Should I be worried that you seem to speak chinese for me ?
So I (23) am an engineering student in data science and I will graduate after 6 or 7 months. All I know is some cute data engineering ( cleaning , transforming , etc..) , predicting things with models , do some API services based on RAG , Work with some object detection models and build some Spring boot projects. But you guys seem on a different level that makes me anxious about my capabilities. Please tell me that most of you here are seniors or that I still have time ahead of me to understand what I might need for work .
https://redd.it/1la2kqw
@r_devops
So I (23) am an engineering student in data science and I will graduate after 6 or 7 months. All I know is some cute data engineering ( cleaning , transforming , etc..) , predicting things with models , do some API services based on RAG , Work with some object detection models and build some Spring boot projects. But you guys seem on a different level that makes me anxious about my capabilities. Please tell me that most of you here are seniors or that I still have time ahead of me to understand what I might need for work .
https://redd.it/1la2kqw
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Devops Interview for PROX Team at Amazon
Hello people, I have an interview lined up for the next week for the role mentioned in the title. What should be my strategy to prepare for it?
I have like intermediate level knowledge of Linux, docker and AWS.
If anyone has given such interviews what kind of questions do they ask?
I am not the best leetcoder but I can solve easy to medium in upto arrays list and linkedlist. Haven't gotten upto trees and and all that.
What things should I prepare for apart from just Bash, Docker, Cloud, CI CD?
First time appearing for such company.
Please any help or suggestions would be appreciated.
https://redd.it/1la5ihx
@r_devops
Hello people, I have an interview lined up for the next week for the role mentioned in the title. What should be my strategy to prepare for it?
I have like intermediate level knowledge of Linux, docker and AWS.
If anyone has given such interviews what kind of questions do they ask?
I am not the best leetcoder but I can solve easy to medium in upto arrays list and linkedlist. Haven't gotten upto trees and and all that.
What things should I prepare for apart from just Bash, Docker, Cloud, CI CD?
First time appearing for such company.
Please any help or suggestions would be appreciated.
https://redd.it/1la5ihx
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
What's your biggest productivity killer in Salesforce DevOps?
deep in the trenches of salesforce DevOps for a while now and find myself constantly dealing with repetitive inefficiencies. seems pretty universal: setting up pipelines, repetitive terraform or YAML configs, and those endlessly cryptic deployment errors.
for me, salesforce metadata conflicts and managing source control can eat up hours. always curious how others manage their productivity pitfalls, especially when handling large orgs or complex deployments. are there best practices you've adopted or tooling you swear by to streamline these common frustrations?
tried a few different methods (source-tracking commits, CI/CD tweaks, metadata deployments) but curious to know what really works for you all.
https://redd.it/1la1zcx
@r_devops
deep in the trenches of salesforce DevOps for a while now and find myself constantly dealing with repetitive inefficiencies. seems pretty universal: setting up pipelines, repetitive terraform or YAML configs, and those endlessly cryptic deployment errors.
for me, salesforce metadata conflicts and managing source control can eat up hours. always curious how others manage their productivity pitfalls, especially when handling large orgs or complex deployments. are there best practices you've adopted or tooling you swear by to streamline these common frustrations?
tried a few different methods (source-tracking commits, CI/CD tweaks, metadata deployments) but curious to know what really works for you all.
https://redd.it/1la1zcx
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Has anyone shared stories of how they have implemented multi cloud support on their platforms ?
The question is as simple as the title of the post.
I just want to read stories on how and why people have implemented multi cloud support on their platforms. the platforms could be hosting platforms or anything where the customer has demanded support for not just AWS, but GCP, Azure, DigitalOcean or anything similar service.
Thank You
https://redd.it/1la7gxu
@r_devops
The question is as simple as the title of the post.
I just want to read stories on how and why people have implemented multi cloud support on their platforms. the platforms could be hosting platforms or anything where the customer has demanded support for not just AWS, but GCP, Azure, DigitalOcean or anything similar service.
