Securing Serverless Applications with Critical Logging
In this article, how serverless architecture can benefit your application; graceful scaling, cost efficiency, and a fast production time are just some of the things you think of when talking about serverless.
But what about serverless security? What do I need to do to ensure my application is not prone to attacks?
Read here: https://towardsaws.com/securing-serverless-applications-with-critical-logging-2a2d0da8697d
https://redd.it/ptoznz
@r_devops
In this article, how serverless architecture can benefit your application; graceful scaling, cost efficiency, and a fast production time are just some of the things you think of when talking about serverless.
But what about serverless security? What do I need to do to ensure my application is not prone to attacks?
Read here: https://towardsaws.com/securing-serverless-applications-with-critical-logging-2a2d0da8697d
https://redd.it/ptoznz
@r_devops
Medium
Securing Serverless Applications with Critical Logging
We’ve seen time and again how serverless architecture can benefit your application; graceful scaling, cost efficiency, and a fast…
GITLAB CI/CD PROCESS NOT STARTING
Notes:
* CI/CD is already set up across all repos
* new repo is made following the same structure and has the correct .gitlab-ci.yml file
* runners are available
yet, after code is pushed, the pipeline doesn't start. It says the pipeline isn't setup... So i went to the settings page for it --> turned off CI/CD --> saved --> turned on CI/CD --> saved --> no luck
can anyone suggest next steps I can take? The CTO is away and i'm slowly learning this but have hit a roadblock
https://redd.it/ptxedx
@r_devops
Notes:
* CI/CD is already set up across all repos
* new repo is made following the same structure and has the correct .gitlab-ci.yml file
* runners are available
yet, after code is pushed, the pipeline doesn't start. It says the pipeline isn't setup... So i went to the settings page for it --> turned off CI/CD --> saved --> turned on CI/CD --> saved --> no luck
can anyone suggest next steps I can take? The CTO is away and i'm slowly learning this but have hit a roadblock
https://redd.it/ptxedx
@r_devops
reddit
GITLAB CI/CD PROCESS NOT STARTING
Notes: * CI/CD is already set up across all repos * new repo is made following the same structure and has the correct .gitlab-ci.yml file *...
SilverSurfer - An OpenSource project to check ApiVersion Status and provide Migration path for Kubernetes objects when upgrading Kubernetes to 1.22 or any other.
Hey Everyone, as Kubernetes released its version 1.22, Developers and DevOps Engineers need to upgrade Kubernetes Objects before upgrading Kubernetes. It's a tedious task to know whether the current ApiVersion of the Object is Removed, Deprecated or Unchanged. We thought why not build a tool, Silver-Surfer, that would not only validate against the given Kubernetes version but also provides a Migration Path to a newer ApiVersion. It shows exact errors which need to be resolved for migration to newer ApiVersion as well as specification errors with respect to the provided ApiVersion in case it is not removed.
https://github.com/devtron-labs/silver-surfer
I know that there are other tools that provide similar functionality but they seemed Inadequate
Kubeval \- Well known, It only validates against the given Kubernetes Version but doesn’t provide a migration path
Kubent \- Only provides Info about removed and deprecated api but no schema validation
Kubepug \- Only checks whether the existing objects have any Deprecated ApiVersions
Silver-Surfer uses openapi spec provided by the Kubernetes with releases, for eg. in case of target kubernetes version 1.22 openapi spec for 1.22, to validate the Kubernetes objects for depreciation or non-conformity with openapi spec. This allows it to validate against any kubernetes version as soon as its specs are released on the github kubernetes project.
It's a side project we took up as these issues were a hassle upgrading one of our Platforms, Devtron.
