Use Terragrunt or remain Vanilla tf?

Hi there. We have 5 environments, 4 AWS regions, and an A/B deployment strategy. I am currently about 80% through migrating our IaC from generated CF templates to terraform. Should I choose to refactor what I already have to terragrunt or stay purely terraform based off the number of environment permutations? (Permutations consisting of env/region/A|B)

Another thing I want to ask about is keeping module definitions in repositories outside of live environment repositories. Is that super common now? I guess the idea is to use a specific ref of the module so that you can continue to update the module without breaking environments already built using a previous version.

Currently, our IaC repos for tf include:
App A
App B
App C
Static repo for non A/B resources like VPCs
Account setup repo for one-time resources/scripts

For everything except for the account setup repo, I am guessing we should have two repos, one for modules, the other for live environments. Does that sound like good practice?

Thank you for your time! Have a good one

https://redd.it/1mefgeq
@r_devops

5 year career gap. What to do

From the UK. Have around 7 years experience as a devops engineer. Went abroad for 5 years to live/study abroad...a completely unrelated side passion I wanted to pursue.

What advice do you have considering the current job market. I only have experience with AWS for cloud.

Haven't worked much with kubernettes. Any courses/certs I should do, would they even help?

I remember back in the day using Linux academy, was really helpful. Is that the current go to or any alternatives. I prefer labs that create the environment rather than installing everything on my machine

Thanks

https://redd.it/1meiupz
@r_devops

Any Advice - Trying to switch career

Hello there,

I’m currently working as an IT Support Specialist with about 1.5 years of experience. I have certifications in CompTIA A+, Security+, and CCNA, and I also have an associates degree in system and network administration.

I’ve recently decided to transition into a DevOps career and would love some guidance from those already in the field. I’ve started re-learning Linux (Just installed Rocky Linux on VirtualBox), I am comfortable with Windows Server (AD, DNS, DHCP), basic understanding and knowledge of PostgreSQL, Bash scripting.

I can dedicate around 30–35 hours per week to learning and working on projects. I’d really appreciate any advice - What tools/technologies I should prioritize learning, What real-world projects I could build to show off my skills? What certifications or online resources you recommend? Any tips for breaking into my first DevOps role?

Any advice is much appreciated. Thank you everyone in advance!

https://redd.it/1mekibj
@r_devops

Rabbitmq read queue

Can anyone point me in the right direction?

I have a confirmed functional system.

I am looking to temporarily disable the consumer (I don’t have access to it) so that I can read the queue messages coming from a system I do have access to.

Long story short, I need to carve out the consumer long term, so I am working on a new snap-logic consumer. I just need to get these messages first.

I have tried to adjust the admin user on that connection to be read only, but doesn’t seem to stop them from consuming.

Again, I just need a simple way to disable, capture, and re-enable from the admin panel.

https://redd.it/1meoy7y
@r_devops

How to Drive Modernization in a Container-Averse, Traditional Hosting Environment?

I've recently joined a large, traditional hosting provider and have run into a fascinating cultural and technical challenge. I'm hoping to get some strategic advice from those who have been in similar situations.

Some context: Our core business is provisioning custom server environments for a wide range of clients. A typical request involves setting up VMs for database clusters (Patroni/Postgres, MariaDB), web servers, message queues (Kafka/RabbitMQ), mail servers, etc...

The technology stack is almost exclusively VM-based (mostly manual setup), with configuration managed by Ansible. While it "works" and is profitable, it's incredibly inefficient. A simple vhost setup, in the worst case, can take the better part of a day, and a recent OS/database migration took me four days of largely manual work (since I had to upgrade the OS of every server manually). From my previous container-native roles, I know this could be done in a fraction of the time.

The company is growing rapidly, and I don't see how the current model can scale without a significant increase in manual effort and human error. It seems to me that they try to throw more people at the problems, without fixing the root causes of our inefficiency.

There is a deep-seated resistance against containers. Whenever I bring up containerization as a path to efficiency, I'm met with resistance from senior engineers and management. Their arguments are rooted in concerns that are valid for a multi-tenant hosting provider:

1. Security Risk (Shared Kernel): The primary argument is that the shared kernel model is an unacceptable security risk. They fear that a container escape/kernel exploit from one customer could compromise the entire host and affect all other tenants. Full VM isolation is seen as the only truly secure option.
2. Stability Risk (Single Point of Failure): There's a belief that a container runtime failure (e.g., containerd) would bring down all containers on a host simultaneously, whereas VMs are isolated from such failures.

We have an internal Kubernetes team, but they only provide the cluster infrastructure itself; they are not involved in deploying customer applications onto it for the very same reasons mentioned above.

I want to be a positive force for modernization, not just a frustrated engineer. How would you approach this situation?