Thank You
https://redd.it/1la7gxu
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Honest view on devops course from "tech world with Nana"
Hey devops friends, i am currently seeking for transition from SW to DevOps or at least start as sysadmin and grow to devops, and found this course from "Tech world with Nana", they are stating that they providing lots of practical experience instead of just learning. So my question, is there some one who is starting his devops journey or decided to try this course on the middel of the journey? What is your impression from this course? Because while DevOps certificate from "Tech world with Nana" sounds like a joke - 1,7k$ for course is definitely not a joke
https://redd.it/1la9lez
@r_devops
Hey devops friends, i am currently seeking for transition from SW to DevOps or at least start as sysadmin and grow to devops, and found this course from "Tech world with Nana", they are stating that they providing lots of practical experience instead of just learning. So my question, is there some one who is starting his devops journey or decided to try this course on the middel of the journey? What is your impression from this course? Because while DevOps certificate from "Tech world with Nana" sounds like a joke - 1,7k$ for course is definitely not a joke
https://redd.it/1la9lez
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Implementing CI/CD pipeline with Jenkins and AWS EC2 assignment. How to do it?
I have an assignment that i need to complete,which YouTube tutorial or website would be helpful for me to complete the task. Below are the instructions and requirements.
Objective:
The objective of this assignment is to provide undergraduate students with hands-on experience in building a Jenkins CI/CD (Continuous Integration/Continuous Delivery) pipeline and deploying an application on an AWS EC2 instance.
Requirements:
Set up a Git Repository: Students should create a Git repository for their project. They can use an existing project or create a simple application to demonstrate the CI/CD pipeline. Create an AWS EC2 Instance: See the attached video tutorial for step-by-step guide to create an AWS EC2 instance to serve as the deployment target. You have to configure the necessary security groups, key pairs, and networking settings.
Configure AWS Credentials in Jenkins: Students should configure AWS credentials in Jenkins to enable interactions with the AWS services. This can be done by following the instructions in the attached video as well.
Create a Jenkins Job: Create a Jenkins job that defines the CI/CD pipeline. The job should include the following steps:
Pull the latest code from the Git repository.
Build the project.
Run any required tests.
Package the application, if applicable.
Deploy the application to the AWS EC2 instance.
Trigger Jenkins Job: Configure the Jenkins job to be triggered automatically whenever a new commit is pushed to the Git repository.
Documentation: Students should document the process of setting up the Jenkins CI/CD pipeline and deploying the application on an AWS EC2 instance. The documentation should include step-by-step instructions, screenshots, and any issues encountered during the setup.
Deliverables:
Jenkins CI/CD pipeline configured for application deployment on AWS EC2.
Documentation describing the setup process.
https://redd.it/1lad7pu
@r_devops
I have an assignment that i need to complete,which YouTube tutorial or website would be helpful for me to complete the task. Below are the instructions and requirements.
Objective:
The objective of this assignment is to provide undergraduate students with hands-on experience in building a Jenkins CI/CD (Continuous Integration/Continuous Delivery) pipeline and deploying an application on an AWS EC2 instance.
Requirements:
Set up a Git Repository: Students should create a Git repository for their project. They can use an existing project or create a simple application to demonstrate the CI/CD pipeline. Create an AWS EC2 Instance: See the attached video tutorial for step-by-step guide to create an AWS EC2 instance to serve as the deployment target. You have to configure the necessary security groups, key pairs, and networking settings.
Configure AWS Credentials in Jenkins: Students should configure AWS credentials in Jenkins to enable interactions with the AWS services. This can be done by following the instructions in the attached video as well.
Create a Jenkins Job: Create a Jenkins job that defines the CI/CD pipeline. The job should include the following steps:
Pull the latest code from the Git repository.
Build the project.
Run any required tests.
Package the application, if applicable.
Deploy the application to the AWS EC2 instance.