Would love to know what you think of this, any suggestions and Contributions are welcome :)
https://redd.it/pty4bh
@r_devops
Hey Everyone, as Kubernetes released its version 1.22, Developers and DevOps Engineers need to upgrade Kubernetes Objects before upgrading Kubernetes. It's a tedious task to know whether the current ApiVersion of the Object is Removed, Deprecated or Unchanged. We thought why not build a tool, Silver-Surfer, that would not only validate against the given Kubernetes version but also provides a Migration Path to a newer ApiVersion. It shows exact errors which need to be resolved for migration to newer ApiVersion as well as specification errors with respect to the provided ApiVersion in case it is not removed.
https://github.com/devtron-labs/silver-surfer
I know that there are other tools that provide similar functionality but they seemed Inadequate
Kubeval \- Well known, It only validates against the given Kubernetes Version but doesn’t provide a migration path
Kubent \- Only provides Info about removed and deprecated api but no schema validation
Kubepug \- Only checks whether the existing objects have any Deprecated ApiVersions
Silver-Surfer uses openapi spec provided by the Kubernetes with releases, for eg. in case of target kubernetes version 1.22 openapi spec for 1.22, to validate the Kubernetes objects for depreciation or non-conformity with openapi spec. This allows it to validate against any kubernetes version as soon as its specs are released on the github kubernetes project.
It's a side project we took up as these issues were a hassle upgrading one of our Platforms, Devtron.
Would love to know what you think of this, any suggestions and Contributions are welcome :)
https://redd.it/pty4bh
@r_devops
GitHub
GitHub - devtron-labs/silver-surfer: Kubernetes objects api-version compatibility checker and provides migration path for K8s objects…
Kubernetes objects api-version compatibility checker and provides migration path for K8s objects and prepare it for cluster upgrades - devtron-labs/silver-surfer
Any Unity (Game) DevOps Engineers Have Advice For CI/CD?
I am setting up the CI/CD for game development in a repository. I am using gameci and trying to get it to run in AWS but it is proving to be more difficult than expected. Our current stack is GitHub actions, AWS, and Github.
if you work on game development with Unity, what is your current CI/CD workflow and what advice would you have for me?
https://redd.it/pu035w
@r_devops
I am setting up the CI/CD for game development in a repository. I am using gameci and trying to get it to run in AWS but it is proving to be more difficult than expected. Our current stack is GitHub actions, AWS, and Github.
if you work on game development with Unity, what is your current CI/CD workflow and what advice would you have for me?
https://redd.it/pu035w
@r_devops
reddit
Any Unity (Game) DevOps Engineers Have Advice For CI/CD?
I am setting up the CI/CD for game development in a repository. I am using [gameci](https://game.ci/) and trying to get it to run in AWS but it is...
Why does Bazel not get more love?
We just ran a PoC to port over all our dev, build, and deploy tooling to run on Bazel, and so far it’s been an absolute dream. We have a medium-sized codebase, probably a bit small for Bazel’s ‘sweet spot’. But, forgetting all the reasons why Google made it, having one set of tools that compiles and deploys all your code to any environment, and with only the changes that are necessary, feels like the future.
We’re thinking about rolling this out to the whole of our org, but we’re getting pushback because, frankly, it’s an unknown. There aren’t that many articles on it outside of the C++/Java world, and we’re a JS/PHP/Go shop. But why? There seems to be plenty of support in the actual code. It feels like a diamond in the rough.
I could talk about it for hours but I’d love to hear your opinions. Did you consider adopting it? What did you ultimately end up choosing?
https://redd.it/pu30to
@r_devops
We just ran a PoC to port over all our dev, build, and deploy tooling to run on Bazel, and so far it’s been an absolute dream. We have a medium-sized codebase, probably a bit small for Bazel’s ‘sweet spot’. But, forgetting all the reasons why Google made it, having one set of tools that compiles and deploys all your code to any environment, and with only the changes that are necessary, feels like the future.
We’re thinking about rolling this out to the whole of our org, but we’re getting pushback because, frankly, it’s an unknown. There aren’t that many articles on it outside of the C++/Java world, and we’re a JS/PHP/Go shop. But why? There seems to be plenty of support in the actual code. It feels like a diamond in the rough.
