Best devops interview question, choose one?

1. How is your pipe game?
2. How is your pipe game?
3. How is your pipe game?
4. How is your pipe game?
5. How is your pipe game?

https://redd.it/pqa5di
@r_devops

How would you deploy this build? Next.js, Redis, Express API, PostgreSQL on AWS?

I have been getting into devops for the past weeks and not sure if I am overengineering and need guidance on my pipeline order of operations.

Background: I am a one-man dev that wants automate as much as possible while having a build that can handle some sort of scale and don't want to be scrambling if my app gets more users. I plan on going with AWS mostly. I am building my own SaSS. Want to be Cloud Agnostic for the most part.

The Tech Stack:

1. Users access Next.js frontend
2. Next.js backend (Koa.js) connects to Elasticache (Redis) for session storage, Public Subnet
3. Backend Express.js GraphQL API connects to RDS (PostgreSQL), Private Subnet

My Pipeline (My Order of Operations may be wrong):

1. Terraform and source code push to feature branch
2. Pull Request to Master Branch
3. Github Actions detects pull to Master and builds Docker Images and pushes to AWS ECR (Elastic Container Registry) Choosing over Docker Hub because my images aren't that large so AWS ECR is better.
4. AWS EKS (Elastic Kubernetes Service)
5. Worker Nodes will be Fargate
6. Frontend (Next.js) will have LoadBalancer Service
7. Backend (Express.js) GraphQL API will be ClusterIP Service for only internal Cluster communication.
8. I don't plan on having Elasticache (Redis) or RDS (PostgreSQL) as part of K8s Pods

I guess I am unclear at what part Terraform manifest file gets executed. I feel like I have no choice to use a container orchestration tool because how else will I know about my container's health. Like if I just use Docker as a standalone, I won't have any insights. But I hear that K8s is overkill for my application type since it really is just mainly is a frontend and backend API.

Still on initial stages of research, for Logging and Monitoring.

Logging:

1. FluentBit = EKS Worker Node (Fargate) Logging Agent
2. Logging Backend? Haven't decided yet...

Since EKS Control Plan is managed, I am assuming I do not need to do logging for that.

Monitoring:

1. Prometheus
2. Possibly use Grafana with Prometheus

I feel as if a lot of this is mandatory, I mean going EKS without logging and monitoring seems like a bad idea. But then again, I am new to this whole devops thing.

https://redd.it/pqc4ok
@r_devops

Which of the following is more important for DevOps?

There is a constant tug of ware between enabling developer velocity, risk reduction and cost reduction.

View Poll

https://redd.it/pqemfc
@r_devops

How do you handle the apps (e.g., open source tools) that do not have built-in SSO support?

Love to hear your thoughts.

View Poll

https://redd.it/pqeazv
@r_devops

What to expect from a Junior DevOps technical interview/assessment?

Hello folks! I recently applied for a Junior DevOps position and was able to successfully pass through the first round (!!) (a language test). I'm incredibly happy for this chance. However, next Friday I'll have an interview with someone from the engineering team and will be assigned a technical test to measure my skills. I'm nervous since I'm not sure what to expect from this test. I feel comfortable programming in Python, I know some Docker basics as well, and I'm also studying the basics from a AWS SA guide (just in case). May I ask if anyone can suggest me what other skills should I brush up? Any advice would be kindly appreciated.

Thanks in advance. Stay safe and healthy.

https://redd.it/pqghbf
@r_devops

Best secure practice to store environment details

I want to learn about the best practices to store all environment details to be accessed by other devops folks.

The use case would be something like once the infra is up all the details like ip, login details etc should be securedly stored but in a human accessible format.

https://redd.it/pqgwu3
@r_devops

How to Integrate legacy API with AWS API Gateway proxy

https://towardsaws.com/how-to-integrate-legacy-api-with-aws-api-gateway-proxy-9e1c52d35bab

https://redd.it/pqfkua
@r_devops

Security concerning Flask and AWS Products

Hello folks, so I'm used to deploy Flask and Dash Plotly apps (shared on private git repository) on EC2s connecting to S3 and RDSs using boto3 and SQLAlchemy respectively.

