Dealing with Terraform Drift

i got tired of dealing with drift and i didnt want to pay for terraform cloud or other SAAS solutions so i built a drift detector that gives you a table/html page

tfdrift

wrote a blog about it https://substack.com/@devopsdaily/p-166303218

just wanted to share with the community, feel free to try out!

Note: remember to download the binary (or build if building golang locally) with the right GOOS and GOARCH. There are issues with which aws provider binary depending on what binary the tool is built it

https://redd.it/1lh1ufl
@r_devops

Is k8s the best way to deploy this?

https://i.postimg.cc/prymfX7p/IMG-20250621-212721.jpg

Is k8s the best way to deploy a microservice based project , as shown in the above image , each pointed folder is a microservice but are these not in a monorepo. Two of these microservice rely on postgres and kafka docker images. I'd really appreciate your help.

https://redd.it/1lh02xq
@r_devops

How likely is a career switch from DevOps to Golang Dev?

Im 30 year old, started 5 years ago with linux administattion and then jumped to DevOps.

Golang has always been a passion and i was exited when i landed a job where our stack was half Go half Node.

But ive never gotten around to seriously coding in go and have no professional experience other than making a few bespoke tools that work in our infrastructure.

Our devs are pretty lazy so i usually take up the task of profiling, debugging and ever so often push commits to fix bugs or align the code to our convention.

So, is a career change at this moment even possible? If yes, how should i go about this? Try to contribute to our go code or create my portfolio?

https://redd.it/1lh4y6l
@r_devops

Working on a drop-in replacement for InfluxDB v1 - looking for feedback from DevOps users (I will not promote)

Hi Everyone,

I'm working on a drop-in replacement for InfluxDB v1, aimed at solving some of the frustrations I have had with it over the years. Particularly around memory usage, write throughput, cardinality etc. It's still early days, and I’m trying to gather feedback before carry on down a specific route.

I’d love to hear from anyone who has used InfluxDB (v1 in particular):
What did you love?
What drove you nuts?
If you moved off of it, why?
What did you switch to?

Key goals I’m pursuing:

Easy migration: reuse the same line protocol and nearly full InfluxQL support
Does not explode on high cardinality queries.
Better long-term storage.
Lower Latency Queries

This isn't a pitch, I will not promote, it's an open call for feedback from the trenches. I’ll eventually open source the project, but right now I want to make sure it’s solving the right problems.

Let me know what you think!

(I used GPT to help write this, words are hard)

https://redd.it/1lh53s2
@r_devops

Setup your AWS infra, just by stating the requirements and pushing a button

See how the AI agents tackles the challenge to do a real Upwork job. The agents sets up an ec2 instance, installs and runs n8n on it along with a custom domain and ssl certificates. All under an hour. With zero human intervention.
Short video : https://youtu.be/kCQ2YLDLZ4Y
full video : https://youtu.be/PKTtNl3Puko

https://redd.it/1lh8d7o
@r_devops

Roast my resume

I need a good and thorough roasting of my resume. 100 applications these last couple of months and only got 3 interviews. I'm not american and don't live in the US if that matters, I'm applying for local jobs, not for international roles.

this is the link, tear it apart: https://i.imgur.com/Z4UQqk2.jpeg

I wonder if I should even include the projects section in there, I was almost never asked about them during the interviews.

https://redd.it/1lh9hvx
@r_devops

Just got invited to a technical interview at Forvia. They seem heavily Windows-focused.

Mission:

Implement, automate, and continuously improve development, integration, and deployment processes (CI/CD), in close collaboration with development and operations teams.



