Just got invited to a technical interview at Forvia. They seem heavily Windows-focused.

Mission:

Implement, automate, and continuously improve development, integration, and deployment processes (CI/CD), in close collaboration with development and operations teams.



Skills:



Tools: Azure DevOps, Git, Docker, Kubernetes (a plus)
Languages: C#, .NET, PowerShell or Bash scripting
Methods: Continuous Integration, Continuous Deployment, TDD
Environments: Windows Server, MSSQL, Azure Cloud



Profile:

Bachelor’s in Computer Science
Good level of English
Collaborative mindset, rigorous, autonomous
DevOps certification is a plus

How mush Windows server, PowerShell stuff do you think I will have to do
I'm more of a Linux user, never used azure. I have some experience with AWS.
I really hate windows.

https://redd.it/1lhbfou
@r_devops

🚀 Launching a New Cloud & DevOps Channel On WhatsApp! Looking for passionate admins to help build and grow a vibrant tech community. ☁️👨‍💻🔥

We're looking for experienced, self-motivated admins who live and breathe Cloud, DevOps, and Open Source culture. If you're passionate about automation, containerization, infrastructure as code, and sharing wisdom .. we need you! 🧠💻

Think of it as a selective, high-signal version of the DevOps subreddit — but delivered straight to your WhatsApp, real-time, curated, and community-driven. 🔥


🎯 What this channel brings:

📰 The latest in Cloud & DevOps news

📚 Curated resources from top engineers & open-source projects

💡 Daily tips, tricks & tools from the trenches

🤯 Fun facts & real talk about what it’s really like working in tech

🚫 The dos and don’ts of professional work life no one teaches you

🧘‍♂️ Smart takes on workplace well-being & career longevity


This isn't just another forward-spam group
it's an open-source-style revolution in community learning, where we grow together, stay ahead, and support each other.


🎖️ Become a founding admin. Help us lead this space with purpose, passion, and a bit of bash scripting.




https://redd.it/1lhcy68
@r_devops

Devops folks, are you using ai for infra tasks yet, or is it still too risky?

I’ve seen a few tools now claiming they can help with infrastructure-as-code, dockerfile optimisation, CI/CD pipeline generation, and even kubernetes YAML generation using ai prompts.

But I’m still hesitant to trust ai with things that touch production or deployment logic.

anyone here actually using ai to help with devops tasks in a real workflow?

any tools you trust (or don’t)?

Is it good for boilerplate only, or have you let it touch live infra?
any close calls or success stories?

https://redd.it/1lhdw7d
@r_devops

From 0 to 240⭐ in 2 weeks—and then this happened! 🚀

Hey r/devops I launched my side project DevOps: Learn by Doing at the start of the month to curate free, hands-on labs and end-to-end projects. Two weeks later it’s racked up 240+ stars on GitHub—thanks to all of you! 🙌

But the real plot twist? I just got an email from Yevgeniy Brikman (Gruntwork himself) saying he loved the idea so much he’s sending me a print copy of - Fundamentals of DevOps and Software Delivery! 😱📚

I definitely didn’t expect this kind of ROI from a humble repo—guess my next KPI is “books received”! 😂

Huge thanks to everyone who starred, shared, or contributed.

linkedin post for more details : https://www.linkedin.com/feed/update/urn:li:activity:7342405110272008193/

https://redd.it/1lhfc86
@r_devops

The CoinMarketCap attack

My team did a write up on the CoinMarketCap attack of yesterday. Would love your perspective. Client-side attacks are scary and on the rise. It’s obvious that bad actors have figured out that no one really monitors how their application behaves in the browser of a user.

https://cside.dev/blog/coinmarketcap-client-side-attack-a-comprehensive-analysis

https://redd.it/1lhfg5c
@r_devops

What are Buildkite and ArgoCD for?

I saw a job posting of a big tech company for a site reliability engineer role which contains the following bulletpoint:

> Expert knowledge of continuous deployment systems such as Buildkite and ArgoCD

I have set up a lot continuous delivery mechanisms and have worked with a lot CI/CD over the past 7-8 years but I don't know Buildkite and ArgoCD. We have always just used a gitlab-ci.yml, a GitHub workflow, Azure pipelines or the like and it works great.

