<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Neeraja Khanapure</title>
    <description>The latest articles on DEV Community by Neeraja Khanapure (@neeraja_khanapure_4a33a5f).</description>
    <link>https://dev.to/neeraja_khanapure_4a33a5f</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3594314%2Feb8f6250-03b3-4528-af8b-17a146fe27c2.png</url>
      <title>DEV Community: Neeraja Khanapure</title>
      <link>https://dev.to/neeraja_khanapure_4a33a5f</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/neeraja_khanapure_4a33a5f"/>
    <language>en</language>
    <item>
      <title>Not in any textbook — learned this from a 3am page:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 30 Jun 2026 11:31:56 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/not-in-any-textbook-learned-this-from-a-3am-page-1e3a</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/not-in-any-textbook-learned-this-from-a-3am-page-1e3a</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-06-30)
&lt;/h1&gt;

&lt;p&gt;Not in any textbook — learned this from a 3am page:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;On-call burnout is an alert design problem, not a schedule problem&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Every team I've seen fight burnout by rotating people faster. The actual fix is almost always the same: the alerts are wrong.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Alert quality spectrum:

Noisy ◀─────────────────────────── ▶ Actionable

[cpu &amp;gt; 80%]  [pod restart]  [error budget burn]  [customer impact]
     │              │               │                    │
 ignore me      maybe?         investigate!          wake me up
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Alerts without a named owner and a runbook produce paralysis, not action — especially at 2am.&lt;br&gt;
▸ Flapping alerts are the fastest path to alert blindness — engineers learn to dismiss pages before reading them.&lt;br&gt;
▸ Cause-based alerts (disk full) and symptom-based alerts (latency spike) need different urgency and routing.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ Before any alert ships: Who acts on it? What do they do? What's the cost of 30 minutes of inaction? If you can't answer all three, it's not ready.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ Weekly alert review ritual: tag every last-week page as actionable / noisy / redundant. Kill the bottom two categories.&lt;br&gt;
▸ PagerDuty/OpsGenie grouping + escalation policies — reduce interrupt rate without hiding real incidents.&lt;/p&gt;

&lt;p&gt;Reliability is a product feature. The engineers who treat it that way are the ones who get asked into the room.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/on-call-burnout-is-an-alert-design-problem-not-a-schedule-problem" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/on-call-burnout-is-an-alert-design-problem-not-a-schedule-problem&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Hiring managers: engineers who think about this in interviews are the ones worth calling back.&lt;/p&gt;

&lt;h1&gt;
  
  
  sre #observability #reliability #devops
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
    <item>
      <title>One insight that changed how I design systems:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 26 Jun 2026 11:33:43 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-3c3c</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-3c3c</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-06-26)
&lt;/h1&gt;

&lt;p&gt;One insight that changed how I design systems:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Feature flags are ops infrastructure, not a product team tool&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most platform teams treat feature flags as a product/A-B testing concern and miss the most operationally valuable use case: instant rollback for any backend change, without a redeployment. The teams with the lowest incident MTTR almost all have the same secret — they can disable any code path in 30 seconds.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Feature flag as ops tool:

New backend change ships ──▶ [flag: new_auth_flow = true]
                                        │
                              Incident detected (T+12min)
                                        │
                              [flag: new_auth_flow = false]
                                        │
                              Recovery complete (T+13min)

vs. traditional rollback:    Recovery complete (T+75min)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ A feature flag that can disable a code path in 30 seconds is worth more than any runbook during an active incident. It converts a deployment rollback — with its pipeline, merge, and propagation delays — into a config change. Most platform teams own the infra for this and never tell product teams it exists.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ Every significant backend change ships behind a flag for at least 2 weeks post-deploy. Flags are cheap. Incidents are not. Make flags a deployment requirement, not an option.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ Martin Fowler — Feature Toggles pattern (martinfowler.com/articles/feature-toggles.html)&lt;br&gt;
▸ LaunchDarkly / Unleash — flag lifecycle management and audit logging best practices&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/feature-flags-are-ops-infrastructure-not-a-product-team-tool" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/feature-flags-are-ops-infrastructure-not-a-product-team-tool&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If this resonated, share it with one person on your team who'd benefit. That's how good thinking spreads.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>Something I keep explaining in architecture reviews:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 23 Jun 2026 11:42:02 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/something-i-keep-explaining-in-architecture-reviews-4lma</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/something-i-keep-explaining-in-architecture-reviews-4lma</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-06-23)
&lt;/h1&gt;

