DevOps as a student

I’m a CS student with background in IT.
I recently got a job offer as a DevOps student in a cyber security company.
I’m also expecting a job offer as a software developer in a networking company.
I don’t know which one of them is better for me and my future career.
If I take the DevOps job, will it be considered as programming experience in case I want to apply to a SWE position in the future? What’s my best course of action in your opinion?

https://redd.it/pwrm33
@r_devops

Random question from somewhat of a lay person: I’m using Amazon Lightsail to host a dedicated Halo 2 server (lol) - Should I use Windows Server 2012 or 2019?

I figured that it would be better to use Windows Server 2012 instead of 2019 in terms of compatibility since it’s closer to the release of Halo 2 (2007). Is there any merit to this or would I be completely fine with 2019? I kind of hate the 2008’ish layout of Windows Server 2012, but if it might have better compatibility with the Halo server application I’m fine with using it.

https://redd.it/pwrfqh
@r_devops

buildkite

We're currently evaluating buildkite and wondering if anyone has any feedback that you would like to share.

https://redd.it/pwr5qf
@r_devops

Prometheus basic auth

Hi there,

We've set-up a Grafana and Prometheus cluster with succes, but i'm wondering one thing. Grafana is working with LDAP authentication but i want to hide/protect the Prometheus instance with basic auth (see their documentation: https://prometheus.io/docs/guides/basic-auth/) but i have no idea how i can reach this via their docker which is on docker-hub. Now i'm wondering, has anyone done this with succes in a docker container?

Kind regards.

https://redd.it/px14ve
@r_devops

What differentiates a Senior DevOps from a Mid Level?

It's about time for me to start up the job search again, and I currently have 4+ years of experience in DevOps (CICD, Kubernetes, Cloud, etc etc). I'm curious as to what the expectation of a Senior level position is compared to a Mid level?

https://redd.it/px12a4
@r_devops

How to balance ECS Fargate with ALB

Short explainer on providing L7 load balancing to serverless ECS tasks: https://www.youtube.com/watch?v=YH8y-oKIpIY&lc=Ugyz6Q9hgcPemQ82xRt4AaABAg

https://redd.it/px0kdy
@r_devops

How is it to work as a devops on a daily basis? am i following a path that matches that profile?

Hi there!

Let me explain a little of context. A year ago i finished my sysadmin studies, somehow at a "university" level, but in a more professional focus way.

So from that point i jumped inside learning mongodb, python and ansible but got "interrupted" because i started a fullstack webdev course earlier this year that will end in less than a month. Now i want to take advantage of that and mix both mongodb and ansible basics i already know with webdev, getting into the mern stack (mongodb,express, react and nodejs) as a project for 2022, letting python aside for now, i also learned a bit of mysql (already known before the webdev thing), git and github workflow.

My main question/concern here is that, lets say i get a job as a devops in two or three months, how do your workflow "looks" like on a daily basis? i mean, which main tasks do you repeat the most? Do i fit on the devops profile? i already know a bunch of stuff sysadmin related from my already mentioned studies.

Also any recommendation about what to learn is really welcomed. Thanks in advance and hope you have/had/are having a great day!.

Edited pre posting: yes, i deleted the previous one because i misstyped the title, im sorry.

https://redd.it/pwm3tp
@r_devops

DevOps Master Class Part 7 - Containers & Friends

In part 7 we look at containers, Docker, Kubernetes, Helm and more and how it fits into DevOps and why we care!

https://youtu.be/r6YIlPEC4y4

https://redd.it/px6gg5
@r_devops

Question about creating a hands-on interview module for devops engineers

I've been asked to to hire some folks for a new ci/cd team. (my day to day does not involve supporting ci/cd pipelines. I'm not a CI/CD expert.)

I don't want to waste candidates time with multiple interviews, and I also want to be as close to 100% sure that candidates aren't wasting our time by lying about what their capabilities are. In the past for sysadmin technical interviews I've created modules where the candidate logs into a box and troubleshoots. I've found it to be a very effective filter for paper tigers and bullshit artists. It allows us to proceed to more fruitful conversations in the interview.