I could talk about it for hours but I’d love to hear your opinions. Did you consider adopting it? What did you ultimately end up choosing?
https://redd.it/pu30to
@r_devops
reddit
Why does Bazel not get more love?
We just ran a PoC to port over all our dev, build, and deploy tooling to run on Bazel, and so far it’s been an absolute dream. We have a...
Does anyone use Hashicorp's Waypoint? Thoughts?
Hey all. Just wondering whats the outlook of this tool almost a year out? I am a big fan of Hashicorp's tools, and Waypoint is exciting to me as I've transitioned to mainly application development. What are people's thoughts on it?
https://redd.it/pu3xrn
@r_devops
Hey all. Just wondering whats the outlook of this tool almost a year out? I am a big fan of Hashicorp's tools, and Waypoint is exciting to me as I've transitioned to mainly application development. What are people's thoughts on it?
https://redd.it/pu3xrn
@r_devops
reddit
Does anyone use Hashicorp's Waypoint? Thoughts?
Hey all. Just wondering whats the outlook of this tool almost a year out? I am a big fan of Hashicorp's tools, and Waypoint is exciting to me as...
Monitoring rootless Podman containers - Cadvisor, alternative solutions?
We have some services we've been running with Docker on some edge hosts, but some requirements have changed (supporting RHEL8, namely) and we need to start using Podman. I've got our app up-and-running, but cannot for the life of me get CAdvisor to work with Podman (FWIW, we are running Podman rootlessly).
It doesn't seem like CAdvisor currently supports Podman (https://github.com/google/cadvisor/issues/2424), but maybe there is some workaround.
Have you implemented container monitoring with CAdvisor + Podman? If not, what are you using to collect information about metrics (Mem, CPU, etc.)?
https://redd.it/pu3myn
@r_devops
We have some services we've been running with Docker on some edge hosts, but some requirements have changed (supporting RHEL8, namely) and we need to start using Podman. I've got our app up-and-running, but cannot for the life of me get CAdvisor to work with Podman (FWIW, we are running Podman rootlessly).
It doesn't seem like CAdvisor currently supports Podman (https://github.com/google/cadvisor/issues/2424), but maybe there is some workaround.
Have you implemented container monitoring with CAdvisor + Podman? If not, what are you using to collect information about metrics (Mem, CPU, etc.)?
https://redd.it/pu3myn
@r_devops
GitHub
Add support for Podman containers · Issue #2424 · google/cadvisor
Hi, I am running cAdvisor inside a container on RHEL 8.1. I can get it to run but the metrics I get from it doesn't contain the name of the containers. Note that since I'm on RHEL/CentOS 8 ...
Concourse CI Pipeline that can set a variable from a file in Git repo
I'm experimenting with Concourse CI pipelines and really enjoying the process of grabbing an app, building it into a container image and pushing that image to a registry (Harbor in my case).
One thing I'd like to do, but after a bit of research haven't quited figured out how to do so is - Have my pipeline use a Gitlab resource to read the contents of a file in the Gitlab repo and set that string (contents of the file) as a variable for another resource/task to use.
I guess part of the problem is wording exactly what I'm hoping to do.
For an example we might have a simple text file "config.txt" living in a Git(lab) repo. We would want the Concourse pipeline to look at /grab/ pull that text file and store it's contents (a string) as a variable that could be used elsewhere in the pipeline.
https://redd.it/pu1oz9
@r_devops
I'm experimenting with Concourse CI pipelines and really enjoying the process of grabbing an app, building it into a container image and pushing that image to a registry (Harbor in my case).
One thing I'd like to do, but after a bit of research haven't quited figured out how to do so is - Have my pipeline use a Gitlab resource to read the contents of a file in the Gitlab repo and set that string (contents of the file) as a variable for another resource/task to use.
I guess part of the problem is wording exactly what I'm hoping to do.
