DEV Community: Neeraja Khanapure

A hard-earned rule from incident retrospectives:

Neeraja Khanapure — Tue, 19 May 2026 11:42:11 +0000

LinkedIn Draft — Workflow (2026-05-19)

A hard-earned rule from incident retrospectives:

Incident RCA without a data-backed timeline is just a story you told yourself

Most post-mortems produce lessons that don't stick. The root cause is almost always the same: the timeline was built from memory, not from data.

Memory-based timeline:     Data-backed timeline:

T+0  "Deploy happened"     T+0:00  Deploy (Argo event)
T+?  "Errors started"      T+0:07  Error rate +0.3% (Prometheus)
T+?  "Someone noticed"     T+0:12  P95 latency 340ms→2.1s (trace)
T+?  "We rolled back"      T+0:19  Alert fired (PD)
                           T+0:31  Rollback complete (Argo)

Where it breaks:
▸ Log timestamps across services diverge by seconds without NTP — your timeline is wrong before you begin.
▸ Correlation between a deploy event and a metric spike gets missed when dashboards lack deployment markers.
▸ Contributing factors vanish from the narrative because they're hard to prove — and the same incident repeats.

The rule I keep coming back to:
→ Build the timeline from data only before the RCA meeting begins. If you can't source an event, mark it 'unverified' — not assumed.

How I sanity-check it:
▸ OpenTelemetry trace IDs as the timeline spine — they cross service boundaries with sub-millisecond precision.
▸ Grafana annotations on every deploy, config change, and scaling event — visible on every dashboard automatically.

Systems that are hard to debug were designed without the debugger in mind. Build observability in, not on.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/incident-rca-without-a-data-backed-timeline-is-just-a-story-you-told-yourself

This is where most runbooks stop — what's your next step after this?

sre #reliability #observability #devops

Something I wish someone had told me five years earlier:

Neeraja Khanapure — Fri, 15 May 2026 11:06:41 +0000

LinkedIn Draft — Insight (2026-05-15)

Something I wish someone had told me five years earlier:

AIOps is a reasoning accelerator, not an auto-remediation system

The orgs getting real value from AIOps aren't the ones automating remediation — they're the ones using AI to compress the signal-to-hypothesis gap. The hard part of incidents isn't fixing things. It's knowing what to fix, in what order, with what confidence.

Where AI adds real value in incidents:

Alert storm (200 events)
       │
       ▼
  [AI correlation]  ──▶  3 likely root causes (ranked)
       │
       ▼
  [AI runbook retrieval]  ──▶  Relevant steps surfaced
       │
       ▼
  Human validates hypothesis  ──▶  Takes action
       │
  Auto-remediation only here ──▶  After human confirms

The non-obvious part:
→ AI that remediates without evidence is hallucination-as-a-service. The models that earn trust are the ones that show their work: here's the metric spike, here's the correlated trace, here's the similar past incident. Evidence first, action second.

My rule:
→ Use AI for hypothesis ranking and runbook retrieval. Keep remediation behind explicit human approval. Trust is earned incrementally — don't give it away in the initial design.

Worth reading:
▸ OpenTelemetry — consistent signal foundation for AI correlation (opentelemetry.io)
▸ Blameless RCA templates — 'did AI help or mislead?' as a standard post-incident question

https://neeraja-portfolio-v1.vercel.app/insights/aiops-is-a-reasoning-accelerator-not-an-auto-remediation-system

If you disagree, I want to hear it. The best version of this thinking comes from pushback.

devops #sre #observability #platformengineering

This pattern has saved production twice in the last year:

Neeraja Khanapure — Tue, 12 May 2026 11:02:14 +0000

LinkedIn Draft — Workflow (2026-05-12)

This pattern has saved production twice in the last year:

Service mesh adoption: the operational debt lands before the value does

Service meshes promise mTLS, traffic splitting, and deep observability. What arrives first is a new category of production failures your team has never debugged before.