Skills:



Tools: Azure DevOps, Git, Docker, Kubernetes (a plus)
Languages: C#, .NET, PowerShell or Bash scripting
Methods: Continuous Integration, Continuous Deployment, TDD
Environments: Windows Server, MSSQL, Azure Cloud



Profile:

Bachelor’s in Computer Science
Good level of English
Collaborative mindset, rigorous, autonomous
DevOps certification is a plus

How mush Windows server, PowerShell stuff do you think I will have to do
I'm more of a Linux user, never used azure. I have some experience with AWS.
I really hate windows.

https://redd.it/1lhbfou
@r_devops

🚀 Launching a New Cloud & DevOps Channel On WhatsApp! Looking for passionate admins to help build and grow a vibrant tech community. ☁️👨‍💻🔥

We're looking for experienced, self-motivated admins who live and breathe Cloud, DevOps, and Open Source culture. If you're passionate about automation, containerization, infrastructure as code, and sharing wisdom .. we need you! 🧠💻

Think of it as a selective, high-signal version of the DevOps subreddit — but delivered straight to your WhatsApp, real-time, curated, and community-driven. 🔥


🎯 What this channel brings:

📰 The latest in Cloud & DevOps news

📚 Curated resources from top engineers & open-source projects

💡 Daily tips, tricks & tools from the trenches

🤯 Fun facts & real talk about what it’s really like working in tech

🚫 The dos and don’ts of professional work life no one teaches you

🧘‍♂️ Smart takes on workplace well-being & career longevity


This isn't just another forward-spam group
it's an open-source-style revolution in community learning, where we grow together, stay ahead, and support each other.


🎖️ Become a founding admin. Help us lead this space with purpose, passion, and a bit of bash scripting.




https://redd.it/1lhcy68
@r_devops

Devops folks, are you using ai for infra tasks yet, or is it still too risky?

I’ve seen a few tools now claiming they can help with infrastructure-as-code, dockerfile optimisation, CI/CD pipeline generation, and even kubernetes YAML generation using ai prompts.

But I’m still hesitant to trust ai with things that touch production or deployment logic.

anyone here actually using ai to help with devops tasks in a real workflow?

any tools you trust (or don’t)?

Is it good for boilerplate only, or have you let it touch live infra?
any close calls or success stories?

https://redd.it/1lhdw7d
@r_devops

From 0 to 240⭐ in 2 weeks—and then this happened! 🚀

Hey r/devops I launched my side project DevOps: Learn by Doing at the start of the month to curate free, hands-on labs and end-to-end projects. Two weeks later it’s racked up 240+ stars on GitHub—thanks to all of you! 🙌

But the real plot twist? I just got an email from Yevgeniy Brikman (Gruntwork himself) saying he loved the idea so much he’s sending me a print copy of - Fundamentals of DevOps and Software Delivery! 😱📚

I definitely didn’t expect this kind of ROI from a humble repo—guess my next KPI is “books received”! 😂

Huge thanks to everyone who starred, shared, or contributed.

linkedin post for more details : https://www.linkedin.com/feed/update/urn:li:activity:7342405110272008193/

https://redd.it/1lhfc86
@r_devops

The CoinMarketCap attack

My team did a write up on the CoinMarketCap attack of yesterday. Would love your perspective. Client-side attacks are scary and on the rise. It’s obvious that bad actors have figured out that no one really monitors how their application behaves in the browser of a user.

https://cside.dev/blog/coinmarketcap-client-side-attack-a-comprehensive-analysis

https://redd.it/1lhfg5c
@r_devops

What are Buildkite and ArgoCD for?

I saw a job posting of a big tech company for a site reliability engineer role which contains the following bulletpoint:

> Expert knowledge of continuous deployment systems such as Buildkite and ArgoCD

I have set up a lot continuous delivery mechanisms and have worked with a lot CI/CD over the past 7-8 years but I don't know Buildkite and ArgoCD. We have always just used a gitlab-ci.yml, a GitHub workflow, Azure pipelines or the like and it works great.