Trigger Jenkins Job: Configure the Jenkins job to be triggered automatically whenever a new commit is pushed to the Git repository.
Documentation: Students should document the process of setting up the Jenkins CI/CD pipeline and deploying the application on an AWS EC2 instance. The documentation should include step-by-step instructions, screenshots, and any issues encountered during the setup.
Deliverables:
Jenkins CI/CD pipeline configured for application deployment on AWS EC2.
Documentation describing the setup process.
https://redd.it/1lad7pu
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Backstage Dynamic Plugins with Red Hat Developer Hub
Do you know how easy it is to install almost any Backstage plugin in Red Hat Developer Hub? In my latest article, I show you, step by step, how to make it happen.
https://piotrminkowski.com/2025/06/13/backstage-dynamic-plugins-with-red-hat-developer-hub/
https://redd.it/1ladv8g
@r_devops
Do you know how easy it is to install almost any Backstage plugin in Red Hat Developer Hub? In my latest article, I show you, step by step, how to make it happen.
https://piotrminkowski.com/2025/06/13/backstage-dynamic-plugins-with-red-hat-developer-hub/
https://redd.it/1ladv8g
@r_devops
Piotr's TechBlog
Backstage Dynamic Plugins with Red Hat Developer Hub - Piotr's TechBlog
This article will teach you how to create Backstage dynamic plugins and install them smoothly in Red Hat Developer Hub.
Where is my build? How to Trace SDLC (Software Development Lifecycle) Events from your DevOps Tools!
At Dynatrace we are working with the open source community to define new standard events to track the lifecycle of an artifact from first git commit until production until retirement. Our SDLC events share the semantic conventions that are also being worked on by the OTel CI/CD SIG. We still have ways to go on both sides - but - I recorded a short video that shows whats possible if we ingest all those events from your GitHub, GitLab, Azure DevOps, Jenkins, Argo, Flux, ...
**Feedback requested**
As the lead DevRel on this topic and as a CNCF Ambassador I would like to ask for some feedback from the global DevOps community on this approach. Does this solve a problem you have? Anything we miss? Anything we need to watch out for?
**5 Minute Explainer Video**
Here is my video on YouTube ==> [https://dt-url.net/devrel-yt-sdlc-howto-ingest-june2025](https://dt-url.net/devrel-yt-sdlc-howto-ingest-june2025)
https://redd.it/1lae2t9
@r_devops
At Dynatrace we are working with the open source community to define new standard events to track the lifecycle of an artifact from first git commit until production until retirement. Our SDLC events share the semantic conventions that are also being worked on by the OTel CI/CD SIG. We still have ways to go on both sides - but - I recorded a short video that shows whats possible if we ingest all those events from your GitHub, GitLab, Azure DevOps, Jenkins, Argo, Flux, ...
**Feedback requested**
As the lead DevRel on this topic and as a CNCF Ambassador I would like to ask for some feedback from the global DevOps community on this approach. Does this solve a problem you have? Anything we miss? Anything we need to watch out for?
**5 Minute Explainer Video**
Here is my video on YouTube ==> [https://dt-url.net/devrel-yt-sdlc-howto-ingest-june2025](https://dt-url.net/devrel-yt-sdlc-howto-ingest-june2025)
https://redd.it/1lae2t9
@r_devops
Which cloud provider (Azure, AWS or GCP) offers the best DevOps training guides
Before you all jump to conclusions, this is not a post asking which cloud provider is the best overall. It is not asking which cloud provider has the most opportunities. I am merely asking which cloud provider offers the best studying material for DevOps. And yes, that does generally mean certifications but the certification is just the icing on the cake. I’m looking to understand theory and build my skills before getting a certification. Hence, the analogy. If the certification is the icing, the skills and theory is the cake. You need to have the cake baked and ready before you add the icing.
