Ways to get hands-on k8s experience as a manager?

I'm in a leadership role, and due to the timing of my promotion into management, I seem to have side-stepped the container revolution - I have 15 years in industry at pretty much all levels and all industries, but on the old-school VM era. My current management role has been largely hands-off from tech - I've not raised a PR on production code for years.

I'm now in the sitiation where I have no direct hands-on exposure to Kubernetes, and it seems that pretty much all jobs these days need that - even management. It's not like I'm a luddite - I know kubectl and I'm able to have a conversation about it, but I seem to be skimming off the surface for recruiters. I've had some initial chats, but no actual interviews, always because I lack "hands on" with Kubernetes.

In terms of solutions - I'm out of ideas. My current job has no feasible work where using Kubernetes hands-on would be "in scope", as I'm basically just a people manager at this stage.

I'm happy to put the money and effort into taking the CKA on my own time if it would help - but it's an expensive bet to make.

Opinions welcome!

https://redd.it/1lq4d09
@r_devops

DevOps professionals - I need your insights!

Hi everyone ☺️ I'm a postgraduate student researching racing to prove why DevOps adoption in large organisations (such as AWS, Microsoft, Google, Meta, etc) sometimes fails to match the hype.
I call it the DevOps Implementation Paradox (DIP) framework: companies adopt DevOps for prestige or branding, but face real struggles with legacy systems, culture and leadership misalignment.
For research, I'm running a quick survey (anonymous) to capture real-world challenges and enablers from engineers, SREs, DevOps leads and anyone working within this field or with CI/CD pipelines.
Your input will help expose the gap between DevOps hype and practical reality 👏🏻 and will be used ethically in my dissertation.

If you've experienced DevOps wins, frustrations, or fake "DevOps theatre" at work, I'd greatly appreciate your insights 🙏🏻

Copy survey link here:
https://docs.google.com/forms/d/e/1FAIpQLSf17Bd_kAM7G7OTeGIdq5Vcy-uGWlJ3NNaj1qzqFLKBzxkvjw/viewform?usp=header

Thank you for helping bridge the DevOps reality gap! Happy to share final insights with anyone interested.

https://redd.it/1lq75sm
@r_devops

SRE Interview Coming Up – I’m Lost!

Hey everyone!

I have an upcoming interview for a Site Reliability Engineer (SRE) position, and honestly, I don’t have much background in this area (I interned as an SDET) and don’t have any formal work experience yet.

They sent me an email outlining the main components of the technical interview:

1. Applying algorithms, data structures, and computer science fundamentals
2. Explaining and implementing solutions in code without typical engineering aids (e.g., IDEs, online documentation)
3. Communication
4. Pace and speed

I’m wondering is this all they will focus on? Am I not expected to know things like Kubernetes, AWS, CI/CD pipelines, or production logs, since none of that is on my resume?

I’d really appreciate any advice on how to prepare well for this interview.
Thank you! 🙏


https://redd.it/1lqa1br
@r_devops

How can I restrict access to a service connection in Azure DevOps to prevent misuse, while still allowing my team to deploy infrastructure using Bicep templates?

I have a team of four people, each working on a separate project. I've prepared a shared infrastructure-as-code template using Bicep, which they can reuse. The only thing they need to do is fill out a `parameters.json` file and create/run a pipeline that uses a service connection (an SPN with **Owner** rights on the subscription).

**Problem:**
Because the service connection grants Owner permissions, they could potentially write their own YAML pipelines with inline PowerShell/Bash and assign themselves or their Entra ID groups to resource groups they shouldn’t have access to( lets say team member A will try to access to team member B's project which can be sensitive but they are in the same Subscription.). This is a serious security concern, and I want to prevent this kind of privilege escalation.

**Goal:**

* Prevent abuse of the service connection (e.g., RBAC assignments to unauthorized resources).
* Still allow team members to:
* Access the shared Bicep templates in the repo.
* Fill out their own `parameters.json` file.
* Create and run pipelines to deploy infrastructure within their project boundaries.

**What’s the best practice to achieve this kind of balance between security and autonomy?**
Any guidance would be appreciated.

https://redd.it/1lq6x4g
@r_devops

What are the best Continuous Delivery tools on the market today?

I'm looking for a great CD tool that automates various stages of the software delivery pipeline, such as building, testing, packaging, and deploying... What are ya'll using these days?

https://redd.it/1lqd820
@r_devops

Splunk alerts are delayed by 15 minutes, so I started building a side project to fix it. Has anyone else done something similar?

I work in a regulated industry where fast production alerts are critical. Our team relies on Splunk, but over time it’s become so bloated that alerts can be delayed by 15 minutes. That delay has real consequences — our support team no longer trusts it.

