What do you use for CI/CD?

I use actions but curious war folks recommend in 2025

https://redd.it/1jc6rtn
@r_devops

Host in Apache Web server with React

Hello!, im currently practicing deployment in web servers and i really cant find any solu online so i came to ask here..

im currently deploying a Vite react typescript with tanstack routing.. but experience a major problem..

whenever i go to my url which is my subdomain.. it works well but when i navigate to certain routes which is a file routing based.. it gives me a Internal Server error which i really dont have an idea about it.. Heres the steps i did:

(file structure)
/SubDomain
- .htaccess
- ./dist (after build i deleted everything except .dist)

.htaccess:


RewriteEngine On

# Force redirect from HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTPHOST}%{REQUESTURI} L,R=301

# Serve static files from the dist folder
RewriteCond %{REQUESTFILENAME} !-f
RewriteCond %{REQUESTFILENAME} !-d
RewriteRule ^(.)$ /dist/$1 [L]

# Handle SPA routing (React/Tanstack Router)
# Redirect any request that isn't a file or directory to index.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.)$ /dist/index.html L

# Explicitly set DirectoryIndex to index.html
DirectoryIndex /dist/index.html

Thankss..

https://redd.it/1jcdwet
@r_devops

tj-actions/changed-files back on GitHub

After yesterday’s removal, it’s been brought back to GitHub.

„malicious commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.”

https://github.com/tj-actions/changed-files

https://redd.it/1jcgsk5
@r_devops

Got into devops. Looking to connect

With people who are career driven and love growth. Would love me to be intouch and learn from you.

My job consists of dual roles where it would be devops + cybersecurity (cloudsec and bit of GRC). I believe i have a once in a lifetime kind of opportunity and i want to make the best out of it. I just want to be surrounded by likeminded people to learn and grow. Looking forward to hearing from you.

Edit: i also intend to work on side projects to learn stuff and make myself more employable.

https://redd.it/1jci2l7
@r_devops

What should i pick as a career in devops

Hi everyone, I am 20 yr old . I have worked on java from long time and i want to move towards devops, so far i have started working on shell scripting, python for devops ( from yt ) and worked with docker . What should i do to get a good job by next year as i will be graduated .

Your responses would help me a lot

https://redd.it/1jcjerq
@r_devops

For all wanting to enter DevOps, here's my personal "stand out" tips

Hello all,

Do-everything developer of ~20 years who transitioned into DevOps 5 years ago reporting in - born from the struggles with my own current team members and the vast majority of DevOps candidates we interview, I wanted to share my thoughts about the industry and candidates we come across:

- 95% of good DevOps engineers were developers first - there are exceptions, but being a DevOps Engineer is knowing the pain your devs face and most importantly improving it.

- Leaping from SysAdmin => DevOps is 1000x more difficult to pull off than Dev => DevOps - not impossible, but non-developers in my experience largely do not/will not learn the fundamental good code-writing practices that all devs will learn on day one.

The number of candidates we reject each month that think doing "AZ101" certifications or telling me how much their Golang/Rust stack "could" scale is indescribable - not unimportant having that skillset, but if you operate in a DevOps team just working with brand-new stacks and technologies each day and pay no attention to the business-process pain your staff base is dealing with, you won't last.

- Please, please learn the basics of computer hardware, networking (IPv4/IPv6, DNS, DHCP) outside of a cloud environment - the number of people who claim experience with these but falter as soon as it's not "in an AWS VPC" is unbelievable.

- Be hungry to learn, forever, always. - if you're not one of the most technically-innovative people in your company, and at least somewhat interested in tech/dev outside of work, you will fail - and you should. DevOps is not a role for people to do average and milk it for what it's worth.

At the risk of sounding like a bitter veteran with the above - these are just my own experiences and guidance I would give to new entrants to the industry if I could :)

Bitterness aside - if you really "give a shit" about learning and innovation, my top tips are as follows:

- Innovate and develop new strategies or approaches as a primary goal - you will come across 40-50 year old employees that are bitter about your success and innovation, give them no reasons to have a point, let your good work speak for itself.

