This how-to tutorial guides you through the implementation for RBAC (Role-Based Access Control) management with Kubernetes manually, vs how easy it is to implement RBAC for Kubernetes with Portainer.

https://youtu.be/sPPhwJzuObs

https://redd.it/pnwafp
@r_devops

Azure Bot + WhatsApp integration

Hello, I made the Azure QnA Bot, but I can't figure out how to integrate it with WhatsApp. The purpose of this is to have a bot like in WhatsApp Business that allows to choose options, but also be able to type free text to get the info. The info itself would be on Azure SQL Database resource and can be edited and read from it via WhatsApp.

How do I go about it?

https://redd.it/pnzjih
@r_devops

Changing EC2 Windows AMI Resolution -1920 X1080 during Test Pipeline run

Hi Guys - I have a requirement to change EC2 windows AMI screen resolution to 1920 x 1080 as part of application testing criteria. I am using custom AMI build via packer and wanted to change the resolution during Jenkins Pipeline run. During the Jenkins CI execution, new EC2 instance will be spinned up using the custom AMI and execute the UI test cases inside the machine. Tests are being executed using power shell scripts which internally calls the window based application , tapping PsExec.exe . I tried variety of solutions, none of them works properly and the resolution always defaults to 1024x768

Solutions tried so far

1. Executing Powershell command to force set during the pipeline run.Set-DisplayResolution -Width 1920 -Height 1080 -Force

​

2.Installing TightVNC on the EC2 Windows machine and set the resolution to 1920 X 1080. The instance type we were using G4DN.Xlarge . After that creating a new image out of it and levaraging it. It didnt work either


3. Changing registry values inside the machine.
XResolution and YResolution
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\GUID\\0000\\DefaultSettings.XResolution

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\GUID\\0000\\DefaultSettings.YResolution

4. Installing Choco packages - > Screen resolution and setting auto logon feature.
https://github.com/dhoer/choco-screen-resolution**
choco install -y screen-resolution --params "'/UserName:{{ windows_user }} /Password:{{ windows_password }} /RdpUserName:{{ windows_user }} /RdpPassword:{{ windows_password }}'"**
Not sure, what is wrong here. Any solutions and directions for this case would be much appreciated.. Thanks very much!

https://redd.it/pnzauv
@r_devops

For Pulumi users, are you running it yourself or do you use their paid tier?

I'm tempted to give it a try but I'd like to understand the costs beforehand. I wonder how people run pulumi here?

https://redd.it/po2dqn
@r_devops

DevOps Master Class Part 5 - Secrets!

Lesson five of my new DevOps Master Class is now live which dives into secrets! Why we have them, how to avoid them and what to do if we must have them!

https://youtu.be/b5F0WuTISAE

YouTube Playlist for the whole course - https://www.youtube.com/playlist?list=PLlVtbbG169nFr8RzQ4GIxUEznpNR53ERq

GitHub Repo - https://github.com/johnthebrit/DevOpsMC

https://redd.it/po2uis
@r_devops

GH Actions Code Review

I've been using a pet project to learn Github Actions recently and wanted to reach out and see if anyone was interested in providing some feedback on my first CI/CD pipeline. You can see it here. You can also see the last full run results here.

In short, it performs linting, checking, and testing with every push (including caching in between runs since Rust is notoriously slow to compile). When a new tag is generated, in addition to the above, it publishes it to crates.io, builds cross-platform versions of the binary, cuts a new GH release with the generated build artifacts, and then pushes the update to my Homebrew tap.

What I'm most interested in is feedback which improves readability (it does seem a bit unwieldy at first sight), performance, and reliability. Thanks in advance!

https://redd.it/po421d
@r_devops

Why a Good Developer Experience Matters

A good developer experience means providing developers with everything they need to do their work the best way possible. Here’s why that matters.

https://loft-sh.medium.com/why-a-good-developer-experience-matters-7cd34f08fbb7

https://redd.it/po5w7s
@r_devops

Need some help with the AWS load balancer configuration with nginx as webserver.

Hi All,

I am new to aws and nginx and devops in general, I am facing an issue with aws application load balancer configuration, (I have faced the same issue on classic load balancer as well). Behind the loadbalancer there are two EC2 ubuntu instances running with nginx as the webserver serving a static site and hosted in godaddy.

