CTO wants me to start DevOps initiatives, where do I even start?

The place is a fintech firm but their tech is behind in terms of best practices since the main business isn't software. They finally have run way to start handling their technical debt.

Some remarks from other developers:
- Terrible developer onboarding, long time to get apps running locally
- Outdated design docs without a process to update them upon feature changes - word docs, confluence
- Releases used to be on weekends but now happen every 2-3 days
- Developers want the process to be more streamlined but haven't talked to them to understand what that means

Their tech stack:
- Datadog for tracing
- AWS
- Ruby on rails
- Python

Any low-hanging fruit and domains to deep dive to get started? Any good questions to conversations on? My DevOps role seems pretty open so as long I'm making the developer's life easier then it'll make my life easier. Trying to catch up on all the automation tools available. I'm a past developer hired to be on the support side and basically starting up their support ops team. They have a sister dev support ops team but they're based in india.

https://redd.it/1j42mwi
@r_devops

How Does Your Team Handle Prometheus Alerts? Manual vs. Automated

Does your team write Prometheus/Grafana alert rules manually, or do you use an automated tool? If automated, which tool do you use, and does it work well?

Some things I’m curious about:

1. How do you manage and update alert rules at scale?
1. Do you struggle with alert fatigue or false positives?
1. How do you test and validate alerts before deploying?
1. What are your biggest pain points with Prometheus/Grafana alerting?

Would love to hear what works (or doesn’t) for your team!

https://redd.it/1j41plm
@r_devops

First time DevOps Engineer - any advice?

Hey all. I've worked before as IT Support, QA and Sysadmin and finally landed a job as Junior DevOps, which I felt really lucky and extremely lucky to get.

It's a company with around 1000 members, with dedicated DevOps team.

I have some knowledge with networking, feeling more and more comfortable with AWS, played a bit with Terraform. but haven't grasp much yet with Ansible and k8s - aaand I know I have shitload of stuff to learn, but I am prepared for it. I also know that things can get stressful.

Do you have any advice or tips for first weeks and months? Some pitfalls, traps?

https://redd.it/1j440eb
@r_devops

dnsdist over TLS timing out with my setup on GKE

I used BIND9 to create a DNS server in Kubernetes that forwards traffic to Cloudflare DNS and handles few endpoints, and attached it to a Load Balancer on UDP port 53 and assigned a public IP to it, it works fine with the dig command and am able to hook it to my network.

But then I introduced dnsdist to have DNS over TLS and to properly use a hostname for the DNS server instead so had the BIND9 Load Balancer converted to a ClusterIP and configured dnsdist to forward to it and listen on port 853 and 53 both, for 853 I enabled TLS and used certbot to generate the certificate and key using the Cloudflare plugin where I have my domain and I intend to create the A record for it as follows dns.example.com of course not proxied (DNS only).

The certificate and key are valid and are mounted correctly to the container, I double-checked with openssl and everything is fine there, I allowed dnsdist ACL access from 0.0.0.0 and made firewall rules for my VPC to allow ingress connections on ports 53 and 853.

Now, when I run:
dig @ dns.example.com google.com it works perfectly fine!

However with:

dig @ dns.example.com google.com +tcp I get a timeout?

Can someone elaborate on what could the problem be?

https://redd.it/1j42rw9
@r_devops

How long did it take you to become a dev ops engineer and how did you get there?

How long did it take in your career to make it to dev ops. I'm 29 going on 30. I've been in IT help desk for 3 years now I am a consultant basically a tier 1.5 at my job not a tier 2 and not a full tier 1. We have half tiers at my job. I am going to WGU for a software engineering degree and I'm 53 percent done. I want to get into dev ops but it seems nearly impossible my career does not advance at all. I feel stuck and can't figure out why I want to be a dev ops engineer.

https://redd.it/1j47yag
@r_devops

How do I deal with an annoying, entitled coworker who won’t leave me alone making my job hell?

Hello Everyone,

I’m a DevOps engineer, and I have this coworker who’s driving me insane. He’s lazy, clueless, entitled, and somehow managed to land this job by lying about his skills. He didn’t even study CS—he just jumped into tech because he couldn’t find a job in his original field.

# Here’s why he’s unbearable:

Acts like he knows everything but actually knows nothing – He argues about tech he clearly doesn’t understand, contributes almost nothing when we get tasks, and instead of actually working, he just asks me to share my screen so he can "learn" while I do everything.
Cheap and hypocritical – Constantly shits on my certifications, saying stuff like "certs are useless," "why do you even study for those?" or "how many certs do you need?"—yet he spends his time desperately trying to get free vouchers instead of actually learning.
Nosy and gossipy – He constantly talks about other people’s business, telling me what’s going on between seniors, managers, and other teams. It’s unprofessional and just plain annoying.
Brings up religion, politics, and other cringe topics – He thinks he's funny, but he's not. I have zero issues with anyone else in my team or even other teams, but this guy just won’t shut up about irrelevant stuff.
Procrastinates and leeches off me – He acts like he’s doing me a favor by doing his own job – He pretends that his assigned tasks are somehow helping me, even though they’re his responsibility, not mine. Then, he uses that as an excuse to ask for my help whenever he’s busy wasting time on irrelevant crap. I don’t get paid to do his job for him. To make it worse, he constantly lies about what he’s done, taking credit for things he barely contributed to or didn’t even work on.
Doesn’t take a hint – I stay polite and professional, yet he constantly complains that I’m "too strict" with him, even though I treat him like any other coworker.

