The same IPv6 transition your infrastructure team has been procrastinating on is now being weaponized by governments. On January 8, 2026, Iran's IPv6 address space dropped 98.5% while IPv4 remained intact—a surgical strike against mobile users. In this episode, we break down:- Why blocking IPv6 specifically targets mobile users (hint: carrier NAT exhaustion)- The BGP mechanics of protocol-specific blocking- "Engineered degradation" vs total blackout—the new censorship playbook- How Starlink terminals are changing the calculus for authoritarian internet control- What platform engineers need to know: protocol-specific monitoring, Happy Eyeballs testing, dual-stack resilience Plus news: Kubernetes 1.35 CSI SA tokens, HashiCorp non-human identity, CoreDNS 1.14.0, OpenTelemetry Slack analysis, AWS Route 53 Global Resolver, and kernel bug hide times. Links:- Episode page: https://platformengineering.org/podcasts/00085-iran-ipv6-blackout- Cloudflare Radar Iran: https://radar.cloudflare.com/ir- RFC 8305 Happy Eyeballs: https://datatracker.ietf.org/doc/html/rfc8305

A deep technical dive into the January 2026 Venezuela BGP route leak incident. Was it a cyberattack? The technical evidence says no - and that's actually more concerning. In this special deep-dive episode (no news segment), Jordan and Alex break down: - What actually happened on January 2, 2026 with AS8048 (CANTV, Venezuela's state ISP)- Why 10x AS-path prepending proves this was misconfiguration, not a man-in-the-middle attack- How BGP valley-free routing works and why Type 1 Hairpin leaks happen- The pattern of 11 similar leaks from CANTV since December 2025- Why your multi-region deployment doesn't protect you from BGP anomalies- RPKI, RFC 9234 OTC, and ASPA - the defenses that exist and why adoption is slow- Practical steps: Check your providers at isbgpsafeyet.com, deploy ROAs, add BGP monitoring The internet's most critical routing protocol was designed in 1989 when ~160 networks trusted each other. Now 75,000+ autonomous systems operate on that same trust model. Understanding BGP isn't just for network engineers anymore - it's essential context for anyone building on the internet. Full episode page with transcript and sources: https://platformengineeringplaybook.com/podcasts/00084-venezuela-bgp-anomaly-technical-analysis #BGP #NetworkSecurity #PlatformEngineering #InternetRouting #RPKI #Kubernetes #DevOps #SRE

Deep dive into HolmesGPT, the CNCF Sandbox AI agent that revolutionizes cloud-native troubleshooting. This episode covers what it is, its 40+ integrations, the project roadmap, and how to set it up today. News Segment: AirFrance-KLM's secure automation platform with Terraform, Vault, and Ansible AWS ECS tmpfs mounts on Fargate for secure secrets handling Qwen 30B running on Raspberry Pi - democratizing edge AI AWS European Sovereign Cloud with independent EU governance Main Topic - HolmesGPT: CNCF Sandbox project (accepted October 2025) with 1,600+ GitHub stars Agentic architecture: creates investigation task lists, queries systems, synthesizes findings 40+ built-in toolsets: Prometheus, Grafana Loki/Tempo, Kubernetes, ArgoCD, DataDog, and more Privacy-first: bring your own LLM keys, read-only access, respects RBAC End-to-end automation with AlertManager, PagerDuty, OpsGenie integration Installation options: pip, Homebrew, Helm, Web UI, K9s plugin Resources: HolmesGPT GitHub HolmesGPT Documentation Full Transcript Episode Type: full Episode Number: 83 Season: 1 Tags: HolmesGPT, CNCF, Kubernetes, root cause analysis, AI ops, troubleshooting, observability, SRE, platform engineering, Robusta, agentic AI

