86
Reddit DevOps. #devops Thanks @reddit2telegram and @r_channels
How can I restrict access to a service connection in Azure DevOps to prevent misuse, while still allowing my team to deploy infrastructure using Bicep templates?
I have a team of four people, each working on a separate project. I've prepared a shared infrastructure-as-code template using Bicep, which they can reuse. The only thing they need to do is fill out a `parameters.json` file and create/run a pipeline that uses a service connection (an SPN with **Owner** rights on the subscription).
**Problem:**
Because the service connection grants Owner permissions, they could potentially write their own YAML pipelines with inline PowerShell/Bash and assign themselves or their Entra ID groups to resource groups they shouldn’t have access to( lets say team member A will try to access to team member B's project which can be sensitive but they are in the same Subscription.). This is a serious security concern, and I want to prevent this kind of privilege escalation.
**Goal:**
* Prevent abuse of the service connection (e.g., RBAC assignments to unauthorized resources).
* Still allow team members to:
* Access the shared Bicep templates in the repo.
* Fill out their own `parameters.json` file.
* Create and run pipelines to deploy infrastructure within their project boundaries.
**What’s the best practice to achieve this kind of balance between security and autonomy?**
Any guidance would be appreciated.
https://redd.it/1lq6x4g
@r_devops
DevOps professionals - I need your insights!
Hi everyone ☺️ I'm a postgraduate student researching racing to prove why DevOps adoption in large organisations (such as AWS, Microsoft, Google, Meta, etc) sometimes fails to match the hype.
I call it the DevOps Implementation Paradox (DIP) framework: companies adopt DevOps for prestige or branding, but face real struggles with legacy systems, culture and leadership misalignment.
For research, I'm running a quick survey (anonymous) to capture real-world challenges and enablers from engineers, SREs, DevOps leads and anyone working within this field or with CI/CD pipelines.
Your input will help expose the gap between DevOps hype and practical reality 👏🏻 and will be used ethically in my dissertation.
If you've experienced DevOps wins, frustrations, or fake "DevOps theatre" at work, I'd greatly appreciate your insights 🙏🏻
Copy survey link here:
https://docs.google.com/forms/d/e/1FAIpQLSf17Bd_kAM7G7OTeGIdq5Vcy-uGWlJ3NNaj1qzqFLKBzxkvjw/viewform?usp=header
Thank you for helping bridge the DevOps reality gap! Happy to share final insights with anyone interested.
https://redd.it/1lq75sm
@r_devops
Moley: Open source CLI to expose local services using Cloudflare Tunnel & your domain name
Hey !
I'm sharing with you a small CLI tool I built for hackathons. Something I needed, and maybe others do too.
At ETH Prague, our deployed backend needed to call a service still running on my teammate’s laptop. He used ngrok — but on the free tier, the URL changed every reboot.
I had to constantly update env vars and redeploy, then test things again. Super annoying, super stressfull, even more when we have to pitch.
So I built Moley: a small, no-infra CLI that lets you expose local services using Cloudflare Tunnels and your own domain name, with automatic DNS setup and cleanup.
It’s designed for people who already use Cloudflare to manage their domain — and want something simple and stable for sharing or deploying local apps.
👉 https://github.com/stupside/moley
# What it solves
No more random URLs (like with ngrok free tier)
No more Nginx or reverse proxies
No need for a public server
You get clean URLs like `api.mydomain.dev`, instantly
Works great for demos, APIs, webhooks, or internal tools
Can even be used to deploy small apps without provisioning anything
# Key features
|Feature|Description|
|:-|:-|
|🔧 Tunnel Automation|Creates and cleans Cloudflare tunnels with one command|
|🌐 DNS Management|Sets subdomains via Cloudflare API|
|🧾 YAML Config|One file to define all your exposed services|
|💸 Free|Just needs a domain and a Cloudflare account|
|🚀 Zero Infra|No Nginx, no VPS, no dashboard, no headache|
# How it works (basic flow)
# Install cloudflared & authenticate
brew install cloudflare/cloudflare/cloudflared
cloudflared tunnel login
# Clone & build
git clone https://github.com/stupside/moley
cd moley
make build
# Set your Cloudflare API token
./moley config --cloudflare.token="your-token"
# Initialize config
./moley tunnel init
# Edit generated moley.yml
# (e.g. to expose localhost:3000 as api.mydomain.dev)
# Start tunnel
./moley tunnel run
When you stop the process, it automatically deletes the tunnel and DNS records.
