Our services are running with Vault injector that creates a .env file under /vault/secrets/.env, which we then source in our entrypoint:

if [ -f /vault/secrets/.env ]; then
   source /vault/secrets/.env
   rm -rf /vault/secrets/.env
fi

These are the annotations we use in our deployment:

podAnnotations:
  vault.hashicorp.com/agent-inject: "true"
  vault.hashicorp.com/agent-inject-secret-.env: "secret/data/test"
  vault.hashicorp.com/role: "app"
  vault.hashicorp.com/agent-inject-template-.env: |
    {{- with secret "secret/data/test" }}
    {{- range $k, $v := .Data.data }}
    export {{ $k }}={{ $v }}
    {{- end }}
    {{- end }}

With this setup, Vault's agent runs in the Pod and watches that file continuously.

I want to avoid having Vault's agent running, so I added:

vault.hashicorp.com/agent-pre-populate-only: "true" 

This annotation spawns a Vault job that creates that .env file and exits when it's done.

However this introduced a problem: when my app fails for whatever reason, the app's container restarts, not the entire pod. This results in my Vault's job not running again, so /vault/secrets/.env doesn't exist anymore.

I'm trying to decide what to do from here. I've set some goals in mind:

• Avoid running a Vault side container with my app
• Delete the secrets from the disk after init

I was looking into Vault's CSI driver to see if it could solve my issue but wanted to hear other opinions. Maybe I'm approaching this in the wrong way.

Thank you!

I applied to 566 jobs on LinkedIn and didn't get a single response. Obviously, something's wrong with my resume. Please help me spot any red flags, because I've looked at this resume so many times that I can't see anything anymore.

Feel free to criticize.

Thanks: https://imgur.com/a/MdpfQRE

Can I build my very own website , web app or application by using Ai Models like Chat Gpt, Claude ai and other apps ?? Like I want fully functionaled with all database front end and backend by just giving extraordinary prompts to the ai models...

Please guyz help..!

Hello r/devops,

I'm currently working on enhancing our network provisioning workflow using Terraform and Ansible. My goal is to streamline the process and make it more efficient. Here’s the vision:

• An IPAM (IP Address Management system) to manage all IP addresses across various VRFs (Virtual Routing and Forwarding).
• A Vault for storing additional, necessary information securely.
• A Self-Service Portal for the operations team to autonomously manage network requirements.

The idea is that when the operations team needs to provision additional network resources in a private cloud, they can simply request it through the self-service portal. This request would automatically fetch the necessary IP from the IPAM. The operations member selects the client, which informs the system about the corresponding VRF. Then, Terraform and Ansible would kick off in the background to create and configure the networks, making them fully operational.

Here’s where I need your help:

• I’m looking for recommendations on self-service portal software or templates that could be adapted for such a setup. Any suggestions?

Questions for the community:

1. Are there any additional tools or integrations you think could enhance this setup?
2. Has anyone here implemented a similar solution? What were your experiences and pitfalls?

Any input or advice would be greatly appreciated as I navigate through this setup.

Thanks in advance!

Hey guys I got given a Cloud Engineer Certification Voucher, with it you can redeem for a Hashicorp Cloud Engineer exam which is normally 100 USD, the expiration date is 31 December 2024, if anyone is interested send me a DM and I'll send it over

I have searched this up and the only good thing about pull I can find is the security benefit of only storing k8 credentials in the cluster rather than externally in github or smth.

Push seems to be genuinely simpler and more effective in more relevant ways. With push architecture on a github action, you can run tests automatically within the pipeline, you can precisely define what happens in your github action. There is no polling rate, so changes happen ASAP.

The article below provides a step-by-step guide to help you design and implement the best metrics of how software is designed, developed, tested, and deployed with examining some of the most widely used KPIs: [Maximizing Software Dev Productivity: A Full Guide to Effective KPIs] (https://www.codium.ai/blog/maximizing-software-development-productivity/)

• Velocity
• Cycle Time
• Code Churn
• Defect Density
• Team Utilization

Hi team

i was working this last months building a ingress controller from scratch built in Rust: flusso, I’m seeking feedback from the community to make it the most reliable, secure, and efficient ingress solution possible, and I’d be incredibly grateful if you could give it a try and let me know your thoughts.

