Joining in as the first "DevOps guy" at a startup. Any ideas on how I could create good impact?

I've worked as a DevOps Engineer at a big company for 3 years. I'm joining a startup now so I'll be expected to hit the ground running. Where do you think I should start from to enforce DevOps principles?

https://redd.it/1m5wofb
@r_devops

SecretSpec: Declarative Secrets Management

We've recently released secretspec.dev, I wonder what's the opinion of the folks here on a tool that unifies the interface between secrets providers and applications? See the announcement post at https://devenv.sh/blog/2025/07/21/announcing-secretspec-declarative-secrets-management/

https://redd.it/1m5shwf
@r_devops

Built a tool to stop wasting hours debugging Kubernetes config issues

Spent way too many late nights debugging "mysterious" K8s issues that turned out to be:

* Typos in resource references
* Missing ConfigMaps/Secrets
* Broken service selectors
* Security misconfigurations
* Docker images that don't exist or have wrong architecture

Built Kogaro to catch these **before** they cause incidents. It's like a linter for your running cluster.

**Key insight**: Most validation tools focus on policy compliance. Kogaro focuses on operational reality - what actually breaks in production.

Features:

* 60+ validation types for common failure patterns
* Docker image validation (registry existence, architecture compatibility)
* CI/CD integration with scoped validation (file-only mode)
* Structured error codes (KOGARO-XXX-YYY) for automated handling
* Prometheus metrics for monitoring trends
* Production-ready (HA, leader election, etc.)

**NEW in v0.4.4**: Pre-deployment validation for CI/CD pipelines. Validate your config files before deployment with `--scope=file-only` \- shows only errors for YOUR resources, not the entire cluster.

Takes 5 minutes to deploy, immediately starts catching issues.

Latest release v0.4.4: [https://github.com/topiaruss/kogaro](https://github.com/topiaruss/kogaro)
Website: [https://kogaro.com](https://kogaro.com)

What's your most annoying "silent failure" pattern in K8s?

https://redd.it/1m5ro6l
@r_devops

Looking for Advice (Please reply don't skip)

Hi
Everyone,

I have 3.5 years of experience in SEO, however I want to switch it into devops because of various reasons including personal, finance and professional reasons.

My education background is from commerce.

I chose tech because i already interact with websites, so I know little about technicalities.
And, I felt I may be good for more tech instead of marketing.

That's why I started preparing for the same since March month.

I completed:
Basic overview of theory concepts
Linux commands
Git and GitHub
Python (from Hello world to oops and then python scripting)
Bash scripting
CI and CD pipeline (GitHub actions)
And , Just started AWS.


And, all this I did through my friend course instead of purchasing my own.

But, from a job perspective i needed a certificate, that's why thinking of purchasing a devops course from PW skills (same purchased by my friend).


So, what are your thoughts on this
Am I going on the right path
Or, any mistakes or suggestions?

Note: i know devops is not for entry level and also I don't have a tech degree like btech. That's why It will be difficult for me to get a job. But, i will give my best because I have back up (my current job).
So, please give me just realistic and practice advice in a positive manner.

https://redd.it/1m6465g
@r_devops

Gartner thoughts?

Just curious how do you feel the comments and analysis of gartner and other analysis firms take on platform engineering and ai- automation of Devops..

Have seen the leaders and managers take the gartner suggested tools seriously

https://redd.it/1m668tl
@r_devops

Certificate stuck in “pending” state using cert-manager + Let’s Encrypt on Kubernetes with Cloudflare

Hi all,
I'm running into an issue with cert-manager on Kubernetes when trying to issue a TLS certificate using Let’s Encrypt and Cloudflare (DNS-01 challenge). The certificate just hangs in a "pending" state and never becomes Ready.

Ready: False
Issuer: letsencrypt-prod
Requestor: system:serviceaccount:cert-manager
Status: Waiting on certificate issuance from order flux-system/flux-webhook-cert-xxxxx-xxxxxxxxx: "pending"

My setup:

Cert-manager installed via Helm
ClusterIssuer uses the DNS-01 challenge with Cloudflare
Cloudflare API token is stored in a secret with correct permissions
Using Kong as the Ingress controller

Here’s the relevant Ingress manifest:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webhook-receiver
namespace: flux-system
annotations:
kubernetes.io/ingress.class: kong
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- flux-webhook.-domain
secretName: flux-webhook-cert
rules:
- host: flux-webhook.-domain
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: webhook-receiver
port:
number: 80

Anyone know what might be missing here or how to troubleshoot further?