- Don't work for any company that you would be worried about spotting a mistake and owning up to it - I'm fortunate where I work that we foster and encourage a "see it, say something" culture and do not tolerate blame culture aside from intentional negligence - you will learn the most working in this kind of environment.

- Don't be afraid to propose huge changes to 20 year old business processes - the amount of stupid bullshit companies will follow for years on end without questioning is endless - chances are if you're a DevOps Engineer and think you've found a novel solution to something, you're very probably right.

- Stay humble and keep close with any engineers/dev staff that you service or look after - these folks are your bread and butter - the second you lose touch with them, you lose your technical sway and influence - and your own sense of "what needs to be improved".

https://redd.it/1jck1r2
@r_devops

Should I learn Oracle DBA as a DevOps/Platform Engineer in 2025?

I am an entry level DevOps Engineer working in a mid size (300+ dev) software company for almost 3 years. I mostly maintain our On-prem PROXMOX cluster, K8S cluster, monitoring/alerting (500+ VM and WS), do some scripting in BASH and python. My senior colleague do the same but additionally he is our Oracle DBA. Lately I realized that was hired to be a substitute of my colleague. But nobody guide me in that way. Recently a few DBA tasks are being assigned to me on the basis that I should know these as I have been working for fairly long time alongside my colleague. So I am thinking to get into a Oracle DBA course.
But I have a lot to learn in DevOps/SRE era in 2025. I was planning to get couple of certs in AWS/K8S and learn a new language like Go/Rust etc.
I don't know what will happen in the future. May be they might move these DB stuff into the cloud. Might be they adopt any service that no DBA is needed. Besides if I switch company, may be they do not need DBA skills for the position that I want to apply. So, my spent time to learn DBA will be a waste. Now, should I spend time to learn complete oracle DBA or just scrapping the web to get things done and focus others?

https://redd.it/1jclciv
@r_devops

Friendly reminder for you picky code-quality folks

Bitter lessons from my own 6 year journey with ~450 engineering/dev staff:

- As much as you design, document and broadcast good code standards, if you don't codify it no-one will give a shit.

I cannot stress this enough - the second I just wrote my own linter/code style/line feed/brace standards into a pull request merge-time pipeline, suddenly compliance was through the roof.

The vast majority staff in any company are there to execute the bare-minimum to claim a 9 - 5 and no more.

Instead of having one-on-one disagreements and explanation sessions with your staff, spend your time automating your quality standards.

Without qualifying all dev staff as careless - 100% of them can't ignore a YOU CAN'T MERGE THIS UNTIL YOU FIX THIS message, and I cannot explain how much friction this has removed from my work week while achieving the same goal 10x more effectively than me chasing people to adhere to our agreed standards.

Maybe it's just me that didn't think of this sooner, but my god - if you're trying to level good standards across ~2k Git repositories, automating your own standards is the only way.

https://redd.it/1jcm0wk
@r_devops

Container base images aren't scary

Your company's Architecture should be leading the charge for most base image decisions, but at least where I work now, individual product teams have historically had no guidance from Architecture ~~Architecture are useless~~ and just picked whatever they liked at the time - the result being a scatter of Alpine, Debian, Ubuntu, and various others across teams.

Docker tag conventions were super confusing for me for a long time, and it's honestly something that never really 'clicks' until you work at scale across a lot of dev teams/products and hit the niche reasons why certain distros or tags are required at certain times.

The trick to tag selection is understanding what things you specifically care about in your base image. The less specific (and usually shorter) the tag you select is, the more "defaults" will be selected for you by the image maintainer.

If we take the .NET Runtime as an example, if you request 8.0 it will give you a base image with Debian by default.

If you wanted a different underlying distro, you could select 8.0-alpine (Alpine) or 8.0-jammy (Ubuntu) instead.

You can get even more specific and say you want Alpine AND to never pull versions higher than 8.0.0 (no hotfixes/minor versions) by selecting 8.0.0-alpine, but that's rarer.

Even rarer still, you can select one of the -amd64 or -arm64 tags if you need a specific CPU architecture to build against.

