Are you running your tests in argocd? If so how are you getting the reports out?

We're running applications with gitops using argocd and looking at post-sync test jobs for running E2E tests.

Got my POC running before realizing i have no good way of getting this report out and in front of devs.

How are you exposing test results from jobs with argocd?

https://redd.it/1o6k6px
@r_devops

Looking for some roadmap advice

I've been working in a DevOps-like role at a small company for about two or three years now (my work includes CI/CD babysitting, Terraform modules written by others, basic Kubernetes operations, and a lot of Bash). But I feel like my progress has slowed down. I'm mostly busy with maintenance and handling tickets.

I'm wondering what else I can do in the future, because DevOps is so overwhelming and I'm a bit lost. I'm currently focusing on: System + Networking fundamentals (Linux internals, TCP, DNS, TLS; Terraform module design, state management, multi-account/organizational mode); and Cloud architecture (proper IAM implementation, organizational guardrails, landing zones).

I'm familiar with Linux, Git, and writing small Python/Bash utilities. I can read Terraform and fix issues, but designing from scratch still requires improvement. Lately, I've been browsing YouTube, LeetCode, and the IQB interview question bank for insights. But I'd rather hear real, everyday experiences.

If I were you, what would you focus on to improve your competence over the next year? What resources would you choose? What resources would be truly helpful? Books, labs, real projects, and practical examples are all highly sought after, as I currently don't know what keywords to search for. TIA.

https://redd.it/1o6fgc6
@r_devops

After more than a decade in DevOps, I’ve realized I’m more of a developer at heart

I’ve been in the DevOps/SRE space for over a decade now, working across different roles and organizations. But one thing I’ve consistently noticed throughout my career — I genuinely love coding far more than working on infrastructure, operations, or even IaC.

Whenever I’m writing code — automating something, building tools, or creating something new — I get completely absorbed. I never feel tired or bored. But when it comes to the “Ops” side of things — maintaining infra, monitoring, or writing Terraform/Ansible — I start feeling drained pretty quickly.

People often say there’s a lot of scope for coding and automation in DevOps/SRE, and while that’s true to some extent, it still feels much less fulfilling compared to a traditional development role.

This has always been my realization, and I just wanted to share it here. Has anyone else felt something similar — that maybe your real strength lies in the “Dev” part of DevOps? How did you deal with that realization? Did you shift towards development, or find a balance that kept you happy while staying in DevOps/SRE?

Would really love to hear your experiences and perspectives.

https://redd.it/1o6n0im
@r_devops

AI Providers, Security and Compliance

Hey Folks,

So as part of my "continuing education", I've put my skepticism aside and have been using AI in and on some of my side projects, meaning I use AI to help code, and I am making "AI Wrapper" projects. I am starting to see some value, but I'm also finding some...infra-smells? Gaps? I don't know.

First, I'm sort of ignoring the big enterprise side of things. It seems like for that you just pick vertex or bedrock and go all in, vendor lockin and cost be damned. Bully for them.

But on the smaller side, you've got all these scrappy startups using neat tools like openrouter, notdiamond, LiteLLM, etc. which is great if you want to use the latest models, do some cost optimization, have dynamic routing and all that. But I found myself instinctively wanting to build all sorts of infrastructure JUST FOR ME to do this safely.

I still have PTSD from when the guy sitting next to me checked his AWS Access keys into github and we lost 40k over the weekend. And now we're back to passing around API keys willy nilly. How are people managing this? Am I being too paranoid? What happens when you scale up and hire an offshore team, are you really just sending keys over to them via slack?

Also, most of these providers make no guarantees of compliance, or any kind of privacy, so a lot of us are probably sending our deepest darkest secrets directly to china (deepseek) or google (gemini). And I don't know which is worse.

How are people actually managing this in sort of the "middle tier" of companies? Say, an AI wrapper startup that is scaling and now needs to be both cost-effective and hipaa compliant? Are there libraries or services to help with this? Or are you just rolling your own stuff?