I want to do something similar here except focused around ci-cd fundamentals. I'm going to throw out an idea, let me know what you think. (EXPAND ON THIS)

technologies we use: git, containers, jenkins, argocd, kubernetes, gcp, terraform.

the role is focused around automating the safe delivery of our applications. (big on security)

\----

First we email them a scenario with instructions. (they have one hour to complete the module, and then a 1 hour interview after the module. 2h overall)

# Scenario
Dear candidate,

Deploy this application to the !production! Kubernetes cluster in one hour. Make sure its free of any bugs / vulnerabilities
Developers say that they the scanner broke a while ago, so they just removed that step from the build process.
the CD job isn't finished, so they just update the deployment with the new tag manually.

P.S you can find the credentials for jenkins in the cluster in the jenkins namespace. You have to connect to the bastion host to reach the cluster.
Bastion host: 127.0.0.1
user: develop
<sshkey attached>

&#x200B;

#========================
# MODULE
#========================
- We give them a really bad dockerfile
- run as root, privileged
- pull software on runtime
- put a critical vulnerability in the container (see if they push it)

- Give them access to a completely unsecured (open to internet) jenkins instance
- (can they gain access without explicitly being told the password?hint: its in the jenkins namespace as a secret)
- Pipeline broken
- developers disabled scanner step

- Kubernetes Give them access to manually push to kubernetes cluster
- Kubernetes have kyverno(policy agent) reject the deployment ( because its running as root)

Scoring:- did they deploy the application?

\- if they did deploy it, see if it has the critical vulreabilities you injected.

\- Ask them what advice they would give to developers looking to secure their app

\- Ask them questions how they would improve the pipeline given more time.

\- dig into : why why why why

I think this scenario is clever because you can evaluate:

\- can they do the job (skills)

\- jenkins

\- kubernetes

\- do we trust their judgement ( security)- can they deal with ambiguity?- are they going to deploy a bad app to the production cluster?- do they even know its bad?- do they have any other thoughts about how to improve the pipeline / application

\---

I'm just work-shopping this idea around before I get into the nitty gritty of implementing it.I might remove the jenkins part all together and just give them the tools to build/test the container on the bastion host and then deploy it to the cluster.

Do yall have any thoughts on this?

https://redd.it/px7m62
@r_devops

Any AI-based open source security scanners out there?

Looking into various security "DevSecOps" tools for a pipeline. I noticed that every single tool so far I've found that mentions "AI-based" security/anomaly-detection comes with a hefty price tag.

Is there anything that falls in this category that's open-source/free? Just curious

https://redd.it/px68rl
@r_devops

A visual C4 model tool for your team

Hey,

Thanks for all the feedback so far. We've worked hard on addressing the points raised and would love to get some more super valuable feedback from the community.

Check out what we've been working on.

https://u.icepanel.io/4cdbc094

Thanks!

Victor

https://redd.it/pxaoiu
@r_devops

I need help setting up CD/CI with Docker Compose

Hi,

I'm a full-stack web dev who needs to break into DevOps (my app got more complex than I anticipated) and I'm really new to Docker and pipelines forgive me if my question makes no sense or has already been answered.

I set up my dev environment via a compose file with some containers, but I'd like to eventually work towards something like this:

\- I push code to GitHub

\- some CD software notices and starts a testing environment, with my new code and some throwaway dbs (postgres, redis), then runs my unit and integration tests.

\- if there was no error, then my testing environment gets shut down and the new code is run in prod, on my actual dbs (the dbs wouldn't be in containers).

I've never really done CD / CI before, so I'm completely lost.

&#x200B;

Thank you!

https://redd.it/pxb6rm
@r_devops

Have you done Cloud DevOps

Our management wants to expand our computing grid to the cloud, but our setup is not straight forward. We run \~100GB RAM simulations from \~100s repositories at the same time with \~10GB output log, while using semi-custom SCM (something on top of git). Locally everything is easy, just have one main NFS, repos get cached on this share and the output is thrown back to this share.

We don't have a dedicated DevOps, even though the department is in hundreds of people. We (who are definitely not DevOps) have two options:

we need to duplicate our cache, but this means the whole new NetApp in the cloud. (seems like a dumb solution to just close what we have locally, but into the cloud) Easy(?), but expensive(!)
(ATTENTION crazy idea ahead) Compile a docker image for every simulation. Package all repos and all tools, then upload the image on the cloud, execute. (Image is \~30GB, seems crazy to me)

The ideal would be if we could attach Cloud nodes over VPN to our NFS, but it is gonna be slow. Have you ever had any similar problems? Who to ask for help?