I learn best from having a structured plan. Certification study guides and certification training videos tend to have the best structure for me. I read, or listen and follow along. I try to understand the theory and bigger picture. Once I gain enough confidence in my ability and knowledge, I try something similar on my own without using guidance. All this being said, which cloud provider seems to have the best training and cloud native technology for DevOps learning? And yes, I have the DevOps roadmap. I know what I need to learn. That’s not what is being asked here.
I’m leaning towards AWS since they tend to be a cloud first provider. Azure tends to be a provider that focuses primarily on hybrid infrastructures. I may be wrong in this, but based off my experiences it seems places that have hybrid infrastructures do not really practice DevOps methodologies or have DevOps roles. It seems though that companies that are cloud first, do follow DevOps methodologies and have DevOps roles. I do not know much about GCP. Not sure if companies that opt for GCP have hybrid or cloud first infrastructures.
Also, what is a good project I can build to show off my knowledge and skills? I don’t want to use the Cloud Resume Challenge as that project seems to be what everyone is doing. I want to be a bit original but also show that I’m not just following a project that has several written guides. Like I stated earlier, I like to step away from guidance once I have built my confidence and the Cloud Resume Challenge doesn’t seem to allow for that.
https://redd.it/1lag66m
@r_devops
Before you all jump to conclusions, this is not a post asking which cloud provider is the best overall. It is not asking which cloud provider has the most opportunities. I am merely asking which cloud provider offers the best studying material for DevOps. And yes, that does generally mean certifications but the certification is just the icing on the cake. I’m looking to understand theory and build my skills before getting a certification. Hence, the analogy. If the certification is the icing, the skills and theory is the cake. You need to have the cake baked and ready before you add the icing.
I learn best from having a structured plan. Certification study guides and certification training videos tend to have the best structure for me. I read, or listen and follow along. I try to understand the theory and bigger picture. Once I gain enough confidence in my ability and knowledge, I try something similar on my own without using guidance. All this being said, which cloud provider seems to have the best training and cloud native technology for DevOps learning? And yes, I have the DevOps roadmap. I know what I need to learn. That’s not what is being asked here.
I’m leaning towards AWS since they tend to be a cloud first provider. Azure tends to be a provider that focuses primarily on hybrid infrastructures. I may be wrong in this, but based off my experiences it seems places that have hybrid infrastructures do not really practice DevOps methodologies or have DevOps roles. It seems though that companies that are cloud first, do follow DevOps methodologies and have DevOps roles. I do not know much about GCP. Not sure if companies that opt for GCP have hybrid or cloud first infrastructures.
Also, what is a good project I can build to show off my knowledge and skills? I don’t want to use the Cloud Resume Challenge as that project seems to be what everyone is doing. I want to be a bit original but also show that I’m not just following a project that has several written guides. Like I stated earlier, I like to step away from guidance once I have built my confidence and the Cloud Resume Challenge doesn’t seem to allow for that.
https://redd.it/1lag66m
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Book Recommendation on integrating Github Jira and Jenkins
I am building an app for work and need to learn how I can perform automated builds and eventually automated deployments. The code sits in a private github repo. Issues will be tracked with Jira. Jenkins will be used to automate building and running tests.
I do prefer a written material over videos. Please let me know of any good books you feel fit this criteria.
https://redd.it/1lafmos
@r_devops
I am building an app for work and need to learn how I can perform automated builds and eventually automated deployments. The code sits in a private github repo. Issues will be tracked with Jira. Jenkins will be used to automate building and running tests.
I do prefer a written material over videos. Please let me know of any good books you feel fit this criteria.
https://redd.it/1lafmos
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Why we don't do leetcode style interviews
Hey all, we've gotten a lot of positive feedback on our technical round and so decided to post a small write up, without giving away too many details :), on what the actual process is like and more importantly why we feel like leetcode style interviews are missing the mark.
Let us know what you think!
https://redd.it/1lagxlf
@r_devops
Hey all, we've gotten a lot of positive feedback on our technical round and so decided to post a small write up, without giving away too many details :), on what the actual process is like and more importantly why we feel like leetcode style interviews are missing the mark.
