that did exactly what I wanted; i.e. one that supported environment variable, flag, and file injection into any command, and supported many different secret manager backends (AWS Secrets Manager, local encrypted vault, etc). So I built this as a dependency for that larger project.
* I also built it for fun. Rust is the language I've learned that requires the most practice, and I've only built 6 enterprise applications in Rust and 7 personal projects, but I still feel like there's a TON for me to learn.


So I also just built it for fun :) If no one uses it, that's fine! Fun project for me regardless and more Rust practice to internalize more and learn more about how the language works!


https://redd.it/1nkf33p
@r_devops

Ridiculous pay rate

I just came here to say I had a recruiter reach out and they were saying 24/hr pay rate for a DevOps engineer position.

What the hell is that pay, thankful I am already at a great FT job but that is absurd for DevOps work or really anything in IT.

And if was just a scam to steal my information they could have went higher on the pay rate to make me sending me resume over more enticing.

https://redd.it/1nkgnax
@r_devops

Im currently transitioning from help desk to devops at my job, how can I do the best I can? I was told it will be “a lot” and I’m already lost in the code


So we purchased puppet enterprise to help automate the configuration management of our servers. I was apart of the general puppet training but not involved in the configuration management side of training. There were two parts.

Now I was given this job and I have to automate the installation of all our security software and also our CIS benchmarks and there is some work done but there’s a ton left to do.

I’m not going to lie it feels like a daunting task and it was told to me that it was, and I’m not even “fully” in the role, I still have to “split time” which imo makes it even harder.

Right now I’m using my time at work to self study almost the whole day.

I kind of like the fact that I could make a job out of this here but there’s just so much code and different branches and I’m sitting here looking at some of the code and it overwhelms me how much I don’t know and what does this attribute do and why is the number here zero. It’s a lot and I do wish I had some work sponsored training cause I wasn’t invited for the second week of training.

https://redd.it/1nkj7m7
@r_devops

MLOps

Hi! Any MLOps engineers in the sub?

Looking to chat and know a bit about the tech stack you are working on. Please DM if you have a little extra time for a curious bobblehead in your day! Thanks!

https://redd.it/1nkjv2c
@r_devops

dumpall — CLI to aggregate project files into Markdown (great for CI/CD & debugging)

I built `dumpall`, a small CLI that aggregates project files into a single, clean Markdown doc.

Originally made for AI prompts, but it turned out pretty handy for DevOps workflows too.

🔧 DevOps uses:

\- Include a unified code snapshot in build artifacts

\- Generate Markdown dumps for debugging or audits

\- Pipe structured code into CI/CD noscripts or automation

\- Keep local context (no uploading code to 3rd-party tools)

✨ Features:

\- AI-ready Markdown output (fenced code blocks)

\- Smart exclusions (skip node_modules, .git, etc.)

\- --clip flag to copy dumps straight to clipboard

\- Pipe-friendly, plays nice in noscripts

Example:

npx dumpall . -e node_modules -e .git --no-progress > all_code.md

Repo 👉 https://github.com/ThisIsntMyId/dumpall

Docs/demo 👉 https://dumpall.pages.dev/

https://redd.it/1nkkroi
@r_devops

Who else is losing their mind with Bitnami?

Bitnami’s sunsetting images has been brutal.

I keep hitting endless ImagePullBackOff loops while re-deploying Postgres and Redis across prod, staging, and dev.

After hours of firefighting I’ve switched to CloudNativePG for Postgres and kept Bitnami legacy for Redis just to stay afloat.

Anyone found smoother migration paths or solid long-term replacements?

https://redd.it/1nknrco
@r_devops

I have no idea how you guys do it

Long time lurker, not even working in DevOps (but rather IT, doing a mix of sysadmin/support). But man, some of the shit you guys can do and need to know is mind blowing. DevOps is definitely my target in the next 5-8 years, just need to get exposed to it and keep working my way up.

So many names for so many applications/tools, hundreds of cloud services etc. What an absolute shitshow of a field! Yet still interesting to me. Reading through the posts all the time has my head spinning. Most of it might as well be a different language. Keep up the grind!

https://redd.it/1nkrbng
@r_devops

Testing a new rate-limiting service – feedback welcome

Hey all,

I’m building a project called Rately. It’s a rate-limiting service that runs on Cloudflare Workers (so at the edge, close to your clients).

The idea is simple: instead of only limiting by IP, you can set rules based on your own data — things like:

* URL params (/users/:id/posts → limit per user ID)
* Query params (?api\_key=123 → limit per API key)
* Headers (X-Org-ID, Authorization, etc.)