Docker just launched Kanvas, a visual tool that turns your architecture diagrams into deployable infrastructure. Built on Meshery (CNCF's 6th highest-velocity project), it converts Docker Compose files to Kubernetes manifests and challenges Helm and Kustomize dominance. In this episode, we explore:- The dev-to-prod gap that Kanvas solves- How Meshery Models add semantic understanding to infrastructure- Designer Mode vs Operator Mode capabilities- When to use Helm vs Kustomize vs Kanvas- Practical adoption strategies for platform teams Whether you're struggling with YAML hell or looking to lower cognitive load for developers, this episode gives you the full technical breakdown. Full transcript: https://platformengineeringplaybook.io/podcasts/00082-docker-kanvas-infrastructure-as-design #PlatformEngineering #Kubernetes #Docker #DevOps #CloudNative #Kanvas #Meshery #CNCF

The MCP server registry hit 10,000+ integrations, but most teams are running these servers on laptops. This episode breaks down the production architecture that Google, Red Hat, and AWS are converging on: remote MCP servers deployed on Kubernetes. We cover three deployment patterns (local stdio, remote HTTP/SSE, and managed), the critical difference between wrapper-based and native API implementations, and a defense-in-depth security model using dedicated ServiceAccounts, time-bound tokens, RBAC, and audit logging. In this episode:- Remote MCP is production MCP—local stdio mode is for experimentation only; team-scale access requires HTTP/SSE mode- Native API implementations (like Red Hat's Go-based server) outperform wrapper-based kubectl subprocess approaches- Defense-in-depth security: dedicated ServiceAccounts, TokenRequest API for 2-hour tokens, RBAC, --read-only mode, audit logging- Google's managed MCP covers GKE, BigQuery, GCE; self-host for internal tools and custom workflows- Q1: experiment with read-only MCP in dev cluster; Q2: adopt with proper governance; Q3: scale to production Perfect for platform engineers, sres, devops engineers with 5+ years experience evaluating mcp/ai infrastructure looking to level up their platform engineering skills. New episodes every week. Subscribe wherever you listen to stay current on platform engineering. Episode URL: https://platformengineeringplaybook.com/podcasts/00081-remote-mcp-architecture-kubernetes Duration: 27 minutes Host: Alex and Jordan Category: TechnologySubcategory: Software How-To Keywords: tool, episode, Kubernetes, kubernetes, production, remote, running, servers, architecture

AWS launched DevOps Agent at re:Invent 2025 as an "autonomous on-call engineer." But before you cancel your PagerDuty subscription, we separate marketing from mechanics. NEWS THIS EPISODE:• KubeCon Europe 2026: March 23-26 in Amsterdam, 224 sessions across 5 tracks• Platform Engineering 2026 Predictions: Agentic infrastructure becomes standard In this deep-dive episode, we cover: WHAT IT PROMISES:• Always-on AI that investigates incidents 24/7• Automatic root cause analysis across logs, metrics, traces, and deployments• Mitigation plan generation with step-by-step remediation• Integration with CloudWatch, Datadog, Dynatrace, New Relic, Splunk WHAT IT ACTUALLY DELIVERS:• Agent Spaces architecture for scoped permissions and isolated environments• Automatic topology building that discovered 42 resources in demo• Accurate diagnosis of EKS imagePullBackError in real testing• MTTR improvement from 45 to 18 minutes when properly configured THE CRITICAL LIMITATIONS:• Cannot execute fixes - humans must approve and apply every action• >40 minute gaps between events break correlation• Preview limits: 20 incident hours/month, US-East-1 only• No SOC 2/ISO 27001 compliance yet• GA pricing unknown - the "$600K question" EVALUATION FRAMEWORK:We provide a 5-question framework to decide if this fits your team, plus ideal vs wait-and-see scenarios based on your cloud footprint and incident volume. Resources and full transcript: https://platformengineering.playbook.org/podcasts/00080-aws-devops-agent-autonomous-operations