Go easy on me, I literally JUST got done with SOCII for one of my clients, so I'm in that headspace anyway, it just seems like nobody is really talking about this.

https://redd.it/1o6p384
@r_devops

What tools do you use to stay organized?

As a DevOps engineer, there's many things to keep track of:

tasks you're working on
discussions and meetings you've had
code snippets and/or cli commands you frequently use
links to company wikis, docs etc
personal notes about how you solved a particular problem
personal notes about people you work with
information about different systems you need to log in to (user names, passwords, ways of logging in)
etc.

What do you use for that? Obsidian? Notion? Plain markdown files? Hand written notes? I'd be interested in hearing about the tools you use, and if you're using a specific system to make sense of it all.

https://redd.it/1o6nhlz
@r_devops

An open source access logs analytics noscript to block Bot attacks

We built a small Python project for web server access logs analyzing to classify and dynamically block bad bots, such as L7 (application-level) DDoS bots, web scrappers and so on.

We'll be happy to gather initial feedback on usability and features, especially from people having good or bad experience wit bots.

The project is available at Github and has a wiki page


Requirements

The analyzer relies on 3 Tempesta FW specific features which you still can get with other HTTP servers or accelerators:

1. JA5 client fingerprinting. This is a HTTP and TLS layers fingerprinting, similar to JA4 and JA3 fingerprints. The last is also available in Envoy or Nginx module, so check the documentation for your web server
2. Access logs are directly written to Clickhouse analytics database, which can cunsume large data batches and quickly run analytic queries. For other web proxies beside Tempesta FW, you typically need to build a custom pipeline to load access logs into Clickhouse. Such pipelines aren't so rare though.
3. Abbility to block web clients by IP or JA5 hashes. IP blocking is probably available in any HTTP proxy.



How does it work

This is a daemon, which

1. Learns normal traffic profiles: means and standard deviations for client requests per second, error responses, bytes per second and so on. Also it remembers client IPs and fingerprints.
2. If it sees a spike in z-score for traffic characteristics or can be triggered manually. Next, it goes in data model search mode
3. For example, the first model could be top 100 JA5 HTTP hashes, which produce the most error responses per second (typical for password crackers). Or it could be top 1000 IP addresses generating the most requests per second (L7 DDoS). Next, this model is going to be verified
4. The daemon repeats the query, but for some time, long enough history, in the past to see if in the past we saw a hige fraction of clients in both the query results. If yes, then the model is bad and we got to previous step to try another one. If not, then we (likely) has found the representative query.
5. Transfer the IP addresses or JA5 hashes from the query results into the web proxy blocking configuration and reload the proxy configuration (on-the-fly).


https://redd.it/1o6rxgc
@r_devops

Ask for your advice

I work for an Internet service provider (ISP), and since I started working with them, I have been involved in everything related to the company's tasks, because we agreed from the beginning that I would learn and gain experience in various aspects.

During my time there, I have learned many skills in various fields, including:

Managing the company's Linux-based server, where I install various systems using virtual machines.

I also work in networking using MikroTik, and I have a good understanding of network architecture and management.

In addition, I have been a Python programmer since before I joined the company, and I have completed a number of automation projects that have helped streamline the company's work.


However, I recently noticed that my skills are scattered and unorganized, which made me unsure of the field I should focus on or specialize in. I talked to ChatGPT about this, and it suggested that I direct my attention toward the field of DevOps.

So I would like to know:

1. What is my approximate level in relation to the requirements of the DevOps field?

2. Where can I actually start to develop myself in this direction?

3. Are there good job opportunities and rewarding salaries in this field?

https://redd.it/1o6rlum
@r_devops

What homelab project actually made you better at DevOps?

So I’ve been seeing a ton of homelab posts lately and decided to start one myself. Got Proxmox running a bit ago and planning to set up Kubernetes the hard way just to really get it.

My goal is to learn by doing and maybe test some disaster recovery stuff in AWS later.

For anyone who’s been doing this longer, what homelab projects actually helped you get better at DevOps skills in the real world? And which ones were just cool experiments that didn’t really translate to your day job?

https://redd.it/1o6tue6
@r_devops

What tools are useful for measuring CPU and memory usage in Kubernetes clusters to identify misconfigurations and opportunities for reducing resource allocation?

