can you actually automate end to end testing without coding or is that fantasy?

Non technical founder here trying to figure out testing for our saas product. We have 2 developers and they're focused on building features, don't have bandwidth to also become testing experts.

I keep seeing ads for tools that claim you can automate testing without writing code, just record what you're doing and it creates tests automatically. Sounds too good to be true but figured i'd ask if anyone has actually used these successfully.

Main concern is we keep shipping bugs to customers and it's embarrassing. Need some way to catch obvious issues before they go live but don't have budget to hire qa team yet.

Is no code test automation legit or am i gonna waste money on something that doesn't actually work? Would rather pay for a tool than have developers spend weeks learning selenium if there's a faster option.

https://redd.it/1pg6gj5
@r_devops

Built a GitHub based life metrics tracker

I've been journaling my daily metrics (mood, sleep, exercise, habits) for a while and wanted a better way to visualize the data without giving it to some random app.

So I built Gitffy - a life metrics dashboard that reads from a markdown file in your private GitHub repo.

How it works:

\- You maintain a life.md file in a private repo with daily entries

\- Connect Gitffy to your GitHub (via GitHub App)

\- It parses the markdown and shows charts, trends, and insights

\- Auto-syncs when you push changes - no manual uploads

Example entry format:

\## 2024-12-07

\- mood: 8

\- sleep: 7.5

\- exercise: running

\- coffee: 2

\- productivity: 7

Features:

\- Multiple chart types (line, bar, radar, etc.)

\- Dark/light mode

\- AI-powered insights (optional, uses Gemini)

\- Timeline and day-detail views

\- Your data stays in YOUR repo

Why GitHub?

\- Version history for free

\- Private repos = your data stays private

\- Edit from anywhere (phone, VS Code, etc.)

\- No vendor lock-in - it's just markdown

Live at: gitffy.com

Payments not live yet

Would love feedback! What metrics do you track daily?

https://redd.it/1pg7tsg
@r_devops

For people who are on-call: What actually helps you debug incidents (beyond “just roll back”)?

I’m a PhD student working on program repair / debugging and I really want my research to actually help SREs and DevOps engineers. I’m researching how SRE/DevOps teams actually handle incidents.

Some questions for people who are on-call / close to incidents:

1. Hardest part of an incident today?
* Finding real root cause vs noise?
* Figuring out what changed (deploys, flags, config)?
* Mapping symptoms → right service/owner/code?
* Jumping between Datadog/logs/Jira/GitHub/Slack/runbooks?
2. Apart from “roll back,” what do you actually do?
* What tools do you open first?
* What’s your usual path from alert → “aha, it’s here”?
3. How do you search across everything?
* Do you use standard ELK stack?
4. Tried any “AI SRE” / AIOps / copilot features? (Datadog Watchdog/Bits, Dynatrace Davis, PagerDuty AIOps, [incident.io](http://incident.io) AI, Traversal or Deductive etc.)
* Did any of them actually help in a real incident?
* If not, what’s the biggest gap?
5. If one thing could be magically solved for you during incidents, what would it be? (e.g., “show me the most likely bad deploy/PR”, “surface similar past incidents + fixes”, “auto-assemble context in one place”, or something else entirely.)

I’m happy to read long replies or specific war stories. Your answers will directly shape what I work on, so any insight is genuinely appreciated. Feel free to also share anything I haven’t asked about 🙏

https://redd.it/1pg8e1c
@r_devops

Cloud Metadata Service Exploitation: IMDSv1's Open Door to AWS Credentials ☁️

https://instatunnel.my/blog/cloud-metadata-service-exploitation-imdsv1s-open-door-to-aws-credentials

https://redd.it/1pg8qkr
@r_devops

Built a self-service platform with approvals and SSO. Single Binary

I wanted to share Flowctl which is an open-source self-service platform that can be used to turn noscripts into self-service offerings securely. This is an alternative to Rundeck. It supports remote execution via SSH. There is in-built support for SSO and approvals. Executions can wait for actions to be approved.

