a clear line between recommendation and execution.
Then there is EKS customer-routed control-plane egress, which is one of those features that sounds boring until you think through the failure modes. Routing Kubernetes API server outbound traffic through your own VPC is a real win for private and regulated environments. But it also means your route tables, security groups, NACLs, firewalls, and private connectivity can now become control-plane dependencies.
That is powerful.
It is also something you bring to a design review.
The lightning round kept hitting the same idea from different angles. GitHub credential revocation is incident-response infrastructure. AWS Console Private Access pulls more operator workflow behind private network boundaries. Vercel Connect points toward short-lived, task-scoped credentials for agents instead of long-lived secrets sitting around forever. S3 annotations make object metadata more directly attached, mutable, and queryable instead of living in another side table that drifts from reality.
Different stories, same shape.
Authority keeps moving.
Trust keeps spreading.
The blast radius keeps expanding.
And that is where Marc Brooker’s post on waiting fits so well as the closer.
Your dashboards may measure averages, but your users do not experience averages. They experience the time they spend waiting. A ten-minute outage and a ten-hour outage might both count as one incident in a tracker, but they do not feel the same to the people stuck inside them. A service with a decent average can still feel terrible if users keep landing in the tail.
That is the reliability lesson underneath the whole episode.
When the system breaks, users do not experience your architecture diagram. They do not care whether it was the runtime, the database, the AI agent, the credential system, the route table, the cloud console, or the metadata layer.
They experience waiting.
Waiting for a request.
Waiting for recovery.
Waiting for a deploy to stop failing.
Waiting for a credential to get revoked.
Waiting for the control plane to come back.
Waiting for someone to find the right context.
So the practical question is not just “is this system up?”
It is also:
Where is authority hiding?
What has to work before recovery can happen?
Which defaults are trusted?
Which control-plane paths are invisible?
Which tools can make changes?
Which systems can block deploys?
Which dependencies only show up when something breaks?
And most importantly, what does this feel like from the waiting side?
This week on Ship It Weekly: containerd disclosed a batch of CRI plugin vulnerabilities, Datadog tested PostgreSQL high availability on Kubernetes and found that failover is not useful if it cannot happen safely, AWS DevOps Agent and Datadog MCP Server moved AI incident response closer to real production workflows, and Amazon EKS added customer-routed control-plane egress.
The bigger theme: the control plane keeps getting wider. Runtimes, databases, incident agents, API-server egress, credentials, the cloud console, and object metadata are all becoming part of the production blast radius. And when something breaks, users do not experience your architecture diagram. They experience waiting.
In the lightning round, Brian covers GitHub self-service credential revocation for incident response, AWS Management Console Private Access without internet connectivity, Vercel Connect and short-lived agent credentials, and Amazon S3 annotations.
This episode is really about the control plane getting wider.
That sounds like a platform-engineering phrase, but it is becoming one of the more important ways to think about modern production systems.
A few years ago, when people said “control plane,” they usually meant something fairly specific. Kubernetes API server. Cloud API. CI/CD system. Maybe an internal deployment platform.
Now it is messier than that.
Your container runtime is part of the control plane because it decides how workloads actually start on the node.
Your database failover automation is part of the control plane because it decides whether recovery is safe or reckless.
Your AI incident-response agent is part of the control plane because it can inspect telemetry, summarize what changed, recommend action, and maybe someday trigger work directly.
Your Kubernetes API server egress path is part of the control plane because a stale route table or broken firewall path can stop admission webhooks, OIDC, and aggregated API calls from working.
Your credential revocation tooling is part of the control plane because compromised access has to be cut off fast.
Your cloud console is part of the control plane because operators still need a way to reach the environment during an incident.
Even object metadata starts to matter when data, AI, search, and agent workflows depend on understanding what an object is, not just where it lives.
That is the through-line in this episode.
containerd disclosed a batch of CRI plugin vulnerabilities, and the lesson is that Kubernetes security does not stop at pod specs, RBAC, admission control, or image scanning. Eventually the node runtime has to pull the image, unpack it, restore it, wire up devices, handle logs, and start the container. That runtime layer is not invisible plumbing. It is a trust boundary.
