Platform Engineer Intern. Is ansible worth learning?

I will be having an interview somewhere next week for a platform engineer internship role. The technologies that will be touched on include VMs, Python, bash, and Ansible.

I have always been wanting to break into devops and have studied many of the different technologies required in Kodekloud(k8, docker, CICD etc)

Have seen a lot of comments where people say Ansible is not used often because of K8 and containerization etc. So just wondering, will this internship still be useful if i want to pursue a career in devops?

https://redd.it/1nxqx8u
@r_devops

Migrating Domains from AWS Route 53 to GCP DNS (with SSL) – Step by Step Guide

Hey everyone,

I recently wrote a step-by-step walkthrough on how I migrated domains from AWS Route 53 to Google Cloud DNS, and also set up SSL along the way. I tried to make it practical, with screenshots and explanations, so that anyone attempting the same can follow along without much hassle.

If you’re interested in cloud infra, DNS management, or just want a quick guide for moving domains between AWS and GCP, I’d really appreciate it if you could give it a read and share your thoughts/feedback:

Read here: Migrating Domains from AWS Route 53 to GCP DNS (Step-by-Step with SSL Setup)

Would love to hear if you’ve done something similar, and if there are optimizations or gotchas I might have missed!

https://redd.it/1nxr8bx
@r_devops

Little desperate looking for help

I think I maybe website domain under attack but clueless on what to do
i have another site hosted on same place with no issues

My website cant render or show visuals in the USA only.

\- i can access the site in canada and uk from a vpn
\- the site was deindexed but now is index via GSC
\- i ran a google live test and saw no visuals but did see indexing
\- pagespeedinsights renders the site
\- i found no dmca or blacklisting of site on lumen
\- geopeeking only shows site rendering in singpore

Has anyone seem something like this?

I asked the domains register if they saw a issue and no.
Hosting was render, i swapped ton netlify and same issue

before the issue started the outbound bandwidth spiked to 324mb for .07mb

I cant ping the site by domain name but testing tools can reach it

https://redd.it/1nxqlmq
@r_devops

❓ Help Debugging .NET services that already run inside Docker (with Redis, SQL, S3, etc.)

Hi all,

We have a microservices setup where each service is a .sln with multiple projects (WebAPI, Data, Console, Tests, etc). Everything is spun up in Docker along with dependencies like Redis, SQL, S3 (LocalStack), Queues, etc. The infra comes up via Makefiles + Docker configs.

Here’s my setup:

Code is cloned inside WSL (Ubuntu).

I want to open a service solution in an IDE (Visual Studio / VS Code / JetBrains Rider).

My goal is to debug that service line by line while the rest of the infra keeps running in Docker.

I want to hit endpoints from Postman and trigger breakpoints in my IDE.


The doubts I have:

Since services run only in Docker (not easily runnable directly in IDE), should I attach a debugger into the running container (via vsdbg or equivalent)?

What’s the easiest repeatable way to do this without heavily modifying Dockerfiles? (e.g., install debugger manually in container vs. volume-mount it)

Each service has two env files: docker.env and .env. I’m not sure if one of them is designed for local debugging — how do people usually handle this?

Is there a standard workflow to open code locally in an IDE, but debug the actual process that’s running inside Docker?


Has anyone solved this kind of setup? Looking for best practices / clean workflow ideas.

Thanks 🙏

https://redd.it/1nxwsmo
@r_devops

Low-cost, open source MQTT brokers with cluster/HA mode?

We have a mix of MQTT deployments for our IOT infrastructure, Mosquitto and older EMQX in single node mode (before they changed the license). We're looking to retire Mosquitto services and expand EMQX to cluster mode. MQTT V5 support and high availability are our main requirements.

EMQX and HiveMQ both requires expensive enterprise licenses for self-hosting. RabitMQ and VerneMQ seem like viable alternatives. Do you have experience with them in cluster mode? What are my options here? Many thanks!

https://redd.it/1ny1hw6
@r_devops

Your favourite Freelance marketplace for $100+/hr projects

Hello fellow colleagues! I need your help if you are freelancing in DevOps/SRE/Platform Engineering/Cloud world.