These apps have reports on public information, so it's no big deal them being public so basic flask authentication and security groups on AWS are quite fine.

My current problem is that now we might need to store some sensitivity information on S3 and RDS. I'm looking for advice with some devs in house, but I'd like to be prepared to talk to them.
What are some measures I could take to keep my app from being attacked and my storages safe?
I know that http is a problem and someone can put themselves between the client and the server, but what else should I be considering?
Should I use django for example? Is configuring nginx enough?

If the question is too loaded, answer only a bit, but thanks anyway.

https://redd.it/pqbq37
@r_devops

Auto-create SSL certificate - Python

Hello,

I'm a developer, and I'm trying to make a script that created the SSL certificate automatically, and I need to ask if there is any pioneer in the SSL certificate industry, that provides an API to get the certificate from the CSR key that's I have been generated from OpenSSL command line.

​

Note: the script would be on python

​

Many thanks

https://redd.it/pq5nux
@r_devops

How hard is it to land overseas with a devops job?

Has anyone have experience relocating/applying directly to an overseas country which requires visa sponsorship as a devops engineer?

Im a 3yr devops guy looking into canada or US.. but seems like company needs to sponsor the visa which makes it hard.. i thought devops would be relatively easier since its high demand? Anyone have any idea?

https://redd.it/pqpr2g
@r_devops

My Ansible and Terraform tooling in one docker image.

**https://github.com/bluxmit/alnoda-workspaces/tree/main/workspaces/ansible-terraform-workspace**

I'm used to running Ansible and Terraform on one of the infra servers, and happy to share the image I've made for that. It has OSS tools to visualize terraform infrastructure and state; schedule ansible playbooks, monitor executions, observe plays, etc. Can run in the cloud, has auth, https.

Includes Cronicle, Ansible Ara, cmdb, Ansible inventory grapher, Ansible playbook grapher, Terraform Rover, Terraform Balst Radius, and many more.

I hope someone finds it useful

https://redd.it/pqu2ra
@r_devops

Custom alarms in AWS

In our production environment we want to put an SNS alarm for whenever a S3 bucket is created and deleted and when any table is created in Dynamo DB or any new security group is added, and more. We have alreadt enabled Cloudtrail but when I enable "Data Events" for s3 and DyanmoDB is sent around 50 mails for every object is created in the selected bucket for Cloudtrail logs and we don't want this spam.

How can we achieve that?
Thanks!

https://redd.it/pqucnu
@r_devops

What does it mean to go from Waterfall software delivery to DevSecOps software delivery?

Work for an old fashioned company, I have no illusions that we do things in a dated fashion.

Code is delivered waterfall style via big projects that must hit certain milestones and features are delivered when they are ready. That means delivery dates often get pushed back and the user community really never knows when they are going to get updates.

We're bringing in some consultant firm apparantly to help us transition to a devsecops delivery style (be more agile is thrown around a lot)

I'm cool with that but I also want to understand more how that should look post-transformation so I can help myself and the consultants best do the actual work of transforming.

Is it simply making it acceptable to deliver smaller bits of features at a time? Is it about ensuring we have a CI/CD pipeline via github repository so everyone can check out/in code on the fly? Is it about making sure security is baked into every step of the process?

Help me understand what the actual software delivery process looks like in an old school waterfall style company vs one delivering it 'agile via devsecops' style? I feel I get the 'mindset & culture' change piece of this to reduce silos, but I'm struggling to comprehend if we are successful, how does that change my day to day delivery of software to the business. Thanks!

https://redd.it/pqwdkx
@r_devops

DevOps Responsibilities

Is the DevOps team responsible for where an application is deployed to? If so, is the team responsible for creating and maintaining the environment the application lives in?

https://redd.it/pqx7d2
@r_devops

Is getting a CKA cert worth it?