---

My usual process these days for selecting an image is:

> Prefer a purpose-built image for the tech stack/language/service you're after (e.g. node, nginx) before you resort to a stock distro image (e.g. Debian).

Way less of a maintenance pain in the butt when new versions come out, and it's very likely the more specific base image will deal with oddities of that particular app/language on your behalf.

---

> At a bare minimum, the tag you select needs to be locked to the version of the stack (e.g. node, dotnet) that your codebase requires.

Please don't use latest, you're in for a world of hurt when latest becomes your version of <x> language + 1 and breaks things overnight. - if you use Kubernetes, please read the prior sentence until it's burned into your brain before you ever touch another cluster - otherwise you will find yourself wasting a whole day diagnosing "why does 1 node in my cluster run it fun and the other <x> don't".

Use proper version numbers for your final app images too - latest is awful to tag your final build images with, especially if you're using Kubernetes. Quickly you'll hit scenarios where machines think they have latest already, but you're trying to roll out a newer latest.

Shout-out to GitVersion as my place's tool of choice, but there are many other awesome tools to achieve distinct reliable versioning for your builds - at the very least you can just use the current Git SHA256 commit hash if you're lazy - THIS IS STILL BETTER THAN latest.

---

> Try and get some standards going around which underlying distribution you want to use across the organization.

At scale, it's no fun when every app team is using a different underlying distro and you constantly have to try and remember which shell or tools are available while you're attached to a container for debugging.

---

> Defaulting to Alpine as an underlying distro is a great starting point.

Alpine images are almost always significantly smaller than the corresponding Debian/Ubuntu ones.

Just beware of its musl standard C library rather than glibc like most other distros. Absolutely fine for 99% of modern apps, but some apps have to be specifically compiled for musl to work under Alpine.

---

> Don't get too caught up in image size comparisons when choosing your underlying distro, pick one you're familiar with instead.

---

edit: wanted to add that distroless images are becoming increasingly popular - while they are awesome (e.g. .NET Chiselled Ubuntu, Google's Node.js distroless) - do not focus

on going distroless before you harmonize your company's base OS/images.

Spend your days getting everyone using the same Alpine/Debian/Ubuntu/whatever image first - your challenge of moving these containers to distroless/hardened images will be 100x easier if you do.

https://redd.it/1jclbjk
@r_devops

From Where should I start a d what should I learn

So I'm a BTech IT student and after trying web development, DSA , I know these are not for me. I started learning about devops and I gained interest in it . So please suggest me some resources from where I should learn and what I should learn in particular order and suggest free resources because I've money problem.

https://redd.it/1jco1zb
@r_devops

Github actions - Runners giving role assignments

Hello :)

After researching best practices for assigning roles in an IaC workflow, I haven't found a clear, definitive "proper way" to do it.

Initially, I considered using a broker system with PIM and JIT for Azure, but this doesn’t seem to work with workload identities. While it’s possible to simulate this with code, it feels a bit janky.

Has anyone tested different approaches to handle this?

Essentially, I want to avoid giving a workload identity permanent role assignment capabilities. Is this "just the way its done", or is there a better way to achieve it?

https://redd.it/1jcsz7i
@r_devops

Help with a School Project on Cloud Management

Hey everyone! 👋

If you work with AWS, Azure, or GCP, I’d love to get your insights on cloud infrastructure management! I’m running a short survey to understand how engineers and DevOps teams handle cloud optimisation, automation, and security.

The survey is completely anonymous, and I’d really appreciate your time!

👉 **Take the survey here**

Thanks in advance for your time!

https://redd.it/1jcuox1
@r_devops

k8s monitoring costs is exploding at my startup

Please let me know if this is the correct place to post.

I'm in a bit of a situation that I wonder if any of you can relate to. I'm the fractional CTO at a rapidly growing startup (100+ microservices, elasticsearch k8s), and our observability costs are absolutely DESTROYING our cloud budget.

We're currently paying close to $80K/month just for APM/logging/metrics (not even including infrastructure costs 😭).