Out of frustration, I started building my own real-time alerting system as a side project. I wanted something fast, lightweight, and self-hostable. It's still early, but I’ve already learned a lot (I even implemented passkey login recently just for fun).

I’m curious — have any of you built your own monitoring or alerting tool to replace bloated enterprise solutions like Splunk? What did you learn in the process?

Would love to hear your experiences. I'm trying to stick with this project long-term and keep improving it.

https://redd.it/1lqfv0t
@r_devops

Anyone working with MCP in VSCode for Kubernetes deployments?

I’m exploring the use of the MCP model in VSCode to streamline Kubernetes deployment workflows either by defining context-aware prompts or automating manifest generation. Curious if others are integrating MCP with Kubernetes or VSCode tasks. Any insights, repos, or use cases to share?

https://redd.it/1lqgrsm
@r_devops

How long did it take to finish KodeKloud DevOps roadmap as a beginner?

I’m a complete beginner starting the KodeKloud DevOps Engineer path.
How long did it take you guys to complete it?
And did you feel job-ready after finishing it?


https://redd.it/1lqj1is
@r_devops

Single pane of glass Observability MCP server( a Jarvis style AI assistant)

I’m excited to share a project I’ve been diligently working past month during my free time to help out #devops #sre folks who are always oncall and into “firefighting” incidents, it’s an observability MCP server.

This MCP server — whose name, Eagle-Eye acts like a Jarvis-style MCP server.
Eagle-Eye aims to streamline workflows for on-call #devops, #sre engineers by providing quick insights using the power of AI.

You can ask Eagle-Eye things like:
🔍 “Why is this Kubernetes pod crashing?”
📊 “What’s this Datadog alert about?”
🧑‍💻 “Who’s on call in PagerDuty?”
📈 “Can you explain this PromQL query?”

Eagle-Eye connects to systems using the MCP server, retrieves data, and uses AI to provide recommendations back to the user.

Currently integrated systems include:
Kubernetes (k8s)
PagerDuty
Prometheus
Datadog
…and more integrations are on the way!

It currently use Cursor IDE to interact with the MCP server, making it feel like you’re chatting directly with your infrastructure.

Feel free to download the repo and add more integrations or update the code — it’s completely open source. The idea, as I mentioned, is to have a single-pane-of-glass tool that helps DevOps, SREs, or on-call folks.

I’ve attached some snapshots inside the repo for quick reference.

Here’s the link to the repo:- https://github.com/neeltom92/eagle-eye-mcp/blob/main/README.md

In my next post, I plan to share how I leveraged Facebook’s Prophet forecasting library and time-series metrics from Datadog to build an MCP server that does infrastructure capacity planning at scale.
Imagine a tool that could help predict traffic patterns on CPU, memory, HPA, and more — perfect for handling spikes during Black Friday sales or marketing campaigns.
Excited to keep building and sharing!

#mcp #server #ai #observability #devops #sre

https://redd.it/1lqkgxm
@r_devops

Cloud to Local Server - Should we do Openstack?

Hi,

I work at a startup with a small platform team who are currently running on AWS cloud. We rely on AWS mostly for Aurora Mysql, EKS, Load Balancers. We also have Site-to-Site VPNs, DXs but they are confined to higher environments. We use Kafka for queues but we manage it on our own using strimzi kafka cluster in the EKS cluster. Similarly we also manage our own observability and siem solutions deployed in the EKS cluster.

Recently we have been contemplating about moving our lower test environments out of cloud and save a few thousand dollars a month. Our customers also would be happy at the EOD as we usually pass on the cloud bill to them. So I'm stuck with the below questions

1. If we were to do this and move out of cloud for lower environments:
1. Should we look at solutions like OpenStack because we would want to have a same replica of the environment as we have in AWS, so that devs can get that exact same environment and will help everyone to find any platform related bugs. Or this will over complicate things for us?
2. Instead of OpenStack should we deploy our own EKS cluster and Mysql somehow and manage the rest of the things like we already do in AWS.
2. Should we not go to bare-metal and instead move the lower environments to cheaper clouds like DigitalOcean?
3. Should we even do this? Are the cost savings not worth the effort that the platform team puts in managing multiple cloud/bare-metal environments? Currently we pay around 3-5k USD per month in AWS costs for test environment per customer.

PS: We are a team of 4 engineers who manage devops, cloud, db management and kafka automation frameworks, observability and siem.

Thanks in advance for your insights.

https://redd.it/1lqln1d
@r_devops

How do you identify new attack vectors that target your cloud setup?""

Cloud security is a whole different beast compared to on-prem, isn't it? It feels like you're constantly trying to keep up with new services, features, and configurations across multiple accounts or even different providers. The sheer scale and rapid pace of change can make it incredibly difficult to ensure every corner of your environment is locked down and compliant, leading to that nagging feeling that something might be overlooked.

