270
Reddit DevOps. #devops Thanks @reddit2telegram and @r_channels
pgserve 1.1.11 through 1.1.13 are compromised, and the code is surprisingly clean
Supply chain attacks are having a moment.
The postinstall script is a 41KB credential stealer. What's interesting is there's no obfuscation at all. No eval, no atob, no curl piped to shell. Just well written javascript using standard node APIs. require('https'), execSync, fs.readFileSync, crypto.publicEncrypt.
It grabs \~/.npmrc, \~/.aws/credentials, \~/.ssh/, chrome login databases, crypto wallets. Encrypts with a bundled public key and sends it to an ICP canister so you can't take it down with a domain seizure. Most tooling that flags postinstall scripts looks for obfuscation patterns. This wouldn't trigger any of them. The actual red flags are behavioral, a postinstall that reads credential files and makes network calls on a package with no native build dependencies.
https://preview.redd.it/82pwp2zc9owg1.png?width=768&format=png&auto=webp&s=3ce7b6520fa6e7d6c1561bb38ef9deb6ae67b543
1.1.14 is clean. The three bad versions are still on the registry.
https://redd.it/1ssbhl8
@r_devops
What AI tools are you using to make your work and your developer's work better?
Besides the Kubernetes MCP and Claude Code, What other tools are you using?
I want my make my work a bit easier as I deal with Tech debt all over the place and making my developers happy will help a lot in that as well. Looking to find a few new shiny tools to experiment around.
https://redd.it/1sruuew
@r_devops
Running a Self‑Hosted LLM on Azure Container Apps
Hey everyone,
I wanted to better understand how LLM inference actually works under the hood, so made a lightweight stack built around llama.cpp - it runs Gemma‑4 E2B model on Azure Container Apps.
Result - https://gemma-h4ksrlmuz7pfa.ashysky-1e58cf76.westeurope.azurecontainerapps.io/
The goal wasn’t to build anything production‑grade — mostly just to experiment, learn a bit more about the runtime side of LLMs, and document the process along the way.
P.S. For those who wants to run same setup - will leave a link in the first comment
https://redd.it/1srlwrg
@r_devops
damn addictive game rofl
https://redd.it/1sr9kyl
@r_devops
I got laid off, and now i potentially have a ‘bad’ offer
Hello everyone, i got laid off last week from my job. I’ve been applying and interviewing here and there because i saw this coming. I have 3 years of experience in infrastructure and DevOps. The only company i got a response from so far has asked me to work a steady shift from 5 AM to 3 PM which is 10 hours and that’s a lot. The position is “Cloud Support Engineer Tier 2” where i get to work on AWS environments and troubleshooting them. I Desperately need advice because this doesn’t look sustainable for the long term (3-4 years waking up everyday at 4 AM and troubleshooting for 10 hours). Not sure if i should accept or wait for other companies to get back to me first. The salary is OK i guess maybe i could’ve asked for more but idk. Please give me your thoughts on this especially the experienced people.
https://redd.it/1sq93d0
@r_devops
I built InfraCanvas – see all your Docker containers and K8s pods in a live visual map, right in the browser. No VPN, no inbound ports.
I manage a few VMs with a mix of Docker containers and Kubernetes, and I kept running into the same annoying situation where something breaks and I'm SSH-ing into servers one by one trying to figure out what's running where.
So I built InfraCanvas. It runs a small agent on each VM that discovers everything like containers, pods, volumes, networks and streams it to a live graph in your browser. You can also act on things directly from the graph, restart containers, scale deployments, open a terminal inside any container, tail logs, all without touching SSH.
The part I'm most proud of is the connection model. No VPN, no inbound firewall rules, no cloud account needed. The agent dials out to a relay, your browser connects to the relay. Your servers never accept an inbound connection.
It's open source and self-hostable, two commands to get it running.
Would genuinely love feedback from people who deal with this stuff daily, is this something you'd actually use, what's missing, what's wrong with the approach. Be brutal, I can take
it.
GitHub: https://github.com/bytestrix/InfraCanvas
https://redd.it/1sqqung
@r_devops
Vercel security incident
https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
Seems that a security incident happened at Vercel.
https://redd.it/1sq1dsl
@r_devops
Using Anthropic's ant CLI for GitOps-style agent management (YAML configs, CI/CD deployment)
Anthropic released the ant CLI - a Go binary for managing their cloud-hosted Claude agents. The interesting part from a DevOps perspective is the YAML version control workflow.
