Seeking Advice on Managing Non-Human/Workload Identities in DevOps Workflows



Hi everyone,

A bit about me: I’m an IAM (Identity and Access Management) Engineer with experience in enterprise identity management, focusing on challenges like onboarding, offboarding, and JML (Joiners-Movers-Leavers) processes.

Over the last few months,, my work has shifted significantly toward managing non-human identities (workload identities) and Cloud Resource IAM. I’ll admit, I’m feeling a bit out of my depth here and would love some advice.

How do you all handle identity management in your DevOps workflows? Specifically:
- What strategies or best practices do you follow for non-human/workload identities?
- Are there any IGA (Identity Governance and Administration) tools you recommend for this space?

Any insights, tips, or resources would be greatly appreciated!



https://redd.it/1ibn9zz
@r_devops

Platform engineering LinkedIn Recruiters

I have been getting approached by various recruiters on LinkedIn over the last 6 months. Must have sent my CV to at least 30 recruiters for 30 different roles. Only 2 recruiters actually pulled through what they said and got back in touch with me after I sent my CV. Both of these roles resulted in me getting offers of £110K eventually but I had to reject due to personal reasons. However, REST all recruiters just ghosted me after receiving my CV. Did anyone else experience similar on LinkedIn?

I do think I have valuable experience to offer so I am surprised that most of the recruiters just ghosted me after taking my CV. It makes me wonder, if my skillset is really not good enough for a £110K job and if I just got lucky with the 2 roles I had offer for?

Here is some overview of my skillset and experience:

- Kubernetes experience 7+ years (OnPrem bare metal, EKS and GKE)

- Terraform experience (6+ years)

- CI/CD (7+ years)

- Programming (Python and JavaScript 8+ years, Go (5+ years)

- Frontend development (Angular mainly 5+ years)

- Over the last year I have built few home grown Gen AI solutions using LangChain and Google Vertex so have some experience with Gen AI as well

- Cloud experience (GCP and AWS both 7+ years)

https://redd.it/1ibmbr5
@r_devops

Pick a Cloud

As someone trying to get into DevOps, everything seems to show a few things that need to be learned with it tailored towards one's local market. Everything I've found gives three cloud choices, AWS, Azure, and Google. When I looked on LinkedIn, my area's demand is for Oracle. Does anyone know any good resources for this outside of Oracle's site?

https://redd.it/1ibr66z
@r_devops

DevOps career advice

I have been working as a Platform engineer since 2017 in the UK, currently I am on a salary of £90K per year. Just wanted to get some thoughts on whether I am getting underpaid for my experience and skillset and should I be looking elsewhere or am I on the right salary so should continue to work where I am and build more experience and then look for a salary jump few years later?

Here is some overview of my skillset and experience:

- Kubernetes experience 7+ years (OnPrem bare metal, EKS and GKE)

- Terraform experience (6+ years)

- CI/CD (7+ years)

- Programming (Python and JavaScript 8+ years, Go (5+ years)

- Frontend development (Angular mainly 5+ years)

- Over the last year I have built few home grown Gen AI solutions using LangChain and Google Vertex so have some experience with Gen AI as well

- Cloud experience (GCP and AWS both 7+ years)

https://redd.it/1ibkbz5
@r_devops

Terraform Question

Hey Everyone, I am about 5 months in as a recruiter for DevOps. I wanted to come here and ask you guys, what are the key benefits of using Terraform? I know its for infrastructure provisioning - but could someone explain why it's important as if i was 5 years old?

I want to be able to sell candidates better that have a strong Terraform background :)

https://redd.it/1ibsqlp
@r_devops

Best CircleCI course on Udemy/Youtube etc?

I’m looking to expand my knowledge of CircleCI and was wondering if anyone could recommend the best course to get started. Also, does anyone have suggestions for a CDCI solution on AWS? Specifically, one that is scalable and works well for multiple deployment type/tech stack etc on AWS. Thank you in advance!

https://redd.it/1ibtbal
@r_devops

Does AWS charge differently for video streaming at different resolutions (1080p, 720p, 240p)?

Hi everyone, I’m a newbie in devops exploring AWS and today randomly had a question in my mind about video streaming costs. If I upload my videos to AWS and someone accesses them in different resolutions like 1080p, 720p, or 240p, will my costs increase based on the resolution they select? Or does the bandwidth usage remain the same regardless of the quality?