Can someone tell me what the benefits of Buildkite, ArgoCD et al. are? I've googled it of course but I don't see anything that wouldn't work with GitHub actions for example.

https://redd.it/1lhko66
@r_devops

Creating virtual environment from scratch

For the sake of practice, I am creating a home/dev lab environment with proxmox. Later on, I will probably try to go hybrid to have onprem dev and "prod" on AWS. Do you guys have any tips for what I could include, or some techniques for managing resources, or advices in general that would be nice to learn while i build everything from scratch? So far I have made some ansible roles for LXC and VM creation/config, gitlab deployment and configuration, and (on the lower layer) I have set up high availability with ZFS shared pools. I plan on getting into the terraform, packer, and cloudinit stack as my next move. For CI/CD pipeline I will probably go with gitlab runners for now. Also for monit I am thinking zabbix+grafana with automated deployment through ansible.

https://redd.it/1lhl447
@r_devops

Which AWS services are must-know for real-world DevOps tasks

Hello guys, can you please list the must know AWS services for real world DevOps tasks ?

https://redd.it/1lhl1iz
@r_devops

A Decade of Cloud Native: The CNCF’s 10-Year Journey

I just published a detailed, historical breakdown of CNCF’s 10-year journey:
From Kubernetes and Prometheus to 30+ graduated projects and 200K+ contributors — this post covers it all: major milestones, ecosystem growth, governance model, and community evolution.

Would love feedback:
https://blog.abhimanyu-saharan.com/posts/a-decade-of-cloud-native-the-cncf-s-10-year-journey

https://redd.it/1lhpf1s
@r_devops

What tech role should I aim if I'm not keen on web dev?

So I'm a computer student trying to aim at a role and techstack. I don't see myself building a visually appealing website so frontend is probably not for me. Based on my strengths and weaknesses, I need recommendations on what role i would fit into :

I used to root phones and install custom roms as a hobby. For the time being I'm playing around with basic Linux commands on a virtual machine. I am terrible at DSA and don't know any JS frameworks. I see everyone around me jumping into the MERN bandwagon, but it never really caught my eyes. I have basic Python knowledge and would probably stick to it. C, Java and SQL have been taught on a college level only.

I have researched a bit and tried to look into SysOps and DevOps roles. Naturally the next question which arises is whether there are enough job oppurtunities for freshers? If yes then how do I begin my journey?

Thank you

https://redd.it/1lhwmo6
@r_devops

U definately need it...... Futuretechdomaingenerator.com

I need a catchy domain name for my startup! Also me: *builds entire domain generator instead of just picking one.. I present to you futuretechdomaingenerator.com 😄

https://redd.it/1lhz9kl
@r_devops

How Role of AI 🤖 can play a big role in Recruitment also… ?

Sharing practical use case where AI 🤖 can play a major role… Any Thoughts on the same

AI vs HR: Who Wins the Future of Work?
https://youtu.be/MfzSZbdLX7E


https://redd.it/1li4hdo
@r_devops

GitHub Action Logs Show PM2 Reloaded, but API Not Actually Restarting — How to Debug?

I'm running an Express API on a remote VPS and attempting to automate deployments using GitHub Actions. The API process is running on the VPS using PM2 in cluster mode, with configurations defined in an ecosystem.config.cjs file.

The action fetches updated code, runs standard dependency installment/migrations commands, and finally runs this command for a zero-downtime reload of the API process: pm2 reload config/ecosystem.config.cjs

Again, the GitHub Action logs for this step appear to be successful, printing this output:

♻️ Reloading PM2 in cluster mode...

PM2 Applying action reloadProcessId on app ***

PM2 *** ✓

PM2 *** ✓

PM2 *** ✓

=========================================
✅ Successfully executed commands to all hosts.
=========================================



But checking my PM2 logs and observing subsequent behavior, it is clear that the server both did not actually reload, and is not reflecting the recently made changes. However, when I manually SSH into the VPS and run that exact same command, it prints the same success log and DOES actually reload the server and start executing the new code.

I have also confirmed that the other steps from the deployment really are succeeding - the new code is being properly fetched and copied into the file location on the VPS. The only problem is that the server is not actually reloading, which is bizarre because the GHA logs say that it is.

I've tried manually stopping, deleting and starting the PM2 process fresh in case it didn't pick up changes to the ecosystem config file from when the process was originally started. I've also confirmed the env variables it needs access to are being properly loaded in and accessible (I also use a secrets manager I've omitted from here, which prefixes the pm2 reload command - and again, it seems to be working as expected).