Adoption curve reality:

Value
  │                              ╱ mTLS + traffic control
  │                         ╱
  │              ╱╲  complexity trough
  │         ╱╲╱
  │    ╱╲╱   ← sidecar failures, upgrade pain
  │╱
  └──────────────────────────────▶ Time
     Week 1     Month 3     Month 9

Where it breaks:
▸ Sidecar injection failures look like app bugs — hours spent debugging the wrong layer.
▸ mTLS policy rollout in a live cluster requires namespace-by-namespace phasing — one mistake stops traffic.
▸ Mesh upgrades require coordinated sidecar restarts across the cluster — on large deployments, that's everything.

The rule I keep coming back to:
→ Start mesh in observability-only mode (no policy enforcement). Prove value in one namespace first. Earn the rollout, don't mandate it.

How I sanity-check it:
▸ Linkerd for latency-sensitive workloads — lower resource overhead than Istio's Envoy per sidecar.
▸ Namespace-level feature flags for mesh policy — lets you roll back one team without affecting others.

The difference between a senior engineer and a principal is knowing which guardrails to build before you need them.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/service-mesh-adoption-the-operational-debt-lands-before-the-value-does

If this triggered a war story, I'd genuinely love to hear it.

kubernetes #devops #sre #platformengineering

One insight that changed how I design systems:

Neeraja Khanapure — Fri, 08 May 2026 10:09:44 +0000

LinkedIn Draft — Insight (2026-05-08)

One insight that changed how I design systems:

Feature flags are ops infrastructure, not a product team tool

Most platform teams treat feature flags as a product/A-B testing concern and miss the most operationally valuable use case: instant rollback for any backend change, without a redeployment. The teams with the lowest incident MTTR almost all have the same secret — they can disable any code path in 30 seconds.

Feature flag as ops tool:

New backend change ships ──▶ [flag: new_auth_flow = true]
                                        │
                              Incident detected (T+12min)
                                        │
                              [flag: new_auth_flow = false]
                                        │
                              Recovery complete (T+13min)

vs. traditional rollback:    Recovery complete (T+75min)

The non-obvious part:
→ A feature flag that can disable a code path in 30 seconds is worth more than any runbook during an active incident. It converts a deployment rollback — with its pipeline, merge, and propagation delays — into a config change. Most platform teams own the infra for this and never tell product teams it exists.

My rule:
→ Every significant backend change ships behind a flag for at least 2 weeks post-deploy. Flags are cheap. Incidents are not. Make flags a deployment requirement, not an option.

Worth reading:
▸ Martin Fowler — Feature Toggles pattern (martinfowler.com/articles/feature-toggles.html)
▸ LaunchDarkly / Unleash — flag lifecycle management and audit logging best practices

https://neeraja-portfolio-v1.vercel.app/insights/feature-flags-are-ops-infrastructure-not-a-product-team-tool

If this resonated, share it with one person on your team who'd benefit. That's how good thinking spreads.

devops #sre #observability #platformengineering

Not in any textbook — learned this from a 3am page:

Neeraja Khanapure — Thu, 07 May 2026 02:44:22 +0000

LinkedIn Draft — Workflow (2026-05-07)

Not in any textbook — learned this from a 3am page:

On-call burnout is an alert design problem, not a schedule problem

Every team I've seen fight burnout by rotating people faster. The actual fix is almost always the same: the alerts are wrong.

Alert quality spectrum:

Noisy ◀─────────────────────────── ▶ Actionable

[cpu > 80%]  [pod restart]  [error budget burn]  [customer impact]
     │              │               │                    │
 ignore me      maybe?         investigate!          wake me up

Where it breaks:
▸ Alerts without a named owner and a runbook produce paralysis, not action — especially at 2am.
▸ Flapping alerts are the fastest path to alert blindness — engineers learn to dismiss pages before reading them.
▸ Cause-based alerts (disk full) and symptom-based alerts (latency spike) need different urgency and routing.

The rule I keep coming back to:
→ Before any alert ships: Who acts on it? What do they do? What's the cost of 30 minutes of inaction? If you can't answer all three, it's not ready.

How I sanity-check it:
▸ Weekly alert review ritual: tag every last-week page as actionable / noisy / redundant. Kill the bottom two categories.
▸ PagerDuty/OpsGenie grouping + escalation policies — reduce interrupt rate without hiding real incidents.