I was a full-time Freelancer on Toptal a couple of years ago and getting good clients then due to my favourable rate & service. But I had to completely stop my freelance activities due to moving to another country and complying with visa then.

Now I can start again on Toptal and have talked to one of their coaches to adjust my rate to $100/hr. They advised me to start with $70/hr initially which is even lower than my current full-time job. At that rate, I would rather continue my current job and read books on my leisure time.

However, I want to ask about your favourite "Freelance Marketplace" for projects worth $100+/hr nowadays that I can try to join. Thanks for your support!

https://redd.it/1ny2iu1
@r_devops

Trying to re-architect our Laravel API from PHP-FPM to Swoole

Hey folks,

I’m in the middle of migrating our Laravel API from PHP-FPM to Swoole (Octane) to cut down on overhead and improve response times.

But I’m kinda stuck on the OPcache + Octane + PHP memory limit part.
Not sure what values I should start with or how they affect each other once Swoole takes over the request lifecycle.

So my questions:
What are good starting points for OPcache settings?
What’s a safe PHP memory_limit when running Octane?
And for Kubernetes, what would you set as requests/limits per pod?

For context:
We’re currently serving around 1M–1.5M users, running between 128–256 pods, each with 4 CPU / 8 GB RAM. Even after a ton of tuning on PHP-FPM (pool size, pm dynamic/static, etc.), resource usage is still crazy high.

Anyone here running Laravel Octane with Swoole at scale on K8s? Would love to see how you guys tuned it memory, workers, and caching setup.

https://redd.it/1ny4rvb
@r_devops

I made PyPIPlus.com — a faster way to see all dependencies of any Python package

Hey folks 👋

I built a small tool called PyPIPlus.com that helps you quickly see all dependencies for any Python package on PyPI.

It started because I got tired of manually checking dependencies when installing packages on servers with limited or no internet access. We all know that pain trying to figure out what else you need to download by digging through package metadata or pip responses. 😩

With PyPIPlus, you just type the package name and instantly get a clean list of all its dependencies (and their dependencies). No installation, no login, no ads — just fast info.

💡 Why it’s useful:
• Makes offline installs a lot easier (especially for isolated servers)
• Saves time
• Great for auditing or just understanding what a package actually pulls in

Would love to hear your thoughts — bugs, ideas, or anything you think would make it better. It’s still early and I’m open to improving it. 🙌

🔗 https://pypiplus.com

https://redd.it/1ny6xdu
@r_devops

HELP AWS Secret Manager Client Error in Node JS

Hello, I am really new to DevOps and for a portfolio/test project, i have an aws lambda running on Node 22 that is trying to retrieve a secret but I am getting this weird error. The lambda is in a private subnet which has an interface endpoint for Secret Manager which allows in-traffic from addresses within the vpc which includes the lambda, and the lambda also has permission to get the secret value and the secret name is correct as well. But for some reasons these are the logs which includes the error which was caught by the function which called the one I will include after the logs.

If you have any ideas how I could fix this error I would greatly appreciate it. If anything needs to be done in the infra, I can also share my terraform IaC.

 
INFO
{
    "level": "info",
    "msg": "Sending Get Secret Command ",
    "secretName": "db-config",
    "command": {
        "middlewareStack": {},
        "input": {
            "SecretId": "db-config"
        }
    },
    "client": {
        "apiVersion": "2017-10-17",
        "disableHostPrefix": false,
        "extensions": [],
        "httpAuthSchemes": [
            {
                "schemeId": "aws.auth#sigv4",
                "signer": {}
            }
        ],
        "logger": {},
        "serviceId": "Secrets Manager",
        "runtime": "node",
        "requestHandler": {
            "configProvider": {},
            "socketWarningTimestamp": 0,
            "metadata": {
                "handlerProtocol": "http/1.1"
            }
        },
        "defaultSigningName": "secretsmanager",
        "tls": true,
        "isCustomEndpoint": false,
        "systemClockOffset": 0,
        "signingEscapePath": true
    }
}

WARN An error was encountered in a non-retryable streaming request.