AWS doubled the core count on their flagship ARM processors with Graviton5—192 cores in a single socket, 5x L3 cache (180MB), and 3nm fabrication. We go deep on ARM vs x86 architecture, cache hierarchy latencies, NUMA elimination benefits, formal verification security proofs, and a complete migration framework with multi-arch CI/CD patterns. With 98% of top EC2 customers already on Graviton, the ARM tipping point is now. Duration: ~22 minutes This episode covers:- 192-core single socket design eliminating NUMA overhead- 180MB L3 cache enabling database working sets to fit entirely in cache- Nitro Isolation Engine with formal verification (mathematical security proofs)- Real customer results from Atlassian, Honeycomb, and SAP- 4-question framework for evaluating ARM migration- 5-point action plan for platform teams- Regional availability considerations News segment: State of Platform Engineering 2026 report shows platform engineering practices "shifting down" to mid-market companies. Episode page with full transcript and resources:https://platformengineering.org/podcasts/00079-aws-graviton5-arm-data-center

OpenTelemetry has won the instrumentation wars with 95% adoption predicted for 2026. But winning data collection doesn't solve observability's real problems: spiraling costs, signal-to-noise ratios declining, and too much distance between seeing a problem and fixing it. In this episode, we break down:• Netflix's evolution to high-cardinality analytics processing 1M+ spans per episode• The cost-control chokepoint that OTel enables for telemetry optimization• Why 40% of organizations are targeting autonomous remediation by end of 2026• How SLOs are becoming business conversations, not just engineering metrics Plus news on GitHub Actions 39% pricing reduction and Jaeger v2.14.0 legacy removal. Key takeaways:→ OTel adoption is near-universal, but 43% haven't seen cost savings→ Netflix treats observability as data engineering with Flink pipelines→ AI agents becoming first-class consumers of observability data→ Platform engineers becoming translators between telemetry and business impact Full transcript and resources: https://platformengineering.playbook.com/docs/podcasts/00078-observability-opentelemetry-2026

Why did an API key management platform abandon edge serverless for stateful containers? Unkey hit 30ms p99 cache latency when they needed sub-10ms—so they rebuilt everything on AWS Fargate. This episode covers the technical decision-making framework for choosing between serverless and containers, plus a deep dive into Kubernetes 1.35's new structured z-pages for debugging. In This Episode:- The serverless constraint: stateless = network request for every cache read- Unkey's complexity tax: Workers, Durable Objects, Queues, custom proxies- The container solution: Fargate + Global Accelerator = 6x performance- Decision framework: latency targets, data hotness, complexity budget- K8s 1.35 z-pages: JSON structured responses for compliance automation Key Statistics:- 30ms p99 cache latency before migration (target: <10ms)- 6x performance improvement after moving to containers- Self-hosting unlocked as unexpected bonus New episodes drop weekly. Subscribe to stay current on platform engineering. Links:Full show notes: https://platformengineeringplaybook.com/podcasts/00077-unkey-serverless-containers-migrationContribute: Open a PR on GitHub

Why do 73% of organizations experience outages from alerts they ignored? This episode breaks down the technical shift from reactive thresholds to SLO-driven observability. Learn multi-window burn-rate alerting patterns, AIOps implementations that actually work, and an 8-week migration path to cut alert noise by 80%. In This Episode:- The alert fatigue paradox: 2000+ weekly alerts with only 3% actionable- Technical causes: static thresholds, compound rule blind spots, alert storms- SLO-driven observability: error budgets and multi-window burn-rate alerting- AIOps patterns that work: anomaly detection, event correlation, RCA acceleration- Practical 8-week migration path from threshold alerts to signal-driven ops Key Statistics:- 73% of organizations experience outages from ignored alerts (Splunk 2025)- Teams receive 2000+ alerts weekly, only 3% need immediate action- 27% of alerts in mid-size companies are simply ignored- 80% reduction in alert noise achievable with proper SLO-based design- $5,600/minute cost of unplanned downtime New episodes drop weekly. Subscribe to stay current on platform engineering. Links:Full show notes: https://platformengineeringplaybook.com/podcasts/00076-alert-fatigue-signal-driven-observabilityContribute: Open a PR on GitHub