# Status
✅ Fully working and tested in real hackathon scenarios
⚠️ No formal test suite yet — built it in 2 days because I needed it fast
🔐 Token is stored securely (never in source)
📦 Dependency-free, binary + YAML config
# Looking for feedback & contributors
It’s still early, but I’m using it regularly for hackathons and personal projects.
Would love feedback, issues, or PRs — especially for:
Adding tests
Improving usability / UX
Supporting more config options
Better docs or install flows
Thanks for checking it out 🙏
https://redd.it/1lq4xpp
@r_devops
DEVOPS GPT
Hi team,
Recently i noticed that Chat GPT has been included a feature/plugin names “DevOps GPT”, do you think that this will negatively affect the field?
https://redd.it/1lq3d7n
@r_devops
Easy SonarQube Continous Integration
I have created a shell tool that can simplify improving code quality control using SonarQube, the goal is have a easy integration in CI pipeline. The are two projects one to create a custom SonarQube configuration (SONARSCRATCH) and the other is for CI pipeline (SONARSCRATCH checker). Link : https://github.com/saidani-proj
https://redd.it/1lpysr2
@r_devops
Feeling like an imposter in my Cloud Engineering internship - is my CompE degree a waste?
**TL;DR:** I'm a 22-year-old computer engineering student about to graduate. I've studied everything from transistors to software, but my cloud engineering internship feels completely different from my degree. I'm enjoying it but feel like a massive imposter. Looking for advice from the pros on how to build a solid career in this field and not get replaced by AI.
Hey r/devops,
I'm in a bit of a weird spot and could use some perspective from you seasoned veterans. I'm about to wrap up my computer engineering degree. My studies have been a deep dive, starting from the fundamentals of chip design and transistors and moving all the way up the stack to software development.
In this brutal tech job market, I feel incredibly fortunate to have landed a cloud engineering internship right before I graduate. The work is in AWS and Azure, and I'm getting my hands dirty with some cool stuff. I'm working with Infrastructure as Code (IaC) using Terraform, building out pipelines in Azure DevOps, and dealing with a lot of networking related concepts so far. Got done with a Azure Fundamentals certification too. To be honest, I'm starting to really enjoy it. The whole process of automating and managing infrastructure is fascinating.
Here's the thing, though: I have this nagging feeling of being an imposter. Almost nothing I'm doing on a daily basis directly relates to the low-level concepts I spent years learning in my degree. It feels like I'm operating at the highest level of abstraction, which is a world away from hardware design.
So, my question to all of you who have been in the game for a while is:
* **How can I leverage my computer engineering background to excel in a cloud/DevOps career?**
* **What should I be focusing on right now to build a successful and lasting career in this sector?**
* **How do I position myself to be one of the highly skilled workers and avoid the whole "AI is coming for our jobs" doom and gloom?**
Any advice or shared experiences would be hugely appreciated. Thanks in advance!
https://redd.it/1lpx02s
@r_devops
What automation do you maintain manually because it keeps failing?
Our setup requires me to manually update config across 3 different web consoles whenever we deploy new services - same 20 clicks every time but the interfaces keep changing so automation breaks constantly (I've tried).
Anyone else stuck doing repetitive console work because the tooling changes too fast for scripts to keep up? Could be AWS, monitoring tools, CI/CD platforms - anything where you know you should automate it but gave up after rebuilding the script.
Whats one automation you'd automate if it'd work reliably?
https://redd.it/1lptfbv
@r_devops
Certified Kubernetes Application Developer (CKAD) exam 2025
Materials and Exercises for preparing for the Certified Kubernetes Application Developer (CKAD) exam 2025
https://github.com/techwithmohamed/CKAD-Certified-Kubernetes-Application-Developer
https://redd.it/1lpq0w5
@r_devops
how to get job as Devops engineer
sysadmin here i love linux and want to start/ switch as a devops engineer learning on my own. how difficult it will be to get a job as devops.. do i need to do certification and all... ?
https://redd.it/1lpoech
@r_devops
I made a simple API to scan web ports – curious what you think
Hey! 👋
I’ve been working on a small project and finally published it on RapidAPI — it’s called WebPortSpy.
Basically, it’s an API I built myself that lets you scan open ports on a domain. The idea started as a personal tool for quick recon during audits, and I figured it might be useful to others too. There’s also an optional paid tier if you want extra stuff like identifying vulnerable ports or even suggested exploits — but the basic functionality is free to use.
I’m still improving it, so any feedback from this community would be super appreciated. If you’ve got a minute, I’d love if you could test it out or just let me know what you think.
Here’s the link:
👉 https://rapidapi.com/infosecarg-infosecarg-default/api/webportspy
Cheers!
https://redd.it/1lpiryp
@r_devops
Learning Platform - Is KodeKloud worth it?