1. Have you successfully introduced containerization into a similar security-focused, traditional environment? What were the key arguments or "first steps" that actually gained traction?
2. How do you effectively counter the "shared kernel" security argument in a multi-tenant context? Are technologies like Kata Containers or gVisor a realistic "bridge" to propose, offering VM-level security with a container workflow?
3. What's a good strategy for building a business case that senior engineers and management will listen to? How do you balance the proven stability of the "old way" against the efficiency gains of a new paradigm they perceive as risky?

https://redd.it/1mepsx3
@r_devops

Testing firewall rules

Hi,

Not the first time I'm facing a situation where I need to test that firewall block/allow communication between x and y

Now with api-gateway, zero-trust stuff and so on, there are more and more options to allow/disallow communication.
Coming from the dev world, my initial idea is to have some kind of integration test that verify implementation and monitor that an access that should be closed is suddenly open for whatever reason (FW miss config for example)

Do any of you do something like that and if yes, how.
Mixed of windows and linux environment, but mostly windows

https://redd.it/1meqok8
@r_devops

Sparrow as a drop-in replacement for Ansible

Sparrow is a lightweight automation framework that could be used as drop-in replacement to Ansible or other frameworks suffering from complexity and extra abstraction layers. Sparrow could be an efficient glue allowing people use their preferable scripting languages (Bash/Perl/Python) while adding useful features via Sparrow SDK - scripts configuration, testing, distribution
Read quick start tutorial on Sparrow automation framework. How to quickly develop CLI utils using Bash and Sparrow - https://github.com/melezhik/Sparrow6/blob/master/posts/CliAppDevelopement.md

https://redd.it/1meqx5n
@r_devops

How do your developers currently test changes that affect your database?

Gg

View Poll

https://redd.it/1messmt
@r_devops

DevOps roadmap for MERN Stack Developer

I am a MERN developer and recently I read about DevOps. Can anyone tell me how can I learn DevOps in easy and best way?

(Any kind of help is welcome - playlists, courses etc.)

https://redd.it/1metvs4
@r_devops

Need ideas: 15-min interactive DevOps session for our CFO (non-technical)

Hey folks, I need some help.

I’m a Cloud Architect on our company’s DevOps & Platform team. Next week, our CFO is visiting our Digital Technology division, and my manager has asked me to run a short (max 15 min) interactive presentation or mini workshop to introduce DevOps and Platform Engineering to him.

Here’s the catch: the CFO isn’t technical at all. He’s a finance guy through and through.

Any creative ideas on how to make this engaging and simple enough for a non-technical audience? Maybe a hands-on analogy, small task, or demo that shows how DevOps supports software development and operations?

Would really appreciate any thoughts or examples! 🙏

https://redd.it/1meuvlp
@r_devops

Server automations like deployments without SSH

Is it worth it in a security sense to not use SSH-based automations with your servers? My boss has been quite direct in his message that in our company we won't use SSH-based automations such as letting GitLab CI do deployment tasks by providing SSH keys to the CI (i.e. from CI variables).

But when I look around and read stuff from the internet, SSH-based automations are really common so I'm not sure what kind of a stand I should take on this matter.

Of course, like always with security, threat modeling is important here but I just want to know opinions about this from a wide-range of people.

https://redd.it/1metswg
@r_devops

Conferences for devops


Hi,
Because of my good performance, I have a €1,000 bonus to spend on conferences, workshops, certifications, and anything else related to DevOps, cloud technology, software, AI, and soft skills UNTIL DECEMBER.

I'm bored with those events, and I have a lot of certificates, so I just want to spend the money on a trip to Europe with my girlfriend.

I am looking for a conference that lasts 2-3 days and is not too expensive, as I want to spend the money on relaxing, food, and travel.
I will need to provide receipts to get this bonus.

All ideas are welcome!

https://redd.it/1mex2mu
@r_devops

5 Deployment Strategies which is worth knowing

I have published https://javarevisited.substack.com/p/6-most-popular-deployment-strategies

https://redd.it/1mey6wr
@r_devops

DevOps Contingent Labor

Are any of you using MSPs, partners, consulting agencies, etc. to scale your DevOps practice? If so, who are they, and are you happy with them? Do you see high turnover? What's the average lead time to on-board someone new?

https://redd.it/1mevpve
@r_devops

Debug & Chill 4 - RDS Proxy, EKS, and IPv6—How?

🚀 New episode of Debug & Chill is live!

This time I ran into a strange issue: connecting to an RDS Proxy from EKS (dual-stack) would just... hang. No logs. No clues. Just sad pods. 🥲

Turns out, RDS Proxy doesn’t support IPv6—even though RDS itself does.

The fix? A bit of DNS magic with CoreDNS, some network sleuthing, and a weird-but-valid “Option 2.5” involving manual DNS overrides. 😅

If you're running IPv6 in Kubernetes, you’ll want to read this one: https://royreznik.substack.com/p/rds-proxy-eks-and-ipv6how

https://redd.it/1mey5m4
@r_devops

DoIt DevOps Support is Trash Now - What Alternatives Are There?

One of my companies has used DoIt for several years to provide DevOps support to our application.

