PAM Implementation tool

hey everyone, me and my friend created this https://github.com/gateplane-io

It is a just in time, privileged access management tool from us for the community. if anyone wants to try it out and give us feedback, feel free!

https://redd.it/1phj5jh
@r_devops

Manager in C-suite meeting tries to “fix error costs” by renaming HTTP status codes and thinks 200 means £200 earned

I just watched the funniest career disaster I’ve think I have ever seen, actually I challenge anyone to find another one. Big meeting. Full C-suite. This is for a real product used by more than forty thousand people every month. The engineering project manager running part of the presentation isn't technical and prides himself on saying "I am not technical" as many. times as he can, its sort of his badge of honor you know the type. You could tell he’d copied something from ChatGPT, and all the hallucinations in all their abject glory or some nonsense LinkedIn post equally as bad.

He did a whole section about “reducing the cost of errors.” Sounded normal at first. Everyone assumed he meant improving reliability or fixing failure paths. Then he started explaining his logic. He honestly believed an HTTP 200 status code meant the company earned money, like “200” meant £200 for a successful request. And he thought 400s, 500s, and everything else meant we were losing that amount of money each time. He had built a dashboard that totalled these numbers. Charts. Graphs. Sums. He spoke with total confidence like he’d uncovered some hidden financial leak. His dashboard adding these “costs” together. Totals and everything. Then he proposed a “fix.” He wanted to change all OK responses to status code 1000. And all errors to tiny numbers like 1, 2, 3. He said this would “reduce the cost of errors.” It looked like something scraped from a bad LinkedIn influencer post, but he stood there presenting it to executives as if he’d discovered a new engineering principle.

He wasn’t joking. Not even slightly. He even went as far to claimed some developers were being “difficult” because they didn’t want to implement the system he invented.

The room went silent. Then someone said, very carefully, “Let’s park this and talk after the meeting.” He genuinely thought he’d revolutionised API design by renaming status codes. It was the purest form of second-hand embarrassment. A man so confident he never thought to ask what a status code actually is.

#

https://redd.it/1phktdd
@r_devops

Here's My Go ASDF plugin for 60+ Tools

Both Mise and ASDF can be tricky to bootstrap from scratch. I perceive scattered repositories with distributed admin permissions as a ticking bomb. It only amplifies the long-term ownership risks.

https://github.com/sumicare/universal-asdf-plugin

So, I developed an ASDF plugin in Go that consolidates all installations into a single binary.

Added:
\- self-update for `.tool-versions`
\- hashsum managment for downloaded tools into `.tool-sums`

At this stage, it's a bit of an over-refactored AI Slop kitchensink...

Took about three days, roughly 120 Windsurf queries, and 300K lines of code condensed down to 30K. Not exactly a badge of honor, but it works.

Hopefully, someone finds this useful.

Next, I'll be working on consolidating Kubernetes autoscaling and cost reporting.
This time in Rust, leveraging aya eBPF for good measure.

https://redd.it/1phmfpd
@r_devops

Artifactory borked?

Can anyone help me confirm that the latest self hosted Artifactory-OSS 7.125 is broken?

No matter how I install it, the front end is inaccessible. The API seems to work, but you can’t login to the webapp.

For the life of me, I can’t figure it out. It seems like portions of the webapp are just…missing.

This applies to all 7.125 OSS versions.



https://redd.it/1phiug8
@r_devops

Question on the stack for blog/mobile app

I'm setting up the infrastructure for a news and contest blog (and a future React Native app). The focus is on maximum optimization and low operating costs at scale (aiming for 200k+ users).


I'd like a reality check on my stack:
• Frontend Web: Next.js (Vercel Hosting + Cloudflare CDN).
• Mobile: React Native.
• CMS/Backend API: Strapi, hosted on Fly.io.
• Database: PostgreSQL via Neon (Serverless DB).
• Authentication/Users: Firebase.