Hello, everyone.
I've been working with Kubernetes for a couple of months and have been learning everything as needed, but I feel I should adopt a more structured learning approach.
I have a learning budget available and have read that KodeKloud is a good option with reasonable pricing at $180 per year.
While I'm not particularly focused on certifications, I believe that certification preparation courses provide a solid framework for learning the necessary skills.
I'm considering enrolling in the CKA, CKAD, and CKS courses, then progressing to Istio and Cilium, as I need to develop more experience with service mesh and network policies.
Are there any good alternatives to KodeKloud that you would recommend?
https://redd.it/1lpgcpd
@r_devops
How to safely change StorageClass reclaimPolicy from Delete to Retain without losing existing PVC data?
Hi everyone, I have a StorageClass in my Kubernetes cluster that uses reclaimPolicy: Delete by default. I’d like to change it to Retain to avoid losing persistent volume data when PVCs are deleted.
However, I want to make sure I don’t lose any existing data in the PVCs that are already using this StorageClass.
https://redd.it/1lpb2qw
@r_devops
What is the actual advantage of using IaC tools for provisioning resources instead of Ansible?
For context, I am a software engineer falling in love with devops, SRE and servers
I manage my homelab cluster using mostly ansible. It currently:
Creates my Proxmox virtual machines
Manages disk passthrough to them.
Installs kubernetes and calico
Updates my UDM DNS and BGP routing
Create LVM partitions to be consumed by [OpenEBS](https://openebs.io/) later on.
etc, etc, etc
So as you can see, almost everything is managed by ansible.
In my studies/experimentations with other tools, I've settled with Pulumi (TFCDK doesn't seems very supported) because it gives me more flexibility with Python. I use it for deploying my "homelab kubernetes platform" to the aforementioned kubernetes cluster.
But like, why is using ansible for provisioning resources/charts/etc considered clunky?
I've seen other posts that suggests using ansible for configuration, and other tools for provisioning/creating resources. But managing both tools feels like a major hassle and adds some other problems like:
Which tools is the authority here?
Does ansible invoke pulumi, or the other way around?
Source of truth becomes distributed over different places
Defining what the desired state is, ends up being decentralized, because I must add separate configs for ansible and pulumi
I could define a "shared yaml" and read from that, but then I'd be taking up the responsibility of handling that myself instead of using a solution provided by a tool
Feels like a bit of a hack, etc etc etc
The best explanation I've found for this was this post that made some good points, but I'd like to hear other opinions
https://redd.it/1lp5x38
@r_devops
Hashicorp 3rd Party Support Services?
Hi Guys,
We're just starting out using Hashicorp Nomad, Consul, Vault (or OpenBao), Packr. All open source variants.
We've got some technical questions which isnt exactly covered in the Docs, and theres not much resource for it online (especially regarding Nomad and Consul).
Does anyone know of any 3rd Party Company providing Hashicorp Support Services? We dont have deep pockets but we are open to subscribe to a support retainer, or purchase a number of hours.
Its really for consultation, troubleshoot, asking scenario specific questions and solutioning. Not expecting anyone to write any stuff for us. Also speaking to someone with operational experience with these would really help.
Thank you!
https://redd.it/1ljdult
@r_devops
Public Nexus repository for granting file access to third-parties
Forgive my complete ignorance on this topic, but I am an account manager at a company and am being asked by one of our customers to utilize a Nexus Repository in order to send some installer files of our application.
I'm trying to lighten the load on our dev team and learn some of this myself, but am having a hard time figuring out how Nexus could be utilized as a way to share our exe's and such.
Does anybody have familiarity with this? Are there any specific vendors that you would recommend? Reach out to Sonatype sales folks directly?
https://redd.it/1lji7q0
@r_devops
SRE Interview Coming Up – I’m Lost!
Hey everyone!
I have an upcoming interview for a Site Reliability Engineer (SRE) position, and honestly, I don’t have much background in this area (I interned as an SDET) and don’t have any formal work experience yet.
They sent me an email outlining the main components of the technical interview:
1. Applying algorithms, data structures, and computer science fundamentals
2. Explaining and implementing solutions in code without typical engineering aids (e.g., IDEs, online documentation)
3. Communication
4. Pace and speed
I’m wondering is this all they will focus on? Am I not expected to know things like Kubernetes, AWS, CI/CD pipelines, or production logs, since none of that is on my resume?
I’d really appreciate any advice on how to prepare well for this interview.
Thank you! 🙏
https://redd.it/1lqa1br
@r_devops
Ways to get hands-on k8s experience as a manager?
