Board wants an AI risk assessment but traditional frameworks feel inadequate

Our board is pushing for a comprehensive AI risk assessment seeing the rise in attacks targeting ML models. The usual compliance checklists and generic risk matrices aren't really capturing what we're dealing with here.

We've got ML models in production, AI assisted code review, and customer facing chatbots. The traditional cybersecurity frameworks seem to miss the attack vectors specific to AI systems.

Anyone dealt with this gap between what boards expect and what actually protects against AI threats? Looking for practical approaches that go beyond checkbox exercises.

https://redd.it/1o8x3zw
@r_devops

new experience with deploying azure databricks

i work mostly on AWS and sometimes Azure, the company decided to bring databricks via Azure and i'm the guy who handles data & AI infra, so taking care of this as well.
since i don't like azure much, and have not much idea how databricks works, i tried a new approach with understanding the concepts.
i created an XML-formatted research prompt to search about this topic, used this prompt in Claude research, Gemini deep research, and Perplexity pro search. (i only have claude sub)
then i checked the files and read them and all looks nice and legit. used these 3 output files to feed them to notebookLM. and man this notebooklm got good. created an awesome mind map of how all the things are connected, the podcast is nice, and can reference anything. specially useful for the specific terms and tech that databricks uses, now i created the subnoscription in azure and layed the networking foundation, in a very short time. interesting times, indeed!

https://redd.it/1o91ftq
@r_devops

Looking for DevOps learning partner

Hey Guys

I’ve recently started learning DevOps and also looking for someone who is eager to learn and share knowledge together.

What I intend to learn : Terraform, GitHub Actions, CI/CD pipelines, Kubernetes, Ansible and cloud automation. I've already started learning so have some exposure to these.

My background : I'm a Sysadmin so I currently work with Azure,365, Windows Server, Intune, Jamf

If you’re also learning DevOps or you're working toward similar goals, Let’s connect! I feel it would beneficial to bounce ideas or work on small projects together.

https://redd.it/1o94wdl
@r_devops

Need help with solution for scheduling one time noscripts/processes?

What devops solutions are out there to help run manual one time noscript/process every so often but at a later time?

For example, we have times where we need to make a schema update so we will run a sql command. But it will have to run on a weekend at 10pm when no one wants to work. It would be nice to schedule a command to run at the time and email us the output so we know it worked.

Or let’s say I need to run a bash noscript or a python noscript or something like that. But it’s just every once and awhile and I want to schedule an automation for it to happen. Like I know a process will need to run in 2 weeks at 10pm on Saturday only because there is another downstream application that is making an update.

AFAIK, Gitlab CI is set more to happen on intervals, so we can’t easily schedule a one time process. AWSEventBridge requires a lot of setup for the event and a lambda for it to kick off. I could 100% schedule a bash command locally but that requires that I have my laptop open and a connection on (which wouldn’t work because I need to sign into my auth proxies every 12 hours).

Does anyone else have these kinds of problems? What are your solutions?

https://redd.it/1o96udi
@r_devops

Deploying code with a Bootleg Bastion

Recently made a toy repo for deploying to an EC2 machine with no internet access. It was supposed to be a serious example, but then I realized I’d need to do quite a bit more to make it actually useful/secure.

So I just had fun with it instead. Thought y’all might get a kick out of it: https://github.com/JadenSimon/bootleg-bastion

Side note: how common is zero internet connectivity in prod setups? I figured it’s probably only the norm in regulated industries or big enterprises.

https://redd.it/1o9827r
@r_devops

V2 🏗️ Infrawise - Model your On-Prem vs Cloud Cost

HI guys, after your feedback from last time, I have turned my simple storage cost calculator into a financial cost modeling tool. I have tried my best to add every type of cost involved. Do you think I have missed something? I would love to hear your thoughts on it.