I’d really appreciate it if someone could explain how this works and help me understand the cost implications for streaming videos on AWS.

https://redd.it/1ibxuob
@r_devops

Funny cost-saving Strategies That Go Beyond Shutting Down EC2/RDS Instances

Nowadays, no one is surprised by cost-saving practices like shutting down or hibernating unused EC2/RDS instances. However, I recently stumbled upon something that truly surprised me: on one of my projects, certain non-production environments are disconnected from monitoring systems during off-hours to save costs.

At first, it sounded a bit counterintuitive. Disabling monitoring, even for non-prod environments, felt like cutting visibility into potential issues or trends.

Tell us about your funny examples of saving money?

https://redd.it/1ibyxul
@r_devops

Is it really worth making an investment in "Software Engineering Intelligence Tools" like Jellyfish, LinearB?

Share your experience with the SEI tool you are using.

https://redd.it/1ibzpcv
@r_devops

How much do you charge for your Oncall duties?

Hi guys, I just wanted to hear about how you structured your oncall duties at work, and how much are you being paid for it, specifically I'm looking for the Western Europe prices.

Thanks,

Tom

https://redd.it/1ic0thr
@r_devops

Blaze-cicd : setup fully functional CI/CD pipeline in minutes.

Blaze CI/CD is a Command Line Interface (CLI) tool designed to automate the creation of production-ready CI/CD pipelines. The tool integrates with Kubernetes, Docker, DockerHub, GitHub, GitHub Actions, and ArgoCD to provide a seamless setup experience. Users provide essential details such as project name, API keys, and application configurations, and the tool handles the creation of namespaces, repositories, and CI/CD pipelines.

**Automated Pipeline Creation**: Automates the setup of CI/CD pipelines using Kubernetes (`kubectl`), Docker, GitHub, and ArgoCD.

* **YAML Configuration**: Users provide project and application details via a YAML configuration file that will be used to construct the entire CI/CD pipeline with a single command.
* **Multi-Service Integration**: Integrates with DockerHub, GitHub, and ArgoCD to create repositories, projects, and applications. Can handle pipelines for multiple services.
* **CLI Interface**: Simple command-line interface with `init` and `build` commands.
* **Minimal Setup**: Other than configuring `kubectl`, Python, installing the package, and providing API keys, there are no additional steps other than filling out the `config.yaml`.
* **Graceful Degradation**: Blaze CI/CD ensures robust pipeline creation by verifying the existence of resources at each step. If a resource (e.g., repository, project, or application) already exists, Blaze skips its creation to avoid redundancy. If a resource is missing, it creates it automatically.

home page : [https://github.com/ARAldhafeeri/Blaze-cicd](https://github.com/ARAldhafeeri/Blaze-cicd)

demo : [https://www.youtube.com/watch?v=adJs7MtegCw](https://www.youtube.com/watch?v=adJs7MtegCw)

https://redd.it/1ic1rov
@r_devops

Can someone please help with a difficult azure pipeline YAML issue I'm facing?

I've been hitting my head on this for 4 hours, I can't seem to see what is wrong with this code. It seems to follow the MS documentation and LLMs also tell me it is correct.

However, when running the pipeline, I'm getting this error:

> The pipeline is not valid. ... references service connection $(azureSubscription) which could not be found.

The variables I have defined at the job level are not being recognised, they are being treated as literals, i.e. it is trying to find a subscription called "$(azureSubscription)".

My pipeline code is this:

trigger:
- main

extends:
template: deploy-template.yml
parameters:
buildConfiguration: 'Release'

The template code is this:

parameters:
- name: buildConfiguration
type: string
default: ''

stages:
- stage: buildstage

pool:
vmImage: ubuntu-latest

jobs:
- job: buildjob

variables:
azureSubscription: 'name of our subscription'
buildConfiguration: '${{ parameters.buildConfiguration }}'

steps:

(couple of tasks here)

- task: AzureRmWebAppDeployment@4
displayName: 'Deploy to slot'
condition: succeeded()
inputs:
ConnectionType: 'AzureRM'
azureSubscription: '$(azureSubscription)'
appType: 'webApp'
(etc)

All the documentation says this should work, i.e. '$(azureSubscription)' should resolve to 'name of our subscription', but it is not and is apparently being treated as a literal. This is also happening with other variables (not shown here for simplicity) so the entire "variables:" section doesn't seem to work?