For an example we might have a simple text file "config.txt" living in a Git(lab) repo. We would want the Concourse pipeline to look at /grab/ pull that text file and store it's contents (a string) as a variable that could be used elsewhere in the pipeline.
https://redd.it/pu1oz9
@r_devops
reddit
Concourse CI Pipeline that can set a variable from a file in Git repo
I'm experimenting with Concourse CI pipelines and really enjoying the process of grabbing an app, building it into a container image and pushing...
Architecture Review from Peers
I'm trying to move my org's CI pipelines from Jenkins to GitHub Actions. As part of the transition, I want to still support Jenkins in case we run into difficulties. We have some CD pipelines in Jenkins and the rest in Rundeck (legacy).
I want to introduce a service in between our CI and CD pipelines that would be a router of releases and deployments to the appropriate platform and pipeline. I'm thinking about leveraging Brigade as it'll allow us to add some event-driven scripts to direct traffic appropriately. Here's a rough design:
* GitHub Actions pipeline creates an asset or Jenkins pipeline creates an asset
* Brigade receives an event and retrieves the details needed as a parameter to the CD pipeline
* Jenkins or Rundeck job is kicked off and handles the release and possibly the deployment
We want to avoid storing secrets in GitHub Repo Secrets. In addition, while I like Azure DevOps, I want to avoid that for now due to a lack of resources.
Let me know if you have any questions.
https://redd.it/pu8dgz
@r_devops
I'm trying to move my org's CI pipelines from Jenkins to GitHub Actions. As part of the transition, I want to still support Jenkins in case we run into difficulties. We have some CD pipelines in Jenkins and the rest in Rundeck (legacy).
I want to introduce a service in between our CI and CD pipelines that would be a router of releases and deployments to the appropriate platform and pipeline. I'm thinking about leveraging Brigade as it'll allow us to add some event-driven scripts to direct traffic appropriately. Here's a rough design:
* GitHub Actions pipeline creates an asset or Jenkins pipeline creates an asset
* Brigade receives an event and retrieves the details needed as a parameter to the CD pipeline
* Jenkins or Rundeck job is kicked off and handles the release and possibly the deployment
We want to avoid storing secrets in GitHub Repo Secrets. In addition, while I like Azure DevOps, I want to avoid that for now due to a lack of resources.
Let me know if you have any questions.
https://redd.it/pu8dgz
@r_devops
reddit
Architecture Review from Peers
I'm trying to move my org's CI pipelines from Jenkins to GitHub Actions. As part of the transition, I want to still support Jenkins in case we run...
Portainer and Canonical Expand Partnership Launching Business Charm for Charmed Kubernetes
Portainer has announced the launch of its Portainer Business Charmed Operator, allowing for seamless integration with Canonical’s Charmed Kubernetes distribution.
The new Portainer charm allows users of Canonical’s Charmed Kubernetes distribution to automatically install and integrate Portainer Business as part of the Kubernetes cluster deployment process, using Juju, the Charmed Operator framework.
https://www.portainer.io/blog/portainer-business-charm-launched-for-canonicals-charmed-kubernetes
https://redd.it/pu7lje
@r_devops
Portainer has announced the launch of its Portainer Business Charmed Operator, allowing for seamless integration with Canonical’s Charmed Kubernetes distribution.
The new Portainer charm allows users of Canonical’s Charmed Kubernetes distribution to automatically install and integrate Portainer Business as part of the Kubernetes cluster deployment process, using Juju, the Charmed Operator framework.
https://www.portainer.io/blog/portainer-business-charm-launched-for-canonicals-charmed-kubernetes
https://redd.it/pu7lje
@r_devops
Canonical
Automate software operations with Juju and charms
| Canonical
| Canonical
Software operations are easier with Juju – the open source orchestration engine for software operators. Deploy, integrate, scale and manage your applications' lifecycle at any scale, on any infrastructure with Juju and charms.