Is this combination the best possible to ensure efficiency and low infrastructure costs in the long run, or is there any bottleneck (mainly in the Strapi/Fly.io/Neon trio) that I should correct before launching the app?

https://redd.it/1phr5jk
@r_devops

Developers, pls stop treating Datadog like ur personal diary

I’m slowly losing my mind here because some of our devs refuse to filter their logs.

Our Datadog bill is skyrocketing, and for what? to store masterpieces like:

Process starting...
Process started...
Process REALLY started...

Plus 300 lines of “not-an-error” stack traces.

Every time I ask them to log less, or "let me create a filter for that", I get

“we might need it later” or “it’s only a few lines” - sure, times 3 million.

Anyone else fighting the “log everything forever” cult? How do you handle this type of battle? as I need them to agree to drop much of that spend, but also respect that they may need some of it...

https://redd.it/1phs661
@r_devops

Amateur Docker mistake

Hello all,

VERY much an amateur here, just now learning Docker and things. I have been working on a small project to learn using Nexus and Docker.

Since I have a new Mac, I was informed running Nexus via Docker was best due to some OS limitations. Well, everything worked fine until I made one dumb rookie mistake.

I created a repo named “docker hosted” on Nexus and needed to add port 8083. So I stopped my container. Removed it and added the additional port. What my uneducated amateur brain didn’t realize was doing this would cause me to generate a new admin password and lose all the previous user, role, blob store and rules I had created.

If you ask about backups, the project I’ve been following along with didn’t do that or hadn’t talked about that yet. So no backups. I looked for the volumes on my machine and unfortunately the previous one wasn’t there.

All this to say.. when you were first learning.. did you make any silly mistakes like this?

I feel real dumb. lol thankfully this is just for learning experience and not for work.

https://redd.it/1phs7xc
@r_devops

6 years in devops — do i need to study dsa now?

hey folks,
i’ve been a devops engineer for about 6 years, mostly working with kubernetes and cloud infra. my role hasn’t really involved much coding.

now i’m aiming for bigger companies in India, and i keep hearing that they ask dsa in the first round even for devops roles. i don’t mind learning dsa if it’s actually needed, but i’m wondering if it’s worth the time.

for those who’ve interviewed recently, is dsa really required for devops/sre roles at big companies, or should i focus more on system design, cloud, and infra instead?

thanks in advance!

https://redd.it/1phfe4o
@r_devops

Need Suggestions

Actually, i completed my Devops learning journey as much needed for fresher to get job.

I started applying and I know it's takes time to get job now. Because I am fresher and also from non it background with not it degree.

Therefore I need to keep patience.
Along with applying, i need to practice my things regularly so that I won't forget anything.

So my question is hos should I divide my timing for both- i have total 3.5 hours daily.

Consider these points as well before answering:
I need job it's very important for me
But patient i need to consider
Also just for revision and keep practicing is also important

Note: just divide timing between applying and practical

https://redd.it/1phweuz
@r_devops

What’s an AI tool you tried recently that actually earned a permanent spot in your workflow?

Lately it feels like there’s a new “game-changing” AI tool dropping every 10 minutes, slick websites, big claims, and then… I use it once and never open it again.



I keep finding myself going back to the same few tools, so I’m genuinely curious:

Has anything you’ve tried recently stuck enough to become part of your daily or weekly routine?



Not talking about hype or one-off demos, I mean a tool that genuinely surprised you and proved useful long-term.