Website: https://infrawise.sagyamthapa.com.np
Github: https://github.com/Sagyam/Infra-Wise

https://preview.redd.it/kknqo9qbypvf1.png?width=1080&format=png&auto=webp&s=52bbdd7ed3d0885dce6996ab647212c3f9303114

https://preview.redd.it/7hdifyzcypvf1.png?width=320&format=png&auto=webp&s=7e5124662bcd4ed9c3721a94b80b18a2652991d6

https://preview.redd.it/2by4i50fypvf1.png?width=640&format=png&auto=webp&s=8be5771b15047609ea91fb6c963cd2e16e8b5d6c

https://preview.redd.it/jpa00ckgypvf1.png?width=1080&format=png&auto=webp&s=5743d6d7accb8679a7778bf019a5a5a9f5a6553a

https://preview.redd.it/p6wqj1yhypvf1.png?width=1080&format=png&auto=webp&s=609828ff77239e85145afa630c34aaaaf7d1708d



\# What's new

\- Presets for various types of businesses (e-commerce, AI/ML, Finance, etc.)

\- Energy, compute, storage, GPU, networking, human resources, software licensing, salary, security, and compliance costs.

\- Sensitivity analysis

\- Full text search

\- Cumulative and detailed cost breakdown

\- TCO vs Amortized analysis

\- CapEx vs OpEx breakdown

https://redd.it/1o99ywr
@r_devops

AKS Ghost pod incident

Hello DevOps experts. Please help me here with this head scratching situation I have faced in my org

So on our Prod AKS cluster on 5th Oct we saw an api gave 502
When the dev team investigated the 502 error they saw that the Request was sent to a pod which didn't exist that's why it returned 502.

Now when this issue got escalated to the DevOps team I was assigned to investigate and fix this issue. It is very rare cannot be reproduced but is happening to few more services where the api request is going to a non existing pod

When i investigated I saw the the Replica set of the pod which was called on 5th Oct was last alive on 26th September.
I can see the logs on elk and even on my grafana dashboard that the pod was last seen on 26th Sept after that new release took over the pods..

But when I tried to check the 5th Oct data on grafana I saw that the pod from the last replica set (Ghost) showed activity and even came up in the dashboard.

Now this shouldn't happen...
The pod was gone by 26th sept to 4th oct but suddenly 1 pod from that replicaset captured activity on 5th Oct and then again disappeared...

I checked the kubeproxy to see if any stale IPs are stored or not but no luck
Tried to check the logs but k8s store only 1 day of logs so again no luck

Cannot access etcd cause Azure managed

Please help me here what could be the reason for this
How can I fix this
And also share your experiences if you faced a similar case

https://redd.it/1o9af25
@r_devops

GCP Usecases

As A Jobs hunter in Devops Iam sicked of following this Linkedin, Naukri. Tried with outreaching startups cold emails got one internship. Now its time to get a full time job. So I just want to know where is mostly gchacloud is used and core cheaper and effective services of it. I want to get a grip over that I have an upcoming cert exam for gcp associate solutions architect and also iam skilled in aws also. So just want to know how I can get a devops job as gcp cloud engineer and architect. I have tried search stacks of startups in yc, more. But mostly startups tech is hidden. Just want to get a job with skills I have .
I have 2 internship experience of 3-6 months.

And one suggestion need I worked in a startup where my work was so small with 2 devops mentor. So even a company if they want to hire me they expect me to architect solutions independent ly and give job or consider me as a novice and assign a mentor to me and take as an intern again

https://redd.it/1o9a39v
@r_devops

Got any SAS ideas for stuff on top of Hetzner?

Got together with a few mates, to try and build some tools for people migrating to Hetzner from other platforms, but since neither of us did such a migration we have no idea where the pain points are and what other teams would be willing to trust a service automating. We figured reaching out to the wider community might be helpful for a bit of brainstorming. So anyone got a whish list for stuff that you'd want in Hetzner but can't be bothered to do yourself, it's the season to be jolly friend, plus if you're somewhere in the bad parts of EU (ahem, ahem, central eastern) we might be able to provide a colossal amount of alcohol to imbue.

https://redd.it/1o96ol5
@r_devops

Fellow Developers : What's one system optimization at work you're quietly proud of?

