What's working to automate the code review process in your ci/cd pipeline?

Trying to add automated code review to our pipeline but running into issues, we use github actions for everything else and want to keep it there instead of adding another tool.

Our current setup is pretty basic: lint, unit tests, security scan with snyk. All good but they don't catch logic issues or code quality problems,  our seniors still have to manually review everything which takes forever.

I’ve looked into a few options but most seem to either be too expensive for what they do or require a ton of setup, we Need something that just works with minimal config, we don't have time to babysit another tool.

What's actually working for people in production? Bonus points if it integrates nicely with github actions and doesn't slow down our builds, they already take 8 minutes which is too long.

https://redd.it/1pndos3
@r_devops

Tutorial From ONNX Model to K8s: Building a Scalable ML Inference Service with FastAPI, Docker, and Kind

Hey r/devops,

I recently put together a full guide on building a production-grade ML inference API and deploying it to a local Kubernetes cluster. The goal was simplicity and high performance, leading us to use FastAPI + ONNX.

Here's the quick rundown of the stack and architecture:

# The Stack:

Model: ONNX format (for speed)
API: FastAPI (asynchronous, excellent performance)
Container: Docker
Orchestration: Kubernetes (local cluster via Kind)

# Key Deployment Details:

1. Kind Setup: Instead of spinning up an expensive cloud cluster for dev/test, we used kind create cluster. We then loaded the Docker image directly into the Kind cluster nodes.
2. Deployment YAML: Defined 2 replicas initially, crucial resource requests (e.g., cpu: "250m") and limits to prevent noisy neighbors and manage scheduling.
3. Probes: The Deployment relied on:
Liveness Probe on `/health`: Restarts the pod if the service hangs.
Readiness Probe on /health: Ensures the Pod has loaded the ONNX model and is ready before receiving traffic.
4. Auto-Scaling: We installed the Metrics Server and configured an HPA to keep the target CPU utilization at 50%. During stress testing, Kubernetes immediately scaled from 2 to 5 replicas. This is the real MLOps value.

If you're dealing with slow inference APIs or inconsistent scaling, give this FastAPI/K8s setup a look. It dramatically simplifies the path to scalable production ML.

Happy to answer any questions about the config or the code!

https://redd.it/1pnfgxn
@r_devops

OpsOrch | Unified Ops Platform

Hi all, I built OpsOrch, an open-source orchestration layer that provides one unified API across incidents, logs, metrics, tickets, messaging, and service metadata.

It sits on top of the tools most DevOps and SRE teams already run, such as PagerDuty, Jira, Prometheus, Elasticsearch, Datadog and Slack, and normalizes them into a single schema instead of trying to replace them.

OpsOrch does not store operational data. It brokers requests through pluggable adapters, either in-process Go providers or JSON-RPC plugins, and returns unified structures. There is also an optional MCP server that exposes everything as typed tools for agent and automation use.

You can find the project overview on opsorch.com and the documentation on opsorch.com/docs.

# Why I built this

During incidents, most workflows still require hopping between paging, tickets, metrics, logs, and chat systems.

PagerDuty or Opsgenie for paging and incidents.
Jira or Github for tickets.
Prometheus or Datadog for metrics.
Elasticsearch, Loki, or Splunk for logs.
Slack or Teams for coordination.

Each system has its own auth model, schemas, and query semantics. OpsOrch aims to be a small, transparent glue layer that lets you reason across all of them without migrating data or buying a black-box “single pane of glass”.

# What’s available today

The core orchestration service is written in Go and licensed under Apache-2.0.

There are adapters available for PagerDuty, Jira, Prometheus, Elasticsearch, Slack, and mock providers for local testing, all maintained under the OpsOrch GitHub organization.

An MCP server exposes incidents, logs, metrics, tickets, and services as agent tools.

There is no vendor lock-in and no data gravity. OpsOrch does not become your system of record.

# Looking for feedback from DevOps and SREs on

The architecture, particularly the stateless core plus adapter model.
The plugin approach, in-process vs JSON-RPC.
Security and governance concerns.
Which integrations would make this immediately useful in real incident response.