Does anyone have any insight into why this is happening? Would really appreciate some help as I've been trying to work this out for hours. 😅

https://redd.it/1ic3kjm
@r_devops

Infrastructure diagram to Terraform code tool

Hello everyone, I’ve posted here a couple of times about a tool I created that lets you build AWS infrastructure using a visual diagram, similar to draw.io, and generate Terraform code from it.

Previously, there was a major limitation: you could generate infrastructure resources like databases or Kubernetes clusters, but you couldn’t integrate any application code. Now, I’ve developed a mechanism to address this.

For now, only AWS Lambda functions are supported. You can visually link them to other AWS resources, and all necessary IAM permissions and network configurations will be automatically created for you.

The tool is as before free to use and publically available,  if you are interested you I would love to hear any feedback: https://archformation.com/

https://redd.it/1ic4psh
@r_devops

Unified automated platform design

Hi All!
I’ve been working as a DevOps/SRE engineer for about two years now. When I started at my current company, there wasn’t much of a foundation for infrastructure, which made automating things pretty challenging.

I’ve always dreamed of building a “plug-and-play” platform that ties everything together, but sometimes I feel like my lack of experience or knowledge about tools limits what I think is possible.

The idea is to create a platform that brings together all the tools my team uses for code, infrastructure, secrets, and monitoring into one simple, automated system..

Here’s how it would work:

1. **Central Repository**: A main GitLab project uses Terraform to create and manage all other repositories with the same setup and rules.
2. **Automation for New Repositories**:
* Each new repository gets pre-configured pipelines for building, testing, and deploying code.
* Also Vault gets automatically set up to secure secrets like passwords and tokens for each project, it would create new storage paths in vault for that specific repository
3. **Service Integration**:
* New services register themselves with Consul for easy discovery. (I have one single job in Prometheus using consul for the discovery of services)
* Prometheus and Loki collect metrics and logs from these services.
* It creates a Grafana dashboards to monitor the metrics collected.

My plan gets up to this point.
Now, my questions are:
How reliable or feasible would that plan be?
Am I overthinking or trying to create the impossible ultimate unified system?
If it's possible, are there any other methods or tools I can implement to make it even more efficient?

Thank you!!

https://redd.it/1ic4gn0
@r_devops

Having trouble setting up DKIM record on Mailjet for domain with GoDaddy

I've set up the SPF record for Mailjet last week and that propagated within 5 minutes. But for the DKIM record, I keep seeing this:

There seems to be an error with your DomainKey record.

I've waited 48 hours twice now, although I've never seen anything take longer than 30 minutes to propagate in the past. Any ideas what the issue could be?

https://redd.it/1ic85r7
@r_devops

Best CI/CD tools for AWS ?

Does anyone have suggestions for a CDCI solution on AWS? Specifically, one that is scalable and works well for multiple deployment type/tech stack etc on AWS. Thank you in advance!

https://redd.it/1ic9w2t
@r_devops

SSL error incognito for 301 redirects

I have one domain, "example.com"

it's using cloudfront and serving the world through cloudflare.
so the A record is as below-
name: example.com
value: 4.4.4.4 (dummy ip)

and cname is-
name: www
value: cloudfront.net (which has ssl)

and I have set page rules as below-
example.com/\* 301 permanent redirect forward to https://www.example.com/$1
also, Always Use HTTPS is enabled
but, when i input example.com in my browser incognito, it is hitting http and giving --
example.com doesn’t support a secure connection
You are seeing this warning because this site does not support HTTPS and you are in Incognito mode.

but without incognito it redirects and works fine. It happens only in chrome and edge incognito, why?

https://redd.it/1icb8h8
@r_devops

Title: Need Suggestions for a DevOps/Cloud Project to Work on for the Next 10 Weeks (Will Put on Resume)

Hey everyone,

I’m a Computer Science Engineering student, and I’ve been tasked with completing a DevOps/Cloud project over the next 10 weeks. This project will go on my resume, so I want it to be meaningful, practical, and something that helps me learn key skills in DevOps and cloud technologies.