**Example:**

Say your API has an endpoint **/user/42/posts**. With Rately you can tell it: “apply a limit of 100 requests/min per **userId**”.

So user 42 and user 99 each get their own bucket automatically. No custom nginx or middleware needed.

It has two working modes:

1. **Proxy mode** – you point your API domain (CNAME) to Rately. Requests come in, Rately enforces your limits, then forwards to your origin. Easiest drop-in.

​

Client ---> Rately (enforce limits) ---> Origin API

1. **Control plane mode** – you keep running your own API as usual, but your code or middleware can call Rately’s API to ask “is this request allowed?” before handling it. Gives you more flexibility without routing all traffic through Rately.

​

Client ---> Your API ---> Rately /check (allow/deny) ---> Your API logic



I’m looking for a few developers with APIs who want to test it out. I’ll help with setup 🙏.

https://redd.it/1nkwyyw
@r_devops

Is going from plain APIs to agents always worth the extra complexity?

I have been building systems by wiring APIs together with HTTP endpoints and webhooks. It’s predictable, debuggable, and I know exactly where the logic lives. Now I keep seeing agent frameworks that promise to sit on top of APIs, handle decision logic, and “figure things out” on the fly.

For people who have gone beyond the demos THE ACTUAL PRODUCTION!!, what real problems did agents solve that you could not handle with direct API orchestration?? Was it worth the extra complexity in terms of debugging, reliability, and cost?



https://redd.it/1nkzb60
@r_devops

Kafka (Strimzi) and Topic Operator seems like a bad idea to me?

I’ve never done anything with kafka and need to set it up in kubernetes, so I naturally looked for an operator. It seems that strimzi is the way to go tho I don’t agree with their topics operator approach. To me it seems topics should be a concern of the application and not defined dependent on the infra. Developing in docker locally, now I have to define topics there. Or if a team needs a new topic suddenly they have to change infra components.

I googled and didn’t find a discussion about that. It seems teams are generally fine with that topic operator approach. Can you enlighten me why it should not be part of the application configurations Itself and rather part of the infrastructure yamls we use for kubernetes?

https://redd.it/1nl0ct1
@r_devops

Feedback on tools used to scan vuln NPM packages

Anyone else used the google tool to scan for vuln NPM packages any recommendations or is there a better way ? https://cyberdesserts.com/npm-scanner

https://redd.it/1nl14jy
@r_devops

How do you hire a DevOps contractor who’s way more technical than you?

I manage a mature SaaS product and I’ve ended up as the accidental DevOps person after replacing an offshore team that didn’t really have the role covered. I’m technical, but not at the level I need for where we’re headed, so it’s time to bring in someone who genuinely knows the space. Ideally on a contract to tackle the big projects , then hopefully keep them on part-time afterward for ongoing support.

This isn’t a job post (I’ll share that to r/devopsjobs soon), but I’m looking for advice from people here who’ve been on either side of this. If you want to DM with thoughts or recommendations, my inbox is open.

The main projects are things like finishing our Jenkins to ArgoCD migration, stabilizing the dev environment, upgrading Kubernetes and keycloak, fixing Terraform drift, and tightening up security by swapping bastion for SSM. Down the line we’ll need a coordinated Postgres upgrade and help implementing something like Flyway. I have a rough roadmap with phases, but I also want the person I hire to shape it once they’ve seen the guts.

Where I could use your help is figuring out the right approach.

First, what’s a sane way to interview and evaluate someone who’s supposed to outclass you? I'm thinking of one focused technical conversation to hear their high-level plan for the Jenkins migration, and then maybe a short, paid working session in a non-prod environment to see how they think. Is that a good signal, or is there a better way to assess real-world skills?

Second, where do you actually find great freelance talent these days beyond the job subreddits? Are places like Upwork, boutique agencies or certain communities worth cutting through the noise for?

Third, what's a safe but effective way to handle day one access? My instinct is to start with more limited permissions and expand as we build trust, but I don’t want to slow them down. How do you prefer to start when you join a new project?

Finally, I have a roadmap, but I want the person I hire to have ownership and help shape it. I want someone who’ll call out gaps in my plan, not just follow checklists. For the contractors here, what are the green flags that tell you a client will actually listen to your expertise, and what are the red flags that tell you to run?


Budget isn’t FAANG, but it’s sane. I care more about working with someone who’s proactive, communicates clearly, and leaves things tidier than they found them. If you’re interested, keep an eye out for the official post, but I’d really appreciate any advice on process, places to look, or things I might not know enough to ask yet. Thanks.



https://redd.it/1nl0bvw
@r_devops

Can splunk alerts be sent to another app via post request?

