Has anyone automated parts of their PR reviews with AI tools?

We’ve been looking for ways to reduce the review backlog in our CI/CD flow. Recently we trialed cubic and coderabbit to catch smaller issues before human reviewers step in.

I’m still wondering if they actually improve overall throughput or just add more noise.

Anyone here successfully built AI review tools into their DevOps pipelines? How did it go in practice?

https://redd.it/1ouwhpj
@r_devops

From Dba to devops/SRE/Platform Engineering

I work as a dba having 10 years of experience based in Pune. For last one year I have been preparing to make a transition into devops/SRE/Platform engineering. I've obtained AWS SA 03 certificate and trained rigorously on devops concept like Git, jenkins, docker, k8, helm, Gitops, python, AWS and few more things.

It's been more than a year preparing for this side by side. Now that I have almost covered everything, I'm unsure of how to make transition as I don't have proper experience in this field.

I need your guidance to under the further roadmap to make a successful transition.

https://redd.it/1ouyv8l
@r_devops

Does this MIT study on AI coding tools match what you see in prod?

MIT ran a study on developers using AI code assistants.

The takeaway (for me at least):

– AI makes it faster to get “some” answer

– quality and correctness can go down

– people feel more confident in those answers than they should

There’s a good walkthrough of the study here:

https://www.youtube.com/watch?v=Zsh6VgcYCdI

As someone who thinks a lot about reliability, this feels like a bad mix:

faster changes, more subtle mistakes, more confidence.

For those of you in DevOps / SRE roles:

– have you seen any change in incident patterns as your teams started using AI tools?

– are you doing anything different for impact analysis or change review now?

– or is it basically the same process as before, just with more “AI helped me write this” in the PR denoscription?

Very curious how this looks from the people who sit closest to prod.

https://redd.it/1ov0bnr
@r_devops

I want to start my career in Cloud + DevOps… need some suggestions 🙏

Hi everyone 👋,
I’m 23 and I know some basic Python. I’m planning to start my career in Cloud + DevOps, but I’m a bit confused on where and how to begin.

Can you please suggest:

How to start learning Cloud/DevOps (from basics)

Any good resources, YouTube channels, or certifications that actually help to get a decent job

Also, if there’s any other tech stack I should look into for a quicker job entry


This is my career starting point, so any genuine suggestions or guidance from your experience will really help

https://redd.it/1ov0wqk
@r_devops

How are DevOps teams keeping API documentation up to date in 2025?

It feels like every team I talk to still struggles with this.
Docs get out of sync the moment new endpoints are deployed, and half the time no one remembers to update the spec until something breaks.

We’ve been testing a few approaches:
Auto-generating docs from OpenAPI specs or annotations
- Syncing API tests and docs from the same source
- Integrating doc updates directly into CI/CD pipelines

Some of the tools we’ve explored so far include:
Swagger, Redocly, Stoplight, DeveloperHub, Apidog, Docusaurus, ReadMe, and Slate.
Each takes a different approach to collaboration, versioning, and automation.

Curious what’s working for your teams
Are you automating API documentation updates, or still managing them manually through version control?

https://redd.it/1ov1ohe
@r_devops

Best content management system decision for a small business website redesign

Our company website was built 8 years ago by a developer who's no longer with us and it's a mess of custom code that nobody knows how to update. We're redesigning from scratch and I'm trying to figure out what CMS to use. We need about 30-40 pages, a blog, contact forms, and maybe the ability to add a simple product catalog in the future. No ecommerce checkout needed right now. Budget is flexible but I don't want to pay thousands in hosting and maintenance annually.



https://redd.it/1ov0tr4
@r_devops

QA -> DevOps transition advices

Hi guys,

I am a QA Automation (3 years total xp).
I work on a networking and linux based project. (2 years xp here).

Currently I use python and robot for test automation, but I also have the opportunity to work with docker, ansible, wireshark and jenkins for CI. Our infra is on prem. Here I learned that I like to work with linux, networking and infrastructure more than I enjoy QA Automation.