I’m looking for suggestions on project ideas that are:

1. **Beginner to Intermediate friendly** (I have some knowledge of DevOps tools and cloud platforms, but I’m not an expert).
2. **Relevant to industry standards** (something that recruiters would find impressive).
3. **Scalable** (so I can start small and add features as I learn more).
4. **Uses popular tools/platforms** (e.g., AWS, Azure, GCP, Docker, Kubernetes, Jenkins, Terraform, Ansible, etc.).

Here are a few ideas I’ve been considering:

* **CI/CD Pipeline for a Web Application**: Set up a CI/CD pipeline using Jenkins/GitLab CI/GitHub Actions to deploy a web app on a cloud platform.
* **Infrastructure as Code (IaC)**: Use Terraform or CloudFormation to automate the provisioning of cloud infrastructure.
* **Containerized Microservices**: Build a simple microservices-based app, containerize it with Docker, and deploy it using Kubernetes.
* **Cloud Monitoring and Logging**: Set up monitoring and logging for a cloud-based application using tools like Prometheus, Grafana, and ELK Stack.
* **Serverless Application**: Build a serverless app using AWS Lambda, API Gateway, and DynamoDB.

I’d love to hear your thoughts on these ideas or any other suggestions you might have. If you’ve worked on similar projects, I’d also appreciate any tips or resources that helped you along the way.

Thanks in advance!

**TL;DR:** Need project ideas for a 10-week DevOps/Cloud project that I can put on my resume. Open to all suggestions!

https://redd.it/1icbuoo
@r_devops

How do you handle your deployments in a multi-repo architecture?

Hi everyone,
 
I’m looking to chat with people handling deployments and GitHub administration in teams managing tens of repositories (often linked to microservices). I’ve built an internal web platform to make multi-repo deployments more manageable, and I’m trying to check if there’s interest in opening it up. The idea is being able to assess whether what I’ve built is “shareable” or too specific for my current business.

At my company, we manage around 50 microservices, each with its own GitHub repository, versioning, and release cycle. Sometimes, we need to coordinate deployments across multiple services, which led me to develop an internal web platform that:
- Aggregates into a single place changelogs from merged pull requests for all GitHub repos (services)
- Allows me to orchestrate tag-based releases and service promotions across environments with a single button.

As an example: if a feature being built impacts 4 repos, I will simply extract all the changelogs, present them and ensure with QA that they’re tested, and then promote the versions of the 4 given repos (you can’t just run continuous deployment on some changes, especially in regulatory environments if the change implies fiscal or regulatory topics for example).

These features bring me better visibility into what’s being deployed, which makes it easier to discuss release content with management. Through this platform I also enforce repository configurations that GitHub doesn’t fully support at the org level (and need to be enforced on each repo individually).

I’d love to hear from others who deal with similar challenges. How do you manage multi-repo deployments? Would a tool like this be useful in your workflow? If you’d be down for a quick chat that’d be awesome.


https://redd.it/1icd9ol
@r_devops

Slow work for new work?

Junior level here, boss is on parental leave so it is expediting the plans to have me be more independent / lead things as he mentioned this was the idea.

I am taking some initiative on things and also getting requests from developers. I assist when i can. Although I noticed with new initiatives, it takes me a while to get things rolling and i dont have a lot on my plate for the daily stand up - at least at the moment. I feel like crap cause when it is my turn, i do provide updates, but sometimes I get stuck for days on end. Googling things, etc. It went from a two man team to a one man team.

For example,, this new intiative, I have almost completed the POC, but I can’t get the damn authenticating working. Stuck on it for 2 days. Tomorrow is another day of updates where i dont have a lot to provide. Should I be happy with how far I’ve come alone, or drown in my damn wrk. I literally have no one else to talk to regarding work. Small shop, so principal/senior engineers, any advice?

https://redd.it/1iccigl
@r_devops

Can Keycloak be provisioned beforehand as opposed to using the UI?

I was wondering if there is any documentation or tutorial as to whether it is possible to provision a Keycloak container beforehand through some files?

I was planning to create some jinja2 template to create a file that can then be mounted into a keycloak instance and I can get the realms, users, groups and all the shebang configured without doing a lot in the UI, because I find the UI a bit tediuous.

I am using ansible and was wondering if someone knows what the provisioning file should look like

https://redd.it/1icdosv
@r_devops