I genuinely enjoy my job, have great relationships with my seniors and other departments, and help out wherever I can. But this one guy is making my work life miserable.

I don’t want to babysit him, and I don’t want to cause drama, but he’s seriously pushing me to my limits. The job market isn’t great, so I can’t just leave right now.

# How do I get him to back off without making my work life hell?

Has anyone dealt with a coworker like this before? Would appreciate any advice on how to handle this situation.

https://redd.it/1j49b5v
@r_devops

Failing in devops role

I have over 10 years of experience. Started a application consultant then moved to cloud infra migration projects. Due to the demand of upskilling and sudden shift i learnt k8s, terraform, devops by myself. Got deployed to a devops project. But here everything looks like a mess or i feel like am unable to keep up.

Random tasks got assigned, for eg, need to do a modifications for a cloud service which am not familiar,when asked the team about how the workflow of the services, nobody knows it. The guy who implemented it had left the team is the reply i got. Another one is related to some issue in the CI which i don't know hot to debug it. The team am working is not corporative. They will assure you that we will help each other but the next day they will question us only like why it got delayed.

I feel like i don't have the skill, i am thinking of moving to a cloud architect role or customer sucess role as I had good background in cloud transition projects.

https://redd.it/1j4ausq
@r_devops

Automating VM creation

Hi,

I want to use Vagrant with KVM/QEMU to automatically create VMs with different hardawre emulated and open a browser on them when they boot. I would like to not have to go through the system installation every single time a new VM is set up. What would be the correct way to do it? I have come across Veewee and it looks like it can take any iso file for a template, would it work if i were to set up let's say debian 12 manually first and convert it to an iso file? I am also worried about internet connection since I don't think a new IP would be assigned from KVM's DHCP when i bring up a second VM.

https://redd.it/1j48i5b
@r_devops

Deploy to VPS without SSH

I am using Terraform and Docker Swarm to deploy my application stack on a VPS.

I'm looking for a way of doing that from my pipeline, but I don't have an SSH key as the server might not exist yet or the SSH (private) key changed since the last deployment.

Is there a way of using Terraform ONLY to execute code remotely without having it create a whole new server or is there another way in which I can deploy my application stack from GitHub Actions without knowing the servers SSH credentials?

The trigger for a deployment to the test environment is a merge to master, by the way. I was thinking something that triggers a `docker stack deploy` from my GitHub action, but I cannot find anything that triggers this remotely.

PS: I'm not a fan of pull-based approaches like Watchtower polling for the newest image. I prefer deploying from my actions when I merge :)

https://redd.it/1j4e1l3
@r_devops

What are some of the most advanced things you have learned in the last 5 years?

What are some of the most advanced things you have learned in the last 5 years? I am interested to learn what I might be able to learn on my own in the coming years. Feel free to share.

https://redd.it/1j4gjb8
@r_devops

Get your Free AWS Practitioner & Assosiation Certifications Exams

For those who still don't know...

How to Earn a Free AWS Certification:

1 Join AWS Educate: Sign up for AWS Educate => AWS Educate

2 Earn an AWS Educate Badge: Complete a course to earn an official AWS badge. Fastest option: Introduction to Generative AI (1 hour).

3 Get Invited to AWS Emerging Talent Community ( AWS ETC): Once you earn your badge, you'll get an email confirmation and an invite to AWS ETC

4 Earn Points to Unlock Your Free Exam Voucher: Earn points by completing activities like watching tutorials and quizzes.

4,500 points = Foundational certification
5,200 points = Associate-level certification

-> You'll Earn about 2,000 points on Day 1 and 360 points every week.

5 Complete AWS Exam Prep:
Finish an AWS Skill Builder course and pass the practice exam.

6 Claim Your Free AWS Exam Voucher!
Use your points to unlock a free certification voucher.

Time required: 45–60 days, 10–15 minutes per day.

https://redd.it/1j4jfsn
@r_devops

What are the small but useful CI/CD improvements you've made?

What are the small but useful CI/CD improvements you've made? Sometimes, I want to make a small change to improve the workflow, so I am trying to do the little things that can make a big difference instead of wasting time doing something drastic that will take a long time and may break things.

https://redd.it/1j4jmza
@r_devops

Am I on the right track?

