containerd CRI Vulnerabilities, Datadog PostgreSQL HA on Kubernetes, AWS DevOps Agent with Datadog MCP Server, EKS Control Plane Egress, and Why Users Feel the Wait
JUN 26, 202619 MIN
containerd CRI Vulnerabilities, Datadog PostgreSQL HA on Kubernetes, AWS DevOps Agent with Datadog MCP Server, EKS Control Plane Egress, and Why Users Feel the Wait
JUN 26, 202619 MIN
Description
<p>This week on <strong>Ship It Weekly</strong>: containerd disclosed a batch of CRI plugin vulnerabilities, Datadog tested PostgreSQL high availability on Kubernetes and found that failover is not useful if it cannot happen safely, AWS DevOps Agent and Datadog MCP Server moved AI incident response closer to real production workflows, and Amazon EKS added customer-routed control-plane egress.</p><p>The bigger theme: the control plane keeps getting wider. Runtimes, databases, incident agents, API-server egress, credentials, the cloud console, and object metadata are all becoming part of the production blast radius. And when something breaks, users do not experience your architecture diagram. They experience waiting.</p><p>In the lightning round, Brian covers GitHub self-service credential revocation for incident response, AWS Management Console Private Access without internet connectivity, Vercel Connect and short-lived agent credentials, and Amazon S3 annotations.</p><p><strong>Links</strong></p><p>containerd CRI plugin vulnerabilities / AWS security bulletin <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/2026-046-aws/">https://aws.amazon.com/security/security-bulletins/2026-046-aws/</a></p><p>Datadog: PostgreSQL high availability on Kubernetes <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.datadoghq.com/blog/engineering/postgresql-ha-kubernetes/">https://www.datadoghq.com/blog/engineering/postgresql-ha-kubernetes/</a></p><p>AWS DevOps Agent and Datadog MCP Server <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/devops/production-ready-autonomous-incident-resolution-with-aws-devops-agent-now-ga-and-datadog-mcp-server/">https://aws.amazon.com/blogs/devops/production-ready-autonomous-incident-resolution-with-aws-devops-agent-now-ga-and-datadog-mcp-server/</a></p><p>Amazon EKS customer-routed control-plane egress <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-control-plane-egress-through-your-vpc/">https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-control-plane-egress-through-your-vpc/</a></p><p>GitHub self-service credential revocation for incident response <a target="_blank" rel="noopener noreferrer nofollow" href="https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response/">https://github.blog/changelog/2026-06-24-self-service-credential-revocation-for-incident-response/</a></p><p>AWS Management Console Private Access <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/">https://aws.amazon.com/about-aws/whats-new/2026/06/aws-management-console-private/</a></p><p>Vercel Connect <a target="_blank" rel="noopener noreferrer nofollow" href="https://vercel.com/blog/introducing-vercel-connect">https://vercel.com/blog/introducing-vercel-connect</a></p><p>Amazon S3 annotations <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/">https://aws.amazon.com/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects/</a></p><p>Marc Brooker: Waiting, latency, MTTR, and the inspection paradox <a target="_blank" rel="noopener noreferrer nofollow" href="https://brooker.co.za/blog/2026/06/19/waiting.html">https://brooker.co.za/blog/2026/06/19/waiting.html</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief-news/2026-W26/">https://www.tellerstech.com/on-call-brief-news/2026-W26/</a></p><p>More episodes and full show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.shipitweekly.fm">https://www.shipitweekly.fm</a></p>