Happy to answer questions or take criticism. This is built with real incident workflows in mind.

https://redd.it/1pngwsm
@r_devops

CKS Exam Re-try (second chance) in 2025

Hey guys, I'm going to make my re-try CKS exam in next 2days,
do you have any experiences in second round and see common questions from first try?




https://redd.it/1pniah1
@r_devops

CDKTF repository forks

There are some active discussions in the https://cdk.dev/ Slack channel #terraform-cdk about building community-driven forks of the existing Hashicorp/IBM CDKTF repositories. A number of developers who work at organizations that are heavily reliant on CDKTF have offered to pitch in.

There is currently a live proof of concept fork of the main cdktf repository that one developer made: https://github.com/TerraConstructs/terraform-cdk

And one Open Tofu developer said he and some other Open Tofu developers would be happy to collaborate with that community-driven effort to keep CDKTF alive:

>The OpenTofu maintainers are happy to collaborate with that project once it's up and running, but we will not be directly involved.

https://redd.it/1pnkcqb
@r_devops

Why did we name virtual switches, bridges?

Title says it all. A bridge is a virtual switch, you plug virtual ethernet cables in on both ends. Why did we name it a bridge, and not a vSwitch!

https://redd.it/1pnjvke
@r_devops

Book Recommendations

Hello all,

As someone on a learning journey I was curious if you had any recommendations for books around DevOps that you wished other Engineers or team mates read?

I have read: The Phoenix Project, The Unicorn Project and Production-Ready Micro-services.

https://redd.it/1pnmf1k
@r_devops

My Raspberry pi pi3d Project

Hey , I am Warthog . I am a part of technolab team . We developed an app that helps preparing image for a particular raspberry pi pi3d picture frame all under one platform .

Our App's name is MetaPi currently on playstore .


WHAT Metapi do ?
It edit , crop and send images according to your pi3d picture frame . No more usage of 3,4 different apps to do the same thing .

Key features ?
It provide soothing reading and editing of Metadata for the images with for free . Like other apps where you have to pay to see and edit metadata for your images . In MetaPi you can see and categories and edit metadata for your images according to you

Moreover you can filter out tags of metadata and crop in free resolution with real time location change inside metadata and free of cost sharing with drive , icloud and other platforms through with your raspberry pi can read the prepared images for your own picture frame



https://redd.it/1pno4k6
@r_devops

Offered a DevOps role - should I take it?

For the past few years I’ve been working as a backend developer (Java) on a Big Data platform project. One of our DevOps engineers is leaving, and my project manager asked whether I’d like to transition into a DevOps role and take over his responsibilities. If I say “yes”, there’s no option to switch back later, because they would hire a new developer to replace me.

The reason he asked me is that I’ve done some DevOps-related work in the past (within the same project), and I’ve always been open to that kind of work.


The main responsibilities would be:

* Platform engineering (Kubernetes, the entire Kafka platform, and other Big Data tools like Apache Iceberg, Spark, etc.)
* CI/CD (mostly building and maintaining deployment pipelines for new types of applications on our platform)
* Scripting and automation

The whole platform is on-prem, running on the client’s infrastructure. There’s no cloud involved at the moment, though that might change in the future.


In your opinion, is saying “yes” a good career move? I’m a bit concerned because most DevOps job offers seem to require cloud experience. Another concern is moving away from professional software development and doing much less “real” coding.

https://redd.it/1pnjsgj
@r_devops

Sick of having to manually read documentation diffs in CI

Does anyone else hate reviewing documentation changes in PRs?
​We do docs-as-code, but if someone rewrites a paragraph for clarity, the standard diff just nukes the whole thing. I have to manually check every single word to ensure they didn't sneakily change a price or a deadline. It's just a massive waste of time.
​I finally hacked together a small tool that compares semantic meaning instead of syntax. For example, changing "The system is fast" to "System performance is quick" gets ignored, but changing "Price: $10" to "Price: $20" actually flags it as a real change.
​It uses LLM classification, but I built a safety net around it: if the model is unsure or the output breaks, it defaults back to a standard diff. It fails safe.

​Demo here: https://context-diff.vercel.app/

​Thinking of packaging this as a simple GitHub Action. Would you actually run this step in your pipeline for docs review?

https://redd.it/1pnqubh
@r_devops

resh v0.9.0 – an AI-native automation shell with URI-based resource handles

Hi all — I wanted to share a recent release of an open source project I’ve been working on, resh v0.9.0.

resh is an automation-focused shell designed to reduce brittleness in infrastructure and systems automation. Instead of stringly-typed CLI output, it models system resources as **URI-based handles** with structured JSON output, making it friendlier for automation, tooling, and AI agents.