The pattern:
- Define agents as .agent.yaml files (model, system prompt, tools, MCP connections)
- Define environments as .environment.yaml files (pip/npm packages, networking rules)
- Check both into Git
- Deploy through CI with ant beta:agents create < agent.yaml
Updates use optimistic concurrency:
ant beta:agents update \
--agent-id "$AGENT_ID" \
--version 1 \
< code-reviewer.agent.yaml
ANTHROPIC_API_KEY as a secret, and run the update commands on push to agents/** paths.ant [resource] <command> [flags]), YAML/JSON/pretty output formats, auto-pagination, and a --transform flag with GJSON syntax for field extraction in scripts.
How are people isolating autonomous coding agents from their main git branch while still enabling easy preview?
I have agents editing my files, but I can't find a decent way of isolating that work and my local branch and easily previewing the edited work on the site.
Has anyone come up with an elegant solution for this?
Right now agents are editing my local repo branch that is currently checked out when I go to sleep.
It works great but could see how it would pose problems if something went haywire if multiple edits were made in the same branch to the same files.
Anyone found a decent solution for this that works?
https://redd.it/1spkbcw
@r_devops
Consultancy grad scheme — Stuck in a contract. What do I do?
Looking for some honest opinions from people who've been through this.
I'm on a graduate scheme with a consultancy. The deal is they train you, then deploy you to a client site. Starting salary is low (£25k ish) with a training fee tie-in if you leave early. Been on client site about 1 year now doing platform/observability work at a well-known enterprise.
The narrative I got during onboarding (and hear from colleagues) is basically: "stick it out a couple of years and the client will hire you direct." That's the whole pitch that makes the low salary and tie-in feel worth it.
But looking at it properly, there's nothing in my contract about this. No commitment from the client. Nothing written down anywhere. It's just something people say.
For those who've actually been on one of these schemes:
\- Did the client actually hire you direct in the end?
\- Or did you end up staying as a consultant for years, or leaving for another company entirely?
\- Is the "client will hire you" thing genuinely a real pipeline, or is it a recruitment pitch that rarely plays out?
Trying to work out whether to keep my head down and wait it out, or start looking externally. Appreciate any honest experiences — good or bad.
As a Junior DevOps engineer £25k is very low. Especially having 1 year experience in the field.. I know companies that could hire me for £40k+ minimum.
https://redd.it/1sp2mwc
@r_devops
We replaced our enterprise workflow orchestration stack with a no-code platform
and our IT team actually approved it. AMA.
Posting this because two years ago I would have laughed at anyone suggesting our enterprise could run critical workflows on a no-code platform. Context: we’re a 1,200-person B2B SaaS company. Revenue ops, marketing ops, customer success ops, and IT all had their own automation needs.
Previously we had a patchwork: SnapLogic for data integration, some Celigo connectors for NetSuite, and a lot of manual processes held together by spreadsheets and Slack reminders.
Six months ago we consolidated onto Zapier’s enterprise tier. Here’s what happened.
What changed immediately:
RevOps built a complete lead routing and enrichment system in two weeks. Previously this was a three-month IT project backlog item.
Marketing ops set up campaign attribution automated workflows connecting six different tools. They did it themselves. No IT tickets.
Customer success created automated onboarding sequences with human approval steps using Interfaces. Customers now get provisioned in hours, not days.
IT got audit trails, SSO, and permissions controls. The governance story was what actually got them to sign off.
The AI Copilot accelerated everything. Our ops leads describe what they want in plain English, and the platform builds the automated workflow. They refine from there. The time-to-deploy dropped from weeks to hours.
Where we still use other tools:
SnapLogic still handles our heavy ETL jobs between the data warehouse and production databases. That’s a different category.
Celigo remains our NetSuite-specific connector for complex ERP sync. It does one thing extremely well.
But for cross-platform workflow orchestration, the connective tissue between departments and tools, Zapier replaced everything else.
The metric that matters: ops teams went from filing 15+ IT automation requests per month to fewer than 2. Not because the needs went away, but because they can build what they need themselves now.
Happy to answer questions about the migration, the IT governance conversation, or specific workflow examples.
https://redd.it/1sovu6t
@r_devops
At senior+ levels, do they expect you to memorize / bust out a deployment / service / pod spec from scratch?
I was prepping for an interview, and one of the questions expected me to create a deployment / service spec given just images. I don't really memorize each of the fields for these.
Do interviewers actually care about that sort of thing? I would probably have to get a template and edit it for the usual like image / volume map / args / commands / etc
https://redd.it/1songwj
@r_devops
Trying to make ends meet, would appreciate input (freelancer)
I’ve been doing DevOps work for a while now - I migrated from on premise to cloud in 2019 during the pandemic - being a one-man-army (devops, cloud, finops, sre, platform). I was upfront with my last employer in January and informed them they would be better off paying for 2 juniors to code their product instead of a devops to do essentially nothing (gaming company, zero customers, zero products, still in alpha). They were feeling the same thing and we parted ways amicably.