&lt;p&gt;Something I keep explaining in architecture reviews:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Secrets management: designing for rotation, not just storage&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most orgs solve 'where do we store secrets securely.' The teams that get paged at 2am are the ones who never solved 'how do we rotate them without downtime.'&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Storage-only design:        Rotation-aware design:

Secret ──▶ Vault            Secret ──▶ Vault ──▶ Agent Injector
              │                                        │
         Pod (env var)                           Pod (file mount)
              │                                        │
         Restart to           Auto-reload ◀────── Lease renewer
         get new value        (zero downtime)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Secrets as env vars require pod restarts on rotation — making rotation a deployment event with blast radius.&lt;br&gt;
▸ Vault leases expiring in long-running jobs produce auth errors that look like app bugs, not infra failures.&lt;br&gt;
▸ Secret sprawl across namespaces means rotation happens in 12 places — and one always gets missed.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ Design rotation before you design storage. If you can't rotate a secret in under 10 minutes with no downtime, the design isn't production-ready.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ Vault Agent Injector or External Secrets Operator — decouple secret delivery from pod lifecycle.&lt;br&gt;
▸ Monthly secret access log audit — stale consumers are how you discover forgotten service accounts before attackers do.&lt;/p&gt;

&lt;p&gt;Reliability is a product feature. The engineers who treat it that way are the ones who get asked into the room.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/secrets-management-designing-for-rotation-not-just-storage" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/secrets-management-designing-for-rotation-not-just-storage&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If this triggered a war story, I'd genuinely love to hear it.&lt;/p&gt;

&lt;h1&gt;
  
  
  security #devops #kubernetes #sre
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
    <item>
      <title>This is what separates teams that scale from teams that survive:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 19 Jun 2026 12:36:33 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/this-is-what-separates-teams-that-scale-from-teams-that-survive-f7c</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/this-is-what-separates-teams-that-scale-from-teams-that-survive-f7c</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-06-19)
&lt;/h1&gt;

&lt;p&gt;This is what separates teams that scale from teams that survive:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Dependency updates are reliability work, not maintenance work&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The orgs that get hit hardest by CVEs and supply chain incidents have one thing in common: they batch dependency updates into quarterly sprints. By then, the update is a 6-version jump, the changelog is 200 lines, and the 'quick upgrade' becomes a multi-day incident waiting to happen.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Batch update model (risky):   Continuous model (safe):

Q1: Skip                      Week 1: +2 deps (auto-PR)
Q2: Skip                      Week 2: +1 dep (auto-PR)
Q3: Skip                      Week 3: +3 deps (auto-PR)
Q4: "Upgrade sprint"          ...
    6-version jumps            Each PR: small diff, fast review
    Breaking changes           Rollback: one PR revert
    3-day debugging session    MTTR if it breaks: 10 min
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ Automated dependency PRs (Renovate/Dependabot) with a 2-week merge SLA cost almost nothing — a 5-minute review per PR. Skipping them accumulates a compounding tax: more conflicts, larger blast radius, slower rollback. The math strongly favors continuous updates.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ Automate dependency PRs. Set a team policy: merge or explicitly defer within 2 weeks. Every skip is a known risk you're consciously accepting — treat it that way.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ Renovate Bot — automerge strategies, scheduling, and grouping (docs.renovatebot.com)&lt;br&gt;
▸ SLSA framework — supply chain integrity levels and provenance (slsa.dev)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/dependency-updates-are-reliability-work-not-maintenance-work" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/dependency-updates-are-reliability-work-not-maintenance-work&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you're earlier in your career: bookmark this. It'll make more sense after your first real production incident.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>This is the gap between 'it works' and 'it's operable':</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 16 Jun 2026 13:16:43 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/this-is-the-gap-between-it-works-and-its-operable-4obh</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/this-is-the-gap-between-it-works-and-its-operable-4obh</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-06-16)
&lt;/h1&gt;

