Obligatory not trying to sell you something. 😂

I’ve been around long enough to make it through a wave or two of low code/no code tools including things like UiPath back when it was a desktop app and had no AI smarts.

Now, not only do engineers have access to Claude Code et al, but accounting, finance, and Human Resources all have access to the same toolbox. And some are vibing away!

Our engineers understand there is more than just building a shiny UI in a container and that there are considerations for where it’s hosted, how it’s secured, where the code is hosted, and who is going to own the thing not to mention who’s going to vibe in a browning code base. The vibe coding population has told their LLM of choice that they’re not engineers and it’s happily barreling them forward to get things deployed all of that be damned.

How are you handling all that? I’m finding the idea of documentation (how to build and how to deploy) welcome, but also encountering folks who are way out over their skis but pressing on with personal GitHub accounts, free plans on various AI first hosting platforms, and deploying to cloud hosting providers they found the keys for and were previously unknown to ops. 😬

I’ve worked in orgs with strict governance but my understanding even of those orgs is that the AI bug has infected many. Trying to balance ‘hey, let’s slow down just a bit and get this managed properly’ with ‘oh, very important people saw you demo that flashy solution and want to know why it’s not immediately available’.

What’s working or not working for you in this area?

I've gotten laid off about 6 months ago, back in September. After being made redundant, I took some time off from anything work related, and got back to applying for DevOps/Platform engineering roles. Despite having gotten a dozen or so recruiters contacting me, as well as getting past a few final interviews, I feel as though my confidence is waning at this point.

My emergency funds are fairly solid, and should last a fairly long time (roughly 12 more months). I'm Interested in getting feedback mainly with my CV, as I fear I may be missing something here. I'm applying for mainly mid-level DevOps/Platform engineer roles.

My CV is here

Hey, DevOps Engineer here!

How do you handle the problem of “there is documentation” but no one knows where it is (except like 2 seniors who were there when it was written) - Using Confluence for this example?

The goal is to make the documentation explicitly available where it is most needed, instead of having to ask someone else “Where are the docs on X?” The reason this matters is that if someone is sick or unavailable, we avoid a single point of failure :D

Ideas I’ve come up with:

• Add relevant documents to the Jira ticket (for example, deployment Guide attached to deployment tickets).
• Create “Hook Pages” that are framed around the problem and point to or include the guide for example,
  • “How do I do X?” → links to guide on X
  • “What is Service?” → links to “Service Architecture Explanation Guide”
  • One guide can have multiple problem/question hooks

How do you go about making your docmunetation easily findable when you need it?

TL;DR

• The Roadmap https://roadmap.esc.sh/
• Source : https://github.com/MansoorMajeed/infra-roadmap
• Blog Post (the philosophy for learning SRE/DevOps) : https://blog.esc.sh/sre-devops-roadmap/

I have been an SRE for over a decade, and I’ve mentored a lot of junior engineers. The single biggest hurdle they all face is that the DevOps/SRE field is just incredibly overwhelming to beginners.

Many juniors make the mistake of jumping straight into learning tools (Docker, K8s, Terraform) without actually understanding what problems those tools were built to solve or how they fit together or the foundation of it all itself. If we look at traditional DevOps roadmaps or the CNCF landscape, it often makes the problem worse. It’s just a massive bingo card of logos that doesn't explain the "why" behind anything.

So, I decided to build a better way to visualize this: an interactive, progressive roadmap.

How it’s different:

• Question-Driven: Each different node follows a general thought or question a new engineer may have and lets them choose the next path that they find interesting
• Progressive Disclosure: It doesn't show you 200 tools at once. The map expands as you explore, keeping cognitive load low.
• Open Source & Static: It’s a fully offline, static site.

Note about how it was made: I am an SRE, not a frontend dev (I still struggle with frontend and I decided that it is not my cup of tea), so I used Claude to help write the React Flow/Next.js engine and some boilerplate text. However, the architecture, the paths, the connections, and the core learning flow are 100% my own design based on my experience. Because of that, it might be biased or missing things, so PRs are more than welcome!

I also wrote a short blog post expanding on why I think we need to teach "concepts over tools" if anyone is interested in the philosophy behind it. https://blog.esc.sh/sre-devops-roadmap/

I hope this helps some of the juniors build a mental model. Would love to hear your feedback!

I am also happy to answer any questions any new folks may have!