Here’s the thing: I had a job lined up to start on MARCH with a formal offer by email but so far the end client hasn't sent a start date yet so my money jar is empty. I'm trying to get some freelance going so I can pay bills and I'm desperate enough that I set up an Upwork profile.
What I though about offering:
* Fixing a broken CI/CD pipeline
* Deploying an app to production
* Reviewing (and cutting) cloud costs
* Setting up Azure LandingZone, Azure Policy
* Offering baked Terragrunt to go
It’s basically the stuff I keep getting asked to do, over and over again, everywhere I worked.
Here’s my thought process: Most of these problems aren’t anything wild or one-of-a-kind. Usually, someone just needs it done properly, so I figured packaging these up would make it way easier for folks to know exactly what they’re getting PLUS I would be feeding my family in the meanwhile.
But I keep second-guessing myself on a few things:
\- Is this too generic? Like, does it sound like "just another DevOps freelancer"?
\- Are these even things people care enough to pay to have sorted out, fast?
\- Am I missing anything obvious from a buyer’s perspective?
Of course all the copy was done through ChatGPT because I can't write commercial even to save my life.
For context, here’s one of the services I put together: [https://www.upwork.com/services/product/development-it-a-fully-working-optimized-ci-cd-pipeline-that-actually-deploys-2044480076881187417](https://www.upwork.com/services/product/development-it-a-fully-working-optimized-ci-cd-pipeline-that-actually-deploys-2044480076881187417)
I’d really appreciate honest feedback: how I’m positioning this, pricing, the wording, whatever you think. Seriously, don’t hold back.
On a last note, please go easy on it: I already tied the nook, I'm already feeling bad as fuck because I won't be able to pay rent this month. Help me fight back.
https://redd.it/1smic2y
@r_devops
Honestly, I’m tired.
Final-year CSE student here with DevOps / SRE experience at startups in India and the US, and I’ve been trying everything for months — job portals, ATS bots, cold mails, referrals, everything.
Nothing seems to work.
I’m open to full-time roles from May 2026, and even freelance/contract work at this point. I just need a genuine opportunity with decent pay where I can work, learn, and grow.
If anyone’s hiring or can refer, it would genuinely mean a lot.
https://redd.it/1sm61io
@r_devops
Step by step guide of setting up SSL/TLS for a server and client
Hi everyone I have written a tutorial which describe step by step how to secure a http client and server with different levels of security. Initially I created this project for myself to understand the basics of mutual tls and as a cheat sheet. Afterwords I thought it would be handy to make it public. I was not quite sure whether to post it here as it is mainly a java project, but I thought it would be still good to share the tutorial as it describes all of the steps for creating, signing, extracting and other stuff related to certificates. Hope you guys like it. Feel free to send my some critiques!
See here for the tutorial: https://github.com/Hakky54/mutual-tls-ssl
https://redd.it/1sl19ow
@r_devops
ECS Service Connect Increased The Task Deactivation Time, What Can I Do Here?
We were testing internal service-to-service communication via ECS Service Connect, but one thing I noticed was that after updating it in the ECS Service, the time it takes to decommission the ECS Task has increased significantly. Before, it used to take approximately 2-3 minutes, and now it's taking approximately 10 minutes.
Has anybody else faced a similar issue? How can I fix this? This has increased the overall pipeline time, which looks bad from the outside, and every deployment takes longer to get deployed.
https://redd.it/1srxacu
@r_devops
Built a lightweight incident + status platform after missing too many outages
There’s a moment every team dreads.
Something breaks—and your monitoring isn’t the thing that tells you.
Instead it’s:
a Slack message
a customer email
someone asking “hey… is the API down?”
That moment—when users know before you do—is brutal. And honestly, it happens more than it should.
I kept running into this across different projects, especially in setups where we had monitoring + alerts + status pages all kind of stitched together.
So I started building something to solve that problem a bit differently.
It’s called Faultline.
The idea is pretty simple:
monitor services frequently (down to \~15s checks)
avoid noisy alerting with progressive thresholds instead of binary “up/down”
when something actually looks wrong → automatically create an incident, kick off escalation, and surface the runbook
So instead of:
alert → scramble → figure out what to do
…it’s more like:
detection → incident already created → steps already in front of you
Everything from detection → resolution is tracked in one place.
I’m still building it out and refining the approach, but curious:
How are you all handling incident detection right now?
Do you trust your alerts, or do you still rely on “someone noticed something’s off”?