Core idea:

    file://, svc://, net://, http://, proc://, secret://, snapshot://, mq://, log://
    

Each handle exposes explicit verbs (e.g., `status`, `verify`, `tail`, `ping`, `get`, `put`) and returns deterministic, machine-readable results. The goal is to make automation safer, composable, and introspectable — especially as more teams experiment with AI-assisted ops.




What’s new in v0.9.0 (high level):

* Expanded handle set (file, net, http, secret, svc, snapshot, mq, log, etc.)

* Stronger JSON envelopes and error determinism across verbs

* Improved service control (systemd/OpenRC)

* Better HTTP handling for automation use cases

* Continued focus on test coverage and production-safe defaults



This is early-stage OSS, not meant to replace Bash interactively, but to serve as a reliable automation substrate that other tools (or agents) can call.



Repo & docs are here if you’re curious:

👉 [https://github.com/millertechnologygroup/resh\](https://github.com/millertechnologygroup/resh)



Feedback — especially from folks who’ve fought fragile shell automation in CI/CD or ops tooling — is very welcome. If this isn’t useful for your workflow, that’s totally fair; I’m mainly looking for informed critique and real-world perspectives.



Thanks for reading.

https://redd.it/1pns1cl
@r_devops

are we teaching juniors how to build, or just how to use ai?

​

i’ve noticed a lot of newer devs are really good at getting something working quickly with ai help, but things slow down fast when the output isn’t quite right. once the happy path breaks, it’s harder to reason about what’s going on.

tools like chatgpt or cosine are genuinely useful, but they work best as support, not a replacement for understanding. if you don’t know why something works, debugging turns into trial and error pretty quickly. it feels like there’s a fine line between using ai well and leaning on it too much.

curious how others approach this. how do you encourage good ai usage without letting core skills slip?

https://redd.it/1pnuh2g
@r_devops

Has anyone actually found cloud cost visibility tools that don't feel like they were designed for accountants?

Ok so I'm the only devops person at a 12 person startup and I've somehow become the "cloud cost guy" which honestly was not in my job denoscription lol, and oour aws bill went from like $2,800 to $4,300 over the last few months and my cto keeps asking me where all the money is going and I genuinely have no idea half the time which is kind of embarrassing to admit.

Cost explorer is fine I guess but it's always delayed by like a day or two and by the time I actually see a spike the damage is already done, so I've been poking around at different options but everything either looks like it was designed for finance teams who want 47 different pivot tables or it's so expensive that it kind of defeats the whole purpose of trying to save money in the first place you know?

We're not big enough to justify hiring a dedicated finops person but we're definitely past the point where I can just ignore costs and hope for the best, and we're running mostly eks with some lambda and rds so nothing crazy but complex enough that tagging everything properly feels like a part time job on its own.

What are you all running for this kind of thing, and bonus points if it's something that doesn't require a week of setup or a sales call just to see a demo because I really don't have time for that right now.

https://redd.it/1pnufax
@r_devops

Stuck with installing arogcd using terraform

So I am trying to creates VPC and EKS using modules in my terraform code. But I am unable to find a way to EASILY install Argocd on my cluster and apply application.yaml (manifest for argocd config) on the cluster post creating it in same Iaac.

I tried googling/LLMing to find way.

I tried using eks's module output to set host in helm and install using helm_release but its not working giving me some kind REST endpoint kinda error.

What is the easiest way to do? Should I use Ansible? and is it really this tedious to setup argocd using terraform?


Please share code example if possible you can look at my code at - https://github.com/c0dysharma/microservices-demo-Iaac

https://redd.it/1pnv123
@r_devops

KODEKLOUD QUESTION

Hello, recently I got fired from Cloud Support position and now I am ready to sub there. Wanna grind as much as I can for the next few months. My question is is the Pro sub already enough or the next tier which is the AI one would be more beneficial? Idk how the AI Tutor and assisted labs would help me considering the price so I have a dilemma is it worth it. Thank you in advance!

https://redd.it/1pnxzu4
@r_devops

Sources to stay ahead of trends

Hi r/devops

I am approaching Senior level in our field and have noticed the requirements are to have architectual knowledge and an opinion on trends. Am aware of DevOps handbook, ByteByteGo and generally where to go if I were to interview for a different company.