Also, I built a homelab with opnsense and proxmox. On the honelab I managed to work with proxmox, docker, vms, ansible, terraform, jenkins, k3s, grafana, prometheus, dns server, nginx and NAS.

What should I focus on? I tried to apply for DevOps/Infra jobs but without luck, I didn't get any interviews.

If there are people among you who have made a transition like this, how did they do it?

Thank you!

https://redd.it/1ov3yw7
@r_devops

We’re exploring pipelines as code (GitOps). Any gotchas?

Thinking of moving CI/CD to pipelines-as-code with GitOps-style flows (app + infra changes via PRs, declarative configs, reviews, auto-promotions). What pitfalls should we watch for: repo sprawl/monorepo vs polyrepo, secrets/ephemeral creds, drift between pipeline runner and cluster, flaky approvals, environment promotion hygiene, or rollback complexity? Bonus tips on tooling (Argo CD/Flux + Tekton/GHA), handling per-env overlays, and keeping pipelines testable/versioned without slowing teams down.



https://redd.it/1ov64u3
@r_devops

what's cryptographic attestation for AI? security team is asking for it now

Security team came back from an audit saying we need "cryptographic attestation" for our ML pipeline and I'm supposed to implement it but honestly don't know where to start.

I did some digging and got hit with walls of text about hardware keys, secure enclaves, and TPM chips, way over my head. Is this actually something I can implement or is this a "call in expensive consultants" situation?

What does it even do that regular monitoring and access logs don't already do? Need to go back to security with either a plan or an explanation of why we can't do it.

Any devops folks dealt with this before?

https://redd.it/1ov7kix
@r_devops

How to get good in troubleshooting?

Hi Team , As per my experience most things are already setup like k8 cluster , ci cd pipelines, Terraform noscripts unless you are in startup or got exposure in which project is starting from scratch.

I am facing challenges in trouble shooting various pipelines ,git lab issues , k8 issues because its not just a single noscript many noscripts are interlinked to each other in such scenarios how to start because first understanding error and then searching solution for this , sometimes I wonder even I am on rigth track ,also AI is not that helpful in troubleshooting.

So how senior developers just by looking at error understand what is happening bcz many times I feel console error output is different in pipeline and solution is totally different and that to without using AI🫡.

Please can anyone guide because I think troubleshooting is most important skill rather than taking interviews on same concepts again and again which individual can learn but troubleshooting feels more unknown and scary territory especially when you haven't built it and joined in midway.

https://redd.it/1ov9mx8
@r_devops

Built a tool that auto-fixes security vulnerabilities in PRs. Need beta testers to validate if this actually solves a problem.

DevOps/DevSecOps folks, quick question: Do you ignore security linter warnings because fixing them is a pain?

I built CodeSlick to solve this, but I've been building in isolation for 6 months. Need real users to tell me if I'm solving a real problem.

# What It Does

[](https://github.com/VitorLourenco/codeslick2/blob/claude/codeslick-marketing-posts-011CV4APdZXGdG2bV7eaNXGr/docs/marketing/REDDIT_POST.md#what-it-does)

1. Analyzes PRs for security issues (SQL injection, XSS, hardcoded secrets, etc.)
2. Posts comment with severity score (CVSS-based) and OWASP mapping
3. **Opens a fix PR automatically** (this is the new part)

So instead of:

[Bot] Found SQL injection vulnerability in auth.py:42
You: *adds to backlog*
You: *forgets about it*
You: *gets pwned in 6 months*


You get:

[CodeSlick] Found SQL injection (CVSS 9.1, CRITICAL)
[CodeSlick] Opened fix PR #123 with parameterized query
You: *reviews diff* → *merges* → *done*


# Coverage

[](https://github.com/VitorLourenco/codeslick2/blob/claude/codeslick-marketing-posts-011CV4APdZXGdG2bV7eaNXGr/docs/marketing/REDDIT_POST.md#coverage)