&lt;p&gt;This is the gap between 'it works' and 'it's operable':&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Platform engineering: the paved road fails when it paves over developer autonomy&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Internal platforms succeed when product teams choose them because they reduce friction — not when they're mandated because someone drew a box on an architecture diagram.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Platform adoption models:

Mandate model:              Product model:

CTO decrees IDP ──▶         Platform team ships ──▶ Reduces deploy time
Teams forced to use │        │                        │
       │            │        ▼                        ▼
Workarounds found   │       Developers adopt      Platform iterates
Shadow IT grows ◀───┘       voluntarily            on real friction
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Compliance-first platforms get abandoned the moment engineers find a workaround — adoption needs perceived value.&lt;br&gt;
▸ Golden path templates that aren't maintained become the thing everyone forks immediately — N diverged paths.&lt;br&gt;
▸ Platform teams without production on-call exposure build abstractions that look clean and fail badly.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ Measure platform success by developer time-to-production and incident contribution rate — not by adoption numbers you control.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ Backstage for catalog + portal — but treat it as a product, not a project. Stale catalogs are worse than no catalog.&lt;br&gt;
▸ Quarterly 'friction interviews' with 3-5 product engineers — they'll identify the real bottlenecks faster than any metric.&lt;/p&gt;

&lt;p&gt;The best platform teams I've seen measure success by how rarely product teams have to think about infrastructure.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/platform-engineering-the-paved-road-fails-when-it-paves-over-developer-autonomy" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/platform-engineering-the-paved-road-fails-when-it-paves-over-developer-autonomy&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Strong opinions on this? Good. I want to hear the pushback.&lt;/p&gt;

&lt;h1&gt;
  
  
  platformengineering #devops #sre #kubernetes
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
    <item>
      <title>A Friday systems thinking thread — worth sitting with:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 12 Jun 2026 12:02:50 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/a-friday-systems-thinking-thread-worth-sitting-with-28k5</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/a-friday-systems-thinking-thread-worth-sitting-with-28k5</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-06-12)
&lt;/h1&gt;

&lt;p&gt;A Friday systems thinking thread — worth sitting with:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Observability debt is invisible until an incident makes it expensive&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;You can't debug what you can't slice. Teams add dashboards for years and still can't answer the two questions that matter most in an incident: which customers are affected, and which change caused it. The problem is almost never the tool — it's the label strategy.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Observability debt accumulation:

Month 1:  Service A metrics added (no ownership labels)
Month 3:  Service B metrics added (different label schema)
Month 6:  Dashboard count: 47. Useful in incident: 3.
Month 9:  P0 incident. Can't isolate by customer/version.
          Engineer guesses. Guesses wrong. +45min MTTR.

Fix: Define label schema FIRST. Instrument second.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ The teams that debug incidents fastest don't have more metrics — they have metrics that answer the right questions at the right cardinality. SLI-first instrumentation design is a force multiplier. Most teams instrument first and wonder why dashboards are noisy.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ Define your SLIs, then design labels that let you isolate by (service, env, version, customer tier) without exploding cardinality. Instrument last.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ Brendan Gregg's USE Method + Google's RED Method for SLI-first design&lt;br&gt;
▸ Prometheus label best practices — cardinality anti-patterns (prometheus.io/docs)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/observability-debt-is-invisible-until-an-incident-makes-it-expensive" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/observability-debt-is-invisible-until-an-incident-makes-it-expensive&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What's the version of this that your org gets wrong? Drop it below.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>Something every senior engineer learns the expensive way:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 09 Jun 2026 11:43:08 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/something-every-senior-engineer-learns-the-expensive-way-3i0j</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/something-every-senior-engineer-learns-the-expensive-way-3i0j</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-06-09)
&lt;/h1&gt;

&lt;p&gt;Something every senior engineer learns the expensive way:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Terraform DAGs at scale: when the graph becomes the hazard&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Terraform's dependency graph is elegant at small scale. At 500+ resources across a mono-repo, it becomes the most dangerous part of your infrastructure.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;SAFE (small module):              DANGEROUS (at scale):