Whether it's managing endless IAM policies, keeping tabs on configuration drift, or just getting a truly unified view of your risks, there's always something that feels like an uphill battle. What's the one aspect of cloud security posture management that consistently gives you the biggest headache? Appreciate any insights you can share!


https://redd.it/1lqlymi
@r_devops

Building a Tool to Automate Architecture Diagrams – I’d Love Your Feedback!

Hi everyone!

As the title says, I'm building this tool to help developers save hours on creating technical diagrams.

Right now, it can generate diagrams for AWS, Azure, and Google Cloud.

I'd love for you to try it out and share your honest feedback—what worked well and what didn’t. Your input will really help me improve the tool!

It’s completely free to use :)

Here’s the link: https://www.rapidcharts.ai/


ps: The next step, once I’m confident the diagram generation works well, is to have it automatically update based on the codebase!



https://redd.it/1lqlco6
@r_devops

On-prem deployment for a monolith with database and a broker

I have been looking into the deployment cycle of our application, currently we are deploying to just normal Windows Client OS but I really don't like the idea of whole manufacturers relying on windows.

We really just want to deploy the system and leave it be, maybe for particular clients we want to watch how they are using the system, for example some new features etc with just some basic OpenTelemetry or something.

Currently we are deploying by installing manually the database and the broker and configuring them manually and then just use github runners for the actual deployment to IIS. We have no actual way to view telemetry data on production systems which I would like to have since I want to know how the users are interacting with our system.

I have already set up Aspire for local development which is really nice imho but the deployment options from there are just kubernetes which is overkill in my opinion.

I have looked into portainer which is a really nice option but it is really expensive in my opinion, what I'm left with is either moving to linux server + docker compose, linux server + native deployment or just continue what we are currently doing.

Also note that we do not have many clients and Windows Client Os has been a problem for us in the past for example updates and just the fact that some of them are running Windows 10 and it is deprecating in November/October.

I'm not sure what way we should go, what are other currently doing for on-prem deployments?

https://redd.it/1lqoqz4
@r_devops

Sharing a template for deploying Python(Django) apps to Kubernetes

Link: https://github.com/denibertovic/hellok8s-django/


Just sharing in case anyone finds this useful or educational.

The emphasis isn't on the app code itself (although there are a few best practices there as well) but rather on the surrounding devops tooling (nix/devenv for local environment, sops for secrets management, helm, kubernetes and github actions etc). And everything is pretty much transferable to other stacks...I'll probably do nextjs ... just need to polish a few things. Maybe I do one for actually setting up a cluster...but haven't decided yet.

I've been doing this for a long time so all of this is kind of second nature at this point and I sometimes feel silly sharing.... but friends tell me there's quite a lot of stuff in there to get their heads around. So anyway, yeah hope you find it useful.

https://redd.it/1lqrvmt
@r_devops

Deployment environment from scratch - OpenTofu or Terraform?

Hello friends,

some time ago, I started a new job in a company providing a SaaS platform + some customer managed installations on various cloud providers. The entire infrastructure is deployed and managed through Ansible. Recently we started a project for a new platform which will be hosted entirely in Azure, our first time with this provider, and I started designing the infrastructure and integration into our deployment env. This became a huge pain pretty quickly. Ansible modules for Azure have a lot of missing functionalities and bugs and, as should come of a surprise to noone, Ansible itself is not really suitable for IaC.

I finally managed to convince my superior to build a new deployment environment from scratch, with Terraform/OpenTofu for IaC and Ansible for config management on top, but I have no experience with either or the other.

Would you choose Terraform or OpenTofu? Did you switch from one to the other? - And why?

I know some comparisons can be found online, but I'm more interested in real world experiences.

https://redd.it/1lqslqs
@r_devops

Has anyone here transitioned from contractor to FTE at Google in a DevOps role?

Hi everyone,

I’m currently working as a contractor at Google in a DevOps position. It’s been my long-time dream to become an FTE at Google, and I’m curious to know if anyone here has successfully made that transition.

If you have:

• What did your journey look like?

• Did you get converted internally, or did you reapply and go through the regular FTE hiring process?

• Any tips for standing out as a contractor?

• How did you prepare — technically or otherwise — to clear the FTE interviews?

• Any pitfalls or gotchas I should watch out for?

I’d really appreciate any advice or personal stories. This community’s insights would mean a lot as I try to plan my next steps!

Thanks so much in advance!

https://redd.it/1lqsr6b
@r_devops

Got Rejected from Amazon DevOps Role — How Can I Level Up My Scripting and Interview Skills?