Platform engineers who understand security operations—secrets management, vulnerability scanning, and compliance automation—are commanding premium salaries in 2026. This episode breaks down the security ops specialty: what it includes, why organizations are desperate for it, and how to build these skills alongside your existing platform engineering expertise. In this episode:• Security ops specialty encompasses secrets management, vulnerability scanning, policy-as-code, and compliance automation• Organizations are struggling to find platform engineers with security depth—creating a supply-demand gap• The 2025 State of Secrets report shows 70% of organizations experienced a secrets-related incident• Key tools include HashiCorp Vault, Trivy, OPA/Gatekeeper, Falco, and SOPS• Building security skills alongside platform engineering creates a rare and valuable combination Perfect for senior platform engineers, SREs, DevOps engineers looking to level up their platform engineering skills. New episodes every week. Subscribe wherever you listen to stay current on platform engineering. Episode URL: https://platformengineering.org/podcasts/00075-security-ops-specialty-platform-engineers Duration: 19:05 Host: Alex and Jordan Category: TechnologySubcategory: Software How-To Keywords: security ops, platform engineering, secrets management, HashiCorp Vault, vulnerability scanning, Trivy, OPA, Gatekeeper, Falco, compliance automation, DevSecOps, shift-left security, policy-as-code, SOPS, supply chain security

The Linux Foundation announced the Agentic AI Foundation (AAIF) on December 9, 2025, bringing together AWS, Anthropic, Google, Microsoft, OpenAI, Block, Cloudflare, and Bloomberg. This episode breaks down MCP (Model Context Protocol) - the "HTTP for AI" with 97M+ monthly downloads. 📰 NEWS: Docker hardened images now free, MongoBleed CVE patch alert, Cloudflare "Fail Small" resilience plan, DORA metrics with Process Behavior Charts 🎯 Key Topics:• What AAIF and MCP mean for platform teams• MCP architecture: Hosts, Clients, and Servers• The N×M to N+M integration simplification• Security: OAuth flows, permission scopes, audit logging• Practical next steps for platform engineers 📊 Key Stats:• 97M+ monthly MCP SDK downloads• 10,000+ public MCP servers• 8 platinum members including all major AI/cloud players 🔗 Show notes: https://platformengineering.org/podcasts/00074-agentic-ai-foundation-mcp-platform-engineers #PlatformEngineering #MCP #AgenticAI #AAIF #DevOps #AI #LinuxFoundation

FinOps is becoming an essential skill for platform engineers in 2026. This episode provides a complete guide to the skills, certifications, and tools you need to add cloud cost management to your platform engineering toolkit. 📰 News Segment:• GPG.fail documents 14 critical GnuPG vulnerabilities - check your signing tools• MongoBleed CVE-2025-14847: Critical MongoDB exploit - patch immediately• The Dangers of SSL Certificates: Catastrophic failure modes in automation• Google Multi-Cluster Orchestrator: Cross-region K8s management (KubeCon 2025)• GPG cleartext signature parsing vulnerabilities found 💡 Key Takeaways:• Platform teams own 70%+ of cloud spending decisions• FinOps + Platform Engineering = $175K+ compound skill premium• Senior FinOps Engineers average $150K, top earners reach $250K• 76% of organizations are increasing FinOps investment• New certifications: FinOps for AI (March 2026), FinOps for Containers 🎯 Skills Covered:• Tier 1: Cloud billing data, K8s cost allocation, unit economics• Tier 2: FOCUS specification v1.3, OpenCost/Kubecost, showback/chargeback• Tier 3: Automated rightsizing, committed use discounts, AI workload optimization 🔗 Resources:• FinOps Foundation: finops.org• OpenCost (CNCF): opencost.io• FOCUS Specification: focus.finops.org• Episode page: platformengineering.org/podcasts/00073-finops-2026-platform-engineers-guide #FinOps #PlatformEngineering #CloudCost #Kubernetes #DevOps #CNCF #OpenCost