Workflow definitions are simple YAML files that can be version controlled. Flows are defined as a list of actions that can either run locally or on remote nodes. These actions can use different executors to run the noscripts.

I built Flowctl because I wanted a lighter-weight alternative to Rundeck that was easier to configure and version control. Key features like SSO and approvals are available out of the box without enterprise licensing.

## Features

SSO and RBAC
Approvals
Namespace isolation
Encrypted executions secrets and SSH credentials
Execution on remote nodes via SSH
Docker and noscript executors
Cron based scheduling
YAML/HUML based workflow definitions.

## Use Cases

Database migrations with approval
Incident response
Server maintenance
Infra provisioning with approvals

Homepage - https://flowctl.net
GitHub - https://github.com/cvhariharan/flowctl

https://redd.it/1pgbtiv
@r_devops

Certificate Ripper v2.6.0 released - tool to extract server certificates

* Added support for:
* wss (WebSocket Secure)
* ftps (File Transfer Protocol Secure)
* smtps (Simple Mail Transfer Protocol Secure)
* imaps (Internet Message Access Protocol Secure)
* Bumped dependencies
* Added filtering option (leaf, intermediate, root)
* Added Java DSL
* Support for Cyrillic characters on Windows

You can find/view the tool here: [GitHub - Certificate Ripper](https://github.com/Hakky54/certificate-ripper)

https://redd.it/1pge830
@r_devops

Sophisticated rate limits as a service: please roast!

Hi everyone,



I’m a backend / infra engineer with \~20 years of experience.

Right now I’m building a very boring but, I think, painful-problem tool:



**API governance + rate limits + anomaly alerts as a service.**



The goal is simple:

to catch and stop things like:

\- runaway cron jobs

\- infinite webhook loops

\- abusive or buggy clients

\- sudden API/cloud bill explosions



This is NOT:

\- an AI chatbot

\- not just metrics/observability

\- not another generic Nginx limiter



It’s focused on:

\- real-time enforcement

\- per-tenant / per-route policies

\- hard + soft limits

\- alerts + audit trail



Think:

\> “a strict traffic cop for your API, focused on cost control and abuse prevention.”

\---



I’m trying to validate this against real-world pain before I overbuild.



A few quick questions:

1) Have you personally seen runaway API usage or a surprise bill?

2) How do you protect against this today?

(Nginx? Redis counters? Cloudflare? Custom noscripts? Just hope?)

3) What would be a *must-have* feature for you in such a tool?



Not selling anything yet — just doing customer discovery.

Brutal, technical feedback is very welcome.

https://redd.it/1pge56p
@r_devops

Bitbucket to GitHub + Actions (self-hosted) Migration

Our engineering department is moving our entire operation from bitbucket to github, and we're struggling with a few fundamental changes in how github handles things compared to bitbucket projects.

We have about 70 repositories in our department, and we are looking for real world advice on how to manage this scale, especially since we aren't organization level administrators.

Here are the four big areas we're trying to figure out:

# 1. Managing Secrets and Credentials

In bitbucket, secrets were often stored in jenkins/our build server. Now that we're using github actions, we need a better, more secure approach for things like cloud provider keys, database credentials, and artifactory tokens.

Where do you store high-value secrets? Do you rely on github organization secrets (which feel a bit basic) or do you integrate with a dedicated vault like hashicorp vault or aws/azure key vault?
How do you fetch them securely? If you use an external vault, what's the recommended secure, passwordless way for a github action to grab a secret? We've heard about OIDC - is this the standard and how hard is it to set up?

# 2. Best Way to Use jfrog

We rely heavily on artifactory (for packages) and xray (for security scanning).

What are the best practices for integrating jfrog with github actions?
How do you securely pass artifactory tokens to your build pipelines?

# 3. Managing Repositories at Scale (70+ Repos)

In bitbucket, we had a single "project" folder for our entire department, making it easy to apply the same permissions and rules to all 70 repos at once. github doesn't have this.

