Has anyone here moved from devops to another role?

Recently I've been thinking of switching things up as I'm not particularly interested in "devops" anymore (read IaC, cloud and building pipelines) but just stick around due to it being a fairly easy job and pretty well paying.

I've been thinking of perhaps switching to network engineering as I've got pretty good knowledge of networking already (all my experience is in the cloud though). Has anyone else made this switch or similar?

https://redd.it/pwpk38
@r_devops

Startup( small- Medium size) vs large enterprise which one is better ?

Hello everyone,
I have 4+ years of experience working as a software developer+ devops/ SRE. I have worked with 3 different companies now, all of which were small to medium size startups. They had very rapid and hyper development environment where things are created and pushed very fast.

Right now I am working in a startup which has around 500+ employees, company's net worth is around $2B. As a devops/ SRE i am responsible for working in CI/CD, automation, monitoring, cloud and containers tech, Databases etc. I may not be expert in all horizontals but i have either fair or good knowledge on each of these.

Now, I have offer from very big enterprise. It has more than 16k+ employees, and is subsidiary of FAANGM. To my understanding they have different teams of each of the different tech they use for eg for they have a different team for kafka, or rational DB or some monitoring tech.

As a DevOps/SRE guy i dont want to restrict myself to just one particular technology/ tool. This domain is already too dynamic, sticking to just one tech would be entering into some sort of a comfort zone i think.


If anyone can shed some lights on this, who have worked with some large scale companies or anyone who has better knowledge and understanding on this..

Context- India, if it makes any difference.

Thanks

https://redd.it/pwpvct
@r_devops

Concourse trigger pipeline to run from another pipeline

I'm using a pipeline with the "set-pipeline" call in order to set another pipeline whenever a push to it's repo is detected. The problem is after setting the updated pipeline, I'd also like to trigger it to run but am not sure how to do so.

For example here is what my auto setting pipeline looks like, would like to figure out how to run a pipeline "build_to_registry" after setting it.

resources:

\- name: my-repo

type: git

source:

uri: ((GIT REPO)

branch: main

paths:

\- yamls/pipelines/

username: ((repo-username))

password: ((repo-password))

​

jobs:

\- name: reconfigure-mypipeline

plan:

\- get: my-repo

trigger: true

\- set_pipeline: build_to_registry

file: my-repo/yamls/pipelines/build_to_registry.yml

vars:

repo-username: ((repo-username))

repo-password: ((repo-password))

registry-username: ((registry-username))

registry-password: ((registry-password))

https://redd.it/pwrm5h
@r_devops

OneDev5 - the open source DevOps server now gets agent based CI/CD farm and full Git LFS support

OneDev is an all-in-one devops server with Git repository management, built-in CI/CD, and issue boards, featuring easy to use, high performance, and good resource usage.

The 5.0 release sees agent based CI/CD farm and full Git LFS support.

# Agent Based CI/CD Farm

In addition to run CI/CD jobs on Kubernetes cluster, OneDev is now able to run jobs on remote machine via agents. Agent can run jobs with or without container, based on executor type you are using. Agents are designed to be zero-maintenance. It will update automatically when server is upgraded. Check these tutorials to explore more of agents

# Git LFS Support

Git LFS is now fully supported, with http access, ssh access and file locking. The CI/CD checkout step can also retrieve LFS files into job workspace if option "Retrieve LFS Files" is turned on

https://redd.it/pwub7h
@r_devops

Confused about my next step...

Hi guys! I'm a 21 year old graduating senior with a computer network and systems management degree, and I'm honestly kind of lost in what to do as my career. I've been reading into dev-ops and cloud architects as a career and it sounds the most interesting to me. My professor told me that getting the CCNA was the best first step due to my major but just in my personal opinion system administration doesn't seem to be very viable in the future. Is getting an AWS cert the correct next step for me? I'm currently studying Linux systems admin on LinkedIn learning and want to decide what cert I will go for next. Should I be going for the CCNA or do you guys think the AWS solutions architect is a better fit to transition to DevOps and cloud computing? Thank you so much for the help!

https://redd.it/pwunsh
@r_devops

DevOps as a student

I’m a CS student with background in IT.
I recently got a job offer as a DevOps student in a cyber security company.
I’m also expecting a job offer as a software developer in a networking company.
I don’t know which one of them is better for me and my future career.
If I take the DevOps job, will it be considered as programming experience in case I want to apply to a SWE position in the future? What’s my best course of action in your opinion?

https://redd.it/pwrm33
@r_devops

Random question from somewhat of a lay person: I’m using Amazon Lightsail to host a dedicated Halo 2 server (lol) - Should I use Windows Server 2012 or 2019?