I'm in a leadership role, and due to the timing of my promotion into management, I seem to have side-stepped the container revolution - I have 15 years in industry at pretty much all levels and all industries, but on the old-school VM era. My current management role has been largely hands-off from tech - I've not raised a PR on production code for years.
I'm now in the sitiation where I have no direct hands-on exposure to Kubernetes, and it seems that pretty much all jobs these days need that - even management. It's not like I'm a luddite - I know kubectl and I'm able to have a conversation about it, but I seem to be skimming off the surface for recruiters. I've had some initial chats, but no actual interviews, always because I lack "hands on" with Kubernetes.
In terms of solutions - I'm out of ideas. My current job has no feasible work where using Kubernetes hands-on would be "in scope", as I'm basically just a people manager at this stage.
I'm happy to put the money and effort into taking the CKA on my own time if it would help - but it's an expensive bet to make.
Opinions welcome!
https://redd.it/1lq4d09
@r_devops
Email Tracking Pipeline Advice?
Hey folks 👋
Currently refining our email observability pipeline. We're using AWS SES → SNS → CloudWatch → Datadog, but as expected, the data is too high-level. We need to track and query metrics like open, click, bounce, per subject and recipient, ideally monthly.
Pinpoint is off the table (deprecated + TF modules reject pinpoint_destination). I tried dashboards in Datadog via query filters, but can’t drill down to the email-level granularity we need.
✅ GPT suggested a cleaner route:
SES → SNS → Lambda → Firehose → S3 → Athena + QuickSight/Grafana
I’m considering this, but before investing, I’m curious:
Anyone implemented something similar in production?
Is there a more Terraform-native or managed approach?
Any caveats with Athena on large-scale event logs?
Would love to hear your take or stack suggestions. Open to hybrid/cloud-native patterns.
Thanks in advance!
https://redd.it/1lq4nsf
@r_devops
Ass-and-a-half'ing it
We half-assed it the first time.
Then we realized we needed to full-ass it the second time.
So we ended up doing 1.5 asses worth of work. An ass and a half.
Maybe we should have just full-assed it the first time. Or maybe we got 0.6 asses of value from delivering the early version, so 1.5 asses of work is still a net gain. It can go either way, and sometimes 1.5 asses is the right amount of work, but it should be an intentional choice when we do it.
The thing to avoid is defaulting to half-assing it without a concrete value delivery to justify that decision. If we always half-ass it, then we're always signing up for 1.5 asses of work in the long run (at least) even when it doesn't bring us any extra value. That's how you end up delivering 33% less value over a quarter.
https://redd.it/1lq1r0d
@r_devops
What social media-like apps/sites would you recommend for keeping up with the latest news in the bubble and also to broaden your knowledge on key systems
Just a disclaimer, i used the term social media-like because I prefer the option of having a ”feed” I can scroll where there’s output from multiple people instead of e.g. reading a blog written by a single person. But im also open to other kinds of ways of keeping up with news/ deepening your knowledge
Reddit is the most obvious answer but even using the home feed it’s saturated with alot of fluff/memes/people with little to none techinal knowledge/straight up nonsense
So I guess im looking for solutions where you read output from accredited individuals with credentials to talk about these things or something along those lines.
I downloaded substack yesterday but for some reason my feed seems to be full of only far-right ideology and conspiracy theorists along with dumb memes and tiktoks, even though I subscribed only to IT related fields
So my question is: what do you guys use for daily reading/keeping up with stuff
For background: im a freshly graduated network engineer currently being trained to work as an devops engineer and want to use some of my free time to learn usefull stuff instead of browsing reddit/ig/whatever and just wasting my screentime on fluff
https://redd.it/1lpyb6o
@r_devops
What DevOps Job Titles Really Mean
Here's my version, let's hear yours:
"DevOps Engineer" - need one person who can do everything, especially hand-holding our developers and making up for their inadequacies. We'll treat you with as much respect as we used to give Tech Support.
"SRE" - we had too many incidents, we need to productionize but we have no idea how.
"Cloud Engineer" - Terraform and a bit of pipelines, maybe some Ansible/Puppet/Chef.
"Platform Engineer" - Kubernetes admin.
https://redd.it/1lpvp4n
@r_devops
How do you keep track of all the changes in your deployments for audit or compliance checks?
With how fast deployments happen these days, especially in more agile or automated environments, keeping a clear, auditable trail of every single change feels like a constant battle. It's not just about knowing what changed, but who changed it, when, and why, especially when multiple teams are pushing updates continuously. That level of detail is crucial for security and compliance, but it often feels like you're trying to capture water.
