Monthly 'Shameless Self Promotion' thread - 2021/11

Feel free to post your personal projects here. Just keep it to one project per comment thread.

https://redd.it/qkguhp
@r_devops

Monthly 'Getting into DevOps' thread - 2021/11

What is DevOps?

[AWS has a great article](https://aws.amazon.com/devops/what-is-devops/) that outlines DevOps as a work environment where development and operations teams are no longer "siloed", but instead work together across the entire application lifecycle -- from development and test to deployment to operations -- and automate processes that historically have been manual and slow.

Books to Read

The Phoenix Project - one of the original books to delve into DevOps culture, explained through the story of a fictional company on the brink of failure.
[The DevOps Handbook](https://www.amazon.com/dp/1942788002) - a practical "sequel" to The Phoenix Project.
Google's Site Reliability Engineering - Google engineers explain how they build, deploy, monitor, and maintain their systems.
[The Site Reliability Workbook](https://landing.google.com/sre/workbook/toc/) - The practical companion to the Google's Site Reliability Engineering Book
The Unicorn Project - the "sequel" to The Phoenix Project.
[DevOps for Dummies](https://www.amazon.com/DevOps-Dummies-Computer-Tech-ebook/dp/B07VXMLK3J/) - don't let the name fool you.

What Should I Learn?

Emily Wood's essay - why infrastructure as code is so important into today's world.
[2019 DevOps Roadmap](https://github.com/kamranahmedse/developer-roadmap#devops-roadmap) - one developer's ideas for which skills are needed in the DevOps world. This roadmap is controversial, as it may be too use-case specific, but serves as a good starting point for what tools are currently in use by companies.
This comment by /u/mdaffin - just remember, DevOps is a mindset to solving problems. It's less about the specific tools you know or the certificates you have, as it is the way you approach problem solving.
[This comment by /u/jpswade](https://gist.github.com/jpswade/4135841363e72ece8086146bd7bb5d91) - what is DevOps and associated terminology.
Roadmap.sh - Step by step guide for DevOps or any other Operations Role

Remember: DevOps as a term and as a practice is still in flux, and is more about culture change than it is specific tooling. As such, specific skills and tool-sets are not universal, and recommendations for them should be taken only as suggestions.

Previous Threads
https://www.reddit.com/r/devops/comments/pza4yc/monthlygettingintodevopsthread2021010/

https://www.reddit.com/r/devops/comments/pfwn3g/monthlygettingintodevopsthread202109/

https://www.reddit.com/r/devops/comments/ow45jd/monthlygettingintodevopsthread202108/

https://www.reddit.com/r/devops/comments/obssx3/monthlygettingintodevopsthread202107/

https://www.reddit.com/r/devops/comments/npua0y/monthlygettingintodevopsthread202106/

https://www.reddit.com/r/devops/comments/n2n1jk/monthlygettingintodevopsthread202105/

https://www.reddit.com/r/devops/comments/mhx15t/monthlygettingintodevopsthread202104/

https://www.reddit.com/r/devops/comments/lvet1r/monthlygettingintodevopsthread202103/

https://www.reddit.com/r/devops/comments/la7j8w/monthlygettingintodevopsthread202102/

https://www.reddit.com/r/devops/comments/koijyu/monthlygettingintodevopsthread202101/

https://www.reddit.com/r/devops/comments/k4v7s0/monthlygettingintodevopsthread202012/

https://www.reddit.com/r/devops/comments/jmdce9/monthlygettingintodevopsthread202011/

Please keep this on topic (as a reference for those new to devops).

https://redd.it/qkgv5r
@r_devops

Certifications to start with

My team doesn’t have much work this week and we are allowed to learn new skills that we think might be useful in the future.

I was thinking about starting preparing for a certification for future job search. I’ve 6 months of experience using CICD tools (jenkins, Git etc) and tools such as k8s, docker, helm etc
We don’t use the cloud and I was thinking that I should learn about AWS or azure.
What type of certification can I start with and you would recommend ?

https://redd.it/qkmr4i
@r_devops

Help with creating an NGINX server that serves static HTML and acts as a reverse proxy

I have a single page app that is deployed on heroku with a static buildfile. It uses nginx.

I also have an API server that resides elsewhere I need to query from the SPA. This server requires an API secret to be passed in every request. The API secret is a unique string sha256 hashed with the request parameters, so it's unique for every request.

My thoughts are to serve the static website from the nginx server, and handle all API requests from '/api/' endpoint with the nginx proxy. The proxy will look at the request parameters, create a hashed value, and then just plug that into the Authorization header on every request.

Is this the correct approach, or is there a simpler way to do this?

My only other thoughts were to deploy a node server alongside the static website, and have nginx reverse proxy any requests to that app. The only reason I would do this is because I can whip up an express server really quickly that can transform my headers. I am not as well versed with nginx and it's going to take me a while longer to figure it out...