Let us know what you think!
https://redd.it/1lagxlf
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How can I start working as a devops contractor?
I'm currently working full-time for a business in Argentina. I'm really keen to start taking on smaller, part-time DevOps projects on the side (building CI/CD pipelines, automating infrastructure with IaC, or setting up cloud resources, etc).
I have two main questions:
1. How can I get started as a DevOps freelancer?
2. And which platforms or communities are best for finding part-time or freelance DevOps opportunities?
Any advice or personal experiences would be super appreciated!
https://redd.it/1lakvxd
@r_devops
I'm currently working full-time for a business in Argentina. I'm really keen to start taking on smaller, part-time DevOps projects on the side (building CI/CD pipelines, automating infrastructure with IaC, or setting up cloud resources, etc).
I have two main questions:
1. How can I get started as a DevOps freelancer?
2. And which platforms or communities are best for finding part-time or freelance DevOps opportunities?
Any advice or personal experiences would be super appreciated!
https://redd.it/1lakvxd
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Aws production project resource
Hi folks,
Please can anyone help me with production/corporate level project which I can implement on my own , I want to get hands on for advance level services but cost shoudl be bearable any youtube video/course/any idea which is really helpful in real world will do .services can be auto scaling ,load balancer , eks , also can add terraform in the mix
https://redd.it/1lan8bz
@r_devops
Hi folks,
Please can anyone help me with production/corporate level project which I can implement on my own , I want to get hands on for advance level services but cost shoudl be bearable any youtube video/course/any idea which is really helpful in real world will do .services can be auto scaling ,load balancer , eks , also can add terraform in the mix
https://redd.it/1lan8bz
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Job interview in 4 days for a Work-study DevOps job, what should I learn during this time ?
Hey all !
So as the title say, I have a job interview for a work-study jobs soon.
I have some basic DevOps knowledge, I did a school project that allowed me to learn the basis of Vagrant, K3S and K3D. Basically, I know how to set up a K3S cluster with multiple app and an Ingress to redirect to the required app using the HOST rule. All was fully automated using Python/Bash scripting.
I also have good knowledge of docker, having set up a homelab with multiple dockerised app.
I am very interested in the field, but the massive amount of things to learn make it seems very daunting.
Do you have any tips on what I should dig into before my interview ?
Thanks a lot in advance !
https://redd.it/1laj4so
@r_devops
Hey all !
So as the title say, I have a job interview for a work-study jobs soon.
I have some basic DevOps knowledge, I did a school project that allowed me to learn the basis of Vagrant, K3S and K3D. Basically, I know how to set up a K3S cluster with multiple app and an Ingress to redirect to the required app using the HOST rule. All was fully automated using Python/Bash scripting.
I also have good knowledge of docker, having set up a homelab with multiple dockerised app.
I am very interested in the field, but the massive amount of things to learn make it seems very daunting.
Do you have any tips on what I should dig into before my interview ?
Thanks a lot in advance !
https://redd.it/1laj4so
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Suggest good kubernetes project for hands-on learning and resume.
I have spent the past one month learning kubernetes from mumshad manobad course on udemy now want to apply my knowledge on some real projects in the process creating some good projects to showcase in my resume to the hiring manager that I have project based experience in kubernetes Thank you all.
https://redd.it/1lantrh
@r_devops
I have spent the past one month learning kubernetes from mumshad manobad course on udemy now want to apply my knowledge on some real projects in the process creating some good projects to showcase in my resume to the hiring manager that I have project based experience in kubernetes Thank you all.
https://redd.it/1lantrh
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
We've built BYOC support using multiple single-node deployments, now introducing K3s based clustering for our PaaS. Looking for thoughts.
We’re building **dflow.sh**, a self-hostable PaaS that lets you deploy apps on your own servers or use a pay-as-you-go infrastructure we provide. Think of it like Railway or Heroku, but with full control over infrastructure and more DevOps transparency.