Why flusso?
I built flusso to address some of the limitations I’ve encountered in other popular ingress controllers:

1. Enhanced Security: Rust’s memory safety eliminates common vulnerabilities (like buffer overflows), making flusso a robust choice for security-focused deployments.
2. Resource Efficiency: Rust’s performance allows flusso to maintain high throughput without excessive CPU or memory consumption, especially under heavy loads.
3. Improved TLS Management: Automates certificate handling and provides easy setup for multi-domain configurations, minimizing downtime risks.
4. Simplified Configuration: flusso’s configuration is designed to be straightforward, with a GUI that displays backend services, status indicators, TLS info, host names, and ports at a glance.
5. Flexible Observability: Built-in support for detailed metrics and structured logs compatible with Prometheus and Grafana, making monitoring and debugging easier.

What I’d love feedback on:

• Dashboard: Is the GUI intuitive? Are the service details (status, TLS info, host, ports) helpful?
• Performance: How does flusso perform in your environment compared to other ingress controllers? Any bottlenecks?
• Configuration & Setup: Was the setup process straightforward? Are there configurations that could be clearer or easier?
• Suggestions for Features: Are there additional features you’d like to see or any compatibility issues with your tech stack?

How to Get Started:
flusso is available on GitHub https://github.com/DioCrafts/flusso. The current version is 0.0.1, so your feedback will help shape its roadmap and future improvements. I am just starting with the project, and i am working on it as hobbie in my free time.

If you’re interested in testing or have any thoughts on how to improve flusso, please leave a comment or DM me! All feedback, both positive and constructive, is welcome as it’ll help me refine flusso to meet real-world needs.

Thanks in advance, and I can’t wait to hear what the devops community thinks!

Hello guys,

İ have been working as cloud engineer for a while and our senior is never helpfull and guiding to the new joiners, indeed he's trying to take the sprint tickets from our hands when we ask some basic questions.

İ think senior engineer should be helpful and supportive. that is what being senior.

What's your thoughts about it? And if you were me what would you do in these cases ?

Hey Techies,

I have 3 years of experience in IT industry now and have across Linus servers, AWS cloud, Jenkins and Release Management. Now, I want to work as freelancer. Can you help me how to get my first project and proceed further.

Please share your experience.

I'm working for the past 25 years with Windows servers (on-prem), make Poweshell scripts, little Vmware experience and very little Azure experience. I'm 50 years old. The company was paying good so didn't bother to switch to other technologies. Now the company started to remove redundant jobs then I realised that I'm at risk and I think need to switch to other technologies to earn close to current pay. Thinking DevOps can be a choice for me to start learning and switch to also SRE role. Will DevOps or SRE role will close fit for me? Or any other roles should I switch to? I'm hearing Linux is base for DevOps not Windows. Appreciate your responses for me to make the right decision, TIA.

I would like to know salary in India for Staff software engineer, staff SRE

Can you tell me in dollars per month or annually. (Plus benefits you guys receive )

My cousin works for the military in IT and has a friend who runs his own business. After I told him I was considering a computer science degree (at 30 years old) he told me about his friend and said he may be able to get me a job.

He sends me a screen shot from the guy saying “ I think it's about six grand for 12 or 18 weeks. I think it's eight grand if you have them finance it. however, I would just say go learn the AWS cloud fundamentals, then learn how to write terraform, then some python anybody that learns those three things, I can hire”

Now he doesn’t explicitly state its devops but I thought this would be a good place to ask questions. I’ve already taught myself the basics of the Linux command line, python, and how to use git. So my question is, how long would it take to acquire enough of these skills to get an entry level job?

Hey guys,

I was approached to build a web application that fetches kubernetes logs based on namespaces, nodes and pods using python. I am thinking king use to use flask for this.

Idea is build a drop down kind of thing where first namespace will be selected, followed by deployment and pods.

Can you help me with python libraries and approach. Or if anyone has ever done this?

I only have url for kubernetes dashboard, that's all. What else I will be needing for this?

Do you guys use Vagrant still and where?

Is it worth spending time learning this tool?

Any advice for career growth as a SWE focused DevOps Engineer focused on developing complex CI/CD backend systems?

I feel more like a SWE sometimes. Should I transition to a backend dev? I rarely see coding heavy devops openings.

Why don't Big Tech companies hire DevOps engineers? I'd love to work at companies like that, but all I see are SRE positions available.