ERROR {
    "level": "error",
    "msg": "Pipeline Failed",
    "message": "Invalid value \"undefined\" for header \"x-amz-decoded-content-length\"",
    "name": "TypeError",
    "stack": "TypeError [ERR_HTTP_INVALID_HEADER_VALUE]: Invalid value \"undefined\" for header \"x-amz-decoded-content-length\"\n    at ClientRequest.setHeader (node:_http_outgoing:703:3)\n    at new ClientRequest (node:_http_client:302:14)\n    at request (node:https:381:10)\n    at /var/task/node_modules/@smithy/node-http-handler/dist-cjs/index.js:301:25\n    at new Promise (<anonymous>)\n    at NodeHttpHandler.handle (/var/task/node_modules/@smithy/node-http-handler/dist-cjs/index.js:242:16)\n    at /var/task/node_modules/@smithy/smithy-client/dist-cjs/index.js:113:58\n    at /var/task/node_modules/@aws-sdk/middleware-flexible-checksums/dist-cjs/index.js:456:24\n    at /var/task/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:543:24\n    at /var/task/node_modules/@smithy/middleware-serde/dist-cjs/index.js:6:32",
    "code": "ERR_HTTP_INVALID_HEADER_VALUE"
}

 js
import { SecretsManagerClient, GetSecretValueCommand } from "@aws-sdk/client-secrets-manager";
import type { DBCredentials } from "../../types/DBCredentials.js";
import { logger } from "../../utils/logger.js";

const client = new SecretsManagerClient({region: process.env.REGION || 'us-east-1'});

export async function getDbCredentials(): Promise<DBCredentials> {
    const secretName = process.env.DB_SECRET;

    if(!secretName) throw new Error('Environment Variable `DB_SECRET` is missing')

    const command = new GetSecretValueCommand({ SecretId: secretName });

    logger.info("Sending Get Secret Command ", {secretName, command, client: client.config});
    const response = await client.send(command);
    logger.info("Secret Response Acquired");

    if(!response.SecretString) throw new Error('Secret String Empty');

    const secret = JSON.parse(response.SecretString);

    return {
        username: secret.user,
        password: secret.password,
        host: secret.host,
        port: secret.port,
        database: secret.name
    }
}

https://redd.it/1ny8174
@r_devops

An aspiring DevOp / DevOps Architect

I'm a UI designer and I work in web hosting provider. Recently, I was thinking of developing a new career trajectory in DevOps Architect, so I looked up in web and I found out the essential competencies to qualify is that in mastering the following: terraform, k8s, docker, jenkins, AWS and python. How accurate is this? does a single programming language suffice? (except the configuration languages HCL and YAML). Finally, what is the logical order to learn those tools?

https://redd.it/1ny67ng
@r_devops

How’s the DevOps job market looking for senior folks lately?

Hey everyone,

Curious if others are noticing this too — I’ve hardly been getting any recruiter calls or messages lately. A few years back, there used to be a steady stream of them, but now it feels completely dry.

For context, I’m a DevOps Architect with around 13 years of experience, currently in a hands-on role (lots of IaC, pipelines, infra automation, etc.). I’m starting to wonder — is this slowdown specific to DevOps/SRE-type roles, or is it something affecting senior engineering positions across the board?

Would love to hear how things are looking from your side — are recruiters still reaching out, or has the market just cooled off overall?

https://redd.it/1nyejnb
@r_devops

How do professionals handle huge monorepos locally without lag?

So after our last discussion about monorepos, I was digging deeper (this thread for context: Why monorepos?) — and I’ve been trying to open some big ones like PostHog or Twenty.