Right now, our "Bring Your Own Cloud" (BYOC) mode is live and stable. It supports multi-server deployments, but each server acts independently (no cluster setup). This makes it super simple to get started, just add a VPS and deploy your projects. Each project is coupled with a server, and all services related to a project are specific to one server.
We’re now working on our pay-as-you-go mode, and for this, we’re going with a K3s-based cluster architecture, where:
One machine (in our pool) acts as the server node
Others join as worker nodes
This unlocks scaling, better scheduling, and multi-tenant efficiency
We're also considering eventually offering this same K3s cluster-based setup for BYOC users, where one of their own machines can act as the K3s server, and the rest join as workers. That said, this comes with tradeoffs:
Pros: Horizontal scaling, service mesh, better scheduling
Cons: Higher baseline resource usage, trickier setup, more networking considerations (especially cross-region or mixed-cloud)
We’re leaning toward offering the clustering setup for advanced users later, but only once our managed (pay-as-you-go) mode is rock solid.
Curious to hear from others in the DevOps space:
Have you implemented K3s in user-owned or hybrid cloud environments?
What’s your take on offering cluster setups in a BYOC model?
Would you stick with simpler per-server deployments, or offer a toggle for more scalable cluster-based orchestration?
Would love to hear your thoughts, especially if you’ve done something similar in your PaaS, agency, or internal tooling.
https://redd.it/1lawp7k
@r_devops
We’re building **dflow.sh**, a self-hostable PaaS that lets you deploy apps on your own servers or use a pay-as-you-go infrastructure we provide. Think of it like Railway or Heroku, but with full control over infrastructure and more DevOps transparency.
Right now, our "Bring Your Own Cloud" (BYOC) mode is live and stable. It supports multi-server deployments, but each server acts independently (no cluster setup). This makes it super simple to get started, just add a VPS and deploy your projects. Each project is coupled with a server, and all services related to a project are specific to one server.
We’re now working on our pay-as-you-go mode, and for this, we’re going with a K3s-based cluster architecture, where:
One machine (in our pool) acts as the server node
Others join as worker nodes
This unlocks scaling, better scheduling, and multi-tenant efficiency
We're also considering eventually offering this same K3s cluster-based setup for BYOC users, where one of their own machines can act as the K3s server, and the rest join as workers. That said, this comes with tradeoffs:
Pros: Horizontal scaling, service mesh, better scheduling
Cons: Higher baseline resource usage, trickier setup, more networking considerations (especially cross-region or mixed-cloud)
We’re leaning toward offering the clustering setup for advanced users later, but only once our managed (pay-as-you-go) mode is rock solid.
Curious to hear from others in the DevOps space:
Have you implemented K3s in user-owned or hybrid cloud environments?
What’s your take on offering cluster setups in a BYOC model?
Would you stick with simpler per-server deployments, or offer a toggle for more scalable cluster-based orchestration?
Would love to hear your thoughts, especially if you’ve done something similar in your PaaS, agency, or internal tooling.
https://redd.it/1lawp7k
@r_devops
dFlow
dFlow is a modern PaaS platform that lets you deploy services, manage infrastructure, view logs, connect domains, and scale effortlessly all from a unified DevOps dashboard.
Linux Foundation's Free course worth learning?
I am an undergraduate in final year and I wish to learn cloud tech and kubernetes. I only know a minimal amount of Docker and did some projects with AWS EC2 and S3 and some web dev. I recently came across LF's free courses and not sure if they are good as the paid ones. Do you guys have any recommendation for learning cloud tech and k8s and devops tools? Books , online courses, labs, project ideas ? anything
https://redd.it/1lb06b1
@r_devops
I am an undergraduate in final year and I wish to learn cloud tech and kubernetes. I only know a minimal amount of Docker and did some projects with AWS EC2 and S3 and some web dev. I recently came across LF's free courses and not sure if they are good as the paid ones. Do you guys have any recommendation for learning cloud tech and k8s and devops tools? Books , online courses, labs, project ideas ? anything
https://redd.it/1lb06b1
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Stages of YAML
- denial: no way YAML is that bad
- anger: everything stopped working because YAML indentation is wrong?!?