What tools are useful for measuring CPU and memory usage in Kubernetes clusters to identify misconfigurations and opportunities for reducing resource allocation? Do you have any recommendation? Feel free to share.

https://redd.it/1o6ulbe
@r_devops

Need some help guys from someone with experience.

Hey there,

I’m a 2nd-year Electrical Engineering and Computer Science student, and lately, I’ve been kind of stuck trying to figure out when I’m “ready” to actually apply for a SWE or DevOps role. I’ve gone pretty deep into studying on my own — I don’t really take light courses, I usually go straight to the dense books and try to understand things as fully as I can. So far, I’ve worked through stuff like:
\- C: How to Program.
\- Object-Oriented Software Construction (the Bertrand Meyer one. That took O-O from its core philosophy and engineering principles and some of the Math behind it).
\- Introduction to Algorithms (CLRS) and MIT's Introduction into Algorithms lectures.
\- MIT’s Mathematics for Computer Science (Covering Set Theory, Graph Theory, Proofs, Algorithms, Number Theory, ...), Linear Algebra, Calculus I/II, Differential Equations.
\- Compiler basics (Because I needed to dive into The Automata Theory first and didn't have the time)
\- Operating Systems in more non abstract manner (saw the code of the popular MINIX OS written in C).
\- System Programming (diving into the internals of the operating system and learning and some low level stuff with C interacting with the OS in direct).
\- Database Management Systems.
\- AI with Artificial Intelligence A Modern Approach text, and covered some topics like (Searching algorithms to solve a problem, the philosophy and the underlying theory of the early AI stuff)
\- Machine Learning (Hands-On ML Popular Book).
\- On the EE side, I’ve done {circuits, electromagnetism, electronics, Signal and Systems, etc. }.

The problem is, I don’t really have a mentor or someone to tell me if I’m focusing on the right things or when it’s time to just start applying. I’m aiming to move toward DevOps/SWE eventually, but I don’t really understand how the market works or what’s “enough” to start. If you could give me a bit of direction — like what I might be missing, or what you’d focus on if you were in my shoes — it’d honestly mean a lot.

Thanks

https://redd.it/1o6ux3w
@r_devops

Could DevOps/SRE lead you to be more hardware oriented roles?

I’ve always liked the hardware side of things, but found it extremely hard to get into without prior knowledge or experience and with the original path of embedded basically becoming harder, I started searching and fell in love with DevOps.

Later tho I found some people claiming that after a while of being an SRE or even DevOps engineers, the transitioned to roles like hardware reliability or other similar positions, and I was simply wondering if that’s possible, because the entire idea of DevOps is to bridge software gaps, but I may be wrong as I don’t really have that much experience in the matter.

https://redd.it/1o730b4
@r_devops

Bootstrap you career in DevOps

Good morning aspiring DevOps!

This is my second message of this kind.

I can see many people looking to bootstrap their career and they form small groups of students like.

But, wouldn't it be better to work with a real company on a realistic project?

I have launched successfully a few months ago a mutual benefit collaboration in which some people joined some internal projects we are developing that could help you learn how to bring a software/system from development to production.

Some people have left because they got job offers, so looking for other potential candidates interested in this experience.

This is a completely free collaboration on both sides, on your side you commit to learn and try to complete the project, on my side I commit to giving you tutoring and support needed and guiding you on troubleshooting issues.

I have got 3 projects in mind:

1) Data Pipeline: there is a nice article on Medium on a data pipeline to ingest marketdata data using technologies like Spark, MongoDB, Postgres and other

2) LLMops framework. We want to train internal models on Kubeflow and we need a reliable way to install it and manage it.

3) Terraform OCI provisioning. Nowadays Oracle Cloud is getting traction. Why don't we build terraform modules for it?

I require some basic knowledge of technologies since those projects are not suitable for people who don't have any knowledge.

I want to help you make sense of the technology you already know and tell you how to apply it to a real case scenario rather than a simple Hello world one!