Platform engineers are commanding $172K-$207K in 2026, a 13-27% premium over DevOps roles. This episode breaks down salary benchmarks from Dice, Motion Recruitment, and Levels.fyi, revealing which skills are S-tier ($200K+) and which are table stakes. We cover:- Platform Engineer vs DevOps salary gap (13-27% premium)- S-tier skills: LLM/GenAI ($195K-$312K), Platform Engineering, DevSecOps, MLOps- A-tier skills: Kubernetes + CKA, Go/Golang, FinOps, OpenTelemetry- Entry-level hiring crisis (-25% to -50% at major tech)- Geographic salary shifts: Atlanta +13.9%, Silicon Valley -7.3%- Top certification ROI: CKA, CNPE, FinOps Practitioner Listen for actionable recommendations on which skills to prioritize in 2026 based on your current career level. Episode page: https://platformengineering.org/podcasts/00072-platform-engineering-salary-skills-2026

The series finale of our five-part Platform Engineering 2026 Look Forward Series. We synthesize everything from agentic AI operations, mainstream adoption, developer experience metrics, and boring Kubernetes into ten concrete predictions for 2026. Learn what to invest in versus ignore, and discover our 2026 platform engineering thesis. In this episode:- High confidence predictions: IDP market consolidates into 3 tiers, AI-assisted operations becomes table stakes, policy-as-code becomes table stakes- Medium confidence predictions: Talent gap peaks H1 2026 then stabilizes, "Platform team of one" becomes technically viable- INVEST IN: Developer experience measurement, self-service capabilities, golden paths, AI-assisted incident response- 2026 thesis: Invisible infrastructure, measurable experience, AI-augmented (not AI-replaced), product thinking 📰 News Segment:• KEDA v2.18.3 & v2.17.3 releases• Google Agent Development Kit for TypeScript• NIST Atomic Clock Failure at Boulder CO Perfect for platform engineers, engineering leaders, and DevOps practitioners looking to level up their platform engineering skills. Episode URL: https://platformengineeringplaybook.com/podcasts/00071-platform-engineering-predictions-2026 Duration: 17 minutes Host: Jordan and Alex Category: TechnologySubcategory: Software How-To Keywords: platform engineering, 2026 predictions, IDP, AI operations, GitOps, policy-as-code

The best thing happening to Kubernetes in 2026 is that it's becoming boring. After a decade of explosive innovation, Kubernetes is entering its "mature infrastructure" phase - stable, predictable, and increasingly invisible. Like Linux and PostgreSQL before it, boring Kubernetes enables platform teams to build abstractions without worrying about breaking changes. Part of the Platform Engineering 2026 Look Forward Series. In this episode:- Boring infrastructure is mature infrastructure - Linux and PostgreSQL became boring, then conquered the world- K8s 1.32-1.35 pattern: incremental stability, small refinements, no paradigm shifts- Innovation is moving up the stack: kro, Crossplane, and composition tools building on stable K8s foundation- The "just use managed Kubernetes" consensus has won - EKS/GKE/AKS handle 90% of operational concerns Perfect for platform engineers, engineering leaders, and DevOps practitioners looking to level up their platform engineering skills. Episode URL: https://platformengineeringplaybook.com/podcasts/00070-kubernetes-boring-era-2026 Duration: 15 minutes Host: Jordan and Alex Category: TechnologySubcategory: Software How-To Keywords: Kubernetes, boring infrastructure, kro, Crossplane, platform engineering, EKS, GKE, AKS