Thanks!

https://redd.it/1m5kn6b
@r_devops

How Did You Become a Real Cloud Engineer? I'm on the Path — Would Love to Hear Your Journey

Hey everyone,

I’m currently studying to become a Cloud Engineer and wanted to reach out to this amazing community for some inspiration and perspective.

So far, I’ve built a solid foundation:

* I'm comfortable with **AWS core services** (EC2, S3, IAM, VPC, CLI, etc.)
* I’ve spent a lot of time learning **Linux** and working with the **command line**
* I understand **networking fundamentals**
* I've learned **Python** to use it as an automation tool

But even with all of this, I sometimes feel stuck. Not because I’m not learning, but because I wonder *what comes next?* I’m grinding daily after work, doing my best to stay focused, but I still don’t know what the leap into the first real cloud job looks like.

That’s why I’m reaching out.

**How did** ***you*** **actually become a Cloud Engineer?**

* What was your first break into the field?
* Did you build projects, take internships, or get lucky with a mentor?
* Were there specific skills or habits that made all the difference?

I’m not looking for shortcuts. Just real stories — the honest, sometimes messy, journeys that took you from learning to actually *doing* the job.

If you’re willing to share even a piece of your story, it would mean a lot. Someone out there (maybe me) really needs to read it today.

One last question: Can **Cloud Engineering** be a globally remote job or not?

Thank you so much. 🙏
—A cloud engineer in the making

https://redd.it/1m699u8
@r_devops

Our AWS bill just gave me a heart attack, how do you guys keep it under control?

Seriously, every time I think we’ve optimized, the damn AWS bill shows up like, Surprise you forgot something

We’ve got dev environments, staging, random test instances all running like it’s a 24/7 party. And don’t even get me started on RDS and cache services that no one remembers launching.

I’ve been thinking there has to be a smarter way to schedule things like turning stuff off after hours, resizing machines on weekends, maybe even rebooting stuff regularly to clear memory bloat. But building it all with scripts feels like a second job.

Curious how are you all tackling this without losing your sanity (or your job)? Is there a setup that actually works for real world teams?

https://redd.it/1m6a920
@r_devops

Broadcom rug pull,.. Can we as community afford to fork Bitnami?

Hey folks,

If you are using Bitnami Helm Charts, they will likely break after August 28th, 2025, unless you take action.

They will first migrate then delete their legacy charts, and you have to subscribe (pay) to them to use their hardened charts.

Question - where do we go from here given this rug pull from Broadcom? Can we afford to fork AND, more importantly, maintain them?

EDIT: source: https://github.com/bitnami/charts/issues/35164

https://redd.it/1m6atam
@r_devops

Making system design diagrams less painful.

Hi everyone!

After years of pain of designing system design diagram by hand, I have decided to try and make the whole process smoother and faster.

I developed RapidChart, a free technical diagram generator that lets you design your system architecture much faster!

I’d love for you to try it out and let me know what you think.

Best, Sami

https://redd.it/1m6aclv
@r_devops

How do small SaaS teams handle CI/CD and version control?

Solo dev here, building a multi-tenant Laravel/Postgres school management system.

I’m at the stage where I need proper CI/CD for staging + prod deploys, and I’m unsure whether to:

Self-host GitLab + runners (on DigitalOcean or a personal physical server)
Use GitHub/GitLab’s cloud offering

My biggest concerns:

Security/compliance (especially long-term SOC2)
Secrets management (how to safely deploy to AWS/DigitalOcean)
Availability (what if the runner or repo server goes down?)

Questions:

1. Do you self-host version control and CI/CD? On your cloud provider? Home lab?
2. How do you connect it to your AWS/DO infra securely? (Do you use OIDC? SSH keys? Vault?)
3. For solo devs and small teams — is it better to keep things simple with cloud providers?
4. If I self-host GitLab, can it still be considered secure/compliant enough for audits (assuming hardened infra)?

My plan right now is:

GitLab on a home server or a separate DO droplet, harden everything with Keycloak and Wireguard
Runners on the same network
Deploy apps to DOKS (or ECS later)

Would love to hear how others manage this.