The only other piece of relevant information I'll note is that I struggled quite a bit to get the ecosystem.config.cjs file working as expected. My API uses ESM throughout, but I was only able to get the ecosystem config file to work when I changed it to .cjs.

I am a reasonably experienced web developer, but new to devops and to hosting my own production-ready project. Anyone more experienced have a clue what might be happening here, or have ideas as to how I can further diagnose?

https://redd.it/1li61it
@r_devops

I was asked to design a distributed key-value storage in a DevOps interview, is this normal?

I didn't expect this kind of question and got caught completely off-guard. I answered etcd and Raft, but obviously the interviewer wanted me to design the internals. I couldn't answer anything so I failed. I Googled the Raft implementation right after the interview and understand how it works now.
Is this normal for DevOps interviews? If yes, is there a list of protocol/architectural readings that I need to know before the next one?

https://redd.it/1li7dte
@r_devops

How can I configure Dex to issue an OIDC token for Google Cloud (Workload Identity Federation)?

Hi everyone 🤗.

I currently have a server hosted on Hetzner VPS. I want to access Artifact Registry to pull a Docker image using Docker Compose, and then grant access to the image for Vertex AI and Cloud Storage.


Google discourages the use of Service Account Keys and recommends using OIDC instead.

After digging in, I've begun setting up Dex and Nginx to create my own OIDC provider that could authenticate against Google Cloud.


I'm able to issue ID tokens within Dex, but when I call the STS Token endpoint from Google Cloud I get:

{
"error": "invalidrequest",
"errordescription": "Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."
}{
"error": "invalidrequest",
"errordescription": "Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."
}


Which is to be expected as I decode the JWT and the audience returns me: `private-client` and not the path.

{
  "iss": "https://auth.example.comss",
  "sub": "CiQwOGE4Njg0Yi1kYjg4LTRiNzMtOTBhOS0zY2QxNjYxZjU0NjYSBWxvY2Fs",
  "aud": "private-client",
  "exp": 1750691423,
  "iat": 1750605023,
  "at_hash": "vYjPyKHYJodj0ahw9dIT_Q"
}

Here's my dex configuration:



# dex/config.yaml - Alternative configuration using password flow
issuer: https://auth.example.ai

storage:
type: sqlite3
config:
file: /data/dex.db
web:
# Listen on HTTP (if behind a reverse proxy or for local testing)
http: 0.0.0.0:5556
# If Dex should serve TLS itself (no proxy), enable HTTPS and provide cert/key:
# https: 0.0.0.0:443
# tlsCert: /etc/dex/tls/fullchain.pem # path to TLS certificate
# tlsKey: /etc/dex/tls/privkey.pem # path to TLS private key

# Enable built-in static password authentication
staticClients:
- id: public-client
public: true
name: 'Public Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
- id: private-client
secret: app-secret
name: 'Private Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
audience:
- '//iam.googleapis.com/projects/11111111/locations/global/workloadIdentityPools/hetzner-pool/providers/hetzner-provider'
# Set up an test user
staticPasswords:
- email: '[email protected]'
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash: '$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W'
username: 'admin'
userID: '08a8684b-db88-4b73-90a9-3cd1661f5466'

# Enable local users
enablePasswordDB: true
# Allow password grants with local users
oauth2:
passwordConnector: local

# dex/config.yaml - Alternative configuration using password flow
issuer: https://auth.example.ai


storage:
type: sqlite3
config:
file: /data/dex.db
web:
# Listen on HTTP (if behind a reverse proxy or for local testing)
http: 0.0.0.0:5556

# Enable built-in static password authentication
staticClients:
- id: public-client
public: true
name: 'Public Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
- id: private-client
secret: app-secret
name: 'Private Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
audience:
- '//iam.googleapis.com/projects/11111111/locations/global/workloadIdentityPools/hetzner-pool/providers/hetzner-provider'
# Set up an test user
staticPasswords:
- email: '[email protected]'