I noticed that people are able to send stack trace data in a splunk alerts which makes me wonder if these alerts can send a post request to a custom app for tracking purposes

https://redd.it/1nl7254
@r_devops

Tell me about your experience looking for job offers

Has anyone here found effective ways to increase their chances… like reaching out to strangers or companies on LinkedIn, or posting content there?

Did any of these work for you? Or can you share some tips from your own experience with job hunting?

https://redd.it/1nl9aw4
@r_devops

Skill Vs Money

So I have been a person who believe if we ace in our skill or niche( myn is devops) Money is automatically generated. But situations around me make me feel like this the shittiest thing I have ever done. Frnds who have graduated with me have been earning 20k -30 K inr per month. I have stucked to learning devops and doing an internship of 5k inr per month. Iam i foolish here or I need some patience to reach my devops dream role. What I mean by devops dream goal is that basic payofor frehser Or even some higher with acc to my skill

https://redd.it/1nlacf0
@r_devops

How common it is to be a DevOps engineer without (good) monitoring experience?

Hello community!

I am wondering how common it is for not having or having very little experience with monitoring for DevOps Engineers?

At the beginning of my career, when I worked as a system administrator, monitoring was a must-have skill because there was no segregation of duties (it was before Prometheus/Grafana and other fancy things were invented).


But since I switched to DevOps, I have worked very little to no with monitoring, because most often it was SRE's area of responsibility.


And now the consequences are that is it a blocker for most of the companies from hiring me, even with my 10+ YOE and 7+ years in DevOps.

https://redd.it/1nl91wh
@r_devops

Americans with Disabilities Act (ADA) Accommodations and On-call Rotations

I wanted some other perspectives and thoughts on my situation.


My official noscript is Senior DevOps Engineer but honestly is has become more of a SRE role over the years. We have an on-call schedule that runs 24/7 for a week at a time. We have a primary on-call rotation and a secondary on-call rotation with the same 6 people in each.



Recently, I was diagnosed with a sleep disorder for which the only treatment involves taking a medication that impairs me for about 8 and half hours while I am sleeping.


I requested an ADA accommodation for an adjusted on-call schedule so that I am not on-call during my nightly medication window. My manager has agreed to adjust the schedules so that I only have daytime rotations but stated that he didn't think my request would fall under an ADA (since on-call is considered an essential function of the job).



Is my scheduling requirements for on-call really going to be considered an unreasonable accommodations by most employers in the future? Should I be looking to exit the DevOps/SRE field altogether?

https://redd.it/1nldkwj
@r_devops

Kubernetes-ready Adobe Creative Cloud automation platform with Terraform IaC

Open-sourced enterprise Adobe automation platform with complete DevOps pipeline.



Infrastructure:

\- Terraform modules for Azure deployment

\- Kubernetes manifests for production scaling

\- Docker containers for all services

\- GitHub Actions CI/CD with automated testing

\- Prometheus + Grafana monitoring

\- HashiCorp Vault secrets management



Stack:

\- API: Node.js/Express + GraphQL

\- Workers: PowerShell + Python async

\- Data: SQL Server + Redis

\- Security: JWT auth + RBAC + audit logging



Deployment: `kubectl apply -f infrastructure/kubernetes/`



Features:

\- Zero-downtime deployments

\- Auto-scaling based on queue depth

\- Security scanning in CI pipeline

\- Infrastructure as Code with Terraform

\- Complete observability stack



Real impact: Automated Adobe user/license management for 2000+ users, 99.9% uptime.



GitHub: https://github.com/wesellis/adobe-enterprise-automation



Looking for feedback on the K8s architecture and deployment strategy!

https://redd.it/1nld1ln
@r_devops

Which AWS "group buying" experience should I go with?

So last week I posted about looking at either signing a term to get locked in for a year or two to save 40% on AWS costs. We're running about $13k/month and client is breathing down my neck to figure out the best way to save on this cost.

At first I was like, awesome, volume discounts + guaranteed savings + hands off management = profit right.

They want to transfer ownership of our AWS account to them
We'd get invoices from TWO places (their company + AWS)
One Reddit literally said "it's like having an MSP ex-gf who won't ever let you go"
Stories of people losing their entire AWS account when the third-party stopped paying Amazon
Some poor soul had to spend 6 months recreating their account from scratch (my condolences)

So i pulled out all the conversations in the comments + my DMs, loaded it into Claude and got it to break it all down for me.

\if I've made any factual mistakes in this post, please feel free to leave a comment and I'll make the adjustment.