How do you enforce consistent rules (like required checks, branch protection, or team access) across dozens of repos when you don't control the organization's settings?
Configuration as Code (CaC): Is using terraform (or similar tools) to manage our repository settings and github rulesets the recommended way to handle this scale and keep things in sync?

# 4. Tracking Build Health and Performance

We need to track more than just if a pipeline passed or failed. We want to monitor the stability, performance, and flakiness of our builds over time.

What are the best tools or services you use to monitor and track CI/CD performance and stability within github actions?
Are people generally exporting this data to monitoring systems or using specialized github-focused tools?

Any advice, especially from those who have done this specific migration, would be incredibly helpful! Thanks!

https://redd.it/1pghkmk
@r_devops

Do tools like Semgrep or Snyk Upload Any Part of My Codebase?

Hey everyone, quick question. How much of my codebase actually gets sent to third-party servers when using tools like Semgrep or Snyk? I’m working on something that involves confidential code, so I want to be sure nothing sensitive is shared.

https://redd.it/1pgkwq3
@r_devops

Anyone else hit by Sha1-Hulud 2.0 transitive NPM infections in CI builds?

My team got hit months ago, three different Node.js microservices pulling malicious packages through transitive deps we didn't even know existed. Our SBOM tooling caught it but only after images were already built and tagged.

The bottleneck is we're running legacy base images with hundreds of CVEs each, so when the real threat shows up it gets buried in noise. Spent hours last week mapping which services were affected because our dependency graphs are a mess. We have never recovered.

Anyone found a clean way to block these at build time without breaking your CI pipeline? We don’t want a repeat ever.

https://redd.it/1pglm8j
@r_devops

Final Year Project in DevOps

Hi Guys,
I am in my Final year of my BSc and am cleat that I want to pursue my career in DevOps. I already have AWS cloud practitioner and Terraform Associate certification. I would like suggestions on what my Final year project should be. I want it to help me stand out from other candidates in future when applying for jobs. I would really appreciate your thoughts.

https://redd.it/1pgl52u
@r_devops

GWLB, GWLBe, and Suricata setup

Hi, I would like to ask for insights regarding setting up GWLBe and GWLB. I tried following the diagram on this guide to implement inspection in a test setup that I have, my setup is almost the same as in the diagram except the fact that my servers is in an EKS setup. I'm not sure what I did wrong rn, as I followed the diagram perfectly but Im not seeing GENEVE traffic in my suricata instance(port 6081) and I'm not quiet sure how to check if my gwlbe is routing traffic to my GWLB.

Here's what I've tried so far:
1.) Reachability analyzer shows my IGW is reaching the GWLBe just fine.
2.) My route tables are as shown in the diagram, my app route table is 0.0.0.0/0 \> gwlbe and app vpc cidr > local. for the suricata ec2 instance route table(security vpc) its security vpc cidr > local
3.) I have 2 gwlbe and its both pointed to my vpc endpoint service, while my vpc endpoint service is pointed to my 2 GWLB in security vpc(all in available and active status)
4.) Target group of my GWLB is also properly attached and it shows my ec2 suricata instance(I only have 1 instance) registered and is on healthy status and port is 6081.
5.) systemctl status suricata shows its running with 46k rules successfully loaded

Any tips/advice/guidance regarding this is highly appreciated.

For reference here are the documents/guides I've browsed so far.
https://forum.suricata.io/t/suricata-as-ips-in-aws-with-gwlb/2465
https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-gateway-load-balancer-supported-architecture-patterns/
https://www.youtube.com/watch?v=zD1vBvHu8eA&t=1523s
https://www.youtube.com/watch?v=GZzt0iJPC9Q
https://www.youtube.com/watch?v=fLp-W7pLwPY

https://redd.it/1pglwlr
@r_devops

Focus on DevSecOps or Cybersecurity?

