What is CNCF Strimzi?

There’s just an endless plethora of tools out there for the novice and the expert. Sometimes, it even seems like the open source community can’t catch a break until something new hits the web. This time, we’ll walk readers through another exciting addition to the Cloud Native Computing Foundation (CNCF) – Strimzi.

Read more here:

https://www.p3r.one/strimzi-kafka-on-kubernetes/

https://redd.it/pxpvef
@r_devops

Recommendation for faas/serverless framework?


What is the most mature and recommended serverless/faas franework? Such as openfaas, knative, kubeless, etc. Support for docker containers is a plus

https://redd.it/pxrcwr
@r_devops

Revving up Continuous Integration with Parallel Testing

Is your CI/CD pipeline slow? Do wait times make you feel unproductive? Parallel testing is an indispensable technique for reducing wait times. And mastering it is key to getting the most out of CI/CD.

Continue reading article here:

https://semaphoreci.com/blog/revving-up-continuous-integration-with-parallel-testing

https://redd.it/pxwajn
@r_devops

terragrunt graph External DependencIES ?

% terragrunt graph-dependencies | dot -Tsvg > graph.svg

Module eu-west-1/sqs-catalog-ingestion-main depends on module eu-west-1/eks-ocean, which is an external dependency outside of the current working directory.

Should Terragrunt run this external dependency?

Warning, if you say 'yes', Terragrunt will make changes in eu-west-1/eks-ocean as well! (y/n)

what changes is this talking about? what will this run? I don't want to change/run anything except to make graphs. I cannot tell what/where the changes maybe...

https://redd.it/pxxc7p
@r_devops

What is holding you back from using machine learning features for your projects today?

When I ask development teams why the are not using a machine learning model for a certain use case I keep hearing lots of different answers (listed below). I'm curious to see what people in this subreddit think.

View Poll

https://redd.it/pxx11j
@r_devops

Project Information Management Tool

Hey guys,

Me and my team are wondering if there's a tool (open-source or licensed) from where we can store the information of our projects (such as Title, Completion Status etc.) which will be in .pdf or .doc and index it using references (ex. show me projects that are not completed or show me projects with contract > X). This tool must be web based (host-client) so we can host it in one of our machines, not an online provider. If you can achieve this using different methods, please let me know as well.

Thanks in advance!

https://redd.it/pxqrnj
@r_devops

Azure Pipelines strategy question

TL;DR: Is it better to have a single, grand unified pipeline for a project, or multiple specialized pipelines?

\---

We're migrating from Jenkins to Azure DevOps. I have four different Jenkins projects that I want to duplicate in Azure pipelines. Let's call them CI, CD, Release, and Test. These four projects all work from the same Git repository, based on different triggers.

I did the CI one first. It's a single-stage, single-job pipeline that does everything. Call that Pipeline version 1. It's where I did all of my learning.

For version 2, I thought it best to break up the flow into multiple jobs in multiple stages. With this architecture, I was able to combine all four Jenkins projects into a one-size-fits-all pipeline. It works great.

Now I'm setting up triggers and hooks for this pipeline. But I'm having second thoughts about the one-size-fits-all strategy. Would it be better to break it out into four separate pipelines, each with its own triggers and Git hooks?

Theoretically, with the Infrastructure-as-Code paradigm, either way will work. The Azure pipelines YAML is flexible and versatile enough to do whatever I want it to do. But what's the best way to do it?

And in case that question is unanswerable ("define 'best', Mr. Zyzmog"), what are the pros and cons to the one-size-fits-all vs. four separate pipelines?

https://redd.it/py0p5d
@r_devops

Difference between Reverse Proxy, Load Balancer and API Gateway

I am seeing different companies taking different approach. I am not sure anymore where each should be actually used. On top of that tech like Kong make me question whether API Gateway should be one thing for all. Some perspective into this would be really appreciated.

https://redd.it/py1q54
@r_devops

Is triggering container builds on GIT merge bad practice?

Backstory, I've been a dev for over 10 years, worked with docker/containers for +5 years, deployed multiple production apps for corporates and start-ups.

Recently, I've been hired to build a project that is hosted on AWS/K8s. The client has their own external infrastructure team. I asked them if they could set-up a simple CI pipeline that would compile the docker Images and push them to ECR, each time we merge into master. But they are telling me, in their expert opinion, that we shouldn't kick off builds on merge? However this is what I have done at many Fortune 500 companies and start-ups?

Typically the dev process would be:
Work on Feature Branch -> Open PR to Dev branch -> Approved by PM -> Merge into dev branch -> Open PR from Dev to Master branch -> Approved by PM -> Merge into master branch -> *starts build*

Is this bad practice? If so please can you explain why?

https://redd.it/py217j
@r_devops

KUBERNETES INSTANCE CALCULATOR

TL;DR: You can use the calculator to explore the best instance types for your cluster based on your workloads.

https://learnk8s.io/kubernetes-instance-calculator

https://redd.it/py32s1
@r_devops

Security considerations for passwordless SSH login with a 'command' option

I'm working on a project in which we'll do a lot off SSH logins. But all these logins are restricted with a 'command' option. Eg the .ssh/authorized_keys file contains something like this:

command="df --portability" ssh-ed25519 ... some comment

The private keys we're using are passwordless. I think that is OK. In the worst case the private key falls into the wrong hands and the malicious user can run df. If it can associate the host with the private key. I don't think that is too bad. But I'm looking for opinions. Am I missing something? Is there an angle I've overlooked?

https://redd.it/py3lia
@r_devops

DevSecOps Struggle

I work at a large corporation that was slow to embrace DevOps methodology, Agile, and Cloud. They’ve been around forever and didn’t see a need to make the change until like 3 years ago.