The challenge really hits during an audit when you need to quickly pull up specific records or prove adherence to a standard, and the information is scattered across different tools, logs, or even mental notes. How do you manage to maintain a robust, easily auditable history of all your deployment changes without slowing down your release cycles? Thanks for any insights!
https://redd.it/1lprkx4
@r_devops
Can I change my career to back-end even if I start as devOps?
A devOps job has been offered.
I was delighted because I kept failing job interviews for back-end developer.
But I still have skepticism because I don't know what exactly DevOps does.
https://redd.it/1lpq0zn
@r_devops
Stuck between AWS and Azure — need your advice!
I’m about to dive into Cloud Computing, but I’m currently torn between starting with AWS or Azure.
I’ve heard the differences between them aren’t that big in terms of core concepts, and that Azure might be easier for beginners, especially with its user-friendly interface and Microsoft integration.
But I’m also thinking about the bigger picture:
• Which one has better career opportunities overall?
• Which one provides more flexibility and long-term growth?
• And is it true that once you learn one, switching to the other is relatively smooth?
Would love to hear your thoughts and experiences! Any advice or perspective is welcome 🙌
#CloudComputing #AWS #Azure #CareerGrowth #ITCareers #TechLearning
https://redd.it/1lpjif2
@r_devops
Startup versus established company
So, I’m working for a startup for the first time, after working for well established companies.
I’m finding the startup actually funner because instead of coming in and running into years of tech debt and glacial resistance to change I’m actually getting to just suggest doing something and being told to go ahead.
I’m actually being asked what I think is the best way to build something or implement it. There are no “legacy” systems barely limping along and no one having the bandwidth to even think about migrating it to something.
Sure, there are cons to this. Sometimes there is lack for good through out access and security policies. Sense of stability. A little too much to do and not enough people to do.
I’ve also heard horror stories of working for startups.
Am I just like in the NRE phase of this?
What are yall thoughts on the difference?
https://redd.it/1lpgsrr
@r_devops
Going from NestJS backend work to Devops. Help.
For those that have a NestJS background would love to hear how you got into Devops.
*Deep Devops, everything from hardened infrastructure to incident protocol —the whole gammut.
https://redd.it/1lpamk8
@r_devops
Well I did it, made to product hunt
I know it’s not a very cool tool but still me working in the industry for about 10 years made me think on why not build a bridge between human intent and DevOps execution and I started building an OSS tool.
https://www.producthunt.com/posts/ops0
Do you think operations are too much to handle or just repetitive all the time?
https://redd.it/1lp8f9g
@r_devops
Tool Release Kube Composer – Visually Build & Prototype Kubernetes Configs (198⭐️ on GitHub
Hey 👋
I’ve been working on an open-source project called Kube Composer — it’s a visual editor for designing and prototyping Kubernetes configurations without writing raw YAML.
🚀 What’s it for?
• Quickly scaffold Kubernetes resources for apps and microservices
• Visualize relationships between objects (e.g., Services, Deployments, Ingress)
• Export production-ready YAML configs
• Great for platform teams, internal developer platforms (IDPs), and onboarding
🧑💻 New update just dropped:
• Cleaner and more intuitive UI
• Layout & performance improvements
• Usability fixes from real-world feedback
⭐ We just passed 198 GitHub stars!
Appreciate all the support from the community — your stars, feedback, and issues have helped shape the direction.
👷♀️ Looking for collaborators:
If you’re into Kubernetes, GitOps, or building internal tools, I’d love your feedback or help on shaping features like CRD support, Helm integration, and OpenTelemetry flow mapping.
🔗 GitHub: https://github.com/same7ammar/kube-composer
Would love to hear how this could fit into your workflows or dev environments. Always open to suggestions and PRs 🙌
https://redd.it/1ljj9a7
@r_devops
Networking Across AWS and Azure
I have an ECS app running in private subnets on AWS. To avoid NAT gateway costs, I set up VPC endpoints for ECR and Secrets Manager access. Everything works great for AWS services.
Problem: I just realized my app also needs to connect to Azure PubSub, and obviously there's no VPC endpoint for that since it's not an AWS service.
Is there a way to make Azure Pubsub accessible from private subnets without a NAT gateway? Or should I just bite the bullet on NAT costs?
Any advice appreciated!
https://redd.it/1ljk0ye
@r_devops
Career help
I want to transition my career from Windows support l1 to Azure DevOps. I'm also interested in exploring a career in Azure with OpenShift. Could you please guide me on the right learning path to get started?
https://redd.it/1ljffx6
@r_devops