Can someone tell me what the benefits of Buildkite, ArgoCD et al. are? I've googled it of course but I don't see anything that wouldn't work with GitHub actions for example.

https://redd.it/1lhko66
@r_devops

Creating virtual environment from scratch

For the sake of practice, I am creating a home/dev lab environment with proxmox. Later on, I will probably try to go hybrid to have onprem dev and "prod" on AWS. Do you guys have any tips for what I could include, or some techniques for managing resources, or advices in general that would be nice to learn while i build everything from scratch? So far I have made some ansible roles for LXC and VM creation/config, gitlab deployment and configuration, and (on the lower layer) I have set up high availability with ZFS shared pools. I plan on getting into the terraform, packer, and cloudinit stack as my next move. For CI/CD pipeline I will probably go with gitlab runners for now. Also for monit I am thinking zabbix+grafana with automated deployment through ansible.

https://redd.it/1lhl447
@r_devops

Which AWS services are must-know for real-world DevOps tasks

Hello guys, can you please list the must know AWS services for real world DevOps tasks ?

https://redd.it/1lhl1iz
@r_devops

A Decade of Cloud Native: The CNCF’s 10-Year Journey

I just published a detailed, historical breakdown of CNCF’s 10-year journey:
From Kubernetes and Prometheus to 30+ graduated projects and 200K+ contributors — this post covers it all: major milestones, ecosystem growth, governance model, and community evolution.

Would love feedback:
https://blog.abhimanyu-saharan.com/posts/a-decade-of-cloud-native-the-cncf-s-10-year-journey

https://redd.it/1lhpf1s
@r_devops

What tech role should I aim if I'm not keen on web dev?

So I'm a computer student trying to aim at a role and techstack. I don't see myself building a visually appealing website so frontend is probably not for me. Based on my strengths and weaknesses, I need recommendations on what role i would fit into :

I used to root phones and install custom roms as a hobby. For the time being I'm playing around with basic Linux commands on a virtual machine. I am terrible at DSA and don't know any JS frameworks. I see everyone around me jumping into the MERN bandwagon, but it never really caught my eyes. I have basic Python knowledge and would probably stick to it. C, Java and SQL have been taught on a college level only.

I have researched a bit and tried to look into SysOps and DevOps roles. Naturally the next question which arises is whether there are enough job oppurtunities for freshers? If yes then how do I begin my journey?

Thank you

https://redd.it/1lhwmo6
@r_devops

U definately need it...... Futuretechdomaingenerator.com

I need a catchy domain name for my startup! Also me: *builds entire domain generator instead of just picking one.. I present to you futuretechdomaingenerator.com 😄

https://redd.it/1lhz9kl
@r_devops

How Role of AI 🤖 can play a big role in Recruitment also… ?

Sharing practical use case where AI 🤖 can play a major role… Any Thoughts on the same

AI vs HR: Who Wins the Future of Work?
https://youtu.be/MfzSZbdLX7E


https://redd.it/1li4hdo
@r_devops

GitHub Action Logs Show PM2 Reloaded, but API Not Actually Restarting — How to Debug?

I'm running an Express API on a remote VPS and attempting to automate deployments using GitHub Actions. The API process is running on the VPS using PM2 in cluster mode, with configurations defined in an ecosystem.config.cjs file.

The action fetches updated code, runs standard dependency installment/migrations commands, and finally runs this command for a zero-downtime reload of the API process: pm2 reload config/ecosystem.config.cjs

Again, the GitHub Action logs for this step appear to be successful, printing this output:

♻️ Reloading PM2 in cluster mode...

PM2 Applying action reloadProcessId on app ***

PM2 *** ✓

PM2 *** ✓

PM2 *** ✓

=========================================
✅ Successfully executed commands to all hosts.
=========================================



But checking my PM2 logs and observing subsequent behavior, it is clear that the server both did not actually reload, and is not reflecting the recently made changes. However, when I manually SSH into the VPS and run that exact same command, it prints the same success log and DOES actually reload the server and start executing the new code.