I've been diving deep into eBPF-based monitoring solutions as a potential way out of this mess. The promise of "monitor everything with zero code instrumentation" sounds almost too good to be true.

Has anyone here successfully made the switch from traditional APM tools (Datadog/New Relic) to eBPF-based monitoring in production?

Specifically, I'm curious about:

\- Real-world performance overhead on nodes

\- How complete is the visibility really? (especially for things like HTTP payload inspection)

\- Any gotchas with running in production?

\- Actual cost savings numbers if you're willing to share

Would love to hear your war stories and insights.

https://redd.it/1jcym3x
@r_devops

Most recognized/useful certs in DevOps?

Hello, sitting at about 5 YOE as a cloud/DevOps engineer. Have a good grasp of everything in the cloud, got a bunch of AWS and Azure certs.

Have been given some professional development time at work and they generally like us to get certificates. I was wondering if anyone could suggest a certification that is generally highly regarded in DevOps? Was leaning towards a kubernetes or possibly redhat cert.

https://redd.it/1jd1fqh
@r_devops

Hot Take: Platform Engineering Is NOT the same as DevOps

I see this question so many times. I figured, wtf, why not just write a blog about it based on my experience.

Blog post link: https://ctrlplane.dev/blog/what-is-platform-engineering

You can read the full breakdown there, but here are my hot takes:

DevOps is the 'why', Platform Engineering is the 'how'. DevOps is a philosophy (at the very least its suppose to be). Collaboration, automation, the whole shebang. But it can be kinda vague. Platform Engineering is about actually building the tools and platforms to make that happen. Think of it as putting concrete under the DevOps ideals.
It's not just renaming DevOps. Sure, there's overlap. But Platform Engineering is more focused on building standardized, scalable platforms. It's about giving devs a consistent and efficient experience.
If you're in DevOps, you're probably doing some Platform Engineering already. If you're automating infrastructure, building CI/CD pipelines, or creating self-service tools, you're on the right track.
The future is platforms. As things get more complex (microservices, cloud, etc.), Platform Engineering is gonna be even more crucial. Companies need dedicated teams to build these platforms.

Basically, DevOps is the idea, SRE is the reliability implementation, and Platform Engineering is the implementation that improves the developer experience.

Okay, this might be a bit pedantic, but Im in software engineering and thats what we do.

https://redd.it/1jd307e
@r_devops

Streamlining Secrets Management for AWS Lambda with AWS Secrets Manager & TypeScript


Hello r/devops,

I’d like to share my latest video tutorial on securing AWS Lambda functions using AWS Secrets Manager in a TypeScript monorepo. This method centralizes secret management, improves security, and ensures cost efficiency—key aspects for modern DevOps practices.

Watch the video: https://youtu.be/I5wOfGrxZWc
Access the source code here: https://github.com/radzionc/radzionkit

I appreciate any thoughts or feedback you may have. Thanks for reading!

https://redd.it/1jd4cck
@r_devops

I chose docker swarm

Wanted to know your opinion on this setup i made.

So i got hired by this company who has a lot of mobile apps and websites. All backends were dockerized and put on one mega ec2 instance, bound to a different port on the machine with a nginx reverse proxy listening on the domain and sending traffic to the respective port on localhost.

The server's load was through the roof and they wanted to add more and more backends.

One more thing of relevance here, I'm the only devops guy there, the rest are backend developers with little knowledge in docker or frontend devs with no knowledge in docker.

The solution i proposed, docker swarm over multiple ec2 instances.

First i used nginx docker instead of installing it on the instance directly, one replica per instance.

Second, all internet facing app is added to the nginx docker network. This eliminates the need to bind it on the host and can be reached internally from nginx container using stackname_servicename:serviceport.
The service can have a second network if it has any other services.

We can almost use the same docker compose files that were used before, aside from the few new commands devs have to learn, they can all understand the infra.

Now i could set up ASG in aws, but i would prefer to do it manual for now, i prepared a terraform/ansible script that provisions the leader/nodes of the swarm and i can simply increase the number of nodes and it will be providioned and configured into the swarm.