Always looking for real recommendations from people who actually use this stuff, not marketing pages.

https://redd.it/1phyeoo
@r_devops

Need your opinions

Hey devops folk i got a question which is a common thing every dev thinks. What you think about DSA? I mean i have seen so many resumes in this sub but I didn't saw DSA thing in those resumes. Isn't DSA important in devops? I shared this question with my aunt's son who works in Japan. He was first in SRE and later shifted towards DevSecOps. He used to work in rakuten and then now working in different company. He told me that without knowing coding no company will even ask you. He said coding is also important and having knowledge of DSA is also important. He said that tool like docker.k8s,aws, linux,etc are common and you can see these tools on every resume. I mean he is not wrong and he has 7+ Y.O.E. What you think about this? I have seen devops courses from Scalar,geeksforgeeks and they also had DSA in there curriculum. So please share your opinions because i think that 90%+ students are going in devops just to avoid dsa and coding or they are going for better package. I haven't seen any youtuber discussing about DSA in devops. So is DSA also important just like any other tools which we are learning in devops?

https://redd.it/1phziiz
@r_devops

GitLab CI trigger merge request pipeline on push to target branch

Is there any way to trigger merge request pipeline on push/merge to TARGET (aka main) branch? Default behavior of if: $CI_PIPELINE_SOURCE == 'merge_request_event' does not provide such behavior

Maybe there is any other way to handle it? It's important to retrigger tests on MR-s after any change in main branch as they may not be valid
Now I'm looking into server hooks or just restart MR test jobs by API on merge/push to main in additional job

https://redd.it/1pi16io
@r_devops

Is it possible to run iOS CI/CD from a Jenkins Linux build node? (Mac agents isn't an option) - Anyone used xtool?

I'm trying to set up CI/CD for an iOS app, but we cannot use Jenkins macOS agents (no EC2 Mac, no on-prem Mac minis - Mac based EC2 instance are crazy-ass costly ).

Our entire pipeline runs on Linux-based Jenkins nodes, and we’d prefer to keep it that way.

I came across xtool, which claims to let you run iOS builds from Linux by offloading the actual Xcode build to their cloud macOS environment: https://github.com/xtool-org/xtool

Has anyone here:

1. Run iOS CI/CD entirely from Linux Jenkins using something like xtool?
2. Used xtool in production? How reliable is it?
3. Faced any limitations (signing, keychain handling, test runners, caching, build times)?

Basically:

Is xtool a viable alternative to running a Jenkins Mac node?

Or am I missing something fundamental in the iOS build pipeline that still requires macOS locally?

Any guidance or real-world experience would be super helpful :)



https://redd.it/1pi1gwj
@r_devops

Is anyone using feature flags to implement chaos engineering techniques?

I'm thinking of failure injections like additional latency, API timeouts, dependency errors, etc.

It sounds useful to have a deploy-free way to inject chaos using a flag. But you also have automatic circuit breakers and other mechanisms in place to remediate issues. Is there an overlapping?


How do you integrate feature flags and kill switches with chaos experiments, circuit breakers, and so on?

https://redd.it/1pi4x79
@r_devops

How do you manage an application on a single server (eg hetzner)

I've been having a play recently with a hetzner server and, though I wouldn't be surprised to hear it's a "skill issue", I can't seem to see how people manage applications on them.

That isn't anything against hetzner, I enjoyed using it. But I found I ended up gravitating to multi-cloud (GCP and Hetzner) in order to have access to secrets, artifact registry (for docker images), service accounts and so on.

So I'm just curious whether using things like this obviously requires something like GCP (or whatever other services other than Hetzner), or if there are approaches / workflows I'm unaware of.



Cheers!



https://redd.it/1pi4eqg
@r_devops

Security Misconfiguration: The 90% Problem That Never Goes Away ⚙️

https://instatunnel.my/blog/security-misconfiguration-the-90-problem-that-never-goes-away

https://redd.it/1pi7y7v
@r_devops

I built a CLI tool to deploy to Docker Swarm like it's Vercel (Secrets rotation, Multi-env)

Hi everyone,

I love Docker Swarm for its simplicity, but I hated managing deployments manually. Kubernetes felt like overkill for my use case, but writing bash noscripts to handle docker build, docker tag, docker secret create, and docker stack deploy was becoming a nightmare.

So I wrote Rollwave.

It's an open-source CLI tool written in Go that acts as a wrapper around Docker Swarm to give you a modern deployment experience.