For example, at my current company we're adopting a modular design of self service products and bringing the tooling we create closer to the developers. This includes investing in a GitOps strategy, naturually with ArgoCD, and Terraform module projects designed with Terraform Enterprise in mind. Of course IDPs are all the rage too recently.

I am more than happy with the tools and how to implement, but I am finding I am learning about these best practises from colleagues above rather than reading material in my own time.

I appreciate every company has a different problem to solve, so the shoe doesn't always fit. But I interested to hear from you all on how you keep up to date with new(er) methodologies and learn how to critically implement them from a philosophical standpoint (if that makes sense!).

Happy to clarify or expand on this quick ramble post.

Thanks.

https://redd.it/1pnz0xx
@r_devops

How are you handling integrations between SaaS, internal systems, and data pipelines without creating ops debt?

We’re seeing more workflows break not because infra fails, but because integrations quietly rot.

Some of us are:

* Maintaining custom noscripts and cron jobs
* Using iPaaS tools that feel heavy or limited
* Pushing everything into queues and hoping for the best

What’s your current setup? What’s been solid, and what’s been a constant source of alerts at 2 a.m.?

https://redd.it/1pnztvd
@r_devops

How to create FedRAMP compliant cloud environments with IaC for repeatable deployment

Is it possible to build a full cloud environment using Infrastructure as Code and make it FedRAMP compliant from the start? The goal would be to offer pre-authorized environments to companies seeking FedRAMP approval. Since everything is IaC, the setup could be repeated across accounts and tenants. The main challenge is understanding the actual effort for audits, ongoing compliance, and maintenance in production.

https://redd.it/1po0swi
@r_devops

Upgraded Github runner version - now facing build errors

We were forced to upgrade from v2.28 to v2.330 as the older one was deprecated.

However now we have dependency issues :

>C:\\Users\\ContainerAdministrator\\.nuget\\packages\\microsoft.build.sql\\0.1.14-preview\\Sdk\\Sdk.targets(22,89): error MSB4226: The imported project "C:\\Program Files (x86)\\Microsoft Visual Studio\\18\\BuildTools\\MSBuild\\Microsoft\\VisualStudio\\v16.0\\SSDT\\Microsoft.Data.Tools.Schema.SqlTasks.targets" was not found. Also, tried to find "Microsoft\\VisualStudio\\v16.0\\SSDT\\Microsoft.Data.Tools.Schema.SqlTasks.targets" in the fallback search path(s) for $(MSBuildExtensionsPath) - "C:\\Program Files (x86)\\MSBuild" . These search paths are defined in "C:\\Program Files (x86)\\Microsoft Visual Studio\\18\\BuildTools\\MSBuild\\Current\\Bin\\msbuild.exe.Config". Confirm that the path in the <Import> declaration is correct, and that the file exists on disk in one of the search paths. [C:\\home\\runner\\_work\\Main\\Main\\src\\Core.Database\\Core.Database.sqlproj\]

Any idea how I could fix this?

https://redd.it/1po2lvy
@r_devops

Do you actually trust K8s rightsizing recommendations?

Working at a bank, I've noticed teams straight up ignore cost optimization tools because the recommendations feel risky — cutting resources too aggressively can cause outages, and nobody wants to get paged at 3 am to save $50/month.

So the tools just... get ignored.

Got me thinking: would it help if a tool was explicitly asymmetric? Meaning it prioritizes "don't break anything" over "save maximum money" — recommending conservative cuts that won't cause OOMKills, even if it leaves some savings on the table.

For those managing K8s clusters:

* Do you actually follow rightsizing suggestions today?
* Would you trust a tool more if it guaranteed no under-provisioning risk?
* Or is the problem something else entirely?

Genuinely curious how others handle this tradeoff.

https://redd.it/1po3lto
@r_devops

What's your note-taking system for tech learning?

I've been jumping between note apps trying to find the "perfect" system - Notion, Obsidian, Logseq, Inkdrop, Affine... you name it, I've probably tried it.

But here's my problem: I take all these notes and then never actually remember the stuff later. I'll write detailed notes about Docker or some AWS service, then 2 weeks later I'm googling the same thing again like I never learned it.

So I'm curious:
- What note-taking app/system do you actually use?
- More importantly, how do you take notes so you actually remember things later?
- Or do you just not bother with notes and learn by doing?

Feels like I'm spending more time organizing notes than learning. Maybe I'm overthinking this whole thing?

What works for you?

https://redd.it/1po3nok
@r_devops