We all have that one optimization we're quietly proud of. The one that didn't make it into a blog post or company all-hands, but genuinely improved things. What's your version? Could be:

Infrastructure/cloud cost optimizations
Performance improvements that actually mattered
Architecture decisions that paid off
Even monitoring/alerting setups that caught issues early



https://redd.it/1o9fzl1
@r_devops

I'm working with devops team. Want to know career aspect

So, last July 25 I got job in devops team right after college. Some senior told me devops is very high growth in career. Like 35LPA after 3 years. Is it true or just some or one companu pays well other just nothing

https://redd.it/1o9ngbq
@r_devops

Different Infras for Different Environments, how to tackle ?

Hi Everyone,

I'm a Dev in an MNC, and we build applications that supposed to have like easily 1M hits per day. Like we have around 20-40 customers. So, each project is pretty big. And we keep having new customers.

So, the goal is that for Dev, QA Env we will use RabbitMQ, Kafka and all those middleware that are cheaper and low quality. Whereas for Higher SIT, UAT, and Prod we will switch secure mTLS, Clustering and bunch of secure, high quality, infras.

We make the deployment via Kubernetes. How do we put the JARs that are environment specific ?

Maybe initContainers ? If anyone has any experience regarding this, or any books. It would really be helpful.

Thanks

Edit:
We probably have 20 different infra combinations based on the client, running them individually is not financially feasible

https://redd.it/1o9prtc
@r_devops

Looking for Job (Please Reply)

Hi Everyone,

I hope you’re all doing well.

I’m writing to express my interest in the Junior DevOps Engineer position. I recently completed a 3-month internship as a DevOps Intern.

I have good technical knowledge around DevOps skills and hands-on experience on major DevOps tools.

I worked on several real-world DevOps projects:

• Deployment of a MERN Stack application on AWS EKS with DevSecOps integration, Helm charts, and ArgoCD.
• Automated infrastructure monitoring using Terraform, Prometheus, Grafana, and AWS CloudWatch, including email alerts via AWS SNS for high CPU utilization.
• Serverless automation using AWS Lambda to delete stale AWS snapshots.

Additionally, I bring 4 years of corporate experience-not completely fresher. So, learning and adapting new skills and tools won’t be a big issue for me.

I’m now seeking a full-time opportunity as a Junior DevOps Engineer, where I can contribute, learn, and continue growing within a dynamic environment.

Thank you for your time and consideration. I would truly appreciate the opportunity to be part of your team.

#devops #aws #community #jobsearch #it #hr #hiring #opentowork #linkedintech #ithiring

https://redd.it/1o9ry8k
@r_devops

NVSentinel - Nvidia's autonomous node/gpu remediation service goes open source

Super excited to see NVIDIA NVSentinel being out there in the open source community. Running GPU-accelerated and HPC workloads on Kubernetes often requires constant attention to maintain node and cluster health. NVSentinel provides an autonomous remediation service that detects and resolves node-level faults—reducing downtime and keeping your training and inference jobs running smoothly.

https://github.com/NVIDIA/NVSentinel

https://redd.it/1o9ss6n
@r_devops

I built a lightweight alternative to Argo/Flux : no CRDs, no controllers, just plan & apply

If your GitOps stack needs a GitOps stack to manage the GitOps stack… maybe it’s not GitOps anymore.

I wanted a simpler way to do GitOps without adding more moving parts, so I built gitops-lite.
No CRDs, no controllers, no cluster footprint. Just a CLI that links a Git repo to a cluster and keeps it in sync.

kubectl create namespace production --context your-cluster

gitops-lite link https://github.com/user/k8s-manifests \
--stack production \
--namespace production \
--branch main \
--context your-cluster

gitops-lite plan --stack production --show-diff
gitops-lite apply --stack production --execute
gitops-lite watch --stack production --auto-apply --interval 5

Why

No CRDs or controllers
Runs locally
Uses `kubectl` server-side apply
Works with plain YAML or Kustomize (with Helm support)
Explicit context and namespace, no magic
Zero overhead in the cluster

GitHub: https://github.com/adrghph/gitops-lite

It’s not trying to replace ArgoCD or Flux.
It’s just GitOps without the ceremony. Simple, explicit, lightweight.

https://redd.it/1o9tugw
@r_devops

How do you decide between GitFlow or some other branching strategy?