Reliability is a product feature. The engineers who treat it that way are the ones who get asked into the room.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/on-call-burnout-is-an-alert-design-problem-not-a-schedule-problem

Hiring managers: engineers who think about this in interviews are the ones worth calling back.

sre #observability #reliability #devops

Something I keep explaining in architecture reviews:

Neeraja Khanapure — Tue, 05 May 2026 10:23:50 +0000

LinkedIn Draft — Workflow (2026-05-05)

Something I keep explaining in architecture reviews:

Secrets management: designing for rotation, not just storage

Most orgs solve 'where do we store secrets securely.' The teams that get paged at 2am are the ones who never solved 'how do we rotate them without downtime.'

Storage-only design:        Rotation-aware design:

Secret ──▶ Vault            Secret ──▶ Vault ──▶ Agent Injector
              │                                        │
         Pod (env var)                           Pod (file mount)
              │                                        │
         Restart to           Auto-reload ◀────── Lease renewer
         get new value        (zero downtime)

Where it breaks:
▸ Secrets as env vars require pod restarts on rotation — making rotation a deployment event with blast radius.
▸ Vault leases expiring in long-running jobs produce auth errors that look like app bugs, not infra failures.
▸ Secret sprawl across namespaces means rotation happens in 12 places — and one always gets missed.

The rule I keep coming back to:
→ Design rotation before you design storage. If you can't rotate a secret in under 10 minutes with no downtime, the design isn't production-ready.

How I sanity-check it:
▸ Vault Agent Injector or External Secrets Operator — decouple secret delivery from pod lifecycle.
▸ Monthly secret access log audit — stale consumers are how you discover forgotten service accounts before attackers do.

Reliability is a product feature. The engineers who treat it that way are the ones who get asked into the room.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/secrets-management-designing-for-rotation-not-just-storage

If this triggered a war story, I'd genuinely love to hear it.

security #devops #kubernetes #sre

This is what separates teams that scale from teams that survive:

Neeraja Khanapure — Fri, 01 May 2026 10:11:17 +0000

LinkedIn Draft — Insight (2026-05-01)

This is what separates teams that scale from teams that survive:

Capacity planning is a risk budget conversation, not a utilization spreadsheet

Teams that plan capacity by extrapolating last month's P95 get surprised when a product launch doubles traffic in a week. The right frame isn't 'what utilization should we run at' — it's 'what's the asymmetric cost of being wrong in each direction, and how much buffer does that justify?'

Cost asymmetry analysis:

Over-provision by 20%:    Under-provision by 20%:

Cost: +$8K/month          Cost: Incident
                               + on-call burnout
Direct, predictable            + customer churn
                               + post-mortem
                               + team morale tax

For P0 services, 20% buffer almost always wins.

The non-obvious part:
→ The teams who get capacity planning right treat it as an insurance calculation, not an optimization problem. Over-provision cost is direct and visible. Under-provision cost is diffuse, delayed, and always larger than it looks. The asymmetry should drive your buffer strategy — not your CFO's target utilization number.

My rule:
→ Set buffer based on incident cost, not utilization targets. For every P0 service, calculate: what does one hour of downtime cost vs one month of 20% over-provision? The math almost always justifies the buffer.

Worth reading:
▸ Google SRE Book — Being On Call and Handling Overload (ch. 11-12)
▸ AWS/GCP cost anomaly detection — real-time signals for when your buffer is being consumed

https://neeraja-portfolio-v1.vercel.app/insights/capacity-planning-is-a-risk-budget-conversation-not-a-utilization-spreadsheet

Hiring note: engineers who think about this in system design conversations stand out immediately.

devops #sre #observability #platformengineering

Not in any textbook — learned this from a 3am page:

Neeraja Khanapure — Tue, 28 Apr 2026 10:34:18 +0000

LinkedIn Draft — Workflow (2026-04-28)

Not in any textbook — learned this from a 3am page:

Kubernetes rollouts: why 'pods are Ready' is the wrong promotion gate

Readiness is a node-local signal. Production health is a global one. Most rollout pipelines conflate the two — and that's where incidents come from.

