Interviewed somebody today; lots of skills, not much person

I interviewed a person today for a DevOps role. His resume was very thick with technical things. Software he's used, frameworks, programming languages, security and compliance regulations, standards, etc. There was not much about how he worked with those things, what he did with them, which bits he was more familiar with and less familiar with.

I tried to get an idea about what kind of techie he is. Did he learn these things on his own? Or is he driven more by learning things as needed for the job? Has he designed anything on his own? Is he lawful good or chaotic neutral or...? Etc.

The answers I got made it feel like most of what he's done is work where someone else directed him, he coordinated with other teams, used vendor tools with pre-determined actions, ran noscripts, etc. This is okay, since this wasn't for a senior role. But it made me think about how important it is, as a job seeker, to give a potential employer an idea of what kind of work you do. It's not just about checking boxes or flexing on hard skills, but showing that you're a person as well. Especially since these days everyone's on the lookout for AI chatbot answers. In this case, maybe he was just nervous. Maybe he's not good in formal situations. Or maybe he's just "not a good fit", as they say.

https://redd.it/1rfr007
@r_devops

Lucrative DevOps Fields/Jobs?

Based on your experience, what DevOps positions tend to pay high salaries(250k+)?

I come from a networking background but since then ive made the switch to devops. Back then in the networking space if you wanted to make a lot of money you would get a CCIE certification and try to work at a networking vendor such as Cisco,Arista, and Juniper. There's also the option of working high frequency trading companies where stress levels are high but so is the pay..

Whats the equivalent for DevOps?

Do companies like AWS pay their in-house DevOps engineers a lot? What skills does the industry value to command that type of pay? Are there high paying DevOps vendors out there? I know certifications arent really valued anymore like they used to be.

https://redd.it/1rfvwf4
@r_devops

Helm in production: lessons and gotchas

Hi everyone! I've been using Helm in production at scale for the past few years and collected lessons and gotchas that surprised me:

- Helm doesn't manage CRDs.
- --wait doesn't wait for readiness of all resources.
- Dry run is dependent on the state of an existing release.
- Values can be validated with JSON schema.
- OCI registries can be used for charts alongside container images.

I think the tip about values validation is the coolest, because loading the schema into yaml-language-server is a great development experience boost and helps LLMs do better work writing values.

Hope you find this post useful, I think even experienced Helm users can learn something from it.

https://redd.it/1rgdp5x
@r_devops

ECS CICD Rollback?

Hi Guys! What could be the best way to rollback on ECS CICD , do I describe last active task definition then rerun but it will give diff in GitHub task definition, or just revert back to last successful action I think this would be better or any other solution to it?

any blogs or suggestions would be great

https://redd.it/1rfx80d
@r_devops

What is platform engineering exactly?

Every time I tell someone what I like and how I think, they end up in some way or another recommending platform engineering.

For example I’ve always wanted to contribute to open source projects I liked but always thought I wasn’t technically there to help outside infra and cloud, which prompted another “PE is perfect” and every explanation I get is different, and not closely different but can be categorized as a different role

I won’t make the post long by explaining what exactly I like and what I don’t but I want to know what is it to maybe understand why it’s been recommended so much to me. I’d also appreciate some examples of the output of such a role compared to the normal DevOps for example.

https://redd.it/1rhefsl
@r_devops

Cloud Engineer roadmap check: Networking + Linux completed, next steps?

I’m transitioning to Cloud Engineering from scratch. I’ve completed basic networking (TCP/IP, DNS, subnetting) and Linux fundamentals (CLI, file permissions, processes). I’m currently learning Git and GitHub. My goal is to get a junior cloud role in 6–9 months. What should I focus on next.

https://redd.it/1rezupb
@r_devops

CleanCloud v1.6.3 - 20 rules to find what's costing you money in AWS/Azure

A while ago I posted about CleanCloud \- a shift-left cloud waste report tool enforces hygiene as a CI/CD gate, now with cost estimates and --fail-on-cost CLI option

AWS Rules (10):

1. Unattached EBS volumes (HIGH)
2. Old EBS snapshots
3. Infinite retention logs
4. Unattached Elastic IPs (HIGH)
5. Detached ENIs
6. Untagged resources
7. Old AMIs
8. Idle NAT Gateways
9. Idle RDS instances (HIGH)
10. Idle load balancers (HIGH)

Azure Rules (10):

1. Unattached Managed Disks
2. Old Snapshots
3. Unused Public IPs
4. Empty Load Balancers
5. Empty Application Gateways
6. Empty App Service Plans
7. Idle VNet Gateways
8. Stopped (Not Deallocated) VMs — still incurring full compute charges
9. Idle SQL Databases (zero connections 14+ days)
10. Untagged Resources

Every finding includes:
\- Confidence level (HIGH / MEDIUM)
\- Evidence and signals used
\- Resource details and age
\- Cost waste estimates

Enforce in CI/CD:

cleancloud scan --provider aws --all-regions --fail-on-confidence HIGH --fail-on-cost 2000

Exit 0 = pass.

Exit 2 = policy violation.

pipx install cleancloud and run your first scan in 5 minutes.

If you’re one of the 200+ users who have downloaded CleanCloud, we’d love to hear what you found.

Please open an issue here or leave a comment below.

https://redd.it/1rf84m8
@r_devops

27001 didn’t change our stack but it sure as hell changed our discipline

We missed two deals so it finally made sense to leadership to pursue ISO 27001.


We did end up tightening parts of our stack. A few workflows became more structured, some things moved out of people’s heads and into systems but that wasn’t the real shift even though they definitely had their own positive sides to it.


The uncomfortable part was answering some questions we’d never formally defined. A lot of our processes were muscle memory and ISO forced us to define them, assign ownership and create review cadence.


The discipline we gained changed everything.

https://redd.it/1reqg60
@r_devops

Why does docker output everything to standard error?

Everytime I look inside my github wrokflows I see everything outputted to stderr, why does this happen?


Thank you!

https://redd.it/1rhts32
@r_devops

Build a website for DevOps Learning

Hey folks
After a long time, I finally rebuilt (vibe-coded ) and revamped one of my old projects DevOps Atlas.
It’s basically a one-stop search engine for DevOps learning resources.
The goal is simple:
Help DevOps engineers discover high-quality learning resources without endless searching.
Any suggestions and feedback are most welcome. Check it out at https://devopsatlas.com/ and let me know what you think!

https://redd.it/1rhwo1p
@r_devops

hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far

https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation#attack-6-aquasecuritytrivy---evidence-cleared

Now trivy repo is empty.... https://github.com/aquasecurity/trivy

some advices :

1. Verify the integrity of your Trivy binaries if installed at the end of February
2. Switch to the Docker image (if still available on GHCR/Docker Hub), verify Cosign signatures
3. Keep Checkov or Grype as a fallback
4. Audit your GitHub Actions workflows: no pull_request_target + checkout of the fork, no unescaped ${{ }} in run blocks:

https://redd.it/1ri4nwu
@r_devops