* 79+ security checks (OWASP Top 10 2021 compliant)
* Dependency scanning (npm, pip, Maven)
* Languages: JavaScript, TypeScript, Python, Java
* GitHub PR integration live
* Auto-fix PR creation shipping in next version (maybe next week)

# Why I'm Here

[](https://github.com/VitorLourenco/codeslick2/blob/claude/codeslick-marketing-posts-011CV4APdZXGdG2bV7eaNXGr/docs/marketing/REDDIT_POST.md#why-im-here)

I need beta testers who will:

* Use it on real repos (not toy projects)
* Tell me what's broken
* Help me figure out if auto-fix PRs are genuinely valuable
* Break my assumptions about workflows

# What's In It For You

[](https://github.com/VitorLourenco/codeslick2/blob/claude/codeslick-marketing-posts-011CV4APdZXGdG2bV7eaNXGr/docs/marketing/REDDIT_POST.md#whats-in-it-for-you)

* Free during beta
* Direct access to me (solo founder)
* Influence on roadmap
* Early-bird pricing at launch

# The Reality Check

[](https://github.com/VitorLourenco/codeslick2/blob/claude/codeslick-marketing-posts-011CV4APdZXGdG2bV7eaNXGr/docs/marketing/REDDIT_POST.md#the-reality-check)

I don't know if this is useful or over-engineered. That's why I need you. If you've been burned by security audits or compliance issues, let's talk.

**Try it:** [codeslick.dev](http://codeslick.dev) **Contact:** Comment or DM

https://redd.it/1ovbao6
@r_devops

Helm upgrades

What is the best way to handle upgrades of applications deployed by helm?

We have several deployments like ingress-nginx where we need to have custom config in services configmaps. Like tcp-services config map, and additional port that need to be added to svc.



https://redd.it/1ovbuk7
@r_devops

Kubernetes ingress-nginx is retired. Will be archived in March 2026.

> Best-effort maintenance will continue until March 2026. Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered.

> (InGate development never progressed far enough to create a mature replacement; it will also be retired.)

> SIG Network and the Security Response Committee recommend that all Ingress NGINX users begin migration to Gateway API or another Ingress controller immediately.

Link: https://www.kubernetes.dev/blog/2025/11/12/ingress-nginx-retirement/

Let the migrations begin.

https://redd.it/1ove34w
@r_devops

Giving credit ?

To make this as short as possible, I was googling ways to do use an auto schedule with lambda and long and behold, I found an aws document / article by AWS on how to do this very thing, they even included sample code from their aws-samples repo.

I can use their python lambda solution as is

I’ve never actually had a solution readily available like this - so when copying the lambdas in your PRs if you copy something like this, do you link it or reference it ? I don’t want to pass it off as my own but I’ve never done something like this - is it shameful ?

Some context - I am a noscript kidding , working on my python.

https://redd.it/1ovfglh
@r_devops

Can I realistically get a devops job with 5YOE and some certs and personal projects?

Resume: https://imgur.com/a/g4BOxRn

Currently studying CKA. Know experience > certs, but at least I can study as well as lab. And CKA is very hands on, so that would help directly. I know ppl tend to look down on certs, but after I got AWS Solutions Architect Professional, I was very confident setting up infrastructure and policies on AWS next time around. It was rigorous enough that it at least holds some weight imo.

Should I continue to do CKA as well as personal projects and open source? Or should I maybe offer my services for very low pay on upwork to get actual "experience". I feel like devops isn't one of those things where you really stick to one stack for years on end (like a Java developer who does nothing but Java for 8 years). But I could be wrong, happy to get feedback. Have touched tools related to devops even if at a light level: Dynatrace, Splunk, Terraform, K8, Docker, Jenkins. And some stacks at heavy level: Coding/Scripting, SQL, IAM

https://redd.it/1ovjsyc
@r_devops

Looking to collaborate / I’m good at sales + getting startup perks

Hey everyone,

I’ve been wanting to team up with people who are building something cool. I’m not after money right now just looking to work on real ideas that make sense and have potential.