[vpc] ──▶ [subnet] ──▶ [ec2]     [shared-net] ──▶ [team-a-infra]
                                          │         [team-b-infra]
                                          │         [team-c-infra]
                                          │         [data-layer]
                                  One change → fan-out destroy/create
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Implicit ordering assumptions survive until a refactor exposes them — usually as an unplanned destroy chain in prod.&lt;br&gt;
▸ Fan-out graphs make blast radius review near-impossible. 'What does this change affect?' has no fast answer.&lt;br&gt;
▸ &lt;code&gt;depends_on&lt;/code&gt; papering over bad module interfaces — it fixes the symptom and couples the modules permanently.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ If a module needs &lt;code&gt;depends_on&lt;/code&gt; to be safe, the module boundary is wrong. Redesign the interface — don't paper over it.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ &lt;code&gt;terraform graph | dot -Tsvg &amp;gt; graph.svg&lt;/code&gt; — visualize fan-out and cycles before every major refactor.&lt;br&gt;
▸ Gate all applies with OPA/Conftest + mandatory human review on any planned destroy operations.&lt;/p&gt;

&lt;p&gt;The difference between a senior engineer and a principal is knowing which guardrails to build before you need them.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/terraform-dags-at-scale-when-the-graph-becomes-the-hazard" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/terraform-dags-at-scale-when-the-graph-becomes-the-hazard&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Curious what guardrails you've built around this. Drop your pattern below.&lt;/p&gt;

&lt;h1&gt;
  
  
  terraform #iac #devops #sre
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
    <item>
      <title>One insight that changed how I design systems:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 05 Jun 2026 11:50:21 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-1jg9</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-1jg9</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-06-05)
&lt;/h1&gt;

&lt;p&gt;One insight that changed how I design systems:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;CI/CD maturity isn't deploy frequency — it's rollback speed&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most orgs measure pipeline health by how fast they can ship. The metric that actually predicts reliability is how fast they can un-ship. The teams I've seen handle incidents best can rollback any change in under 5 minutes — not because of tools, but because they designed for it.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Pipeline maturity spectrum:

Level 1:  Manual deploys, no rollback plan
Level 2:  Automated deploys, manual rollback (30-60 min)
Level 3:  Automated deploys, scripted rollback (5-15 min)
Level 4:  Progressive delivery + auto-rollback on SLO breach
          (Rollback = automatic, measured in seconds)

Most orgs think they're at L3. Incidents reveal they're at L2.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ At scale, the teams who deploy most confidently are the ones who've made rollback boring and automatic — not the ones who've made deploys faster. Speed without a safety net is just a higher-velocity path to incidents.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ If your rollback plan starts with 'first, find the last good commit...', you don't have a rollback plan. You have a recovery plan. These are not the same thing.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ Google SRE Book — Release Engineering &amp;amp; Change Management (ch. 8)&lt;br&gt;
▸ Argo Rollouts docs — metric-gated progressive delivery and auto-rollback&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/cicd-maturity-isnt-deploy-frequency-its-rollback-speed" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/cicd-maturity-isnt-deploy-frequency-its-rollback-speed&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you're a manager reading this — it's worth asking your team where they are on this.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>Not in any textbook — learned this from a 3am page:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 02 Jun 2026 12:27:30 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/not-in-any-textbook-learned-this-from-a-3am-page-gh6</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/not-in-any-textbook-learned-this-from-a-3am-page-gh6</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-06-02)
&lt;/h1&gt;

&lt;p&gt;Not in any textbook — learned this from a 3am page:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Kubernetes cost spikes: the usual suspects and how to find them fast&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Cloud bills spike in Kubernetes for the same reasons every time. None of them are visible in the default dashboards — and most of them are invisible until month-end.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Cost leak sources (ranked by surprise factor):

1. Unset resource requests   → scheduler packs nodes → OOM → over-provision
2. Autoscaler scale-down lag → zombie nodes after traffic spike
3. Log pipelines w/o sample  → 40% of bill, 0% of dashboards
4. Idle namespaces           → dev clusters running 24/7
5. Spot interruption gaps    → fallback to on-demand, never reverted
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Missing resource requests let the scheduler over-pack nodes — when pods OOM, you over-provision to compensate.&lt;br&gt;
▸ Cluster autoscaler adds nodes faster than it removes them. Spot interruptions leave zombie capacity for hours.&lt;br&gt;
▸ Logging agents (Fluentd/Filebeat) on every node with no sampling become the largest line item nobody owns.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ Every workload needs requests AND limits. Review autoscaler scale-down thresholds monthly. Sample logs at source, not at the sink.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ Kubecost or OpenCost — per-namespace/team attribution. Without this, no one feels accountable for the number.&lt;br&gt;
▸ KEDA for event-driven workload scaling — eliminates idle replicas without sacrificing responsiveness.&lt;/p&gt;