Even when I follow their local setup guides exactly, my system starts to crawl.
Specs aren’t bad: 12 GB RAM, 8-core CPU, RTX 3050 GPU. Still, once the monorepo spins up (Docker, npm install, builds, etc.), it lags hard — especially the IDE and containers.

So I’m curious: how do experienced engineers handle massive monorepos locally?
Do you use remote dev environments, partial clones, special IDE settings, or just monster hardware?
Would love to hear how you all deal with this in your daily workflow.

https://redd.it/1nyfan9
@r_devops

How can teams ensure data integrity and privacy when everything is stored or processed across multiple chains?

Cross-chain systems are powerful but messy — keeping data accurate and private feels like a huge challenge. Any real solutions out there?

https://redd.it/1nyhg0c
@r_devops

Share Terraform noscripts with low-skilled tech

In our company we have built a Terraform noscript in order to spin up VMs and configure them for air-gap/factory environment.

Everything works as epxected but the main issues come from technicians (especially the one in 50+ years old) that push back on noscripting and ask for "visual tool".

Anyone faced something similar and how to adress it ?

https://redd.it/1nyi2cg
@r_devops

Kubernetes monitoring that tells you what broke, not why

I’ve been helping teams set up kube-prometheus-stack lately. Prometheus and Grafana are great for metrics and dashboards, but they always stop short of real observability.

You get alerts like “CPU spike” or “pod restart.” Cool, something broke. But you still have no idea why.

A few things that actually helped:

keep Prometheus lean, too many labels means cardinality pain
trim noisy default alerts, nobody reads 50 Slack pings
add Loki and Tempo to get logs and traces next to metrics
stop chasing pretty dashboards, chase context

I wrote a post about the observability gap with kube-prometheus-stack and how to bridge it.
It’s the first part of a Kubernetes observability series, and the next one will cover OpenTelemetry.

Curious what others are using for observability beyond Prometheus and Grafana.

https://redd.it/1nyjdlt
@r_devops

CVE-2025-6724: Chef Automate SQL Injection Vulnerability (CVSS score of 8.8)

Overview

In this article, we are going to delve into the details of an identified vulnerability in Progress Chef Automate, CVE-2025-6724. This vulnerability affects versions earlier than 4.13.295 and is specific to Linux x86 platform. It is of significant concern as an authenticated attacker can gain access to restricted functionality in multiple Chef Automate services. This is achieved via improperly neutralized inputs that are used in an SQL command, potentially leading to system compromise or data leakage. In an era where data security is paramount, understanding and mitigating such vulnerabilities is crucial for maintaining the integrity of our systems.

Vulnerability Summary

CVE ID: CVE-2025-6724
Severity: High (8.8 CVSS Score)
Attack Vector: Network
Privileges Required: Low (Authenticated User)
User Interaction: None
Impact: System compromise or data leakage

Affected Products

Progress Chef Automate | Versions earlier than 4.13.295

How the Exploit Works

The vulnerability stems from the usage of improperly neutralized user inputs that are utilized in SQL commands. This means that the application does not adequately sanitize user-supplied input, potentially leading to SQL injection. An attacker, who is authenticated, can therefore manipulate the SQL query to gain unauthorized access to the system’s database, potentially compromising the system or causing data leakage.

Conceptual Example Code

This example represents a potential SQL injection attack, where the “malicious_payload” might be an SQL statement designed to manipulate the database. Note that this is a hypothetical scenario only, created to illustrate the nature of the vulnerability, and does not represent an actual exploit.

POST /vulnerable/endpoint HTTP/1.1
Host: target.example.com
Content-Type: application/json
{ "maliciouspayload": "'; DROP TABLE users; --" }

In this example, if the application does not properly sanitize the input, the SQL statement embedded in the “malicious\payload” would be executed, potentially leading to severe consequences such as deletion of the users table in this case.