Static website content is kept on location /home/ubuntu/sitename/index.html. Now the problem I am facing is when I am giving the health check path as / in target groups. ALB is picking the default index.html file of nginx located at /var/www/html/index.html. If I try to change the path fo health check to /home/ubuntu/sitename health check always fails. But the site works fine if I am not using ALB, with one EC2 instance i can access the site with domainname and same nginx configuration, also I can access the default nginx page if I give the ip of EC2 in browser.

I would like to keep the site content in the same location, and make it work without having to delete/rename the default nginx index.html

What I am I doing wrong here? please help.

Thanks in advance.

Below is my Nginx configuration file

server {

listen 80;

listen [::\]:80;

root /home/ubuntu/sitename;

index index.html index.htm;

\# Make site accessible from https://localhost/

server_name sitename.com;

location / {

\# First attempt to serve request as file, then

\# as directory, then fall back to displaying a 404.

try_files $uri $uri/ =404;

\# Uncomment to enable naxsi on this location

\# include /etc/nginx/naxsi.rules

}

}

https://redd.it/po792z
@r_devops

List of IaC & SaaS Infrastructure Services?

Hi guys,
is there a list or matrix of infrastructure services, not for VMs, but more stuff like, only CDN or only DNS, or SMS or 2fa or internet-answeringmachine or pizza-ordering (okay, last one is half joking) services, which can be controlled via IaC Code/programs?

i know like, twilio for sms or phonecalls, but there must be more.

https://redd.it/po6e3m
@r_devops

K8s on Mac Mini M1

With no update on MacMini today during Apple Event I'm considering getting the "old" MacMini M1 16Gb ram. Anyone had experience running K8s on it and doing active development? Please share your experience and what you used (minikube, kind, k0s, k3s, etc)?

Also, if you use node.js, how fast are package installation times?

Thank you.

https://redd.it/po8rcp
@r_devops

gitlab cicd vs systemd



this may be a crazy question - I want to host an algo-trading system which will trigger morning 9.00 AM and runs till 3.00 PM. I'm considering hosting either as a service using systemd or using gitlab cicd to trigger this. (i can watch activity here at any moment).

what is the best choice? is cicd reliable for running the whole day ?

https://redd.it/po2dcr
@r_devops

Challenge Tagging Helm Charts With the right version.

So, I am using Github actions and helmfile to setup a workflow that allows us to deploy resources to our clusters. All the code is in one repo with the below structure. The problem is that there really is not a very good plugin to deploy multiple helm charts into S3 and GitHub pages is public. The only public forGitHub actions to s3 only works for one repository at a time and I want a situation where CI/CD "loops" through the charts in the charts folder and finds the one with a change and requires that they value in the `chart.yaml` file be bumped up. How can I achieve this?

|

|- charts/<helm-chart>

|

|- clusters/<kubernetes-cluster-name> -

| | - cluster-helmfile.yaml

|

|- helmfile.yaml.

https://redd.it/po1uua
@r_devops

How is success measured in your DevOps team? Is anyone using these 4 key metrics?

Through six years of research, the DevOps Research and Assessment (DORA) team has identified four key metrics that indicate the performance of a software development team: 

Deployment Frequency—How often an organization successfully releases to production
Lead Time for Changes—The amount of time it takes a commit to get into production
Change Failure Rate—The percentage of deployments causing a failure in production
Time to Restore Service—How long it takes an organization to recover from a failure in production

https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance

https://redd.it/poczlz
@r_devops

Management of Change

I did not know if our organization had an effective or ineffective change management process.

I did know that we needed to remain relevant and resilient for all hazards security risk management in fluid risk and organizational change scenarios.

We had to organize and use that information to compare the effects of budget and policy alternatives and make better choices.

So, we had to work with change management in security projects and convince others in our organization that data quality is important.

And make hard choices, like perceive the leadership during the process, has it been sufficient?

To visualize the Management of Change work and manage it, I made a Management of Change Kanban board that is broken down into 1282 Work Items that are prioritized into their Workflows.

It worked for me, it's for where to get started on your current or impending Management of Change journey. 