The Datadog PostgreSQL HA story is a different kind of control-plane lesson. Their gameday did not just ask whether PostgreSQL could fail over on Kubernetes. It exposed the harder question: can it fail over safely? If every standby is behind, promotion may be possible, but it may not be correct. And in databases, correct usually matters more than fast.
That is the part I love about the Datadog writeup. It is not the fantasy version of HA where automation magically fixes everything. It is the real version where replication lag, synchronous writes, RPO, RTO, and promotion safety all collide. Failover is only useful if the recovery path does not create a bigger problem.
The AWS DevOps Agent and Datadog MCP Server story pushes this same theme into AI operations. AI incident response is moving from demo to production workflow. That is exciting, but the question cannot just be “is the agent smart?” The better question is “what authority does it have?”
Can it only read?
Can it write?
Can it open tickets?
Can it trigger automation?
Can it roll back?
Can it page someone?
Can it make things worse quickly and very confidently?
That is the uncomfortable part. AI incident tooling can be genuinely useful, especially during the early chaos of an incident when everyone is jumping between dashboards, traces, logs, deploy history, and Slack threads. But once an agent sits near the operational control plane, it needs the same boring guardrails as any other production automation: least privilege, audit logs, approval boundaries, rollback rules, and a clear line between recommendation and execution.
Then there is EKS customer-routed control-plane egress, which is one of those features that sounds boring until you think through the failure modes. Routing Kubernetes API server outbound traffic through your own VPC is a real win for private and regulated environments. But it also means your route tables, security groups, NACLs, firewalls, and private connectivity can now become control-plane dependencies.
That is powerful.
It is also something you bring to a design review.
The lightning round kept hitting the same idea from different angles. GitHub credential revocation is incident-response infrastructure. AWS Console Private Access pulls more operator workflow behind private network boundaries. Vercel Connect points toward short-lived, task-scoped credentials for agents instead of long-lived secrets sitting around forever. S3 annotations make object metadata more directly attached, mutable, and queryable instead of living in another side table that drifts from reality.
Different stories, same shape.
Authority keeps moving.
Trust keeps spreading.
The blast radius keeps expanding.
And that is where Marc Brooker’s post on waiting fits so well as the closer.
Your dashboards may measure averages, but your users do not experience averages. They experience the time they spend waiting. A ten-minute outage and a ten-hour outage might both count as one incident in a tracker, but they do not feel the same to the people stuck inside them. A service with a decent average can still feel terrible if users keep landing in the tail.
That is the reliability lesson underneath the whole episode.
When the system breaks, users do not experience your architecture diagram. They do not care whether it was the runtime, the database, the AI agent, the credential system, the route table, the cloud console, or the metadata layer.
They experience waiting.
Waiting for a request.
Waiting for recovery.
Waiting for a deploy to stop failing.
Waiting for a credential to get revoked.
Waiting for the control plane to come back.
Waiting for someone to find the right context.
So the practical question is not just “is this system up?”
It is also:
Where is authority hiding?
What has to work before recovery can happen?
Which defaults are trusted?
Which control-plane paths are invisible?
Which tools can make changes?
Which systems can block deploys?
Which dependencies only show up when something breaks?
And most importantly, what does this feel like from the waiting side?
Because your dashboards measure the average.
Your users feel the wait.
Extra links worth including:
containerd CRI plugin vulnerabilities / AWS security bulletin
https://aws.amazon.com/security/security-bulletins/2026-046-aws/
Datadog: PostgreSQL high availability on Kubernetes
https://www.datadoghq.com/blog/engineering/postgresql-ha-kubernetes/
AWS DevOps Agent and Datadog MCP Server
https://aws.amazon.com/blogs/devops/production-ready-autonomous-incident-resolution-with-aws-devops-agent-now-ga-and-datadog-mcp-server/
Amazon EKS customer-routed control-plane egress
https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-control-plane-egress-through-your-vpc/
GitHub self-service credential revocation for incident response
https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response/
AWS Management Console Private Access
https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/
Vercel Connect
https://vercel.com/blog/introducing-vercel-connect
Amazon S3 annotations
https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/
Marc Brooker: Waiting, latency, MTTR, and the inspection paradox
https://brooker.co.za/blog/2026/06/19/waiting.html
This week’s On Call Brief
https://learn.tellerstech.com/on-call-brief-news/2026-W26/
More Ship It Weekly episodes
https://shipitweekly.fm/