First, Redditor recommended implementation strategy

1. Start with AWS native tools (Cost Explorer, Savings Plans)
2. Implement proper tagging and cost attribution
3. Avoid third-party account management

Ok #4 is heard loud and clear, but unfortunately that's against my client's directive, so I dug deeper.

The three leading solutions that address AWS commitment optimization without account transfer are:

Commitment Models Comparison (more detailed comparison below, compiled by Claude from website, call trannoscripts and DMs)

|Feature|MilkStraw AI|Archera|Opsima|
|:-|:-|:-|:-|
|Core Innovation|"Fluid savings" without commitments|Insurance-backed 30-day commitments|AI-powered with loss guarantee|
|Term Flexibility|No commitments required|30-day to 3-year terms|Flexible with guarantee protection|
|Risk Mitigation|Zero commitment risk|Insurance backing|Contractual loss guarantee|
|Multi-Cloud|AWS focused|AWS + Azure + GCP|Primarily AWS|
|Pricing Model|Not specified|Free platform + commitment fees|Simulation available|
|Enterprise Focus|Startups to enterprise|Enterprise-focused|Mid to large enterprise|
|Certifications|Not specified|ISO 27001, AWS Advanced Partner|AWS compliance mentioned|
|Platform Access|Read-only cross-account|Commitment management only|Cost reports + commitment rights|

Milkstraw and Opsima offers are very similar, both are almost no brainer offers. I think the tie breaker will come down to how easy the onboarding experience will be and so far from what I see, Milkstraw has a slightly easier onboarding set up. But please, correct me if I'm wrong here.

Archere's model is insurance/rebate, so it's financially different from the other two.

At our spend level, I'm starting to think this is more of a political/organizational problem than a technical one anyway. If I really just use first principle the whole reason I'm doing this is because devops director doesn't want the responsibility of handling the cost savings and want to offload it to a third party, and that third party would just deal with finance directly.

Either way, I will present all the options to my client as well as I could, and leave the choice to them.

ps. detailed comparison of all services, feel free to skip this part.

|Solution|Account Ownership|Billing Relationship|Exit Complexity|Savings Focus|Community Sentiment|
|:-|:-|:-|:-|:-|:-|
|MilkStraw AI|✅ Keep full control|✅ Direct AWS billing|✅ Leave anytime|Commitment optimization|🟢 Positive|
|Opsima|✅ Limited IAM role|✅ Direct AWS billing|✅ Contractual guarantee|Commitment management|🟢 Innovative approach|
|Archera|✅ Keep full control|✅ Direct AWS billing|✅ 30-day terms|Insured commitments|🟢 Enterprise-focused|
|**Vantage.sh**|✅ Keep full control|✅ Direct AWS billing|✅ Easy exit|Cost attribution|🟢 Highly recommended|
|Duckbill Group|✅ Consulting only|✅ Direct AWS billing|✅ Consulting model|Architecture + negotiation|🟢 Trusted expert|
|**Spot.io**|⚠️ Instance management|✅

Which AWS "group buying" experience should I go with?

So last week I posted about looking at either signing a term to get locked in for a year or two to save 40% on AWS costs. We're running about $13k/month and client is breathing down my neck to figure out the best way to save on this cost.

At first I was like, awesome, volume discounts + guaranteed savings + hands off management = profit right.

* They want to **transfer ownership** of our AWS account to them
* We'd get invoices from TWO places (their company + AWS)
* One Reddit literally said "it's like having an MSP ex-gf who won't ever let you go"
* Stories of people **losing their entire AWS account** when the third-party stopped paying Amazon
* Some poor soul had to spend 6 months recreating their account from scratch (my condolences)

So i pulled out all the conversations in the comments + my DMs, loaded it into Claude and got it to break it all down for me.

\*if I've made any factual mistakes in this post, please feel free to leave a comment and I'll make the adjustment.

First, Redditor recommended implementation strategy

1. Start with AWS native tools (Cost Explorer, Savings Plans)
2. Implement proper tagging and cost attribution
3. Avoid third-party account management

Ok #4 is heard loud and clear, but unfortunately that's against my client's directive, so I dug deeper.