I have also confirmed that the other steps from the deployment really are succeeding - the new code is being properly fetched and copied into the file location on the VPS. The only problem is that the server is not actually reloading, which is bizarre because the GHA logs say that it is.

I've tried manually stopping, deleting and starting the PM2 process fresh in case it didn't pick up changes to the ecosystem config file from when the process was originally started. I've also confirmed the env variables it needs access to are being properly loaded in and accessible (I also use a secrets manager I've omitted from here, which prefixes the pm2 reload command - and again, it seems to be working as expected).

The only other piece of relevant information I'll note is that I struggled quite a bit to get the ecosystem.config.cjs file working as expected. My API uses ESM throughout, but I was only able to get the ecosystem config file to work when I changed it to .cjs.

I am a reasonably experienced web developer, but new to devops and to hosting my own production-ready project. Anyone more experienced have a clue what might be happening here, or have ideas as to how I can further diagnose?

https://redd.it/1li61it
@r_devops

I was asked to design a distributed key-value storage in a DevOps interview, is this normal?

I didn't expect this kind of question and got caught completely off-guard. I answered etcd and Raft, but obviously the interviewer wanted me to design the internals. I couldn't answer anything so I failed. I Googled the Raft implementation right after the interview and understand how it works now.
Is this normal for DevOps interviews? If yes, is there a list of protocol/architectural readings that I need to know before the next one?

https://redd.it/1li7dte
@r_devops

How can I configure Dex to issue an OIDC token for Google Cloud (Workload Identity Federation)?

Hi everyone 🤗.

I currently have a server hosted on Hetzner VPS. I want to access Artifact Registry to pull a Docker image using Docker Compose, and then grant access to the image for Vertex AI and Cloud Storage.


Google discourages the use of Service Account Keys and recommends using OIDC instead.

After digging in, I've begun setting up Dex and Nginx to create my own OIDC provider that could authenticate against Google Cloud.


I'm able to issue ID tokens within Dex, but when I call the STS Token endpoint from Google Cloud I get:

{
"error": "invalidrequest",
"errordescription": "Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."
}{
"error": "invalidrequest",
"errordescription": "Invalid value for \"audience\". This value should be the full resource name of the Identity Provider. See https://cloud.google.com/iam/docs/reference/sts/rest/v1/TopLevel/token for the list of possible formats."
}


Which is to be expected as I decode the JWT and the audience returns me: `private-client` and not the path.

{
  "iss": "https://auth.example.comss",
  "sub": "CiQwOGE4Njg0Yi1kYjg4LTRiNzMtOTBhOS0zY2QxNjYxZjU0NjYSBWxvY2Fs",
  "aud": "private-client",
  "exp": 1750691423,
  "iat": 1750605023,
  "at_hash": "vYjPyKHYJodj0ahw9dIT_Q"
}

Here's my dex configuration:



# dex/config.yaml - Alternative configuration using password flow
issuer: https://auth.example.ai

storage:
type: sqlite3
config:
file: /data/dex.db
web:
# Listen on HTTP (if behind a reverse proxy or for local testing)
http: 0.0.0.0:5556
# If Dex should serve TLS itself (no proxy), enable HTTPS and provide cert/key:
# https: 0.0.0.0:443
# tlsCert: /etc/dex/tls/fullchain.pem # path to TLS certificate
# tlsKey: /etc/dex/tls/privkey.pem # path to TLS private key

# Enable built-in static password authentication
staticClients:
- id: public-client
public: true
name: 'Public Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
- id: private-client
secret: app-secret
name: 'Private Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
audience:
- '//iam.googleapis.com/projects/11111111/locations/global/workloadIdentityPools/hetzner-pool/providers/hetzner-provider'
# Set up an test user
staticPasswords:
- email: '[email protected]'
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash: '$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W'
username: 'admin'
userID: '08a8684b-db88-4b73-90a9-3cd1661f5466'

# Enable local users
enablePasswordDB: true
# Allow password grants with local users
oauth2:
passwordConnector: local

# dex/config.yaml - Alternative configuration using password flow
issuer: https://auth.example.ai


storage:
type: sqlite3
config:
file: /data/dex.db
web:
# Listen on HTTP (if behind a reverse proxy or for local testing)
http: 0.0.0.0:5556