Also be mindful of the fact that I can not accept everyone since I will provide my personal time, obviously I can not scale like we want our deployments to......I am not a pod!

To apply please complete this form:

https://forms.office.com/e/3QDd5dMPmv

https://redd.it/1o75d7p
@r_devops

React Native iOS App Crashes Immediately on Launch After Successful Build in Azure Pipeline

**Problem:** I have a React Native app that builds successfully in my Azure DevOps pipeline (macOS-15, Xcode 16.4, Node 23.7.0, React Native), but the app crashes immediately upon launch on both Debug and Release configurations. The build completes without errors, the IPA is generated correctly, but the app won't run.

**Build Environment:**

* **CI/CD:** Azure DevOps Pipeline
* **macOS:** macOS-15
* **Xcode:** 16.4
* **Node.js:** 23.7.0
* **NPM:** 11.5.2
* **Yarn:** 1.22.22
* **Build Configuration:** Both Debug and Release crash

**What Works:**

* ✅ Pipeline completes successfully
* ✅ Archive builds without errors (`** ARCHIVE SUCCEEDED **`)
* ✅ Export succeeds (`** EXPORT SUCCEEDED **`)
* ✅ IPA file is generated
* ✅ CocoaPods installation succeeds
* ✅ JavaScript bundle is created

**What Fails:**

* ❌ App crashes immediately on launch (white screen/instant crash)
* ❌ Happens in both Debug and Release builds


**What I've Tried:**

* ✅ Clearing CocoaPods caches
* ✅ Removing and reinstalling pods
* ✅ Verifying JavaScript bundle is created and copied correctly
* ✅ Checking provisioning profiles and certificates (all valid)
* ✅ Using `NODE_OPTIONS='--openssl-legacy-provider'`




**Problem:** I have a React Native app that builds successfully in my Azure DevOps pipeline (macOS-15, Xcode 16.4, Node 23.7.0), but the app crashes immediately upon launch on both Debug and Release configurations. The build completes without errors and the IPA is generated correctly, but the app crashes with a fatal JavaScript exception.

**Crash Information:**

Exception Type: EXC_CRASH (SIGABRT)
Termination Reason: SIGNAL 6 Abort trap: 6

Last Exception Backtrace:
0 CoreFoundation __exceptionPreprocess
1 libobjc.A.dylib objc_exception_throw
2 iQ.Suite Clerk RCTFatal
3 iQ.Suite Clerk -[RCTExceptionsManager reportFatal:stack:exceptionId:extraDataAsJSON:]
4 iQ.Suite Clerk -[RCTExceptionsManager reportException:]

The crash occurs in `RCTExceptionsManager`, indicating a fatal JavaScript error is being thrown immediately on app launch.

**Build Environment:**

* **CI/CD:** Azure DevOps Pipeline
* **macOS:** macOS-15
* **Xcode:** 16.4
* **Node.js:** 23.7.0
* **NPM:** 11.5.2
* **Yarn:** 1.22.22
* **iOS Version:** 18.5
* **Hermes:** Enabled (visible in crash log)
* **Build Configuration:** Both Debug and Release crash

**What Works:**

* ✅ Pipeline completes successfully
* ✅ Archive builds without errors (`** ARCHIVE SUCCEEDED **`)
* ✅ Export succeeds (`** EXPORT SUCCEEDED **`)
* ✅ IPA file is generated and deploys to TestFlight
* ✅ CocoaPods installation succeeds
* ✅ JavaScript bundle is created and verified

**What Fails:**

* ❌ App crashes immediately on launch (instant crash)
* ❌ Happens in both Debug and Release builds
* ❌ Fatal exception occurs before app UI appears
* ❌ Crash originates from JavaScript layer (RCTExceptionsManager)

**Key Build Steps:**

1. JavaScript bundle creation:

bash

react-native bundle \
--entry-file index.js \
--platform ios \
--dev false \
--minify true \
--bundle-output ios/main.jsbundle \
--assets-dest ios