I got an opportunity to interview for a Devops Role at Amazon. The process started with an OA. Which had basic logic questions, some Linux commands, Docker basics and Behavioral questions.
After a week I got a call from the recruiter and she told me about the onsite interviews ahead. The first round was a Live Coding round. It was mostly DSA and OOPs, the questions were easy to medium I would say. A binary search and a prefix suffix multiplication problem. And those pillars of OOPs. As this role was around JDKs the interviewer also asked about basic java things like final finally finalize and about Diamond Problem in inheritance and how to deal with it. The First round went quite good. I got qualified for the next round.
the next round was a scripting and troubleshooting round. The interviewer asked me about whether I was sure that that was a position with around 2+ years of experience and I said yes I am quite aware of that and then he started questioning me. I won't say that i am the best at bash Scripting but I know my way around.
I was able to give me scripts for accessing files and logs and other basic stuff but he kept asking me if this was the best approach and I honestly told him that from experience and knowledge these scripts would work but I am also sure that there might be a better approach to this.
Obviously he has been working for 5+ yrs in Amazon and must be having more hands-on experience but my scripts were not at par according to him. And within a week I got the rejection mail.
So now I want ask all those who read through my rant, how do I improve my scripting skills given that I mostly use things like python and AWS cdk at my work. And what else to do if the interviewer doesn't approve my answer.

TL;DR:
Cleared Amazon OA and first live coding round (DSA + Java OOPs), but got rejected after the scripting/troubleshooting round. Interviewer felt my Bash scripts weren’t optimal, though they worked. I was honest about my approach and limitations. I usually work with Python and AWS CDK. Now I’m looking for solid ways to improve my Bash scripting and handle tough interviewer pushback better. Any advice?



https://redd.it/1lqwo4l
@r_devops

Skipping builds on push to primary branch? Jenkins and Bitbucket

What’s the best or most common release build practice for build tools that auto-increment a version number?

We have builds with gradle-release and/or npm version that to the major/minor/patch + snapshot edits of their various properties or json files. With an Org folder and multi-branch pipeline, we get webhook event and the builds happen just fine. But then the build automation commits and pushes the version change back to the primary branch… and another event triggers another build.

We’ve put in shared library code to abort the build based on author or commit message, but that seems inelegant and causes the “last build” to always appear aborted.

The readme on github-scm-trait-commit-skip and bitbucket-scm-trait-commit-skip(same code base) state:

>

This seems to exactly exclude what seems to me to be the very reason for such a filter.

Am I doing it wrong? Is the idea of a release build from the primary branch all backwards? If I want a PR approval to trigger a release build, what is the rest of the world doing that I’m missing?

https://redd.it/1lqwatp
@r_devops

Looking for DQL/USQL Query Examples - Mobile App Focus

Hey everyone! Just started using Dynatrace and I'm looking for some solid DQL and USQL queries that work well in practice.
Coming from New Relic, I really miss their dedicated community forum where users shared queries that we could use to build custom dashboards. Does something similar exist for Dynatrace? If so, please point me in the right direction!
Our environment is very mobile app heavy, and while I'm super jealous of all the amazing out-of-the-box backend service and infrastructure dashboards that DT provides, I'm struggling to find good mobile-focused examples.
Would love to see queries for:

Mobile app performance metrics
User experience monitoring
Crash analytics
Network performance for mobile
Custom mobile KPIs

Any recommendations for query repositories, community resources, or your personal go-to queries would be hugely appreciated!
Thanks in advance! 🙏

https://redd.it/1lqz3l0
@r_devops

Ansible-Nexus, Automated setup of Sonatype Nexus with SSL/TLS

https://github.com/gebz97/ansible-nexus

Please give it a try and tell me what you think:)

https://redd.it/1lr1abj
@r_devops

Moving from Jenkins to Harness, any advice and experience you could share?

So I have to learn more about Harness, and our org is moving from Jenkins to Harness.

Some pain points I have heard is that it isn't working easily with Terraform like Jenkins declarative pipelines, and that build artifacts do not persist within the same build run, and additionally after or as part of the build and you have to post/copy artifacts to S3 for example in order to persist a build artifact after a pipeline run. I really hope the last 2 items on artifact persistence are not accurate.

If it does not work so smoothly with Terraform, is that because Harness is so brand new and thus underdeveloped/under supported, or so that they can get you more dependent on their ecosystem and moving away from Terraform (or both)?

Just sharing here in case anyone has any advice or anything they might caution about such a move in general, and those 3 points above. I like the declarative pipeline approach, and now there's a lot of clicking and UI work here (and apparently lots and lots of yaml).

Harness looks like it is highly configurable, but also over-engineered. We use GitHub for code repository by the way.

PS: Is the best way to learn - outside of simply using it - their free courses or just going straight to doc reading? Not sure which might be more well done.

https://redd.it/1lqynqk
@r_devops