Bad gate:                         Good gate:

Deploy ──▶ Pods Ready? ──▶ Done   Deploy ──▶ Pods Ready?
           (local signal)                    │
                                             ▼
                                    SLO window check
                                    (error rate + p95)
                                             │
                                    Pass ──▶ Promote
                                    Fail ──▶ Auto-rollback

Where it breaks:
▸ 100% Ready pods while P95 latency spikes — bad cache warmup, noisy neighbor, DB connection saturation.
▸ HPA reacts slower than a fast rollout — you ship overload before autoscaling catches up.
▸ Canary stuck green because metrics lack the right labels/slices to isolate the failing segment.

The rule I keep coming back to:
→ Promote only when the canary holds your SLO slice (error rate + latency) for a fixed observation window. Otherwise: auto-rollback.

How I sanity-check it:
▸ Argo Rollouts or Flagger with Prometheus gates — error rate, latency percentiles, saturation.
▸ Alert on canary-vs-baseline deltas, not absolute thresholds. Catches regressions that pass absolute checks.

Operational maturity isn't about tools — it's about designing for the failure you haven't seen yet.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/kubernetes-rollouts-why-pods-are-ready-is-the-wrong-promotion-gate

Strong opinions on this? Good. I want to hear the pushback.

kubernetes #reliability #devops #sre

A Friday systems thinking thread — worth sitting with:

Neeraja Khanapure — Fri, 24 Apr 2026 10:12:05 +0000

LinkedIn Draft — Insight (2026-04-24)

A Friday systems thinking thread — worth sitting with:

Observability debt is invisible until an incident makes it expensive

You can't debug what you can't slice. Teams add dashboards for years and still can't answer the two questions that matter most in an incident: which customers are affected, and which change caused it. The problem is almost never the tool — it's the label strategy.

Observability debt accumulation:

Month 1:  Service A metrics added (no ownership labels)
Month 3:  Service B metrics added (different label schema)
Month 6:  Dashboard count: 47. Useful in incident: 3.
Month 9:  P0 incident. Can't isolate by customer/version.
          Engineer guesses. Guesses wrong. +45min MTTR.

Fix: Define label schema FIRST. Instrument second.

The non-obvious part:
→ The teams that debug incidents fastest don't have more metrics — they have metrics that answer the right questions at the right cardinality. SLI-first instrumentation design is a force multiplier. Most teams instrument first and wonder why dashboards are noisy.

My rule:
→ Define your SLIs, then design labels that let you isolate by (service, env, version, customer tier) without exploding cardinality. Instrument last.

Worth reading:
▸ Brendan Gregg's USE Method + Google's RED Method for SLI-first design
▸ Prometheus label best practices — cardinality anti-patterns (prometheus.io/docs)

https://neeraja-portfolio-v1.vercel.app/insights/observability-debt-is-invisible-until-an-incident-makes-it-expensive

What's the version of this that your org gets wrong? Drop it below.

devops #sre #observability #platformengineering

A hard-earned rule from incident retrospectives:

Neeraja Khanapure — Tue, 21 Apr 2026 10:05:01 +0000

LinkedIn Draft — Workflow (2026-04-21)

A hard-earned rule from incident retrospectives:

GitOps drift: the silent accumulation that makes clusters unmanageable

GitOps promises Git as the source of truth. The reality: every manual kubectl during an incident is a lie you told your cluster and forgot to retract.

GitOps truth gap over time:

Week 1:  Git ══════════ Cluster  (clean)
Week 4:  Git ══════╌╌╌╌ Cluster  (2 manual patches)
Week 12: Git ════╌╌╌╌╌╌╌╌╌╌╌╌╌  (drift accumulates)
                         Cluster  (unknown state)

Where it breaks:
▸ Manual patches during incidents create cluster state Git doesn't know about — Argo/Flux will overwrite it silently.
▸ Secrets managed outside GitOps (sealed-secrets, Vault agent) drift independently — invisible in sync status.
▸ Multi-cluster setups multiply drift: each cluster diverges at its own pace once human intervention happens.

The rule I keep coming back to:
→ Treat every manual cluster change as a 5-minute loan. Commit it back to Git before the incident closes — or it's gone.