Well I joined up last year and recently we’ve begun to move toward a “DevSecOps” mindset. Since then I have seen a backslide toward silos of information, trying to keep everything on a “need to know” basis, and overzealous security analysts.

Security is critical, but silos don’t have to be a part of that. We routinely purchase outdated software that are less secure and efficient than their modern counterparts, so I struggle to believe this locking down is really security related and not just reactionary or to show off.

Internal IT issues are a bigger operational threat than who knows what about a piece of the product for us, but it’s not acknowledged.

Sorry this turned into a vent, but have any of you been on that DevSecOps journey before? What ideas/evidence/etc can I bring to my team and leadership to show them the light?

Thanks!

https://redd.it/py8q3b
@r_devops

First devop task at my job

I have been tasked to convert our existing k8 product stack in deployed in AWS to a local host installation. I will say I am a little overwhelmed. I understand how it works in a aws but converting the treafik ingress proxy to local host and also replacing the LB that configed for a aws service. Once I get pass this hump I feel I would be smooth sailing (in the middle of a hurricane). Anyone have any insight that could help me give over this hump ?

https://redd.it/py9cma
@r_devops

quay.io dns registry has expired

quay.io dns registry has expired


whois quay.io | grep Expiry
Registry Expiry Date: 2021-09-30T04:49:59Z


So.... omg. Our kube clusters cannot pull images, probably my fault for not having a DR container registry wise.

And its not the first downtime quay has been had. Specially since redhat acquired it.

What do you guys use for this? I dont really want to setup and maintain harbor, but maybe its the less of evils

https://redd.it/pye2ez
@r_devops

Github and Slack - DevOps Management

This sample shows how Linx automatically post messages to Slack. Once this GitHub-Slack integration is active, the sample posts messages to Slack Channel. Post messages to Slack using Bot User for GitHub issues for a time period.

https://github.com/linx-software/github-slack-devops-management

https://redd.it/pygakw
@r_devops

DevOps in Service Based vs Product Based Companies

So basically, I've worked for the last 4 odd years in DevOps with product based companies. I got an offer from a Service Based company, so I was thinking whether it would be good to work with clients, how is it different than product based companies. And if I would want to change back, would it cause any problems?

https://redd.it/pyhsgs
@r_devops

Is end-to-end secured traffic really that uncommon with a load balancer?

At work recently I had to setup our various web apps in a load balanced environment, both in Azure and AWS. This was to prove they could be load balanced, but also document the steps for a client. I'm dabbled with Azure and am very inexperienced in AWS, but so it goes.

Not sure if it matters, but I was just testing a pretty simple use case. For both AWS and Azure, there were two VMs both running 2-3 of our apps in IIS, one VM was also serving as the database server for all the websites.

In Azure, I got all our sites working with an Application Gateway. It took a bit being pretty noonish, but now that I've got it done (and documented) it was actually pretty straightforward and quick. I am pretty sure the https traffic is secured end to end, it's secured between the user and the load balancer, the LB and the target web servers, even the target web servers making SOA calls to another site on the same box. This requires you to deploy the same IIS certs to the LB listener/http rule.

Been attempting to do the same thing in AWS- I didn't setup whatever load balancer tool we are using, but apparently their expectation was I believe that user traffic to the LB is encrypted, and traffic between the LB and the web servers is port 80/HTTP. This won't work with our product the way it's currently set up, one site is a static site populated with data from SOA calls from another site on the same box. Currently in my AWS setup, you can access the 443/HTTPS websites but it will tell you connecting insecurely on 80 and must connect securely. If I drop the port 80 binding entirely (almost none of our apps use it) connecting via the LB gives me a Bad Gateway.

My colleague who set it up and is far more familiar with both load balancing and AWS than me said he could certainly accomplish the Azure-type scenario in AWS with some reconfiguration. But he and a couple friends in the industry made comments suggesting the end-to-end I'm doing in Azure is less common or not the standard approach.

Is that the case? I'm curious if so, and if I'm assuming the facts right about which parts are secure/insecure in my current AWS state, why is that the usual approach?

https://redd.it/pyc5ab
@r_devops

Anyone think such tool is relevant?

How is the relevancy of such tools? For Windows machine (typically server)

https://github.com/sorainnosia/EVIPBlocker

It creates firewall upon fail login attempt

https://redd.it/pyk84f
@r_devops

What is the best chatting alternative for IRC Freenode in 2021 for questions about Bash, Linux, Python, Ansible, etc?

What is the best chatting alternative for IRC Freenode in 2021 for questions about Bash, Linux, Python, Ansible, etc?

https://redd.it/pylo8z
@r_devops

Gitlab proxied by F5?

I have a self-hosted gitlab on-premise, and would like to allow for limited external access to some collaborators. I tried using Azure App Proxy, but git clone, pull or push's do not work. I'm thinking I need a full featured reverse-proxy/WAF like an F5. Has anyone tried this before?

https://redd.it/pyne3q
@r_devops

Best Log Masking tool (json)

Does anyone here have experience with an application (self-hosted) or other set of tools for running json logs through for PII/PHI redaction?. I appreciate the help.

https://redd.it/pyp6y1
@r_devops