I have a bit of experience with k8s implementing long-term projects in our company. I kinda just learned things as I went along. Experience is with AKS on Azure and self hosted k8s.

What kind of companies care about the CKA cert? Who would be looking for it basically?

https://redd.it/pqxx9f
@r_devops

Messenger to slack and vice-versa

We have a messenger group chat, and basically, when a message is sent in that chat, I want it sent to a specific slack channel. Then when I type in the slack channel it is sent to that specific messenger group chat.

Is there a way to connect both applications together?

https://redd.it/pqzg0o
@r_devops

How to Integrate legacy API with AWS API Gateway proxy

The emergence of modern web and mobile applications, based on microservices exposing HTTP APIs, has highlighted the need to effectively integrate, deploy, decommission, throttle, and securing a plethora of heterogeneous web APIs.

In this article, we will see why and how to use the API Gateway proxy for integrating legacy APIs.

Full read on: https://towardsaws.com/how-to-integrate-legacy-api-with-aws-api-gateway-proxy-9e1c52d35bab

https://redd.it/pqzxpa
@r_devops

How do you find where the rsync process is coming from?

How do you find where the rsync process is coming from? We have a rsync process, but I am not sure what's the thing that initiate it. I looked at our cronjob running from the Wordpress project, looked at the code, and I don't really see anything that might be running it, but I know it's there, because I think I ran iotop and saw it. What are some helpful commands that would allow me to find it?

https://redd.it/pqyp0z
@r_devops

Most commonly used task manager amongst Python Devs?

What is the most commonly used task manager amongst Python Devs?

https://redd.it/pqwnkq
@r_devops

DevOps Technical Interview (Python)

Hello Everyone,

Let me just start off with some context. I'm a third year undergrad student studying Information Systems and pursuing a Finance minor. I will be graduating in three months (Dec 2021). At this point in time, I've interned as a DevSecOps Engineer for a DoD contractor and a Cloud Engineer Intern for a small consulting startup. I have an AWS Solutions Architect Associate cert as well as a Cloud Practitioner cert.

I've spent the last few weeks pumping out applications in hopes to beat my return offer from my previous internship and allow me to live somewhere more suitable to my likings. At this point, I've been interviewing with one company that I find really fascinating. Job Title: Devops Engineering (For Upcoming University Graduate).

My first interview was more of a screening interview with a recruiter and she moved me on to the second interview which was considered the technical interview. I met with an engineering manager and he asked me some fairly complex AWS scenarios but nothing too bad. Mostly going over my resume and asking me questions about it. He seemed to like me a lot and told me I would be moving onto the final stage. He said it was going to compose of 4, 45 minute interviews one-on-one style with a devops or software engineer on the team. An hour later, the first recruiter called me back for scheduling purposes and told me that the third stage was going to involve coding. I asked her about the style of the interview questions and she said it was going to be geared towards python and she said something like "I think there are going to be algorithm questions as well" but again she's only the recruiter and I do not know how much of the interview process she's involved with.

My python skills are incredibly mediocre at best as Information Systems does is not Computer Science. I have taken an Object Oriented Programming course in the past but it seemed to be geared more towards business applications. My on the job coding experience has mainly been boto3 scripting/shell scripting/aws cli/Dockerfiles/Buildspec/Appspec etc.

I have done maybe 5 leetcode questions in my life as I focus more on cloud infrastructure than programming. As an aspiring devops engineer, should I know a handful of algorithms and how to do leetcode? I feel as if my degree has let me down in terms of knowing how to program. Does anyone have any advice on how I should prepare for this technical interview? I have about 4 days to prepare.

Thanks!

https://redd.it/pqzdf0
@r_devops

GitOps tools in comparison

If you want to switch from classic CI/CD environments to GitOps, then you can choose from any of a large number of available tools. However, it is not always easy to tell which features they support and how suitable they are for your project at first glance. This article provides help in making a decision.

https://cloudogu.com/en/blog/gitops-tools

https://redd.it/pr3jkt
@r_devops