Mitigation

To mitigate this vulnerability, users are advised to apply the vendor patch as soon as possible. If the patch cannot be applied immediately, using a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can serve as a temporary mitigation measure. These can help to prevent SQL injection attempts by blocking suspicious SQL queries. It is also recommended to always follow best practices for SQL queries, such as using parameterized queries or prepared statements, to prevent SQL injection vulnerabilities.

If you like this type of post please join us at r/ameeba

Disclaimer:

The information and code presented in this article are provided for educational and defensive cybersecurity purposes only. Any conceptual or pseudocode examples are simplified representations intended to raise awareness and promote secure development and system configuration practices.

Do not use this information to attempt unauthorized access or exploit vulnerabilities on systems that you do not own or have explicit permission to test.

Ameeba and its authors do not endorse or condone malicious behavior and are not responsible for misuse of the content. Always follow ethical hacking guidelines, responsible disclosure practices, and local laws.

https://redd.it/1nyh9sm
@r_devops

The DevOps role is splitting into different roles and it is confusing me

I have been interested in devops or other related roles for only 3 years now. Now I see people telling me the pure devops role now isn’t really lasting and it’s being desperate into proper roles like platform engineer, infra & cloud engineer, SRE, and any other role name, but when I search, each seem to encapsulate a small task from the previous devops role, but when I say this, people think I am offending them.

A lot are claiming that SRE is the natural climb from devops and requires engineering and will last, others saying platform engineer is the next devops, or how infra & cloud will be the only left due to AI automating everything. I simply want to know what is happening and where is this going?

Before someone attacks me for not searching on these roles, I did, but each company employs alittle differently and everyone on the internet gives the simplest and most basic task for the role, which makes it sound like a joke.

https://redd.it/1nymplh
@r_devops

What feature you always miss in a cli http client?

Nowadays we have a plenty of cli http clients, but I would like to ask: Is there anything you miss in a cli http client for daily devops tasks?

https://redd.it/1nyq2a0
@r_devops

Are there any good Infra/DevOps events in Berlin?

I’ve been trying to find more local events around Infra and DevOps. Came across something called Infra Night Berlin happening mid of October with Grafana, Terramate, and NetBird. Anyone from here going or got other similar events you’d recommend? Always nice to exchange ideas with technical fellows.

https://redd.it/1nysazb
@r_devops

Monitoring AWS Instances in US region using my Raspberry Pis at home in Europe

Hello. I wanted to ask a question about monitoring my application servers on the budget. I am planning to run applications on AWS EC2 Instances located in `us-east-2`, but in the beginning I want to save some money on infrastructure and just run Prometheus and Grafana on my Raspberry Pis at home that I have. But I am currently located in Europe so I imagine the latency will be bad when Prometheus scrapes tha data from Instances located in United States. Later on when the budget will increase I plan to move out the monitoring to AWS.

Is this a bad solution ? I have some unused Raspberry Pis and want to put them to use.

https://redd.it/1nythdb
@r_devops

I built a tool to automate phone verification testing — here’s what I learned about scaling reliability

When we were building and testing signup flows for our web apps, we kept hitting the same pain point — phone verification.
Every test deployment meant waiting for OTPs manually, retyping them, and dealing with flaky SMS deliveries.

So I started automating it. I built a small internal setup that spins up temporary test numbers and polls for incoming SMS automatically, validating codes during CI/CD runs.

That little internal project slowly grew into something bigger — a complete testing and verification layer that we now use (and share) to help other teams test safely without exposing personal numbers.

Along the way, I learned a few things about scaling this kind of service:

* Reliable delivery isn’t just about carrier coverage — routing logic matters.
* Privacy by design needs to be baked in early.
* Most “temporary number” providers don’t play well with automated test environments.

I’m curious if other founders here have run into the same problem while building verification-based systems — did you automate your own testing too, or rely on third-party APIs?

*(Happy to share what worked for us if anyone’s designing similar flows.)*

https://redd.it/1nyv8oh
@r_devops