Thanks!

https://redd.it/1m6d5ep
@r_devops

A simple fix for Docker Hub rate limit errors in CI/CD

Hi r/devops,

My team has been struggling with intermittent CI failures ever since the new Docker Hub rate limits were enforced. The shared IP of our runners kept hitting the anonymous pull limit, which was a major headache.

We looked into the standard solutions:

Docker Pro/Team: The per-seat pricing felt wrong for an infrastructure problem.
Self-hosting Harbor/Nexus: The operational overhead of setting up and maintaining another piece of infrastructure just for this was too high for our small team.

We wanted a "set it and forget it" utility, so I ended up building one. I'm sharing it here in case it can help other teams facing the same issue.

It's a free, public caching mirror for Docker Hub called RateLimitShield. It requires no sign-up. It solves the problem by handling authentication on the backend and caching layers, so your runners don't hit the anonymous limit.

To use it, you just need to configure the Docker daemon on your runners. Edit the /etc/docker/daemon.json file:

{
"registry-mirrors":
"https://public-mirror.ratelimitshield.io"

}

And then restart the Docker service (sudo systemctl restart docker).

That's it. Our builds have been stable ever since. The project website with more details is at ratelimitshield.io.

The public mirror uses a shared cache, which is great for common base images. I'm also gauging interest in future premium plans for teams that might need a dedicated, private cache for guaranteed performance.

Would love to hear how other teams are tackling this problem and get any feedback on this approach. Thanks!

https://redd.it/1m6gpn1
@r_devops

Setting Up a Production-Grade Kubernetes Cluster from Scratch Using Kubeadm (No Minikube, No AKS)

Hi ,

I've published a detailed blog on how to set up a 3-node Kubernetes cluster (1 master + 2 workers) completely from scratch using kubeadm — the official Kubernetes bootstrapping tool.

This is not Minikube, Kind, or any managed service like EKS/GKE/AKS. It’s the real deal: manually configured VMs, full cluster setup, and tested with real deployments.

Read here: https://ariefshaik.hashnode.dev/setting-up-k8s-using-kubeadm

What’s in the guide:

How to spin up 3 Ubuntu VMs for K8s

Installing containerd, kubeadm, kubelet, and kubectl

Setting up the control plane (API server, etcd, controller manager, scheduler)

Adding worker nodes to the cluster

Installing Calico CNI for networking

Deploying an actual NGINX app using NodePort

Accessing the cluster locally (outside the VM)

Managing multiple kubeconfig files

I’ve also included an architecture diagram to make everything clearer.

Perfect for anyone preparing for the CKA, building a homelab, or just trying to go beyond toy clusters.



Would love your feedback or ideas on how to improve the setup. If you’ve done a similar manual install, how did it go for you?

TL;DR:

Real K8s cluster using kubeadm

No managed services

Step-by-step from OS install to running apps

Architecture + troubleshooting included

Happy to answer questions or help troubleshoot if anyone’s trying this out!

https://redd.it/1m6eq0e
@r_devops

Programmers are also human nailed it

I know this isn't very professional but man I was in pain laughing at some parts. He already had me at "We do 'Chaos Engineering' of course. Every terraform apply is Chaos Engineering."

https://www.youtube.com/watch?v=rXPpkzdS-q4

https://redd.it/1m6jbwc
@r_devops

So you want to know what devops is ?

https://www.youtube.com/watch?v=rXPpkzdS-q4


This channel desrves so many more subscribers <3

Im not affiliated, i just immensly enjoyed every single bit of it and share the pain ;)

https://redd.it/1m6lbtg
@r_devops

Third year CS student trying to get into DSA & DevOps, any beginner-friendly internships or advice?

Hello everyone,
I’m Dhyan Bellary, currently in my 3rd year of engineering (CSE). I’ve just started learning DSA and DevOps, but honestly, I still feel pretty lost. I'm looking for internships (even unpaid ones) where I can get hands-on experience, learn by doing, and figure out what to focus on next.

Are there any platforms, programs, or open-source projects where beginners like me can start contributing or learning practically?
Any advice or resources would also be hugely appreciated.

Thanks in advance!

https://redd.it/1m6o4zb
@r_devops

What's your team's branching strategy for React Native? (GitFlow-Lite vs. Trunk-Based Development)

Hey r/devops 👋

My team could use some community wisdom. We're a small team of 3 devs working on a React Native app using Expo, EAS, and Jenkins for CI/CD.

