Welcome to this week’s edition of the DevOps Bulletin.

We’re kicking off with AI and Infrastructure as Code: a spotlight event on January 28 will show how platform and DevOps teams are using AI for real infrastructure work, from AI-assisted IaC to better shared module adoption. In the news, engineers share how they really think about Kubernetes, why staging environments often lie and waste money, how Shopify fixed a single BigQuery query that was burning nearly $1 million a month, and what GitHub’s latest guidance means for npm maintainers after yet another supply-chain scare. We also look at why some teams are saying goodbye to microservices, how Azure seamless SSO can still be abused, what happened at Tailwind Labs after major layoffs, and how an AI chatbot vulnerability derailed Eurostar.

On the hands-on side: real AWS privilege-escalation paths, why pre-commit hooks are fundamentally broken, how “everything allowed” pods on EKS break isolation, agent-driven troubleshooting for cloud-native systems, hardening Kubernetes with DevSecOps practices, testing Lambda@Edge locally with LocalStack, and deploying microservices to AKS with GitHub Actions.

Open-source picks include an AWS IAM privilege-escalation knowledge base, a metrics-to-root-cause troubleshooting agent, a Tailscale security auditor, a CLI for threat modeling as code, and a local, intent-aware code search tool.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Building at the intersection of AI and IaC

Learn how platform and DevOps teams are using AI in real infrastructure work, including AI-assisted IaC and better adoption of shared modules at IaCConf Spotlight on January 28. Register now

Newsworthy stories

• How I think about Kubernetes

• Staging is a wasteful lie

• How we fixed a $1M query

• Decoding the GitHub recommendations for npm maintainers

• Goodbye microservices

• Azure seamless SSO: When cookie theft doesn’t cut it

• Creators of Tailwind laid off 75% of their engineering team

• Eurostar AI vulnerability: when a chatbot goes off the rails

Tutorials of the week

• AWS privilege escalation techniques

• Pre-commit hooks are fundamentally broken

• Everything is allowed on AWS EKS

• Agentic troubleshooting built for the cloud native era

• Hardening Kubernetes security with DevSecOps practices

• Building & testing Lambda@Edge functions with LocalStack

• Deploy microservices on AKS using GitHub Actions

• Go feature: Modernized go fix

Videos of the week

Projects of the week

• A knowledge base that documents AWS IAM privilege escalation paths with prerequisites, variants, and remediation.

• A troubleshooting agent that connects metrics, logs, traces, and runbooks to quickly find root causes.

  

• A CLI security auditor that scans Tailscale networks for misconfigurations and overly permissive access.

• A CLI tool to define, validate, and automate threat models using HCL in version control.

• A local, context-aware code search tool that ranks results by intent using repo structure and metadata.

Meme of the week