So I needed to find a full remote role because my current hybrid arrangement isn’t gonna work out moving forward. I ended up receiving an offer for a build and release engineer position.

My background is in traditional DevOps, supporting developers and their CI pipelines which I do enjoy. The toolset is: GitHub actions, AWS, EKS runner infra.

This new position is more like technical program/project management. I’ll be responsible for what releases go out the door, managing the GitHub branching strategy, and also owning the CI/CD pipelines + release automation.

The new role is a +20% TC, full remote position. Has anyone else made this transition? Loved it? Hated it? Interested to hear your experiences.

I don't know if its a right place for me to make this post ... but i have been loking for a job change ...my roles have been mixed like initially i worked as devops engineer for two years then was moved to cloud migration then cloud operations mainly in azure ....i have knowledge in terraform for infrastructure provisioning(mainly virtual machines) jenkins from previous experience python scripting kubernetes (AKS) docker azure devops pipelines its like i know a little bit of everything but not enough so does anyone know how to permanently switch to devops platform engineering?

im stuck i blew of an interview at round 2 because i didn't know system design much so i don't know i would appreciate any sort of help

I don't know where to start wat tools to stick too n learn properly ?

Hey Folks,

Last time I published my 100 interview questions. I've added 10 more new question from Glassdoor reviews covering Cloud.

Companies are Amazon, Accenture, Kayak, Adobe, Autodesk, EPAM, Lyft, Twitch, Coinbase. These are AWS questions, I've added Videos for them as well.

https://github.com/devops-interviews/devops-interview-questions

Nothing on github is paywalled. If you ever feel like thanking me just star the repo. Thanks

In this article, I’ll cover a complete guide on how to build a professional CLI (Command Line Interface) that is easy to use and, most importantly, easy to integrate with other applications. If you’ve never built a CLI before, don’t worry — we’ll start from scratch.

https://vibelog.mateusmoutinho.com.br/en/article?date=2026/03/07&id=cli-guide/

I am designing environment for malware simulation where it uses DNS tunneling to export data bypassing the firewall. For this I need to host an internal authoritative DNS for a dummy domain that would cache requests with encoded information.

Do you have any recommendations which software to use for it? I’m leaning towards bind9 on Debian host, but I’m not sure if it’s not an overkill since it’s an enterprise-grade solution and all I’m doing is a simple demo.

The infra runs on multi node proxmox and I use OPNSense for firewall if it matters.

Been testing EU managed k8s providers one by one for eucloudcost.com, OVH was next.

Short version: it just works.

Free control plane, free egress in EU regions. You only pay for nodes. Coming from AWS this feels wrong somehow.

I also managed to set both vRack subnets to no_gateway = true and then spent an hour wondering why Traefik was stuck in Pending. Turns out Octavia needs a gateway on the load balancer subnet. Anyway.

Main issue is no RWX volumes out of the box. File Storage for RWX exists but starts at 150 GiB which is overkill for most things, so out of the Box only RWO exists ...

Also they burned down a datacenter in 2021 so now every resource in the console shows you the AZ deployment mode.

Put together a reference repo with the full OpenTofu setup if you want a starting point: https://github.com/mixxor/opentofu-kubernetes-ovhcloud

Full writeup in comments.

Anyone else running OVHcloud in prod / dev ?
Curious if you hit anything weird I missed...

Not Devops related but could someone share me the link for pinned monthly thread ?

I cant seem to find it on this sub's homepage

I guess its used for promoting our projects or business

Thanks

Posted here last week about CleanCloud - a read-only AWS/Azure hygiene scanner that runs in CI and flags orphaned, untagged, and inactive resources before they hit your bill.

Got around 200+ installs via pip, but zero feedback. Which means either:

a) It worked perfectly and nobody felt like commenting

b) Something broke and nobody felt like commenting

c) The findings weren't useful enough to care about

Genuinely don't know which one. That's why I'm asking directly.

If you installed it and ran a scan, what happened?

Even "it found nothing" is useful signal for me.

20 high-signal rules across AWS and Azure - each read-only, conservative, and designed to avoid false positives in IaC environments.