I figured that it would be better to use Windows Server 2012 instead of 2019 in terms of compatibility since it’s closer to the release of Halo 2 (2007). Is there any merit to this or would I be completely fine with 2019? I kind of hate the 2008’ish layout of Windows Server 2012, but if it might have better compatibility with the Halo server application I’m fine with using it.

https://redd.it/pwrfqh
@r_devops

buildkite

We're currently evaluating buildkite and wondering if anyone has any feedback that you would like to share.

https://redd.it/pwr5qf
@r_devops

Prometheus basic auth

Hi there,

We've set-up a Grafana and Prometheus cluster with succes, but i'm wondering one thing. Grafana is working with LDAP authentication but i want to hide/protect the Prometheus instance with basic auth (see their documentation: https://prometheus.io/docs/guides/basic-auth/) but i have no idea how i can reach this via their docker which is on docker-hub. Now i'm wondering, has anyone done this with succes in a docker container?

Kind regards.

https://redd.it/px14ve
@r_devops

What differentiates a Senior DevOps from a Mid Level?

It's about time for me to start up the job search again, and I currently have 4+ years of experience in DevOps (CICD, Kubernetes, Cloud, etc etc). I'm curious as to what the expectation of a Senior level position is compared to a Mid level?

https://redd.it/px12a4
@r_devops

How to balance ECS Fargate with ALB

Short explainer on providing L7 load balancing to serverless ECS tasks: https://www.youtube.com/watch?v=YH8y-oKIpIY&lc=Ugyz6Q9hgcPemQ82xRt4AaABAg

https://redd.it/px0kdy
@r_devops

How is it to work as a devops on a daily basis? am i following a path that matches that profile?

Hi there!

Let me explain a little of context. A year ago i finished my sysadmin studies, somehow at a "university" level, but in a more professional focus way.

So from that point i jumped inside learning mongodb, python and ansible but got "interrupted" because i started a fullstack webdev course earlier this year that will end in less than a month. Now i want to take advantage of that and mix both mongodb and ansible basics i already know with webdev, getting into the mern stack (mongodb,express, react and nodejs) as a project for 2022, letting python aside for now, i also learned a bit of mysql (already known before the webdev thing), git and github workflow.

My main question/concern here is that, lets say i get a job as a devops in two or three months, how do your workflow "looks" like on a daily basis? i mean, which main tasks do you repeat the most? Do i fit on the devops profile? i already know a bunch of stuff sysadmin related from my already mentioned studies.

Also any recommendation about what to learn is really welcomed. Thanks in advance and hope you have/had/are having a great day!.

Edited pre posting: yes, i deleted the previous one because i misstyped the title, im sorry.

https://redd.it/pwm3tp
@r_devops

DevOps Master Class Part 7 - Containers & Friends

In part 7 we look at containers, Docker, Kubernetes, Helm and more and how it fits into DevOps and why we care!

https://youtu.be/r6YIlPEC4y4

https://redd.it/px6gg5
@r_devops

Question about creating a hands-on interview module for devops engineers

I've been asked to to hire some folks for a new ci/cd team. (my day to day does not involve supporting ci/cd pipelines. I'm not a CI/CD expert.)

I don't want to waste candidates time with multiple interviews, and I also want to be as close to 100% sure that candidates aren't wasting our time by lying about what their capabilities are. In the past for sysadmin technical interviews I've created modules where the candidate logs into a box and troubleshoots. I've found it to be a very effective filter for paper tigers and bullshit artists. It allows us to proceed to more fruitful conversations in the interview.

I want to do something similar here except focused around ci-cd fundamentals. I'm going to throw out an idea, let me know what you think. (EXPAND ON THIS)

technologies we use: git, containers, jenkins, argocd, kubernetes, gcp, terraform.

the role is focused around automating the safe delivery of our applications. (big on security)

\----

First we email them a scenario with instructions. (they have one hour to complete the module, and then a 1 hour interview after the module. 2h overall)

# Scenario
Dear candidate,

Deploy this application to the !production! Kubernetes cluster in one hour. Make sure its free of any bugs / vulnerabilities
Developers say that they the scanner broke a while ago, so they just removed that step from the build process.
the CD job isn't finished, so they just update the deployment with the new tag manually.

P.S you can find the credentials for jenkins in the cluster in the jenkins namespace. You have to connect to the bastion host to reach the cluster.
Bastion host: 127.0.0.1
user: develop
<sshkey attached>

&#x200B;

#========================
# MODULE
#========================
- We give them a really bad dockerfile
- run as root, privileged
- pull software on runtime
- put a critical vulnerability in the container (see if they push it)

- Give them access to a completely unsecured (open to internet) jenkins instance
- (can they gain access without explicitly being told the password?hint: its in the jenkins namespace as a secret)
- Pipeline broken
- developers disabled scanner step

- Kubernetes Give them access to manually push to kubernetes cluster
- Kubernetes have kyverno(policy agent) reject the deployment ( because its running as root)

Scoring:- did they deploy the application?

