DDoS and IRP on GCP

We are trying to come up with an Incident Response Plan for our e-commerce website, hosted on GCP. We use GKE and global load balancer with backends. How can I set up alerting policies incase of a DDoS attack?

Or anything that I should consider before I jump into IRP?

https://redd.it/npabk1
@r_devops

System Design/Architecture resources

Hi all,

As DevOps engineers, we are supposed to have a solid understanding of System Architecture and Design.

I"m trying to level up my skills and going deeper into System Design. With Cloud vendors like AWS, we usually have a high-level understanding of architecting applications using web services like VPC and EC2 but I'm looking for resources (books, videos) with a more general approach and details like network throughput, storage Input/Output, caching, etc.

Ultimately, I would like to feel comfortable discussing how to architect applications like Reddit, Twitter with millions of users hitting the service.

If you can share some good resources to level up my skills I would greatly appreciate it.

https://redd.it/np8wi7
@r_devops

Simple way to deploy NodeJS APIs

I'm currently deploying my apps on a VPS on Azure.
I just install and set up NGINX, firewall, setup pm2 and that's basically it.
Database on a different instance but behind NGINX and firewall. It's a pretty simple architecture.
How I handle the code updates is via initializing a bare git repo on VPS and then create a remote locally with my VPS's IP and just push to that remote.

Recently because of the increase in traffic, in turn cost, I have evaluated a local VPS provider which is very cheap. I want to switch to it. Since I have 4-5 Small Node APIs running on my current machine, I can't help but think there must be a better way.

Sure, I could use docker, but that would add a layer of complexity. How do you deploy the code on your servers, do you know a short and simple approach or is the best way is to use docker?

https://redd.it/np5gnp
@r_devops

DevOps to SRE!

From a DevOps team , what changes are to be done to make them in to SRE team?

https://redd.it/np5ea1
@r_devops

ECS + mysql container + ebs + autoscaling group -> How does one persist the mysql database even if the ec2 instance was to be terminated and restarted. My autoscaling group is creating a new volume on restart

I want to be able to reattach the same volume or data that was there previously

https://redd.it/np37g1
@r_devops

Easiest way to check prometheus target health

I'm fairly new to prometheus. I'm currently using it with a few exporters to graph with grafana. I have not started doing any alerts/checks with it directly yet. I'm still using Nagios to monitor our infrastructure.

For now what I'm trying to do is get an alert if there are any unhealthy prometheus targets. I can either do this with some sort of call to the API and write a simple nagios check script for it, or perhaps prometheus already has a built in way to alert on target health?

Basically I just want to be notified if there are any unhealthy targets.

What exactly do a call to the health endpoint check for? 200 status is given if prometheus is healthy, but what does healthy actually mean? Will it report unhealthy if there are targets that cannot be reached? https://prometheus.io/docs/prometheus/latest/management_api/

https://redd.it/np35po
@r_devops

Asking about DevOps Certification

Hello Everyone ..

I'm a fresh grad postgraduate student, did M.Sc. in Computer Security.

What are the most useful and efficient certificates to start working in DevOps related fields ?

I do know about AWS certificates, but I'm not sure how useful are they when it comes to landing jobs and getting hired.

If u guys have some useful links that would be awesome !!

https://redd.it/nox4dr
@r_devops

Portainer experiment notes from a DevOps Engineer

We have decided to utilize Portainer recently. And I must admit that the experience has been a positive one for us.

We have been using DevOps tools such as Jenkins, Terraform, Cloud Formation, Ansible, Prometheus, Docker, Docker Compose, Kubernetes, etc. however for containerized applications we wanted to try one of the visualization tools. We have had some experience with Rancher however this time the team decided to experiment with Portainer. I must admit that you cannot have some functionalities you can imagine, however, the simplicity and lightweight nature of the user interface was the convincing part for our Portainer decision. Portainer CE (Community Edition) is a free version and Portainer Business is paid version. Portainer may not be heavy-duty enough for some solutions, however, we found the free version sufficient for our purpose for the time being.

Full article on Medium here https://medium.com/clarusway/portainer-experiment-notes-ac1f9d88ea18

https://redd.it/notmr8
@r_devops

K3s – lightweight kubernetes made ready for production - Blog parts 1,2,3 and github project

Very useful series of blogs with an Ansible github project on how to securely deploy k3s kubernetes https://digitalis.io/blog/kubernetes/k3s-lightweight-kubernetes-made-ready-for-production-part-1/

https://redd.it/nqp80z
@r_devops

Vault Installation

Hello everyone, I would like to install Hashicorp vault using Terraform. I am new to both tools. Can I use Terraform to install Vault in my Mac (Local). In the official website, (I have seen lot of tutorials but only for Cloud Platform). If so how can I do this. Thanks in advance.

https://redd.it/nqvnd7
@r_devops

How do I explore setting up continuous deployment for our application? Every commit is tested + built on Jenkins, we deploy manually via Kubernetes

I am on a team building a distributed webapp (frontend+backend) (currently only has one production deployment, may have dozens in the future). I'm a relative devops/kubernetes/jenkins newbie.

​

Each commit is picked up by a Jenkins job, where all unit + integration tests are run, and then a Docker image is built, pushed to our internal hub. We manually deploy this Docker image tag to our various clusters (production, several test).