Ive made it my goal since last year to try to break into the devops and cloud space( im a networkk guy by trade but ive grown bored of it). At work ive been trying to get involved with some more cloud related projects but its been hard since theres a lot of chefs in the kitchen.. Here's some of the things i've implemented:

1. Created a Lambda function that keeps track of all ec2 instances in all accounts (over 20)and stores them a csv file in an s3 bucket.includes info such as assocated tags, cpu, state, etc..

2. Deployed Network Infrastructure via Terraform(vpc, network sdwan appliance, tgw, route tables , etcc)

3. Lambda function using python that exports all findings in security hub and uploads them to customer s3 tenant account.

4. Created a CI/CD for each lambda function. deploys all of the infrastructure needed as well using terraform.

Im planning on creating some lambda functions that remediate certain security findings as well such as automatically setting up tag with iam name on any ec2 instance that is spun up.

Any ideas on what else i should be trying to do ? Im also actively studying for the RHCSA certification and knocked out the AWS SAA cert late 2024.

https://redd.it/1j4kaox
@r_devops

Anyone here run a business?

Im working on starting a type of service model where I just provide terraform to build out the infrx required for teams. mainly targeting small to mid-sized consultancies and IT departments with.


Curious on
A. Is this something that would be useful
B. how to find clients

Im currently posting on youtube and trying to drive traffic to my website (not going to link as I dont want this to be perceived as promotional)

https://redd.it/1j4jymm
@r_devops

Does DevOps engineer write application code?

Hi, I'm a software developer with around 4 years of working experience. Recently, I was trying to get a DevOps role because I like the cloud and managing the deployment process, but at the same time I don't want to quit writing application code because I want to gain more experience in developing apps and managing databases etc...
So do you think that DevOps roles are suitable in my case or should I just focus on backend roles?

https://redd.it/1j4of6z
@r_devops

How to Import an Existing Kubernetes Cluster into Rancher | Step-by-Step Guide

Already running a Kubernetes cluster? Learn how to import it into Rancher for centralized management and better visibility! Whether your cluster is on Minikube, the cloud, or on-prem, this step-by-step guide will walk you through the entire process.

🔹 What You'll Learn:
✅ How to verify your Kubernetes cluster before importing
✅ How to use Rancher’s import feature
✅ How to deploy and test a workload after importing

Watch video at https://youtu.be/agiHe8Lrw9k

https://redd.it/1j4qi6i
@r_devops

Stuck at SSH in 'vagrant up' using Vagrantfile. Any clue, anybody? (I am setting up the cluster by following Kubernetes the hard way by Mumshad).

Thank you in advance

https://redd.it/1j4tw0z
@r_devops

Rough/Ballpark Cost Estimate for the following?

I want to make a proof of concept (<5 users):

* 2 cheap AWS pods for a React Frontend (kubernetes)
* 2 cheap AWS pods for a Spring Backend (kubernetes)
* Any cheap AWS SQL database
* A way to deploy to each via a Jenkins pipeline
* An Okta setup for <5 users

The goal is to have this semi boiler plate for future projects - but want to give my boss a rough cost estimate before starting

https://redd.it/1j4w6pe
@r_devops

A microblog on abstraction debt in infrastructure as code

This article serves as the starting point for a microblog series exploring the challenges of managing Infrastructure-as-Code (IaC) at scale. The reflections here are solely my own views, based on my experiences and the lessons learned (sometimes the hard way) when building and maintaining large-scale infrastructure. This first entry lays the groundwork for the complexities, trade-offs, and regrets that come with designing IaC solutions.

https://rosesecurity.dev/blog/2025/03/06/the-abstraction-debt-in-iac

https://redd.it/1j4yker
@r_devops

PSA: microdnf needs -y in ubi9 and above

Fuck, fuckety fuck Fuck! FUCK
I spent an entire afternoon trying to find out why the fuck my build pipeline timed out and chased so many red herrings—looking at auth and fucking firewalls and what have you.

All because micro-fucking-dnf was waiting for "Is this ok y/N:" and that piece of shit Azure DevOps decided to not show that but instead

> ##errorThe operation will be canceled. The next steps may not contain expected logs.
> ##errorThe operation was canceled.

Fuck!

https://redd.it/1j4zg21
@r_devops

Configuration antipattern?

I work in a infrastructure team and am currently working on a project where a dev team has built out a load of pipeline templates and infra templates for previous things they deploy. We are attempting to reuse these where possible.

However, when I came to use these there's pretty much no documentation and they are stored across a few different repos for different aspects.

The main frustration is that everything is parameter/configuration driven. You are required to plug endless config files into stuff for example the resource names, permissions to be applied, entra ID details for app registrations and tons of other random garbage all over the place.

My question is, is this amount of configuration manually input instead of being spat out my infra deployments an antipattern in some way? The amount of manual work to get a working deployment is insane.

https://redd.it/1j4z4he
@r_devops