Hello all! I’m someone who is just starting out in DevOps
I was hoping I could get your advice on whether I should start a blog writing about stuff I’m learning about. my biggest challenge is I don’t have much experience writing a blog and I don’t have much experience in the industry. Although I do have lots of ideas about topics I want to write about. So really just hoping to get some motivation on if this is something I should do.
https://redd.it/pu919y
@r_devops
I was hoping I could get your advice on whether I should start a blog writing about stuff I’m learning about. my biggest challenge is I don’t have much experience writing a blog and I don’t have much experience in the industry. Although I do have lots of ideas about topics I want to write about. So really just hoping to get some motivation on if this is something I should do.
https://redd.it/pu919y
@r_devops
reddit
Hello all! I’m someone who is just starting out in DevOps
I was hoping I could get your advice on whether I should start a blog writing about stuff I’m learning about. my biggest challenge is I don’t...
Analytics to devops
I m tableau developer with 3 years of experience and good knowledge in Machine learning .I m right now confused to pursue which one as my next career transition I'm so excited about devops and same time interested in ML . Should I leave my analytic experience and start fresh in devops does my analytics experience will be barrier to make jump?
I have knowledge in Jenkins ,python ,Aws ,SQL and basis Linux stuff and tableau administration.
https://redd.it/pu8g7y
@r_devops
I m tableau developer with 3 years of experience and good knowledge in Machine learning .I m right now confused to pursue which one as my next career transition I'm so excited about devops and same time interested in ML . Should I leave my analytic experience and start fresh in devops does my analytics experience will be barrier to make jump?
I have knowledge in Jenkins ,python ,Aws ,SQL and basis Linux stuff and tableau administration.
https://redd.it/pu8g7y
@r_devops
reddit
Analytics to devops
I m tableau developer with 3 years of experience and good knowledge in Machine learning .I m right now confused to pursue which one as my next...
Sharing files securely using S3, CloudFront, and signed URLs
With terraform example.
Read on: https://towardsaws.com/sharing-files-securely-using-s3-cloudfront-and-signed-urls-15e170365422
https://redd.it/pudu98
@r_devops
With terraform example.
Read on: https://towardsaws.com/sharing-files-securely-using-s3-cloudfront-and-signed-urls-15e170365422
https://redd.it/pudu98
@r_devops
Medium
Sharing files securely using S3, CloudFront, and signed URLs
With Terraform examples
Moving Docker Swarm to Kubernetes(EKS)?
Looking to migrate multiple Docker Swarm clusters into EKS(AWS Kubernetes). I find it strange that it's quite hard to find any detailed information on such a process. Anyone has done such migrations and/or can recommend good resources to read that go into details on how to properly do it and main things to look out for?
https://redd.it/pudxeu
@r_devops
Looking to migrate multiple Docker Swarm clusters into EKS(AWS Kubernetes). I find it strange that it's quite hard to find any detailed information on such a process. Anyone has done such migrations and/or can recommend good resources to read that go into details on how to properly do it and main things to look out for?
https://redd.it/pudxeu
@r_devops
reddit
Moving Docker Swarm to Kubernetes(EKS)?
Looking to migrate multiple Docker Swarm clusters into EKS(AWS Kubernetes). I find it strange that it's quite hard to find any detailed...
I finally get to start working on the hashicorp stack
Any advice? I’ll probably start looking at it in about 2-8 weeks.
https://redd.it/pu9zh4
@r_devops
Any advice? I’ll probably start looking at it in about 2-8 weeks.
https://redd.it/pu9zh4
@r_devops
reddit
I finally get to start working on the hashicorp stack
Any advice? I’ll probably start looking at it in about 2-8 weeks.
How do you handle burnout
Burnout is always something that has plagued me in my career. On one had I think it seems to say a lot about the companies that I work for, it seems like after 2 years I am totally burnt out no matter where I go, but on the other hand I know that I need to know how to recover and protect myself from burnout.