​

I feel like there is room for improvement here. Namely:

​

\- Is it possible to have each commit both built and deployed somehow? Would this require a large amount of deployment resources? Currently we have one test Kubernetes cluster we deploy images to manually when we want to test something

\- How do we transition to a state where code is continually deployed? My first guess is that Jenkins integrates with our Kubernetes cluster, and when a new git release (tag) is cut, it attempts to deploy that tag to kubernetes

​

Thoughts?

https://redd.it/nqt33v
@r_devops

Is rate-limiting done on a per-user basis?

Recently, I have come to know about rate-limiting and found out that it's essential for service availability. In that case, how does large products like Google/Facebook implement rate-limiting while they have to serve 100K+ users per second? Even if they deny or throttle the API request, wouldn't that be considered a bad user experience?

https://redd.it/nqv03t
@r_devops

Non-video learning resources?

I'm a Linux sysadmin who needs to get up on modern DevOps best practices, especially running K8S. This sub is very helpful but one thing I've noticed is that most of the recommended tutorials and other resources are in video format, which doesn't work very well for me. Is there a good learning site or app that sticks to traditional formatting?

I don't want to get into the larger issue of comparing the utility of video vs print for conveying complex information – for me that's not a question, a page of text & images is always going to be better for me so I'm just interested in hearing about good resources in that format. TIA for any tips.

https://redd.it/nqrwze
@r_devops

Working for a consultancy..

Does anybody have any insights or thoughts on working for a large consultancy in the DevOps/Cloud space? It seems (at least in the UK) that consultancies are always hiring and offering decent packages. I'm wondering if there's a catch..

https://redd.it/nqnm3c
@r_devops

Update to our serverless workflow engine Direktiv

G'day DevOps,

We've previously posted on our serverless workflow / automation engine called Direktiv and wanted to share a couple of updates:

**We've released an update v0.2.5 with the following additions:**

* Workflows can be set to run only one instance at a time, allows administrators to throttle usage
* DB performance improvements (substantial workflow throughput increase)
* API updates to support workflow completion
* Individual fields from workflow results can be delivered via http, e.g. images
* Access to workflow variables as files in containers
* Added namespace logs to the dashboard

**Released the GitHub Marketplace integrations for Direktiv:**

* Sync Direktiv workflows
* Execute Direktiv workflow
* Variables management from GitHub

We're also working on a VSCode integration at the moment (amongst other things). 2 new articles on our blog explains the GitHub actions and the variable management:

[https://blog.direktiv.io/direktiv-github-actions-available-in-marketplace-595dd51e1f72](https://blog.direktiv.io/direktiv-github-actions-available-in-marketplace-595dd51e1f72)

[https://blog.direktiv.io/direktiv-building-stateful-workflows-a-bitcoin-example-ab445527bed9](https://blog.direktiv.io/direktiv-building-stateful-workflows-a-bitcoin-example-ab445527bed9)

The second article pokes a bit of fun at Bitcoin - sorry in advance!

As always - feedback is welcomed!!!

https://redd.it/nr2cpx
@r_devops

Any good course on developing a complex infrastructure for a Wordpress application?

Any good course on developing a complex infrastructure for a Wordpress application? It's for AWS specifically, and also is there a way to not spend any money on AWS while following the course, because I don't want to spend 100$ on AWS. Also, is it possible to set it up through code instead of going to the AWS console?

https://redd.it/nr1tjq
@r_devops

How do you deploy a dockerized application that's accessible on localhost:8080 on Ubuntu?

1) Install docker-ce

2) change hostname to staging01.something.com

3) Route 53 DNS config

4) Git clone

5) run docker-compose up (runs on localhost:8080)

6) go to staging01.something.com:8080

​

Is this all? Or am I missing some steps?

Without DNS config, if the server is accessible on 43.12.11.11, I can access the website on 43.12.11.11:8080 correct? I am trying to understand how to deploy a staging environment by running docker.

https://redd.it/nr1q2q
@r_devops

Jenkins as a jobrunner

Anyone have any experience with using Jenkins as a job runner? I have a requirement where we want developers to restart services but not SSH into Linux boxes themselves. I'm thinking Jenkins build jobs using Jenkins agents could work.

Does Jenkins support restricting x user to perform x job/build within Jenkins? Is this feasible?

https://redd.it/nqzj55
@r_devops

What are you doing when waiting for your pipelines to finish ?

As a DevOps, I realize that I am spending a lot of my time.... waiting. Waiting for pipelines to finish to continue troubleshooting, waiting for a service to be deployed and up, waiting for the cloud resources to be deleted,...

What are you currently doing with all this time?

https://redd.it/nr71xz
@r_devops

self signed certificates to secure ip of tomcat

how to create a self signed certificate and secure the ip of tomcat server?

i have tried to create a keystore file, csr file and a certificate and when i try to change the server.xml file in order to include the keystore and certificate. And when i try to run the tomcat it doesn't run.

i am trying to do these without the domain

https://redd.it/nr4sss
@r_devops

Its still not RIP Ruby on Rails fellas

This is why Ruby on Rails is my go-to backend technology!

https://medium.com/devtechtoday/this-is-why-ruby-on-rails-is-my-go-to-app-development-platform-391770bce70

https://redd.it/nr5n9u
@r_devops