\- if they did deploy it, see if it has the critical vulreabilities you injected.

\- Ask them what advice they would give to developers looking to secure their app

\- Ask them questions how they would improve the pipeline given more time.

\- dig into : why why why why

I think this scenario is clever because you can evaluate:

\- can they do the job (skills)

\- jenkins

\- kubernetes

\- do we trust their judgement ( security)- can they deal with ambiguity?- are they going to deploy a bad app to the production cluster?- do they even know its bad?- do they have any other thoughts about how to improve the pipeline / application

\---

I'm just work-shopping this idea around before I get into the nitty gritty of implementing it.I might remove the jenkins part all together and just give them the tools to build/test the container on the bastion host and then deploy it to the cluster.

Do yall have any thoughts on this?

https://redd.it/px7m62
@r_devops

Any AI-based open source security scanners out there?

Looking into various security "DevSecOps" tools for a pipeline. I noticed that every single tool so far I've found that mentions "AI-based" security/anomaly-detection comes with a hefty price tag.

Is there anything that falls in this category that's open-source/free? Just curious

https://redd.it/px68rl
@r_devops

A visual C4 model tool for your team

Hey,

Thanks for all the feedback so far. We've worked hard on addressing the points raised and would love to get some more super valuable feedback from the community.

Check out what we've been working on.

https://u.icepanel.io/4cdbc094

Thanks!

Victor

https://redd.it/pxaoiu
@r_devops

I need help setting up CD/CI with Docker Compose

Hi,

I'm a full-stack web dev who needs to break into DevOps (my app got more complex than I anticipated) and I'm really new to Docker and pipelines forgive me if my question makes no sense or has already been answered.

I set up my dev environment via a compose file with some containers, but I'd like to eventually work towards something like this:

\- I push code to GitHub

\- some CD software notices and starts a testing environment, with my new code and some throwaway dbs (postgres, redis), then runs my unit and integration tests.

\- if there was no error, then my testing environment gets shut down and the new code is run in prod, on my actual dbs (the dbs wouldn't be in containers).

I've never really done CD / CI before, so I'm completely lost.

&#x200B;

Thank you!

https://redd.it/pxb6rm
@r_devops

Have you done Cloud DevOps

Our management wants to expand our computing grid to the cloud, but our setup is not straight forward. We run \~100GB RAM simulations from \~100s repositories at the same time with \~10GB output log, while using semi-custom SCM (something on top of git). Locally everything is easy, just have one main NFS, repos get cached on this share and the output is thrown back to this share.

We don't have a dedicated DevOps, even though the department is in hundreds of people. We (who are definitely not DevOps) have two options:

we need to duplicate our cache, but this means the whole new NetApp in the cloud. (seems like a dumb solution to just close what we have locally, but into the cloud) Easy(?), but expensive(!)
(ATTENTION crazy idea ahead) Compile a docker image for every simulation. Package all repos and all tools, then upload the image on the cloud, execute. (Image is \~30GB, seems crazy to me)

The ideal would be if we could attach Cloud nodes over VPN to our NFS, but it is gonna be slow. Have you ever had any similar problems? Who to ask for help?

TLDR: how to allow Cloud to access 100s of GB of local files to run simulations?

https://redd.it/px7jnu
@r_devops

Free intro to Linux commandline/server course starting 4 October 2021


This free month-long course is re-starting again on the first Monday of next month.

This course has been running successfully now every month since February 2020 - more detail at: https://LinuxUpskillChallenge.org - daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is also used for support/discussion.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

Any feedback very welcome.

https://redd.it/pxe7cd
@r_devops

Migrating from cloud to VPS

A sad story short - one of our clients wants to migrate around 350 different application and DB servers from Azure VMs + Cosmo DB to a basic kvm hosting on some random small hosting provider.

The problem is that currently all of the environments use Terraform for IaC and we use managed Kubernetes service for part of the applications (the rest are on VMs).

The new provider doea not have any API or managed services, just pure basic VPS with SSH access.

My approach is to spin up multiple K8s and Rancher clusters to use for all apps from the current Kubernetes clusters and few Ansible managed VMs for the databases (MySQL and Postgre). Create Ansible playbooks for the rest of the applications, then do rsync of all stateful (yes) apps and database syncs between the old and new databases before the DNS switchover.

What would you do differently?

https://redd.it/pxaziw
@r_devops

Production Kubernetes: Building Successful Application Platforms ebook

The brilliance of Kubernetes is how configurable and extensible the system is, from pluggable runtimes to storage integrations. For platform engineers, software developers, infosec, network engineers, storage engineers, and others, this book examines how the path to success with Kubernetes involves a variety of technology, pattern, and abstraction considerations. Learn and read about this ebook from here: Production Kubernetes: Building Successful Application Platforms ebook

https://redd.it/px9e0t
@r_devops