My main strengths are in sales and partnerships (I like helping startups get their first users or clients), and I also know how to unlock startup perks like free credits, premium tools, and partner deals from places like AWS, Notion, Tiktok, etc.

Basically, if you’re building a startup and could use someone who can help with sales and save you a ton through perks, I’d love to connect and see if we can build something together.

https://redd.it/1ovlrnn
@r_devops

Expression Language Injection: When ${} Becomes Your Worst Nightmare 💀

https://instatunnel.my/blog/expression-language-injection-when-becomes-your-worst-nightmare

https://redd.it/1ovqz0i
@r_devops

Finally, a non-hacky way to build iMessage automations with TypeScript

If you’ve ever tried using AppleScript for iMessage, you know the pain.
This open-source SDK (search photon imessage kit) abstracts all that away.

You can basically treat iMessage like an API send, receive, even group chat support.
Feels like Twilio, but for iMessage.

https://redd.it/1ovsfy7
@r_devops

I have made an ai upscaler that runs locally what more should I add to app(any suggestions)

It is an ai upscaler that runs locally on Android and also contain edit , resize , background eraser, and changing image to other formats , what more can I add
And also should I publish it on playstore.

https://redd.it/1ovsy0z
@r_devops

Learning Journey Review and Guidance

Hi all,

I'm currently working as IT Support Technician and during free time, I have been learning devops. The first 2 personal projects I did was to learn as much as possible while breaking things. The first one was learning to use docker, docker compose and github actions to achieve CICD. The next one was using minikube cluster, and self hosted runner that would update the cluster after a push.

Currently, I have been building a k8s cluster from scratch, iteratively and gradually. I've used 3 VMs, one control plane node and 2 worker nodes. I have been attempting to simulate professional working environment. I have created 3 environments (namespaces in cluster and branches in github), dev, stage and prod. The app code and the manifests for the cluster are in the same repo. I also decided to document every step in a mark down file. For CI, I have created reusable workflows for both app and manifests. The app CI will only run in dev branch and it will lint, test, build, containerize and push the app in dockerhub with sha-commit tag. The manifests-ci will run a bunch of pre-deploy tests like yamllint, kube-score, conftesg, kusotmize build, etc. These reusable workflows are branch agnostic and designed to work on different event types like pull request and push. Once both the ci's results are satisfied, a tag-bump reusable workflow will run which will bump the tags from the manifests. Each app will call these workflows using it's own ci workflow with necessary inputs. I'm using ArgoCD for CD. Once a tag is changed, Argo CD will automatically deploy the latest change.

Next Steps: I'm gonna version everything in the infra like the packages I've created, the workflows and the manifests. Then, add monitoring and logging tools. Then, I'm thinking to deploy a full stack app I've created to learn about using and provisioning persistent voluumes in k8s. Next is to migrate everything to cloud, both AWS and AZURE.

Please feel free to checkout what I've done so far in detail here.

My questions to lovely peeps here:
Am I following professional standards and since Ihaven't worked as a devops engineer before,, is my attempt at simulating professional envs correct? If not, where can I improve? Also, are my next steps logical and am I thinking the right ?

Thank you very much in advance. Have a great day!

https://redd.it/1ovw75j
@r_devops

Integrating test automation into CI/CD pipelines

How are you integrating automated testing into CI/CD without slowing everything down? We’ve got a decent CI/CD pipeline in place (GitHub Actions + Docker + Kubernetes) but our testing
process is still mostly manual.


I’ve tried a few experiments with Selenium and Playwright in CI, but the test runs end up slowing deployments to a crawl. Especially when UI tests kick in. Right now we only run unit tests automatically, everything else gets verified manually before release.


How are teams efficiently automating regression or E2E testing? Basically, how do you maintain speed and reliability without sacrificing deployment frequency?


Parallelization? Test environment orchestration? Separate pipelines for smoke vs. full regression?


What am I missing here?

https://redd.it/1ovzhu1
@r_devops