It was pretty nice because they offered free support from a senior DevOps engineer if you moved your AWS account under their umbrella. You could get support whenever you needed, 24/7, all completely free. It wasn't the best support as it was fairly high level, not in the weeds actually configuring and coding, but it was beneficial to us as expert directional support, and again it was free. They made something like 25% from your AWS spend as they received better rates from Amazon, so it was a win/win.

However they recently changed their model to charge $750 to escalate tickets to support. Like many companies, they try to route you through AI bots instead. We tested asking queries to AI engines (ChatGPT/Grok) and comparing to DoIt's AI bot, and predictably the responses are almost identical, meaning their chat bot offers no extra value. They are trying to earn their 25% for doing nothing. And $750 for a call is typically too much to pay for the type of support they offer as it's pretty bare-bones.

Sigh... that's capitalism I guess.

Now that DoIt is trash, are there any good alternatives to them that still offer free senior devops support in exchange for moving your AWS servers to their portfolio?

https://redd.it/1mf2t1j
@r_devops

Need some advice on working in devops

Hey guys,
would appreciate any advice, kind of have a weird background.
I got my first job as a graduate cloud engineer 4 years ago, worked for 3 years and was unfortunately made redundant almost a year ago, all of this was in the UK.

idk if what I did in the mean time matters but I can elaborate if needed, mostly spent the time travelling, volunteering and attending a language school.

I'm a US citizen and have a place to stay with family in the US. Didn't really want to move to the US since I didn't grow up there and find it kind of intimidating due to the news. But I realised the visa sponsorship requirements were holding me back in the UK.

My experience I think maybe aligns better with what could be considered as DevOps, I worked with CI/CD platforms such as Jenkins, AzureDevOps, I used a lot of terraform, have some experience with K8s (using googles GKE). I mostly have experience working on GCP, but I have some exposure to AWS and Azure.
My roles at work usually were around monitoring k8s resources and and making sure our product was stable.
But to be honest I wasn't really happy with my work experience, I work for a consultancy and they had me placed with a large organisation for a year and half, but during that time except for helping set up initial product they didn't really have any work for me. After that I probably spent about a year and half on the bench developing internal tools for the consultancy (mostly using azure devops, python and terraform)

I'm sorry if there are any superfluous details, but I want advice on what my approach should be when applying to jobs in the US?
I feel like my skills are really lacking when compared to the amount of time I have worked, what courses/ projects should I undertake to make sure my skills are up to date.
How do companies usually assess somebodies abilities?
Is this the right place to post this?
What platform is a good place to search for jobs and what job title should I use when searching for jobs?

Thanks.

https://redd.it/1mf3rff
@r_devops

Junior DevOps interview

Hey everyone, I'm a fresh graduate with some cloud certs but no professional experience. I have a technical interview where I'll get an infrastructure/architectural case study to solve over one day , then discuss my approach.

The company said it's about "analyzing, designing, and proposing solutions" to understand my thought process and problem-solving approach. It's for a junior cloud/DevOps role.

I'm honestly nervous , are there any ressources that might help with that just to practice little bit or help me during that day please !

https://redd.it/1mf0gi1
@r_devops

Default SSH config on AWS Lightsail

Hi everyone,

I'm new to this stuff and just fired up my new AWS Lightsail and ran these two commands:

sudo apt update -y
sudo apt upgrade -y

Mid-way I got a prompt saying that a new version of the config file was available but the version installed currently has been locally modified. Should I install the maintainer's version or keep the local version currently installed?

When should I go for what, and what are the trade-offs? Thanks in advance!

https://redd.it/1mfi5a8
@r_devops

There's new DevOp/infra "Real Skills" website in town.

Just found about https://infrathrone.xyz
Looks like decent attempt.
Seems a bit costly.
Any tips how I can simulate all these warzone scenarios in my WSL2/raspi? (I don't want to pay for this website/course)

https://redd.it/1mfipt1
@r_devops

Looking for feedback on cloud engagement strategy for mid-size IoT company (AMPECO use case)

Hey folks,

I'm preparing for a business role interview at a cloud services provider (Europe Cloud – GCP & AWS partner), and part of the task is to pitch a go-to-market strategy for a real client.

I chose AMPECO, a Bulgaria-based EV charging platform with 100K+ charging points across 60 countries. They run on AWS (ECS, RDS, CloudWatch, Terraform, etc.), and their challenges revolve around:

Elastic scalability (high concurrent usage)
Long-term data archiving (massive telemetry + session logs)
FinOps issues (cloud cost visibility per tenant/client)

I’ve proposed:

Infra audit + potential GKE migration or ECS tuning
BigQuery + Coldline for multi-tiered storage/analytics
FinOps PoC via Datadog, GCP calculator, or AWS CE tools

Would love your feedback on:

1. The realism of the pain points and cloud proposals
2. Gaps I may have overlooked (especially on the data/FinOps side)
3. Whether you've seen similar companies approach scaling differently

Happy to hear any thoughts.

https://redd.it/1mfhqdc
@r_devops