# Enable built-in static password authentication
staticClients:
- id: public-client
public: true
name: 'Public Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
- id: private-client
secret: app-secret
name: 'Private Client'
redirectURIs:
- 'https://auth.example.ai/oidc/callback'
audience:
- '//iam.googleapis.com/projects/11111111/locations/global/workloadIdentityPools/hetzner-pool/providers/hetzner-provider'
# Set up an test user
staticPasswords:
- email: '[email protected]'

# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash: '$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W'
username: 'admin'
userID: '08a8684b-db88-4b73-90a9-3cd1661f5466'


# Enable local users
enablePasswordDB: true
# Allow password grants with local users
oauth2:
passwordConnector: local


I've run the following on GCP:

    gcloud iam workload-identity-pools create $POOL_ID \
      --location="global" \
      --description="Pool for Hetzner workloads" \
      --display-name="Hetzner Pool" \
      --project=$PROJECT_ID

gcloud iam workload-identity-pools providers create-oidc $PROVIDER_ID \
  --location="global" \
  --workload-identity-pool=$POOL_ID \
  --issuer-uri="https://auth.example.ai" \
  --allowed-audiences="//iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_ID" \
  --attribute-mapping="google.subject=assertion.sub,attribute.email=assertion.email,attribute.groups=assertion.groups" \
  --project=$PROJECT_ID

  gcloud iam service-accounts add-iam-policy-binding $SERVICE_ACCOUNT \
  --member="principal://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_ID/subject/$SUBJECT" \
  --role="roles/iam.serviceAccountTokenCreator" \
  --project=$PROJECT_ID

gcloud iam workload-identity-pools add-iam-policy-binding $POOL_ID \
  --location="global" \
  --member="principal://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$POOL_ID/subject/$SUBJECT" \
  --role="roles/iam.workloadIdentityUser" \
  --project=$PROJECT_ID

https://redd.it/1li7cn4
@r_devops

How to reach the devops or cloud people that need remote support?

So I'm a person from DevOps and Cloud field, and started my gigs on fiverr. I've been thinking about how to gets or reach those clients through mail. I've been doing client support and remote support work for few clients and I'm starting towards freelancing. So what are your thoughts, how will you reach somebody for work support etc?

https://redd.it/1li89s3
@r_devops

AWS terraform documentation feels like trash

Hi, I recently started working on AWS using terraform. And to be honest I am quite disappointed with the implementation of modules and their official documentation. I also work with azure using terraform and their implementation and documentation of modules A4 much more comprehensive, mature and well designed.

Do you also face issues while working with AWS terraform?What do refer when you're stuck ? Would love to hear your thoughts and experience.

Thanks in advance.

https://redd.it/1liat8s
@r_devops

Airflow webserver UI - integrate LDAP with Kerberos?


Is it possible to do away with ldap bind username and password and instead use Kerberos instead? We are on airflow2 and a lot of the answers is for airflow1. There is also a lack of examples on implementing this. Please is anyone able to advise?

https://redd.it/1liersm
@r_devops

Will learning devops help me become a better backend developer?

I have studied primarily Java and Python for 2 years. I love backend and have built a couple of rest APIs. But I’m still a newbie and want to get even better at it.

I’ve got 2 options now:
A) study devops for 2 years, this is new for me
B) study frontend for 2 years, this is not new for me, so I would just take a lot of the free time to build my own projects

Now the only reason I am considering devops is that I don’t know much about it, so if it can actually help me become better at backend, I would love to study it for that sake!

https://redd.it/1lif7ja
@r_devops

Lessons from comparing SSO vendors for a growing SaaS platform

We had to scale from homegrown auth to proper SSO and dug into a bunch of vendors — from developer-focused ones like FusionAuth and WorkOS to enterprise stacks like Okta and Microsoft Entra.

Comparing deployment models, docs, SDKs, SCIM support, and pricing taught us a lot.

Anyone else go through this recently? Curious what you optimized for — integration speed? CIAM vs workforce? Multi-tenant support?

https://redd.it/1lihsul
@r_devops