I could use some coping mechanisms or advice from fellow my DevOps. What do you do to prevent burn out? How do you handle it when you become burnt out anyway?
https://redd.it/pufsx2
@r_devops
Burnout is always something that has plagued me in my career. On one had I think it seems to say a lot about the companies that I work for, it seems like after 2 years I am totally burnt out no matter where I go, but on the other hand I know that I need to know how to recover and protect myself from burnout.
I could use some coping mechanisms or advice from fellow my DevOps. What do you do to prevent burn out? How do you handle it when you become burnt out anyway?
https://redd.it/pufsx2
@r_devops
reddit
How do you handle burnout
Burnout is always something that has plagued me in my career. On one had I think it seems to say a lot about the companies that I work for, it...
Change jobs frequently for better pay/career progress?
How often do you change jobs? Would you view changing jobs every/every other other year to get broader experience and exposure to more technologies a bad idea?
https://redd.it/puhmip
@r_devops
How often do you change jobs? Would you view changing jobs every/every other other year to get broader experience and exposure to more technologies a bad idea?
https://redd.it/puhmip
@r_devops
reddit
Change jobs frequently for better pay/career progress?
How often do you change jobs? Would you view changing jobs every/every other other year to get broader experience and exposure to more...
I’m interested in learning about “builds”. Where to start?
I am a new software engineer. I know at a high level what the build process is, but that’s about it. If I wanted to take a closer look at what is happening when something is “built”, where would I go?
https://redd.it/puhsc5
@r_devops
I am a new software engineer. I know at a high level what the build process is, but that’s about it. If I wanted to take a closer look at what is happening when something is “built”, where would I go?
https://redd.it/puhsc5
@r_devops
reddit
I’m interested in learning about “builds”. Where to start?
I am a new software engineer. I know at a high level what the build process is, but that’s about it. If I wanted to take a closer look at what is...
Interview with DevOps Manager
I'm interviewing for a non-DevOps, business analyst position and have a multi-panel interview gauntlet next week. One of the members of the panel is a DevOps Lead.
What kinds of questions would a DevOps guy appreciate getting from a non-DevOps person in the IT organization? I want to show that I value the idea of DevOps and respect what he does but don't want to dig into questions like "Do you feel that you guys actually do DevOps or is the organization just playing lip service to the buzzword?"
Maybe I can ask questions about how the lead feels that DevOps is contributing to business outcomes/agility or software quality and system stability?
My role as a business analyst in the IT organization is going to be focused on working with non-IT business units to help pick the best tools and software that they need to get their jobs done.
Thanks!
https://redd.it/puihls
@r_devops
I'm interviewing for a non-DevOps, business analyst position and have a multi-panel interview gauntlet next week. One of the members of the panel is a DevOps Lead.
What kinds of questions would a DevOps guy appreciate getting from a non-DevOps person in the IT organization? I want to show that I value the idea of DevOps and respect what he does but don't want to dig into questions like "Do you feel that you guys actually do DevOps or is the organization just playing lip service to the buzzword?"
Maybe I can ask questions about how the lead feels that DevOps is contributing to business outcomes/agility or software quality and system stability?
My role as a business analyst in the IT organization is going to be focused on working with non-IT business units to help pick the best tools and software that they need to get their jobs done.
Thanks!
https://redd.it/puihls
@r_devops
reddit
Interview with DevOps Manager
I'm interviewing for a non-DevOps, business analyst position and have a multi-panel interview gauntlet next week. One of the members of the panel...
Life of an DevOps Engineer
1. Birth
2. Server load is too high, we need to stop all tenants.
4. Death
https://redd.it/pujupa
@r_devops
1. Birth
2. Server load is too high, we need to stop all tenants.
4. Death
https://redd.it/pujupa
@r_devops
reddit
Life of an DevOps Engineer
1. Birth 2. Server load is too high, we need to stop all tenants. 4. Death