I’m tasked with deciding on a branching strategy for a new CI pipeline. I’m drawn towards gitflow mainly because I like the concept of a structured release cadence from the develop branch, to release branch, to main. Seems safer and more maintainable long term. But I’ve never actually used it in practice. Is it overkill? Will devs just complain they can’t get to prod quick enough? Anyone have experience using it?

https://redd.it/1o9vjf2
@r_devops

“Looking for Best Practices to Restructure a DevOps Git Repository

I’m currently working as a DevOps intern, and one of my tasks is to restructure an existing Git repository. I want to ensure that I follow Git and repository best practices during this process.

The development team primarily uses Java Spring Boot for microservices. On the DevOps side, our stack includes:

Helm charts

ArgoCD

Kubernetes (k8s)

Ingress NGINX

Prometheus and Grafana for monitoring

APISIX for API management

GitHub Actions for CI/CD


I’m looking for resources and best practices that can guide me in restructuring this repository effectively.

Where can I learn more about best practices for organizing repositories and maintaining a clean DevOps structure? What are your thoughts or recommendations on how to approach this?


https://redd.it/1o9uy92
@r_devops

Devops resources

hello everyone i am looking for resources to learn linux i found website name Linux Foundation and it have free course for linux it's enough ? if it's not i would be thankful if you give me good resource thank all

https://redd.it/1o9y6zy
@r_devops

Need career advice Infra Associate (Linux) wanting to move into DevOps

Hi everyone,

I’m currently working as an Infrastructure Associate, mostly handling Linux servers...doing patching, monitoring, and general system maintenance.

Alongside my job, I’m pursuing an MCA with a specialization in Cloud Computing. I have completed BCA.I’ve been learning Oracle cloud, Aws and Ansible automation, and I really want to move into a DevOps role.

I’d really appreciate some advice from people who’ve made a similar switch:
• What should I focus on next to make my skills more DevOps-ready?
• Any specific tools, projects, or certifications that helped you?
• How can I use my Linux + infra background as a strength when applying for DevOps roles?
• How much Scope is devops roles?

Thanks in advance for any guidance or suggestions!

https://redd.it/1oa69z1
@r_devops

Is my current setup crazy? How do I convince my friends that it is (if it is)?

So an old friend of mine invited me to work on a freelance project with him. Even though I found it crazy, I complied with his recommendation for the initial setup because he does have more experience than me but now and he wanted to keep costs low but now I'm starting to regret it.

The current setup:
Locally, a docker network which has a frontend on a container, backend on another container, and a sql database on the 3rd container.

On production, I have an EC2 where I pull the GitHub repo and have a noscript that builds the vite frontend, and deploys the backend container and database. We have a domain that routes to the EC2.

I got tired of ssh-ing into the EC2 to pull changes and backup and build and redeploy etc so I created a GitHub pipeline for it. But recently the builds have been failing more often because sometimes the docker volumes persist, restoring backups when database changes were made is getting more and more painful.

I cant help but think that if I could just use like AWS SAM and utilize Lambdas, Cognito, RDS, and have Cloudfront to host frontend, I'd be much happier.

Is my way significantly expensive? Is this how early-stage deployment looks like? I've only ever dealt with adjusting deployments/automation and less with setting things up.

https://redd.it/1oa9fyg
@r_devops

Go library that improves DNS reliability through multi-resolver strategies

Wrote a library, https://github.com/bschaatsbergen/dnsdialer, which acts as a drop-in replacement for Go’s standard net.Dialer. It allows querying multiple DNS resolvers using different strategies to improve reliability, performance, and security of host resolution.

https://redd.it/1oaac6h
@r_devops