1. Bundle is copied to two locations and verified:
* `ios/main.jsbundle`
* `ios/Clerk_React/main.jsbundle`
2. CocoaPods installation with cache clearing
3. Xcode build with manual code signing (Release configuration)
4. Archive and export to IPA for App Store distribution

**Environment Variables:**

* `NODE_OPTIONS='--openssl-legacy-provider'` (for legacy OpenSSL support)

**What I've Tried:**

* ✅ Clearing CocoaPods caches completely
* ✅ Removing and reinstalling pods with `--repo-update`
* ✅ Verifying JavaScript bundle exists and has content (verified with `head -c 100`)
* ✅ Checking provisioning profiles and certificates (all valid)
* ✅ Building with both Debug and Release configurations
* ✅ Using Xcode 16.4 with proper SDK (iphoneos18.5)

**Questions:**

1. **Could this be related to the JavaScript bundle

not being found at runtime despite being verified during build?** Do I need to configure the bundle location in Info.plist?
2. **Is there a way to get the actual JavaScript error message** that's being reported to RCTExceptionsManager? The crash log doesn't show the JS stack trace.
3. **Could Hermes bytecode compilation be failing silently?** Should I disable Hermes or configure it differently for CI builds?
4. **Are there known issues with:**
* React Native + Xcode 16.4 + Node 23.7.0?
* Hermes + iOS 18.5?
* `NODE_OPTIONS='--openssl-legacy-provider'` affecting runtime bundle loading?

Any help would be greatly appreciated! Has anyone encountered `RCTExceptionsManager reportFatal` crashes immediately on launch in CI-built apps?



https://redd.it/1o7528t
@r_devops

How I get gigs(remote and onsite) using cold email outreach - working strategy

I am a fulltime coder who uses reddit, freelance sites etc but an underused tactic to get remote gigs is cold email outreach.

Posting on job seeker subreddits always seems like one is posting into a black hole; everyone who sees the job request posts are other job seekers.

A better and possibly more effective way is to use cold emailing targeting the niche you serve.

For instance, I am a coder and I target other coders and software development companies looking to outsource coding work.

I essentially buy or extract emails from the niche I work in and do outreach on them

I use it to get freelance projects and at times get to upsell my own products.

I have more work than I can handle so that I don't mind sharing the technique.

It is quite clear that this method can work for other industries as a well. The idea is to get a list in your niche and a list of products that respondents might want.

I'm open to discussing specifics [how I source email lists, products I pitch, email templates I use etc\] to anyone interested.







https://redd.it/1o76dwu
@r_devops

what tools do you use to manage your repos and ensure quality?

i’ve been trying to improve my commits and repo quality overall cause right now my repositories and commit history are a mess (I know that if I had done it right from the start I wouldn't have this problem right now)... curious what tools you guys actually use for this stuff? like commitizen, goodgit.dev, gitlint, linearb.io, etc or is it better to do it manually?

I guess that if you are good and disciplined at writing commits and managing the repo it is better than using automated tools, but I dont need crazy quality, just the basics to be able to do debugging and docs later.

https://redd.it/1o77pbw
@r_devops

LLM Agents for Infrastructure Management - Are There Secure, Deterministic Solutions?

Hey folks, curious about the state of LLM agents in infra management from a security and reliability perspective.

We're seeing approaches like installing Claude Code directly on staging and even prod hosts, which feels like a security nightmare - giving an AI shell access with your credentials is asking for trouble.

But I'm wondering: are there any tools out there that do this more safely?

Thinking along the lines of:

\- Gateway agents that review/test each action before execution

\- Sandboxed environments with approval workflows

\- Read-only analysis modes with human-in-the-loop for changes

\- Deterministic execution with rollback capabilities

\- Audit logging and change verification


Claude outputed these results:

Some tools are emerging that address these concerns:
MCP Gateway/MCPX offers ACL-based controls for agent tool access, Kong AI Gateway provides semantic prompt guards and PII sanitization, and Lasso Security has an open-source MCP security gateway. Red Hat is integrating Ansible + OPA (Open Policy Agent) for policy-enforced LLM automation.
However, these are all early-stage solutions—most focus on API-level controls rather than infrastructure-specific deterministic testing. The space is nascent but moving toward supervised, policy-driven approaches rather than direct shell access.