What’s the most annoying part of your current setup?
Not trying to sell anything—just genuinely interested in how others are dealing with this.
(If anyone wants to check it out or give feedback, happy to share more.)
https://redd.it/1sru5tp
@r_devops
The Orchestrator Era: The Great Recalibration
https://open.substack.com/pub/francoisxaviermorgand/p/the-orchestrator-era-the-great-recalibration?r=5tjomu&utm_campaign=post&utm_medium=web
https://redd.it/1srg2ry
@r_devops
I scan LinkedIn daily for DevOps trends
https://redd.it/1sr9asc
@r_devops
How do you get better? How do you improve?
I’ve only been working for around 7 months, but i am forced to use AI to be faster and always felt like a scam and the engineers with me seemed like wizards.
Today I realized Claude code basically does everything with them, they understand concepts and theory really well but they also rely on AI a lot, and while I understand it’s only a tool, I don’t like relying on anything.
I stopped checking documentations, I stopped memorizing bash syntax, I stopped google searching, I stopped the normal things I used to do to trouble shoot. Even when I get logs I usually just throw it to the AI because “the AI is way faster so don’t waste time reading it” and the worst part is I got so used to it I started doing that with my personal projects and self learning.
I know it’s a tool that can be used, but I feel like after 7 months in, I’m lost and don’t know if I’m ready. I’m unsure if that’s normal working only for 7 months but wanted to know how you actually improve? How do you utilize the tools around you without losing the foundation. Theory is easy but doing with AI makes me feel like I’m doing absolutely nothing.
Edit: Some optional context. Today for example we were migrating an app from IIS to containers, and the decision was taken to use traefik and build/push the container, and all I did was just get the AI to write it. I didn’t look at traefik documentation or think of how to run it, I understand the docker command, but it isn’t mine.
https://redd.it/1sr34kx
@r_devops
Weekly Self Promotion Thread
Hey r/devops, welcome to our weekly self-promotion thread!
Feel free to use this thread to promote any projects, ideas, or any repos you're wanting to share. Please keep in mind that we ask you to stay friendly, civil, and adhere to the subreddit rules!
https://redd.it/1sqhbs1
@r_devops
What Linux projects actually matter for getting hired—real automation or just flashy setups?
I’m trying to build a Linux project that I’ll use daily (automation scripts, cron jobs, system monitoring).
But I’m confused—what actually impresses recruiters or hiring managers?
• Simple but practical scripts you actually use
• Or bigger “DevOps-style” projects (Docker, CI/CD, etc.)
For someone aiming at sysadmin/cybersecurity roles, what made the biggest difference for you?
https://redd.it/1spu9m2
@r_devops
18yo BCA student with zero certs but some experience of devops. Need real advice on free/cheap courses + next steps!
Hey guys!
I'm 18 and in 2nd semester of BCA. I don't have any certifications or much experience yet, but I know Python, HTML/CSS/JavaScript, C, and MySQL. I've played around with Docker and Ubuntu Linux, and I stuck on breaking into DevOps.
I’ve been searching online but everything is super vague — people just say “do projects” or “learn Kubernetes” without telling you how to actually start. I follow some YouTube channels like DevOps Wale Bhaiya, but I’m stuck on what to learn next.
Can someone drop some free or super affordable courses (with certificates I can put on my resume)? Also, what’s the realistic next step after Docker + basic Linux? CI/CD? Kubernetes? Cloud stuff? Any specific projects or roadmaps that actually helped you as a beginner?
Any help would mean the world — thanks in advance! 🙏
https://redd.it/1sp4dq7
@r_devops
Some reachability analysis for your Saturday read
Been working on cross-layer reachability analysis for container images, tracing from application code through native extensions and shared libraries down to the OS package that owns the CVE. figured i'd share some numbers.
A few common images i picked. "reachable" here means there's a proven path from an application entry point through the runtime, through the native .so, down to the vulnerable package.
|Image|Total CVEs|Reachable|Noise|
|:-|:-|:-|:-|
|jenkins/jenkins:lts|221|37|83%|
|nginx:latest|202|34|83%|
|gitlab/gitlab-ce:latest|199|76|62%|
|redis:latest|104|34|67%|
|temporalio/auto-setup:latest|101|17|83%|
gitlab is interesting. Higher reachable count because the app layer is massive and actually exercises a lot of what's installed. redis and nginx are the opposite story: tons of OS packages flagged, but the actual binary only links into a handful of them.