I am currently pursuing my Masters in Cybersecurity and have a Bachelor’s in CSE with specialisation in Cloud Computing. I am confused if I should pursue my career solely focusing on Cybersecurity or in DevSecOps. I can fully focus on 1 stream only currently. I have a mediocre knowledge in both the fields but going forward want to focus on one field only. Please someone help me or give some advice.

https://redd.it/1pgpng5
@r_devops

Workflow challenges

Curious to hear from others: what’s a challenge you've been dealing with lately in your workflow that feels unnecessary or frustrating?

https://redd.it/1pgpkh7
@r_devops

Small Change, Big Result.

I was working with someone recently who had been applying for months with almost no responses. Good experience, solid projects, strong recommendations — but her application kept disappearing into the void.

We reviewed everything together, and nothing major stood out. But there was one tiny thing:
Her resume opened with a generic line — “Experienced software engineer seeking opportunities to contribute and grow.”

It didn’t say who she was, what she was great at, or why someone should care.

I asked her to rewrite just the first 3 lines. That’s it. No full overhaul. No template change. Just a sharper intro.

She changed it to:
“Software engineer with 6+ years in backend systems, reduced API latency 40% at my last company, and passionate about building reliable, scalable infrastructure.”

That tiny change repositioned her instantly.
Within 20 hours of apply4u , she started getting callbacks

It reminded me how often job search breakthroughs come from small clarifications, not big reinventions.

Curious — what’s one small change you made in your career or job search that created a surprisingly big result?

https://redd.it/1pgttlm
@r_devops

AI for monitor system automatically.

I just thinking about AI for monitoring & predict what can cause issue for my whole company system

Any solution advices? Thanks so many!

https://redd.it/1ph1rcm
@r_devops

Looking to migrate company off GitHub. What’s the best alternative?

I’m exploring options to move our engineering org off GitHub. The main drivers are pricing, reliability and wanting more control over our code hosting.

For teams that have already made the switch:

* Which platforms did you evaluate?
* What did you ultimately choose (GitLab, Gitea, Bitbucket, something else)?
* Any major surprises during the migration?

Looking for practical, experience-based input before we commit to a direction.

https://redd.it/1ph3dca
@r_devops

AI Is Going To Run Cloud Infrastructure. Whether You Believe It Or Not.

There it is. Another tech change where people inside the system (including many of the folks here) insist their jobs are too nuanced, too complex, too “human-required” to ever be automated.

Right up until the day they aren't. Cloud infrastructure is next. Not partially automated, not “assistive tooling,” but fully AI-operated.

Provisioning cloud resources isn’t more complex than plenty of work AI already handles. Even coordinating and ordering groceries is a mess of constraints, substitutions, preferences, inventory drift, routing, and budgets... And AI can already manage that today.

In 2010 Warner Bros exec dismissed Netflix in 2010 saying “the American army is not preparing for an Albanian invasion.” This week, Netflix basically bought them...

But you are smarter. Nothing can replace you... right?

Cloud infrastructure will be AI-run.

https://redd.it/1ph5bzp
@r_devops

Setting up a Linux server for production. What do you actually do in the real world?

Hey folks,
I’d like to hear how you prepare a fresh Linux server before deploying a new web application.

Scenario:
A web API, a web frontend, background jobs/workers, and a few internal-only routes that should be reachable from specific IPs only (though I’m not sure how to handle IP rotation reliably).

These are the areas I’m trying to understand:

---

1) Security and basic hardening

What are the first things you lock down on a new server?

How do you handle firewall rules, SSH configuration, and restricting internal-only endpoints?


2) Users and access management

When a developer joins or leaves, how do you add/remove their access?

Separate system users, SSH keys only, or automated provisioning tools (Ansible/Terraform)?


3) Deployment workflow

What do you use to run your services: systemd, Docker, PM2, something else?

CI/CD or manual deployments?

Do you deploy the web API, web frontend, and workers through separate pipelines, or a single pipeline that handles everything?


4) Monitoring and notifications

What do you keep an eye on (CPU, memory, logs, service health, uptime)?