The three leading solutions that address AWS commitment optimization without account transfer are:

Commitment Models Comparison (more detailed comparison below, compiled by Claude from website, call trannoscripts and DMs)

|Feature|MilkStraw AI|Archera|Opsima|
|:-|:-|:-|:-|
|**Core Innovation**|"Fluid savings" without commitments|Insurance-backed 30-day commitments|AI-powered with loss guarantee|
|**Term Flexibility**|No commitments required|30-day to 3-year terms|Flexible with guarantee protection|
|**Risk Mitigation**|Zero commitment risk|Insurance backing|Contractual loss guarantee|
|**Multi-Cloud**|AWS focused|AWS + Azure + GCP|Primarily AWS|
|**Pricing Model**|Not specified|Free platform + commitment fees|Simulation available|
|**Enterprise Focus**|Startups to enterprise|Enterprise-focused|Mid to large enterprise|
|**Certifications**|Not specified|ISO 27001, AWS Advanced Partner|AWS compliance mentioned|
|**Platform Access**|Read-only cross-account|Commitment management only|Cost reports + commitment rights|

Milkstraw and Opsima offers are very similar, both are almost no brainer offers. I think the tie breaker will come down to how easy the onboarding experience will be and so far from what I see, Milkstraw has a slightly easier onboarding set up. But please, correct me if I'm wrong here.

Archere's model is insurance/rebate, so it's financially different from the other two.

At our spend level, I'm starting to think this is more of a political/organizational problem than a technical one anyway. If I really just use first principle the whole reason I'm doing this is because devops director doesn't want the responsibility of handling the cost savings and want to offload it to a third party, and that third party would just deal with finance directly.

Either way, I will present all the options to my client as well as I could, and leave the choice to them.

ps. detailed comparison of all services, feel free to skip this part.

|Solution|Account Ownership|Billing Relationship|Exit Complexity|Savings Focus|Community Sentiment|
|:-|:-|:-|:-|:-|:-|
|**MilkStraw AI**|✅ Keep full control|✅ Direct AWS billing|✅ Leave anytime|Commitment optimization|🟢 Positive|
|**Opsima**|✅ Limited IAM role|✅ Direct AWS billing|✅ Contractual guarantee|Commitment management|🟢 Innovative approach|
|**Archera**|✅ Keep full control|✅ Direct AWS billing|✅ 30-day terms|Insured commitments|🟢 Enterprise-focused|
|[**Vantage.sh**](http://Vantage.sh)|✅ Keep full control|✅ Direct AWS billing|✅ Easy exit|Cost attribution|🟢 Highly recommended|
|**Duckbill Group**|✅ Consulting only|✅ Direct AWS billing|✅ Consulting model|Architecture + negotiation|🟢 Trusted expert|
|[**Spot.io**](http://Spot.io)|⚠️ Instance management|✅

Direct AWS billing|🟡 Medium complexity|Spot optimization|🟡 Use case specific|
|**Group Buy Services**|❌ Account transfer|❌ Dual billing|❌ Very difficult|Volume discounts|🔴 Strongly avoid|
|**Resellers/MSPs**|❌ Account transfer|❌ Reseller billing|❌ Very difficult|Various|🔴 Never recommended|

**MilkStraw AI** **Model:** Commitment optimization without actual commitments

* **Key Feature:** "Fluid savings" - get commitment pricing without commitment risk
* **Account Control:** Keep full AWS account ownership
* **Savings:** Up to 55% on EC2, 45% on Fargate, 35% on RDS
* **Access Required:** Read-only cross-account role, no billing migration
* **Risk:** Zero risk, leave anytime
* **Coverage:** EC2, Fargate, Lambda, SageMaker, RDS, OpenSearch, ElastiCache, RedShift
* **Billing:** Keep existing AWS billing relationship
* **Community Notes:** Sourced from incoming DM

**Opsima** **Model:** AI-powered commitment management with guarantees

* **Key Feature:** No money loss contractual guarantee
* **Account Control:** Manage commitments via IAM role, no infrastructure access
* **Savings:** Based on forecasting and optimization algorithms
* **Access Required:** Cost/usage reports + commitment management rights only
* **Risk:** Contractual guarantee against over-commitment
* **Prohibited:** Not a group buying service (complies with AWS June 2025 policy)
* **Community Notes:** Offers simulation without subnoscription

**Archera** **Model:** Insured Commitments with flexible terms

* **Key Feature:** Short-term (30-day) commitments with 1-3 year commitment pricing
* **Account Control:** No infrastructure access, commitment management only
* **Savings:** 1-3 year commitment discounts with 30-day flexibility
* **Access Required:** Commitment purchasing and management permissions
* **Risk:** Insurance-backed commitments reduce over-commitment risk
* **Multi-Cloud:** Supports AWS, Azure, and Google Cloud
* **Coverage:** All AWS reservable services, Savings Plans, Reserved Instances
* **Certifications:** ISO/IEC 27001:2022, AWS Advanced Partner, AWS Qualified Software
* **Platform:** Free multicloud commitment lifecycle management
* **Community Notes:** Sourced from incoming DM

https://redd.it/1nlgkxq
@r_devops