Doing this as part of exploitation analysis work. The next layer down is "reachable" still doesn't mean "exploitable", which should cut the noise further. Will post more datasets as i work through them.
https://redd.it/1sp9ern
@r_devops
DevOps and mentoring
I work with the same company for a few years now. I am responsible to maintain elasticsearch on-prem with it's ci/cd workflows. Also, somehow how became the person to manage our ai integrations but it's in the cloud and k8s so I don't mind. Most of the time I work by my self, I can work a whole day without talking to anyone.
The dev team for the elasticsearch is in different time zone, and I had a few tasks which I wasn't able to get to so they brought a junior DevOps engineer. I don't manage their tasks or anything. More of a support engineer to help them when they get stuck.
Sometimes they are doing things fast and manage everything. Sometimes there is a big wall. My own manager said in situations like this they give time to solve the issue by themselves so they'll learn. But if I know the answer, I won't hold back. Sometimes I don't know the answer myself but just reads some logs and understand what is the issue.
There are probably some language barrier and even culture differences as we are in different countries. Sometimes, I notice some of the tasks get blocked and my suspiction is the junior worrying something will go wrong but they will not approach me to ask what to do. My focus is always on the technical side and provide guidance how to debug/resolve.
Although, I have a lot of experience I never had to mentor someone else. I know the learning curve is by experience.
My question is what can I do to improve the communication and workflow between us? I find it's easier to talk in chat than in voice because I'm not sure they understand me lol.
Also, another manager wants me to also teach them to support the ai stuff that we are running because I only work 4 days a week.
TLDR; I have to mentor new junior DevOps. I have no idea what I'm doing.
https://redd.it/1sox094
@r_devops
How to handle modernizing infrastructure when the app runs legacy c#?
The organization I work for is a Frankenstein of a few companies. We offer \~10 different PaaS products across Azure and AWS, with a subset of apps coming from each of the Frankenstein's original orgs.
The most significant subset of these apps run on .net framework, including some pieces which use original asp.net, a dead server side framework since 2016.
This part of the org runs on behemoth monolith VMs. Some of the apps do communicate and share data, which means that other apps and DB servers are bottlenecked by these ridiculous machines. Something like 60%+ of our infrastructure budget is going to this 40% of the application, or to pieces that have to compensate for it.
Of course, the people responsible for architecting and developing this sector are very resistant to change. They are extremely deferential to Microsoft, regularly getting on calls with MS on their own time to adopt new products to solve problems created by their own obsolete architecture. Fortunately they have their own devops team that is responsible for handling the entirely manual deployment process, and provisioning of these servers, but everything else is on my team of four.
Simultaneously, we are constantly getting heat from the C-Suite constantly about tightening our belts and skinnying up wherever possible. We recently were chastised because the infra for a POC cost $400.
My question is -- how do people handle this? I can't be the only one dealing with legacy application pieces that drag the efficiency of the entire org down. We try hard to push back and make it clear how debilitating the legacy apps are, and often leadership seems to understand, but every quarter when we talk priorities there's never a discussion of refactoring our 10 years out of support C# code.
https://redd.it/1soq3gr
@r_devops
I don’t know how to code anymore yet I understand everything, is that normal now?
I used to love to code and problem solve, but since AI was introduced and pushed to be used at my job, yes I’ve been way more productive and coding stopped becoming something I think about but rather something I check, but I feel weird about it.
I was told that the future would be I understand how to code but I use AI to code and I just review and maybe change a thing or two, but I can’t wrap my head around that, is that how it’s working now? Should I stop focusing on coding as much and switch to other things to learn? I already had years of coding under my belt but I feel like I started losing the skill of writing it.
https://redd.it/1sngljr
@r_devops
jsongrep project updates: multiformat support + interactive playground + more
https://redd.it/1sm9urx
@r_devops
Anybody using a mysql terraform provider?
Hello there!
In the push to move to configuration as code we successfully adopted the cyrilgdn/postgresql provider and we're now successfully handling users and roles through terraform.
I would now like to do the same for mysql, hence the question: does anybody have recommendations for such a provider?
https://redd.it/1sm0aix
@r_devops
Do you need to know how to write code nowadays or only understand?
I’ve been trying to get into GO but with the free version of anti gravity, my god the fun in coding is just completely gone, and with everywhere I work I am technically forced to use AI to be productive, I see that almost everyone isn’t writing code anymore but rather prompt engineering and understanding what goes where and how.
Is that how it’ll be now? Should I just understand how GO works and let the AI write and refactor? I am not trying to do an AI vs humans but recently even the Linux kernel allowed people to use AI so I just want to understand how things go from here.
Side note: I know we must adapt, and I know DevOps is more high level and not really programmers, which is why my question is more of what have you went through rather than look at how AI ruined my personal opinion on how programming should go on.
https://redd.it/1skdv1t
@r_devops