DORA metrics revolutionized how we measure DevOps performance, but they have a critical blind spot: they tell you how your delivery pipeline is performing, but not how your people are doing. This episode explores the SPACE framework, DX Core 4, cognitive load measurement, and the HEART framework for platform teams. Part of the Platform Engineering 2026 Look Forward Series. In this episode:- DORA tells you the what but not the how or the at what cost - teams can hit every DORA metric while engineers burn out- SPACE framework: Satisfaction, Performance, Activity, Communication, and Efficiency - five dimensions of developer productivity- DX Core 4: Speed (diffs per engineer), Effectiveness (DXI survey), Quality (change failure rate), Impact (% time on new features)- Five-metric starter pack for 2026: Deployment Frequency, Lead Time, DXI Score, Time to First Deployment, % Time on New Features Perfect for platform engineers, engineering leaders, and DevOps practitioners looking to level up their platform engineering skills. Episode URL: Developer Experience Metrics Beyond DORA Duration: 14 minutes Host: Jordan and Alex Category: TechnologySubcategory: Software How-To Keywords: developer experience, DORA, metrics, SPACE framework, DX Core 4, cognitive load, platform engineering

Episode 2 of our 5-part "Platform Engineering 2026 Look Forward Series" examines the macro trend: platform engineering crossing the chasm to mainstream adoption. Gartner predicts 80% of software engineering organizations will have platform teams by 2026. The CNPE certification launched at KubeCon 2025. But there's a 56% talent gap and nearly half of initiatives run on under $1M annually. We address the "DevOps rebranding" debate with a 5-question litmus test:1. Do you have internal customers (developers)?2. Do you measure developer satisfaction?3. Do you have a product roadmap?4. Can developers self-serve without tickets?5. Do you deprecate platform features? Key statistics:- 55% adoption in 2025 (Google), projected 80% by 2026 (Gartner)- Average PE salary: $172k (range $143k-$201k)- 55% of platform teams are less than 2 years old- Team sizing benchmark: 3.5% to 19% of engineering headcount Platform engineering isn't just trendy - it's becoming table stakes. The question isn't IF you'll adopt it, but HOW WELL. #PlatformEngineering #DevOps #SRE #CloudNative #CNPE #InternalDeveloperPlatform #2026Predictions #Gartner

Episode 1 of our 5-part "Platform Engineering 2026 Look Forward Series" tackles the hottest debate in platform engineering: will AI agents replace us or amplify us? AWS Frontier Agents can reason across 30+ steps. The MLOps market hits $129 billion by 2028. Netflix AI triage cuts MTTR by 40%. But where are the hard limits? We introduce the 60/30/10 Framework:- 60% Delegate: Log analysis, runbook execution, cost optimization- 30% Augment: Incident response, capacity planning (AI suggests, human confirms)- 10% Guard: Architecture decisions, security posture, novel failures The key insight: the 20% AI can't do is 80% of the value. Five action items for 2026:1. Audit your runbooks for automation candidates2. Pilot AI agents on low-risk, high-volume tasks3. Build the guardrail muscle4. Invest in AI orchestration skills5. Track the last mile gap Platform engineering isn't becoming obsolete - it's evolving. The engineers who embrace AI agents will pull ahead of those who resist. https://platformengineering.org/podcasts/00067-agentic-ai-platform-operations-2026 #PlatformEngineering #AgenticAI #MLOps #DevOps #SRE #AWSFrontierAgents #CloudNative #2026Predictions

The CNPE (Certified Cloud Native Platform Engineer) exam launched November 11, 2025 at KubeCon Atlanta, becoming the first hands-on platform engineering certification in five years. This deep dive covers exam format, all five domains, and a complete study guide. Key Points:• CNPE is hands-on: 17 tasks in 2 hours, 64% pass score• Five domains: GitOps/CD (25%), Platform APIs (25%), Observability (20%), Architecture (15%), Security (15%)• BACK stack: Backstage, Argo CD, Crossplane, Kyverno• Golden Kubestronaut requires CNPE after March 2026• Career impact: Platform engineer salaries $160K-$220K Resources:• Episode page: https://platformengineering.org/podcasts/00066-cnpe-certification-study-guide• CNPE Exam: https://training.linuxfoundation.org/certification/certified-cloud-native-platform-engineer/• CNCF Platforms White Paper: https://tag-app-delivery.cncf.io/whitepapers/platforms/ #CNPE #PlatformEngineering #Kubernetes #CNCF #Certification #DevOps #CloudNative #ArgoCD #Crossplane #Backstage #Kyverno