Which tools do you prefer (Prometheus/Grafana, BetterStack, etc.)?

How do you deliver alerts?


5) Backups

What exactly do you back up (database only, configs, full system snapshots)?

How do you trigger and schedule backups?

How often do you test restoring them?


6) Database setup

Do you host the database on the same VPS or use a managed service?

If it's local, how do you secure it and handle updates and backups?


7) Reverse proxy and TLS

What reverse proxy do you use (Nginx, Traefik, Caddy)?

How do you automate certificates and TLS management?


8) Logging

How do you handle logs? Local storage, log rotation, or remote logging?

Do you use ELK/EFK stacks or simpler solutions?


9) Resource isolation

Do you isolate services with containers or run everything directly on the host?

How do you set CPU/memory limits for different components?


10) Automatic restarts and health checks

What ensures your services restart automatically when they fail?

systemd, Docker health checks, or another tool?


11) Secrets management

How do you store environment variables and secrets?

Simple .env files, encrypted storage, or tools like Vault/SOPS?


12) Auditing and configuration tracking

How do you track changes made on the server?

Do you rely on audit logs, command history, or Git-backed config management?


13) Network architecture

Do you use private/internal networks for internal services?

What do you expose publicly, and what stays behind a reverse proxy?


14) Background job handling

On Windows, Task Scheduler caused deployment issues when jobs were still running.
How should this be handled on Linux?
If a job is still running during a new deployment, do you stop it, let it finish, or rely on a queue system to avoid conflicts?

15) Securing tools like Grafana and admin-only routes

What’s the best way to prevent tools like Grafana from being publicly reachable?

Is IP allowlisting reliable, or does IP rotation make it impractical?

For admin-only routes, would using a VPN be a better approach—especially for non-developers who need the simplest workflow?

---

I asked ChatGPT these questions as well, but I’m more interested in how people actually handle these things in real-world.

https://redd.it/1ph5lut
@r_devops

Hybrid Multi-Tenancy DevOps Challenge: Managing Migrations & Deployment for Shared Schemas vs. Dedicated DB Stacks (AWS/GCP)

We are architecting a Django SaaS application and are adopting a hybrid multi-tenancy model to balance cost and compliance, relying entirely on managed cloud services (AWS Fargate/Cloud Run, RDS/Cloud SQL).

Our setup requires two different tenant environments:

1. Standard Tenants (90%): Deployed via a single shared application stack connected to one large PostgreSQL instance using Separate Schemas per Tenant (for cost efficiency).
2. Enterprise Tenants (10%): Must have Dedicated, Isolated Stacks (separate application deployment and separate managed PostgreSQL database instance) for full compliance/isolation.

The core DevOps challenge lies in managing the single codebase across these two fundamentally different infrastructure patterns.

We're debating two operational approaches:

A) Single Application / Custom Router: Deploy one central application that uses a custom router to switch between:

The main shared database connection (where schema switching occurs).
Specific dedicated database connections defined in Django settings.

B) Dual Deployment Pipeline: Maintain two separate CI/CD pipelines (or one pipeline with branching logic):

Pipeline 1: Deploys to the single shared stack.
Pipeline 2: Automates the deployment/migration across all N dedicated tenant stacks.

Key DevOps Questions:

Migration Management: Which approach is more robust for ensuring atomic, consistent migrations across Ndedicated DB instances and all the schemas in the shared DB? Is a custom management command sufficient for the dedicated DBs?
Cost vs. Effort: Does the cost savings gained from having 90% of tenants on the schema model outweigh the significant operational complexity and automation required for managing Pipeline B (scaling and maintaining N isolated stacks)?

We're looking for experience from anyone who has run a production environment managing two distinct infrastructure paradigms from a single codebase.

https://redd.it/1ph787v
@r_devops

Need help in a devops project

Can some skilled devops engineers help me in project i am new to devops and your help would be much appreciated.

https://redd.it/1ph79lh
@r_devops