&lt;p&gt;The best platform teams I've seen measure success by how rarely product teams have to think about infrastructure.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/kubernetes-cost-spikes-the-usual-suspects-and-how-to-find-them-fast" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/kubernetes-cost-spikes-the-usual-suspects-and-how-to-find-them-fast&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Strong opinions on this? Good. I want to hear the pushback.&lt;/p&gt;

&lt;h1&gt;
  
  
  kubernetes #finops #devops #platformengineering
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
    <item>
      <title>Something I wish someone had told me five years earlier:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 29 May 2026 11:56:59 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/something-i-wish-someone-had-told-me-five-years-earlier-2862</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/something-i-wish-someone-had-told-me-five-years-earlier-2862</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-05-29)
&lt;/h1&gt;

&lt;p&gt;Something I wish someone had told me five years earlier:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Zero-downtime deployments: what 'zero' actually requires most teams don't have&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most teams say they do zero-downtime deploys and mean 'we haven't gotten a complaint in a while.' Actually measuring it reveals the truth: connection drops, in-flight request failures, and cache invalidation spikes during rollouts that nobody's tracking because nobody defined what zero means.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;What 'zero downtime' actually requires:

✓ Health checks reflect REAL readiness (not just 'process started')
✓ Graceful shutdown drains in-flight requests (SIGTERM handling)
✓ Connection draining at the load balancer (not just the pod)
✓ Rollback faster than the deploy (&amp;lt; 5 min, automated)
✓ SLI measurement during the rollout window (not just after)

Missing any one of these = not zero downtime. Just unmonitored downtime.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ The most common failure mode is passing health checks before the app is actually ready — DB connections not pooled, caches not warm, background workers not started. The pod is 'Ready' and the app is still initializing. Users see errors. Nobody's dashboard shows it because nobody's measuring error rate during the rollout window.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ Define 'zero downtime' with a measurable SLI: error rate &amp;lt; 0.1% during any 5-minute deploy window. Validate this in staging before calling it done. Measure it in production on every release.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ Kubernetes deployment strategies — rolling, blue/green, canary with traffic splitting&lt;br&gt;
▸ AWS ALB / GCP Cloud Load Balancing — connection draining configuration and health check tuning&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/zero-downtime-deployments-what-zero-actually-requires-most-teams-dont-have" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/zero-downtime-deployments-what-zero-actually-requires-most-teams-dont-have&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you're a manager reading this — it's worth asking your team where they are on this.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>One insight that changed how I design systems:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Fri, 22 May 2026 11:33:09 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-1506</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/one-insight-that-changed-how-i-design-systems-1506</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Insight (2026-05-22)
&lt;/h1&gt;

&lt;p&gt;One insight that changed how I design systems:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Runbook quality decays silently — and that decay kills MTTR&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Runbooks that haven't been run recently are wrong. Not outdated — wrong. The service changed. The tool was deprecated. The endpoint moved. Nobody updated the doc because nobody reads it until 3am. And at 3am, a wrong runbook is worse than no runbook — it sends engineers down confident paths that dead-end.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Runbook decay curve:

Quality
  │▓▓▓▓▓▓▓▓▓▓
  │         ▓▓▓▓▓
  │              ▓▓▓▓
  │                  ▓▓▓▓▓
  │                       ▓▓▓░░░░░░░
  │                             ░░░░░░░░ ← "last validated 8 months ago"
  └────────────────────────────────────▶
  Write   Month 1  Month 3  Month 6  Month 9
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The non-obvious part:&lt;br&gt;
→ The highest-leverage runbook improvement isn't better writing — it's a validation date and a quarterly review reminder. A runbook with 'last validated: 2 weeks ago' that's 70% accurate is worth more than a beautifully written one from 8 months ago that's 40% accurate.&lt;/p&gt;