For dns, i want to add every node public ip to every domain (now this bit surely needs improvement) so that it reaches the nginx on the node itself.

Databases are still a problem as i chose i put them all on the leader node so i would preserve the data on restarts. I chose this over doing ebs multi-attach or efs.

Let me know your opinion on this and how you would improve it

https://redd.it/1jd75nc
@r_devops

The eternal struggle

Tech is easy. You have a problem, you troubleshoot, you fix it. Rinse and repeat. But explaining that problem to someone who isn’t knee-deep in logs and YAML files? That’s where I crash and burn.

I’ve been working in DevOps for a while now, and the more I progress technically, the more I realize that my soft skills are lagging hard. Talking to stakeholders, justifying decisions, even something as basic as daily stand-ups.half the time, I feel like I’m either over-explaining or not making sense at all. It’s like my brain refuses to translate tech into human language.

And it’s not just a work thing. The same awkwardness bleeds into my personal life. Making conversation? small talk? networking? It feels like an impossible task. Meanwhile I see colleagues who just get people. They navigate meetings like it’s a dance, while I’m out here stepping on toes and knocking over chairs.

I know soft skills are a muscle that needs training, but imo it requires actual effort and consistency, and I’d rather refactor a spaghetti-code terraform module than actively work on my communication skills.

https://redd.it/1jd95s6
@r_devops

Roast My SaaS Monorepo Refactor (DDD + Nx) - Where Do Migrations & Databases Go?

Hey r/devops, roast my attempt at refactoring my SaaS monorepo! I’m knee-deep in an Nx setup with a Telegram bot (and future web app/API), trying to apply DDD and clean architecture. My old aws_services.py was a dumpster fire of mixed logic lol.

I am seeking some advice,

Context: I run an image-editing SaaS (\~$5K MRR, 30% monthly growth) I built post-uni with no formal AWS/devops training. It’s a Telegram bot for marketing agencies, using AI to process uploads. Currently at 100-150 daily users, hosted on AWS (EC2, DynamoDB, S3, Lambda). I’m refactoring to add an affiliate system and prep for a PostgreSQL switch, but my setup’s a mess.

Technical Setup:

Nx Monorepo:
/apps/telegram-bot: Bot logic, still has a bloated aws_services.py.
/apps/infra: AWS CDK for DynamoDB/S3 CloudFormation.
/libs/core/domain: User, Affiliate models, services, abstract repos.
/libs/infrastructure: DynamoDB repos, S3 storage.
Database: Single DynamoDB (UserTable, planning Affiliates).
Goal: Decouple domain logic, add affiliates (clicks/revenue), abstract DB for future Postgres.

Problems:

Migrations feel weird in /apps. DB is for the business, not just the bot.
One DB or many? I’ve got a Telegram bot now, but a web app, API, and second bot are coming.

Questions:

1. Migrations in a Monorepo: Sticking them in /libs/infrastructure/migrations (e.g., DynamoDB scripts)—good spot, or should they go in /apps/infra with CDK?
2. Database Strategy: One central DB (DynamoDB) for all apps now, hybrid (central + app-specific) later. When do you split, and how do you sync data?
3. DDD + Nx: How do you balance app-centric /apps with domain-centric DDD? Feels clunky.

Specific Points of Interest:

Migrations: Centralize them or tie to infra deployment? Tools for DynamoDB → Postgres?
DB Scalability: Stick with one DB or go per-app as I grow? (e.g., Telegram’s telegram\_user\_id vs. web app’s email).
Best Practices: Tips for a DDD monorepo with multiple apps?

Roast away lol. What am I screwing up? How do I make this indestructible as I move from alpha to beta? DM me if you’re keen to collab. My 0-1 and sales skills are solid, but 1-100 robustness is my weak spot. Thanks for any wisdom!

https://redd.it/1jd94kp
@r_devops

Monitoring terraform flow

What's the correct way to monitor terrafrom flow win s3 bucket as a back-end with big devops team?
Is there an option to have easily human readable output?

Or the best way just to use something like Atlantis and just abstain from using terraform from local machines?

https://redd.it/1jdbchn
@r_devops