- bargaining: if I get this YAML right I won't need to touch it again
- depression: I'll be jerking off YAML files forever
- acceptance: at least now AI is writing my YAML
https://redd.it/1lb1f7h
@r_devops
- denial: no way YAML is that bad
- anger: everything stopped working because YAML indentation is wrong?!?
- bargaining: if I get this YAML right I won't need to touch it again
- depression: I'll be jerking off YAML files forever
- acceptance: at least now AI is writing my YAML
https://redd.it/1lb1f7h
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Found out we were leaking user session tokens into logs
I was reviewing logs for a separate bug and noticed a few long strings that looked too random to be normal. Turned out they were full auth tokens being dumped into our application logs during request error handling.
It was coming from a catch block that logged the entire request object for debugging. Problem is, the auth middleware attaches the decoded token there, including sensitive info.
This had been running for weeks. Luckily the logs were internal-only and access-controlled, but it’s still a pretty serious mistake.
Got blackbox to scan the codebase for other places we might be logging full request or headers, and found two similar cases, one in a background worker, one in an old admin-only route.
Sanitized those, added a middleware to strip tokens from error logs by default, and created a basic check to prevent this kind of logging in CI.
made me rethink how easily private data can slip into logs. It’s not even about malicious intent, just careless logging when debugging. worth checking if your codebase has something similar.
https://redd.it/1lb2v7n
@r_devops
I was reviewing logs for a separate bug and noticed a few long strings that looked too random to be normal. Turned out they were full auth tokens being dumped into our application logs during request error handling.
It was coming from a catch block that logged the entire request object for debugging. Problem is, the auth middleware attaches the decoded token there, including sensitive info.
This had been running for weeks. Luckily the logs were internal-only and access-controlled, but it’s still a pretty serious mistake.
Got blackbox to scan the codebase for other places we might be logging full request or headers, and found two similar cases, one in a background worker, one in an old admin-only route.
Sanitized those, added a middleware to strip tokens from error logs by default, and created a basic check to prevent this kind of logging in CI.
made me rethink how easily private data can slip into logs. It’s not even about malicious intent, just careless logging when debugging. worth checking if your codebase has something similar.
https://redd.it/1lb2v7n
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
What are some small changes you've made that significantly reduced Kubernetes costs?
We would love to hear practical advice on how to maximise our cluster spend. For instance, automating scale-down for developer namespaces or appropriately sizing requests and limits.What did you find to be the most effective? Bonus points for using automation or tools!
https://redd.it/1lb3lrr
@r_devops
We would love to hear practical advice on how to maximise our cluster spend. For instance, automating scale-down for developer namespaces or appropriately sizing requests and limits.What did you find to be the most effective? Bonus points for using automation or tools!
https://redd.it/1lb3lrr
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Kube composer free open source tool to generate kubernetes configuration and visualizing it .
My first project Free and open source tool to generate kubernetes configuration and visualizing resources.
It’s great for kubernetes starters and developers.
Please support us on github and give us star ⭐️ if you like it .
https://github.com/same7ammar/kube-composer
https://redd.it/1lb2yw8
@r_devops
My first project Free and open source tool to generate kubernetes configuration and visualizing resources.
It’s great for kubernetes starters and developers.
Please support us on github and give us star ⭐️ if you like it .
https://github.com/same7ammar/kube-composer
https://redd.it/1lb2yw8
@r_devops
GitHub
GitHub - same7ammar/kube-composer: Open-Source Kubernetes YAML Builder with Intuitive Web Interface and Dynamic Visualization for…
Open-Source Kubernetes YAML Builder with Intuitive Web Interface and Dynamic Visualization for Developers and DevOps Engineers - same7ammar/kube-composer