• I've seen cases where even top developers accidentally upload an API key to repository because there's no automated check to flag secrets, and then they spend hours and tons of energy fixing it.
• I've seen developers spend days integrating Vault into their Jenkins pipelines, when a DevOps could make it much faster.
• I've seen Full Stack developers write redundant CI/CD, endlessly rebuilding Docker images when a DevOps engineer could have easily cut resource use in half.
• And more, and more...

So how do big companies handle this? Do they actually expect developers to manage all of the CI/CD and infrastructure work? In my opinion, DevOps is key to optimizing resources and saving developers' valuable time. Is the DevOps role really seen as so unnecessary that Big Tech companies just ignore it?

I did the cloud resume project and know a little bit about some devops tools but I don't use them frequently. I also have a cloud lab that I might want to set up some dashboards with our API but not sure if any of this will help me land a job in a year or two of setting this up and playing with it?

I have also let the software team know I was interested in joining them, but roles don't open up there often. One guy waited six years to move from support to SWE. Any thoughts or tips appreciated.

https://itrevolution.com/product/the-phoenix-project-graphic-novel-volume-1/

I remember my own journey (years ago) trying to break into cloud roles; certs seemed like the golden ticket. But then I found myself hitting a wall when it came to hands-on, real-world experience. It was like, sure, I had the cert, but was I actually prepared for what cloud engineering really demands day-to-day? For those of you who’ve racked up a few certs—do you feel they gave you what’s needed for the job? Or did you find yourself needing a whole different kind of hands-on training after the fact? Let’s talk about it—any insights or experiences are super welcome!

If you're working with express or another server based framework/toolchain it's trivial to run your code locally for dev testing. When it comes to serverless the same options aren't available to you.

I wrote this tool to enable the "local-like" development experience for developers using AWS Lambda and Terraform.

It consists of custom terraform module which replicates the behaviour of the aws_lambda_function terraform module but, when launched through the teleform CLI a proxy function is deployed instead which routes any lambda invocations back from AWS to your machine (using ngrok), running your local code.

This allows you test code changes your AWS terraformed environment without having to deploy every change, massively shrinking the development cycle.

This is the second project I have open sourced, and I'd appreciate the feedback if nothing else.

Please take a look here: https://github.com/uatec/teleform

I hope it can be of use to the community.

While doing devops I notice that even though I'm finishing tasks I'm not able to fully perceive what's happening in detail.

Is it normal for people who are in devops or should I try to understand more of what's happening in detail. I'm mainly not able to do this due to time constraints and stuff

For example I setup a open telemetry in our backend service and connected it to a collector, which then connects to grafana tempo for tracing requests and monitoring it. I've done the task successfully and my seniors are happy, but I feel I just went through some docs and made something up that works for now.

I just feel if doing things in such a way would help me in the future, I'm also unable to grasp it's functioning fully

But, it does not replace critical thinking.

I’m a daily user of various AI tools, and they’re great and save me a lot of time, but I’m finding it frustrating when engineers spend half a day crafting the perfect prompt when the answer is searchable in the docs.

We recently migrated to using ephemeral dev environments using Okteto. I'm curious how folks using dev environments are integrating with common vendors like Sentry, DataDog and other vendors. Any experience or success tying the life cycle of dev environments to the integrations? For e.g., spinning up a DataDog instance when the dev environment is created and tearing it down when the dev environment is destroyed. Or, maybe there are other models with different trade offs. How are you all tackling it?

The idea is essentially to use human & workload identity to pull secrets & configs into environments versus "pushing" them.

More here: https://runme.dev/blog/typed-env-vars

I have a potential offer from them, but it's difficult to find reviews of their software engineering roles. Does anyone have experience with them or similarly companies?

I do like the idea of having a security clearance and working in this industry, but I just fear the role might not be what is advertised. Any suggestions on how to get more details? I have been talking to people within the company obviously, but they all seem so decoupled from each other so I'm not sure how to get the full picture.

Hey guys Actually i’m new to this PXE boot or iPXE or image server , etc .., I need to learn those things Suggest me some resources!!

Hello everyone,

I'm a cloud engineer, and our product owner has asked me to research the use cases of generative AI in the context of cloud computing. If anyone here is currently using generative AI, I'd love to brainstorm together.

How are you utilizing generative AI in your projects, or how do you plan to use it in the future?

As the title suggests how do you become an expert in anything example kubernetes how do you become a master here ?

For me, I learned from certification, documentation, videos, books, hands-on, experience but still i find myself very less knowledgeable compared to my coworkers