&lt;p&gt;My rule:&lt;br&gt;
→ Every runbook gets a 'last validated' date. Anything older than 3 months is assumed broken until proven otherwise. Review is part of the on-call rotation, not optional.&lt;/p&gt;

&lt;p&gt;Worth reading:&lt;br&gt;
▸ PagerDuty Incident Response guide — runbook standards and validation cadence&lt;br&gt;
▸ Post-incident review template: 'Did the runbook help, mislead, or was it missing?' (standard question)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://neeraja-portfolio-v1.vercel.app/insights/runbook-quality-decays-silently-and-that-decay-kills-mttr" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/insights/runbook-quality-decays-silently-and-that-decay-kills-mttr&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What's the version of this that your org gets wrong? Drop it below.&lt;/p&gt;

&lt;h1&gt;
  
  
  devops #sre #observability #platformengineering
&lt;/h1&gt;

</description>
      <category>observability</category>
      <category>sre</category>
      <category>devops</category>
      <category>platformengineering</category>
    </item>
    <item>
      <title>A hard-earned rule from incident retrospectives:</title>
      <dc:creator>Neeraja Khanapure</dc:creator>
      <pubDate>Tue, 19 May 2026 11:42:11 +0000</pubDate>
      <link>https://dev.to/neeraja_khanapure_4a33a5f/a-hard-earned-rule-from-incident-retrospectives-1ln6</link>
      <guid>https://dev.to/neeraja_khanapure_4a33a5f/a-hard-earned-rule-from-incident-retrospectives-1ln6</guid>
      <description>&lt;h1&gt;
  
  
  LinkedIn Draft — Workflow (2026-05-19)
&lt;/h1&gt;

&lt;p&gt;A hard-earned rule from incident retrospectives:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Incident RCA without a data-backed timeline is just a story you told yourself&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Most post-mortems produce lessons that don't stick. The root cause is almost always the same: the timeline was built from memory, not from data.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Memory-based timeline:     Data-backed timeline:

T+0  "Deploy happened"     T+0:00  Deploy (Argo event)
T+?  "Errors started"      T+0:07  Error rate +0.3% (Prometheus)
T+?  "Someone noticed"     T+0:12  P95 latency 340ms→2.1s (trace)
T+?  "We rolled back"      T+0:19  Alert fired (PD)
                           T+0:31  Rollback complete (Argo)
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Where it breaks:&lt;br&gt;
▸ Log timestamps across services diverge by seconds without NTP — your timeline is wrong before you begin.&lt;br&gt;
▸ Correlation between a deploy event and a metric spike gets missed when dashboards lack deployment markers.&lt;br&gt;
▸ Contributing factors vanish from the narrative because they're hard to prove — and the same incident repeats.&lt;/p&gt;

&lt;p&gt;The rule I keep coming back to:&lt;br&gt;
→ Build the timeline from data only before the RCA meeting begins. If you can't source an event, mark it 'unverified' — not assumed.&lt;/p&gt;

&lt;p&gt;How I sanity-check it:&lt;br&gt;
▸ OpenTelemetry trace IDs as the timeline spine — they cross service boundaries with sub-millisecond precision.&lt;br&gt;
▸ Grafana annotations on every deploy, config change, and scaling event — visible on every dashboard automatically.&lt;/p&gt;

&lt;p&gt;Systems that are hard to debug were designed without the debugger in mind. Build observability in, not on.&lt;/p&gt;

&lt;p&gt;Deep dive: &lt;a href="https://neeraja-portfolio-v1.vercel.app/workflows/incident-rca-without-a-data-backed-timeline-is-just-a-story-you-told-yourself" rel="noopener noreferrer"&gt;https://neeraja-portfolio-v1.vercel.app/workflows/incident-rca-without-a-data-backed-timeline-is-just-a-story-you-told-yourself&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This is where most runbooks stop — what's your next step after this?&lt;/p&gt;

&lt;h1&gt;
  
  
  sre #reliability #observability #devops
&lt;/h1&gt;

</description>
      <category>devops</category>
      <category>sre</category>
      <category>kubernetes</category>
      <category>terraform</category>
    </item>
  </channel>
</rss>