How I sanity-check it:
▸ Argo CD drift detection dashboard — surface out-of-sync resources before they become incident contributors.
▸ Weekly diff job: live cluster state vs Git. Opens a PR for anything untracked. Makes drift visible before it's painful.

The best platform teams I've seen measure success by how rarely product teams have to think about infrastructure.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/gitops-drift-the-silent-accumulation-that-makes-clusters-unmanageable

Curious what guardrails you've built around this. Drop your pattern below.

gitops #kubernetes #devops #platformengineering

Something every senior engineer learns the expensive way:

Neeraja Khanapure — Sun, 19 Apr 2026 16:53:12 +0000

LinkedIn Draft — Workflow (2026-04-19)

Something every senior engineer learns the expensive way:

Terraform DAGs at scale: when the graph becomes the hazard

Terraform's dependency graph is elegant at small scale. At 500+ resources across a mono-repo, it becomes the most dangerous part of your infrastructure.

SAFE (small module):              DANGEROUS (at scale):

[vpc] ──▶ [subnet] ──▶ [ec2]     [shared-net] ──▶ [team-a-infra]
                                          │         [team-b-infra]
                                          │         [team-c-infra]
                                          │         [data-layer]
                                  One change → fan-out destroy/create

Where it breaks:
▸ Implicit ordering assumptions survive until a refactor exposes them — usually as an unplanned destroy chain in prod.
▸ Fan-out graphs make blast radius review near-impossible. 'What does this change affect?' has no fast answer.
▸ depends_on papering over bad module interfaces — it fixes the symptom and couples the modules permanently.

The rule I keep coming back to:
→ If a module needs depends_on to be safe, the module boundary is wrong. Redesign the interface — don't paper over it.

How I sanity-check it:
▸ terraform graph | dot -Tsvg > graph.svg — visualize fan-out and cycles before every major refactor.
▸ Gate all applies with OPA/Conftest + mandatory human review on any planned destroy operations.

The difference between a senior engineer and a principal is knowing which guardrails to build before you need them.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/terraform-dags-at-scale-when-the-graph-becomes-the-hazard

Curious what guardrails you've built around this. Drop your pattern below.

terraform #iac #devops #sre

Not in any textbook — learned this from a 3am page:

Neeraja Khanapure — Sat, 18 Apr 2026 11:03:01 +0000

LinkedIn Draft — Workflow (2026-04-18)

Not in any textbook — learned this from a 3am page:

Kubernetes cost spikes: the usual suspects and how to find them fast

Cloud bills spike in Kubernetes for the same reasons every time. None of them are visible in the default dashboards — and most of them are invisible until month-end.

Cost leak sources (ranked by surprise factor):

1. Unset resource requests   → scheduler packs nodes → OOM → over-provision
2. Autoscaler scale-down lag → zombie nodes after traffic spike
3. Log pipelines w/o sample  → 40% of bill, 0% of dashboards
4. Idle namespaces           → dev clusters running 24/7
5. Spot interruption gaps    → fallback to on-demand, never reverted

Where it breaks:
▸ Missing resource requests let the scheduler over-pack nodes — when pods OOM, you over-provision to compensate.
▸ Cluster autoscaler adds nodes faster than it removes them. Spot interruptions leave zombie capacity for hours.
▸ Logging agents (Fluentd/Filebeat) on every node with no sampling become the largest line item nobody owns.

The rule I keep coming back to:
→ Every workload needs requests AND limits. Review autoscaler scale-down thresholds monthly. Sample logs at source, not at the sink.

How I sanity-check it:
▸ Kubecost or OpenCost — per-namespace/team attribution. Without this, no one feels accountable for the number.
▸ KEDA for event-driven workload scaling — eliminates idle replicas without sacrificing responsiveness.

The best platform teams I've seen measure success by how rarely product teams have to think about infrastructure.

Deep dive: https://neeraja-portfolio-v1.vercel.app/workflows/kubernetes-cost-spikes-the-usual-suspects-and-how-to-find-them-fast

Strong opinions on this? Good. I want to hear the pushback.

kubernetes #finops #devops #platformengineering