Has anyone found tools that strike the right balance between leveraging LLMs for infra work and maintaining security/reliability? Or is this still too early/risky across the board?

I'm personally a bit skeptical as the deterministic nature of infra collides with the undeterministic nature of LLMs, but I'm a developer at heart and genuinely curious if DevOps tasks around managing infra are headed toward automation/replacement or if the risk profile just doesn't make sense yet. 

Would love to hear what you're seeing in the wild or your thoughts on where this is heading.

https://redd.it/1o78ki5
@r_devops

Does your company run staging servers?

I'm curious to know how you guys work with staging servers in the real world.... (not my Hobbyist world). At work we have a mix between teams being small enough that testing locally is enough, or the opposite end of having a 64GB staging server on 24/7.

Do you share 1 staging server between teams (if your org is big enough for that)? Do you get per PR staging environments? Does your staging env run on a schedule? Do you have no staging server.... review code and deploy to prod!

Genuinely curious, thanks! Poll for if you don't want to put a comment :)

View Poll

https://redd.it/1o7a8eo
@r_devops

I created a DevOps newsletter/blog for solo developers to give back to the community

Hey everyone

I’m a DevOps engineer with over 7 years of experience, and I recently started working on a side project that combines two things I really enjoy — technical writing and giving back to the community.

Over the years I’ve received (and you did either) tons of questions from solo developers and small teams:

“Can you help me deploy this?”
“Why is infra so complicated ?”
"What is better AWS/GCP" "How to do this, how to do that"

After repeating the same explanations many times, I decided to turn it into something useful for more people, a blog/newsletter called **IndieDevOps**.

It’s all about practical DevOps. Simple, hands-on guides on how to deploy, monitor, and scale without the complexity of traditional infrastructure.

The project is still very new, so please don’t be too harsh if something doesn’t work perfectly 😅 . I’m still experimenting and finding the best format.

If you like the topic and want to follow along, you’re very welcome to subscribe or just check out.
https://indiedevops.com

Would love to hear your thoughts.

https://redd.it/1o7c1j7
@r_devops

[Guide] Implementing Zero Trust in Kubernetes with Istio Service Mesh - Production Experience

I wrote a comprehensive guide on implementing Zero Trust architecture in Kubernetes using Istio service mesh, based on managing production EKS clusters for regulated industries.

**TL;DR:**

* AKS clusters get attacked within 18 minutes of deployment
* Service mesh provides mTLS, fine-grained authorization, and observability
* Real code examples, cost analysis, and production pitfalls

**What's covered:**

✓ Step-by-step Istio installation on EKS

✓ mTLS configuration (strict mode)

✓ Authorization policies (deny-by-default)

✓ JWT validation for external APIs

✓ Egress control

✓ AWS IAM integration

✓ Observability stack (Prometheus, Grafana, Kiali)

✓ Performance considerations (1-3ms latency overhead)

✓ Cost analysis (\~$414/month for 100-pod cluster)

✓ Common pitfalls and migration strategies

Would love feedback from anyone implementing similar architectures!

Article is [here](https://medium.com/@heinancabouly/zero-trust-for-kubernetes-implementing-service-mesh-security-529adb66665a)

https://redd.it/1o7d35b
@r_devops

I created an external reporting tool for SonarQube Community Edition

Hello everyone!

As a frequent user of SonarQube Community Edition, both personally and professionally, I always have the problems of distributing the results of a scan due to the lack of reporting mechanisms.

Therefore, I created a tool called ReflectSonar. It reads the data via API and generates a PDF report for general metrics, issues, security hotspots and triggered rules.

I’d be more than happy to see your opinions, ideas and contributions! If you have any questions, please do not hesitate to contact me.

Here is the Github link: https://github.com/ataseren/reflectsonar
You can also use: pip install reflectsonar

https://redd.it/1o7cs35
@r_devops