Welcome to this week’s edition of the DevOps Bulletin!

Helm Charts might be convenient, but can also open dangerous gaps in your Kubernetes security model. Google Cloud SQL costs are climbing for many teams, and we dig into why your GCP database bill might be higher than expected.

AWS just rolled out a Cost Comparison feature in Cost Explorer to help you optimize your AWS bill. And there’s an important reminder in this week’s ops wisdom: automatic rollbacks should be your last resort, not your first response.

This week’s video explores the evolution of Infrastructure as Code in the enterprise, what happens when teams go multi-cloud and multi-IaC, and why disaster recovery as code is becoming a non-negotiable.

Tutorials this week cover critical topics:

• Managing a Terraform monorepo on GitLab

• A hands-on guide to really learning Docker

• What to do and what to avoid when designing REST APIs

• A deep dive into Vertical Pod Autoscaler (VPA)

• Using Prometheus to detect anomalies at scale

• How to validate AI-generated images using Bedrock

• Turning an old laptop into a private Kubernetes cluster

• Gaining a root shell on a credit card terminal (yes, really)

Projects of the week include some cool tools:

• Kubexit – coordinate graceful shutdowns for multi-container pods

• PGlite wrapper for Python – test with PostgreSQL, as lightweight as SQLite

• phptop – per-query metrics and system resource usage for PHP

• Container Use – give each coding agent its own container environment

• Rexec plugin – get audit logs for kubectl exec sessions

• ToolHive – deploy and manage MCP servers more easily and securely

All this and more in this week’s DevOps Bulletin—don’t miss out!

Newsworthy stories

• How out-of-the-box Helm Charts can breach your cluster

• How I use LLMs as a staff engineer

• AWS Cost Explorer now offers a new Cost Comparison feature

• Why is your Google Cloud SQL bill so high?

• Automatic rollbacks are a last resort

• Not every problem needs Kubernetes

Video of the week

Discover how global hiring is your competitive edge

Hiring smarter starts with understanding salary trends.

• Get global salary data on engineers, designers, product managers, and more.

• Explore top-tier talent with experience at AWS, Google, PwC, and beyond.

• Learn how to cut hiring costs and reinvest in growth.

Download the Report

Tutorials of the week

• Terraform modules monorepo on GitLab

• Docker the hands-on way

• How to (and how not to) design REST APIs

• Vertical Pod Autoscaler (VPA): a deep dive

• How to use Prometheus to efficiently detect anomalies at scale

• Steps to break up a Terralith

• Validating AI-generated images using AI and Amazon Bedrock

• Turn old laptop to a private Kubernetes cluster

• Root shell on credit card terminal

Projects of the week

• Kubexit is a command supervisor for coordinated Kubernetes pod container termination.

• PGlite wrapper in Python for testing. Test your app with Postgres, just as lightweight as SQLite.

• phptop prints per query and average metrics comparable to 'time' (wallclock, user and system CPU time), along with memory and other resource usages.

• Container Use lets each of your coding agents have their own containerized environment.

• Kubectl exec does not provide any audit of what is actually done inside the container. Rexec plugin is here to help with that.

• ToolHive is a lightweight utility designed to simplify the deployment and management of MCP servers, ensuring ease of use, consistency, and security.

Meme of the week