TLDR: how to allow Cloud to access 100s of GB of local files to run simulations?

https://redd.it/px7jnu
@r_devops

Free intro to Linux commandline/server course starting 4 October 2021


This free month-long course is re-starting again on the first Monday of next month.

This course has been running successfully now every month since February 2020 - more detail at: https://LinuxUpskillChallenge.org - daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is also used for support/discussion.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

Any feedback very welcome.

https://redd.it/pxe7cd
@r_devops

Migrating from cloud to VPS

A sad story short - one of our clients wants to migrate around 350 different application and DB servers from Azure VMs + Cosmo DB to a basic kvm hosting on some random small hosting provider.

The problem is that currently all of the environments use Terraform for IaC and we use managed Kubernetes service for part of the applications (the rest are on VMs).

The new provider doea not have any API or managed services, just pure basic VPS with SSH access.

My approach is to spin up multiple K8s and Rancher clusters to use for all apps from the current Kubernetes clusters and few Ansible managed VMs for the databases (MySQL and Postgre). Create Ansible playbooks for the rest of the applications, then do rsync of all stateful (yes) apps and database syncs between the old and new databases before the DNS switchover.

What would you do differently?

https://redd.it/pxaziw
@r_devops

Production Kubernetes: Building Successful Application Platforms ebook

The brilliance of Kubernetes is how configurable and extensible the system is, from pluggable runtimes to storage integrations. For platform engineers, software developers, infosec, network engineers, storage engineers, and others, this book examines how the path to success with Kubernetes involves a variety of technology, pattern, and abstraction considerations. Learn and read about this ebook from here: Production Kubernetes: Building Successful Application Platforms ebook

https://redd.it/px9e0t
@r_devops

How to avoid bad assumptions during incidents

https://incident.io/blog/how-to-avoid-bad-assumptions-during-incidents

Having been a responder in countless incidents both large and small, most of my most painful mistakes have come from assumptions, whether they were accidental or plain wrong.

This article discusses an incident where the assumptions were wrong or misleading almost every time we made them, and provides a few tips to try avoiding the allure of assumptions dressed up as facts.

https://redd.it/px576t
@r_devops

End to End DevOps Services | Azure DevOps Services



Ksolves DevOps Consulting Services and Solutions is an end-to-end solution designed to overcome the hurdles presented by the constant market upgrades. The service will allow you to remain on your toes and continuously integrate, deploy, and deliver business processes. We are a DevOps as a service company consolidating application modernization and revitalizing enterprise agility. Get hold of a varied list of services and solutions to automate deployment, analytics, and boost continuous delivery!

https://redd.it/pwwmcj
@r_devops

Senior Network Engineer

I am senior network engineer with 8 years of experience wanting to jump into devops, I already have an associate python cert and working on my cloud certification, any other advise and what skills should I acquire? and also maybe some side projects I can work on so I can really practice some devops skill. thanks!

https://redd.it/pwshfv
@r_devops

Fetching the LOGS

Hello everyone,

I want to fetch the EC2 instance logs and the service running inside it in each region of my AWS account. I am trying to get this logs in ElasticSearch (Opensearch) which is now a service in AWS. So i have used filesbeat but when i insert my ELK(ElasticSearch) in filesbeat.yml it stops responding as it is not getting access to my ELK. I have open all the port in my EC2 instance. I guess this error will be remaining same for logstash also.

Any solution will be appreciated.

Thank you

https://redd.it/pwi4go
@r_devops

Is this a sign of a bad company?

Ive been in my role over a year now. Work from home job. Got a good mac book laptop but only one LED scree to plug the laptop into. I want a second screen and Ive asked my manager many times if i can have one. The company has offices and at thr offices there are atleast 30plus screens exactly like the one I have just standing there acculating dust. I've asked my manager three times for another screen and he always asks me to ask someone else or deflects the question.
I dont get this type of thinking since this is something that will help me do my job better and and help them make more money. Is my thinking toxic or am I at the wrong company?

https://redd.it/pwccs3
@r_devops