We're currently debating our branching and release strategy and have landed on two main options:

1. Option A: GitFlow-Lite (main / develop branches)

How it works: Features are merged into `develop`. This branch is used for internal test builds and OTA testing. When we're ready for a release, we merge `develop` into `main`, which represents the production App Store version.
Pros: This feels very safe, especially for separating native changes from simple OTA updates. There's a clear buffer between our daily work and what goes to the app stores.

2. Option B: Trunk-Based Development (main only)

How it works: All features get merged directly into `main`, protected by feature flags.
Pros: We love the simplicity and development speed. It eliminates "merge hell" and feels more aligned with true CI/CD.
Cons: We're cautious about the risks with mobile. A bad merge with a new native dependency could break the app for everyone until a new binary is released. It feels like it requires extreme discipline.

We know the big tech companies (Google, Meta, etc.) use Trunk-Based Development successfully, but we're curious how it works for small to medium-sized teams like ours.

So, we wanted to ask the community:

What's your team size and which strategy have you adopted?
If you use Trunk-Based Development, how do you manage the risk of native dependencies? Is it all on feature flags and careful release coordination, and has it ever bitten you?
If you use a GitFlow-style strategy, do you ever find it slows you down too much?
How do you structure your workflow for OTA updates vs. full app store releases within your chosen strategy?
Any major "gotchas" or lessons you've learned that you wish you knew earlier?

Any insights, war stories, or advice would be hugely appreciated. Thanks!

https://redd.it/1m6pl26
@r_devops

Best AI for DevOps?

Hey everyone,

I am mostly working in .net environnents with a lot of Powershell/c# tasks.

Azure DevOps on prem for CI/CD.

What do you think the best AI for this would be? I am currently using Chatgpt and CoPilot and the experience is ok-ish.


https://redd.it/1m6roo6
@r_devops

why pay for incident management platforms?

Just got off two weeks back to back on call rotation, rant incoming.

All "incident management" platforms are just insanely expensive phone plans that wakes me up in the middle of the night. It’s like I’m a masochist paying for my own torture. After we wake up we just jump into Slack anyway to actually fix the problem. Why are we paying for tools that just adds a step and creates more work?

Holy crap the UIs man, 3am I do not function as normal, I spent the first 10 minutes trying to remember how a mouse worked let along clicking drop downs and five layers deep navigations.

Trying to check who’s on schedule for escalation feels like I'm trying to defuse a bomb in an interface designed 15 years ago.

too bad SLAs require 3 nines uptime. I'd kill this whole thing so f fast if i had the guts and money weren't so good LOL

ok rant over, thanks for reading.

https://redd.it/1m6dr7z
@r_devops

Introduction to Maven: The Build Tool That Modernized Java Development

With Maven 4.0.0 just around the corner, I thought it would be a good idea to write a quick introduction to Apache Maven for any newcomers that are interested in getting acquainted with the tool, its history and philosophies.

I hope you find this interesting! :)

https://medium.com/maven-by-nature/introduction-to-maven-the-build-tool-that-modernized-java-development-f3c038b4d32e?sk=fe44db3512f026787bc2cd7d31e98b5f

https://redd.it/1m6tbuw
@r_devops

How Do I Learn AWS, Kubernetes, and Modern DevOps Tools If My Company Doesn’t Use Them (And Without Spending a Fortune)?

I currently work at a company where our tech stack is fairly traditional — we use Apache, Nginx, and Docker Compose for deployments. There’s **no AWS**, no **Kubernetes**, no **CI/CD pipelines**, and barely any of the modern DevOps tooling that’s in demand right now.

While I’m grateful for the learning so far (I’ve gained solid Linux and server fundamentals), I’m starting to feel like I’m falling behind in the DevOps world. I really want to get hands-on experience with:

* AWS (EC2, S3, IAM, CloudFormation, etc.)
* Kubernetes (EKS, Helm, ArgoCD)
* Terraform, CI/CD tools like Jenkins/GitLab CI, etc.

But here’s the catch — **AWS can get expensive** real fast when you're practicing. I’m also trying to be mindful of costs, as I’m self-learning in my spare time. So I’m looking for **advice** from folks who’ve been in a similar situation:

https://redd.it/1m6amv4
@r_devops