AWS:

• Unattached EBS volumes (HIGH)
• Old EBS snapshots
• Infinite retention logs
• Unattached Elastic IPs (HIGH)
• Detached ENIs
• Untagged resources
• Old AMIs
• Idle NAT Gateways
• Idle RDS instances (HIGH)
• Idle load balancers (HIGH)

Azure:

• Unattached managed disks
• Old snapshots
• Unused public IPs (HIGH)
• Empty load balancers (HIGH)
• Empty App Gateways (HIGH)
• Empty App Service Plans (HIGH)
• Idle VNet Gateways
• Stopped (not deallocated) VMs (HIGH)
• Idle SQL databases (HIGH)
• Untagged resources

Reader role only. Zero telemetry. Nothing leaves your subscription.

You can raise issues or create discussions in the repo below incase you think the engine is worth using it in the CI/CD pipelines or locally

https://github.com/cleancloud-io/cleancloud

pipx install cleancloud

cleancloud demo

cleancloud doctor --provider aws

cleancloud scan --provider aws

cleancloud doctor --provider azure

cleancloud scan --provider azure

What Aws/Azure waste checks would actually make you add this to your pipeline? That's what I'm building next.

Thanks

Rant incoming.

I just inherited a project with a 2000-line Jenkins pipeline that deploys to Kubernetes. It has custom Groovy functions, shared libraries, 14 stages, parallel matrix builds for 3 environments, and a homegrown notification system that posts to Slack, Teams, AND email.

You know what it actually does? Build a Docker image, push it to ECR, and helm upgrade.

That's it. That's the whole deploy.

I replaced it with a 40-line GitHub Actions workflow in an afternoon. Same result, 10x easier to debug, and any new team member can understand it in 5 minutes instead of 5 days.

The lesson: complexity is not sophistication. If your CI/CD pipeline needs its own documentation site, you've gone too far. Start simple, add complexity only when you have a real problem that demands it.

Anyone else dealt with these over-engineered monstrosities?

Has anyone recently implemented a disaster recovery (DR) setup for the me-central-1 (UAE) region? How is it going?

My client needs to migrate workloads from the UAE region to the Mumbai region (ap-south-1), and the business has been down for the last four days. The workload includes 6–7 EC2 instances, 2 ECS clusters, CodePipeline, CodeDeploy, RDS, Auto Scaling Groups, ALB, and S3 , No Terraform or CFN.

I am currently attempting to copy EC2 and RDS snapshots to the ap-south-1 region, but I am experiencing significant delays and application errors due to the UAE Availability Zone failures.

What migration or recovery strategy would you recommend in this situation?

In my work they paid Claude license, and I'm giving it a shot with improving Dockerfiles and CI/CD yamls, or improving my company's cloud formation / terraform templates

However, I think I'm not using full advantage of this tool. What else am I lacking?

A colleague from my team recently wrote a great breakdown of how they reduced a Docker image by 84% for a Nuxt app using Prisma and SQLite.

What I liked about it is that it goes through the actual build strategy changes (multi-stage builds, runtime vs build deps, Prisma generation, etc).

The final Dockerfile is also included.

Curious what others here think about this approach.

https://wencesms.medium.com/optimizing-nuxt-prisma-in-docker-how-we-cut-our-image-size-by-84-ea43ffc5ae6c

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Credits: CodeAnt AI Security

Currently using terragrunt implicit stacks and they're working great. Has anyone bothered to use explicit stacks with the unit and stack blocks?

I initially just set up implicit stacks because I was trying to sell terragrunt to the team and they are a lot more familiar looking to vanilla opentofu users. Looking over the explicit stacks seems like too much abstraction, too much work. You have one repo with all your modules (infrastructure-modules), then another for you stacks and units (infrastrucuture-catalogs). If you want to make an in module change you'd need 3 seperate PRs (infra-modules+catalogs+live).

Doesn't seem that more advantageous then just having a doc that says hey if you need a new environment here's the units to deploy. The main upside I see is that the structure of each env is super locked in and controlled, easier to make exactly consistent except for a few vars like CIDR range. I've never worked somewhere where the envs were as consistent as people wanted them to be though 😬

Hi there .. I wanted a serious advice on changing my career , I have been working since 5 years in devops mainly groovy , deployments, jenkins have created many groovy scripts for deployments ,even wrote script for gcp deployments but haven't really worked on any cloud based tools specifically. I have worked on creating graffana boards was mainly on writing backend scripts using python and injecting data to elk.

I am planning on switching job currently working for a really good bank but I want to change my job for a better salary .. what are the areas I should be focussing for a better job. Should I learn more cloud based tools and then plan on switching. I see JDs actually mentioning everything related to devops from docker to kubernetes to cloud but I am really confused ..