Key Features:

🔒 Zero-Downtime Secret Rotation: It automatically versions your secrets (e.g., `db_pass_v1`, `db_pass_v2`) and updates your services without downtime.
🌍 Multi-Environment Support: You can define staging and production environments in one rollwave.yml and deploy with rollwave deploy --env staging.
🧹 Auto-Cleanup: It automatically removes old, unused secrets after a successful deploy.
🏗️ Build & Push: It handles the entire build pipeline (including private registry auth) based on your standard docker-compose.yml.

It's currently in Alpha/MVP, but I'm using it for my own projects. I'd love to know what you think!

GitHub: https://github.com/rollwave-dev/rollwave


https://redd.it/1pi9hz0
@r_devops

is 40% infrastructure waste just the industry standard?

Posted yesterday in r/kubernetes about how every cluster I audit seems to have 40-50% memory waste, and the thread turned into a massive debate about fear-based provisioning.

The pattern i'm seeing everywhere is developers requesting huge limits (e.g., 8Gi) for apps that sit at 500Mi usage. When asked why, the answer is always "we're terrified of OOMKills."

We are basically paying a fear tax to AWS just to soothe anxiety.

Wanted to get the r/devops perspective on this since you guys deal with the process side more: is this a tooling failure (we need better VPA/autoscaling) or a culture failure (devs have zero incentive to care about costs)?

I wrote a bash noscript to quantify this gap and found \~$40k/yr of fear waste on a single medium cluster.

Curious if you guys fight this battle or just accept the 40% waste as the cost of doing business?

noscript i used to find the waste is here if you want to check your own ratios:https://github.com/WozzHQ/wozz

https://redd.it/1pib0u7
@r_devops

What's a "don't do this" lesson that took you years to learn?

After years of writing code, I've got a mental list of things I wish I'd known earlier. Not architecture patterns or frameworks — just practical stuff like:

* Don't refactor and add features in the same PR
* Don't skip writing tests "just this once"
* Don't review code when you're tired

Simple things. But I learned most of them by screwing up first.

What's on your list? What's something that seems obvious now but took you years (or a painful incident) to actually follow?

https://redd.it/1pic0a4
@r_devops

Non-UNIX administration?

Hey! I have interest in some less popular OS. For example, right now I have interest in FreeBSD to try to learn jails, play around with ZFS and stuff like that.

My question: is it actually a useful skill? As I understand the field, the non-UNIX administration is really not something that companies look for when hiring DevOps Engineers. Maybe I am wrong and there is an area where (for example) FreeBSD is thriving and cannot be replaced?

https://redd.it/1piakms
@r_devops

I built envsgen: generate docker-compose files, dotenvs, JSON, and YAML from a single TOML config (with imports, variables, shell commands expansion)

Managing multiple services for my self-hosted projects meant rewriting the same env vars in a dozen places. Eventually I snapped and wrote **envsgen**, a small Go CLI that makes one TOML file the “master config” for everything.

Keeps in mind it can has bug as it is my first release, but it works.

Repo: [https://github.com/mcisback/envsgen](https://github.com/mcisback/envsgen)

Medium: [https://marcocaggiano.medium.com/awesome-devops-share-data-between-docker-dotenvs-secrets-and-apps-b909ff346cd3](https://marcocaggiano.medium.com/awesome-devops-share-data-between-docker-dotenvs-secrets-and-apps-b909ff346cd3)

Features:

* Imports (`#!import`)
* `${path.to.value}` references
* `${envs.MY_VAR}` for environment lookups
* `${\\`shell command`\\\`}`if you enable`\--allow-shell\`
* Inheritance (e.g. `backend.local` inherits `backend`)
* Output to dotenv, JSON, YAML, or **docker-compose.yaml**
* `--expand` flattens nested sections for .env formats

Now I can generate docker-compose + backend.env + production.env from the same file, no more duplication.

Happy to hear ideas or improvements!

https://redd.it/1pib7qz
@r_devops