If you want to check it out and give me feedback go here:

https://theartofservice.com/Management-of-Change-Kanban

https://redd.it/podhr2
@r_devops

how do we get arguments here

https://cloud.google.com/build/docs/building/build-containers

&#x200B;

here how do we get arguments ? like here :

steps:

name: 'gcr.io/cloud-builders/docker'  args: \[ 'build', '-t', 'gcr.io/PROJECT\_ID/IMAGE\_NAME', '.' \]

# Install dependencies

name: pythonentrypoint: pipargs: ["install", "-r", "requirements.txt", "--user"\]
&#x200B;
name: google/cloud-sdkargs: ['gcloud', 'run', 'deploy', 'helloworld','--image=us-central1-docker.pkg.dev/$PROJECT_ID/$_REPO_NAME/myimage:$SHORT_SHA','--region', 'us-central1', '--platform', 'managed','--allow-unauthenticated'\]

https://redd.it/pocxsp
@r_devops

Cache | Caching | Create Redis in Azure and Integrate in API and check performance | E2E Demo | Beginner Series

https://www.youtube.com/watch?v=npBGXYuf1JA

https://redd.it/pocodl
@r_devops

Anyone have an AWS to GCP guide?

Im probably gonna be working on a GCP environment. Im pretty well versed in AWS land. Is there a quick terminology guide with some substance as an option?

Thanks.

https://redd.it/pogodh
@r_devops

Best query functionality for logging/observability products?

I'm wondering if anyone can compare products like sql, datadog, elk, splunk or more and how strong their actual query languages are.

I keep seeing people bring up ease of deployment and cost in the discussion around these products, but not how useful and realizable their data querying and transforming abilities actually are. Be it tables, dashboards or multiple layers of logic and transforming and joining.

I've used enough of them to know straight sql is just not strong or flexible enough when working on huge dumps of data that aren't locked into a schema and are ever changing and adding more sources.

Opinions? Things to consider when choosing?

https://redd.it/poj0s8
@r_devops

Terraform routine use of -target

Our team routinely uses -target regardless of terraform's recommendation to not do that. We have a repo with TF code for our whole infra split in many "product"-based modules which we apply in a few TF environments (production, staging and a couple supporting ones). Generally when someone works on a part of the infra (usually some product/app/api/etc) they apply the relevant module(s) with -target while others working on other parts apply on other targets at the same time (not absolutely simultaneously, we do respect the lock mechanism). The only problem that arises from this kind of use is when applying stuff in a couple core/common modules, where other people need to pause their work, wait for a full apply & merge of the changes and then continue.

So I'm not sure why terraform "looks down" on this method of doing things (I mean it prints 5 lines of text on each plan/apply....). The alternative would be to either split our stack in multiple sub environments which would require a ton of boilerplate code setting up all the providers and such or to always first push stuff to the repo, merge and then apply automatically through a CI for example which sounds very cumbersome and bureaucratic.

Maybe the organisation & infrastructure size is an important variable in deciding the proper approach. In our case we're a company of a few hundred people overall, our devops/infra team that develops our TF code are 5 devs and our AWS bill is in the low 5 figures.

I'd appreciate your opinions, recommendations and examples of other approaches.

https://redd.it/poo7un
@r_devops

Ansible - get all servers with same variable value

My Ansible hosts file looks something like this:

KNM ## (fake provider name)
prod1 srvloc="JPN1"
prod2 srvloc="JPN1"
prod3 srvloc="JPN1"

PNA
prod4 srvloc="JPN2"
prod5 srvloc="JPN2"
prod6 srvloc="JPN2"

JAPAN:children
KNM
PNA

In my Ansible playbook, I'm trying to loop through all the servers that have the same value of srvloc.

Is it possible to do in Ansible? How can I list all the servers that has the same value of srvloc as the current target server?

This is a small example, in reality I have lots of variables for servers, which is why simply getting the current group name is not enough (not to mention that as seen in the example, each server is a member of multiple groups)

Huge thanks ahead!

https://redd.it/pooqdt
@r_devops

Incident management system for NOC, DevOps, SRE on shift

Hi

I realized that most of the existing incident management system is more oriented for automatic notifications/escalation and don`t provide good enough UI and features for operators to work with alerts 24/7.

It works well if:

you don\`t need to do additional troubleshooting
you don`t have false-positive/flapping alerts

Otherwise, you need to have some people (NOC or Support or DevOps etc..) behind the screen who is managing alerts.

I decided to create Incident management systems to collect alerts from different monitoring systems and provide a simple way when multiple teams can manage them in one place.

&#x200B;

Please take a look and share your feedback:

Playgroud - https://playground.harpia.io/#/login-?demo=true

High Level comparison - https://medium.com/@the.harpia.io/incident-management-systems-harp-vs-pagerduty-92adf6c025ce

&#x200B;

There is a lot of ideas to extend it. For example - correlate alerts, show root cause, or enrich alerts with additional info. But, I need to understand if it’s something that make sense for people who is working with it.

https://redd.it/pop819
@r_devops