Thanks all

https://redd.it/qkevmw
@r_devops

What's going own?

I have passed 5 processes all the interview, 3 of them says "project in stand by". 1 says "looking for best position for me" then "we don't have enough work for your role". I left 3 other positions because of this 5 (look more interesting). 1 other position says client still in the process 2 month pass already.

What can you devops working for companies who "forced" you to made lot of interview and not much of hiring made, can tell us to know more?

https://redd.it/qkt1br
@r_devops

As a devops engineer what are your main daily Job responsibilities now ? if you could what would you change about your job to improve it ? how good you consider yourself to be junior ? intermediate ? senior ? prefer Azure or AWS etc ?

(french guy from Quebec excuse my english)

A) As a devops engineer what are your main daily Job responsibilities now ? if you could what would you change about your job to improve it ? how good you consider yourself to be junior ? intermediate ? senior ? prefer Azure or AWS etc ?

B) How much of the usual you know or you use often ? (Python, Bash, Ansible Chef Terraform, Git Gitlab, Jenkins, Maven Ant Gradle, RDS, Aurora, AWS Azure Kubernetes, etc )

C) When you see the way you work right now and your workflow... how your job is different from a pure Windows Server / Linux sysadmin or a 100% software developer C# / Java JS/React etc ? Do you consider yourself more of a scripter than a programmer or vice versa for sysadmin too ?

D) Have you been able during covid time to work 100% remotely as a devops and do you think it will stay remote ? or it's easier to create a remote career as a programmer ? Why you prefer devops over pure sysadmin or programmer work ?

thank you for your time

https://redd.it/qkwgle
@r_devops

What do you do?

Ever since I became a "DevOps Engineer" I struggle to answer that question. Hardly anyone outside of the industry has even heard of the term "DevOps", and I'm no longer doing classic linux admin duties. So, what do you do?

https://redd.it/ql3gjg
@r_devops

Which product to use as the base OS for containers?

Alpline Linux is heavily MUSL based, several programs would have performance problem because of MUSL (not glibc based). So, Debian is my preferred OS for containers. But it has the problem of not updated packages. It usually have new packages because of high priority or important security problems.

Personally I don't like Ubuntu, it is not as "free" as Debian. It might have problem redistribute an container with Ubuntu.

As far as I know, for Redhat UBI and Oracle UBI, the UBI is free. But the packages is not. So people cannot distribute UBI container images with other packages installed. So, I am looking at AlmaLinux UBI right now. May be I would switch from Debian to AlmaLinux UBI.

- What's your preferred base image for containers?
- Another question. Which public container registry (free) to use? Obviously, not Docker Hub. It's GitLab container registry and Quay.io for me. How about you?

Edit 1: I missed out Suse. Their BCI (Base container Image) is in tech preview. It comes with several favors and I don't know if the redistribution policy is similar to RHEL.

Edit 2: Including NixOS, thanks to u/MloodyBoody. Besides that, checkout Clear Linux by Intel

https://redd.it/qkzdj9
@r_devops

what is the proper way to manage k8s apps with different env variables?

we are running an app on k8s cluster and for each client we have a few variables that change (client specific things like ID and such)... the way we are doing it right now is a manifest (deployment) for each client and the change included as environment variable in the k8s manifest.

I'd like to know if there is a better way to manage this knowing that the more clients we have the harder it gets to keep track of all the change.

thank you.

https://redd.it/qlb34h
@r_devops

Anyone who moved away from Bitbucket pipelines? Why did you do it?

I committed to CodePipeline/Codebuild a few months ago and built the CICD around it. My reasoning was common governance since we are all in with AWS already.

I recently started taking a better look at Bitbucket pipelines and it seems pretty good from the looks of it. Buyer's remorse hitting hard!

Anyway, I still hear about people moving away from bitbucket pipelines. I'd love to know why you moved away from Bitbucket pipelines?

https://redd.it/qlfodz
@r_devops

projects/labs to put in a resume?

I am a sysadmin and want to switch to DevOps, got aws developer certificate as well. I have been doing a lot of aws tutorials/labs. The way I do the tutorials is I would do the tutorial on console first and then provision everything with Terraform or Cloudformation, maybe use ansible if applicable or bash scripts. I kind of enjoy doing this cuz sometimes I would take a couple of days to finish a tutorial as it would reference other services that I wouldn't necessarily know about, so I would learn about them n read docs.

I was wondering can I add that work to my resume and start applying for jobs? I really don't enjoy my workplace anymore.

I know it is kind of hard to get an interview without experience, maybe I need to get creative with my resume? Any tips you guys could share?

https://redd.it/qlqb00
@r_devops

AITA Team Lead does whatever he wants

Throw away because of obvious reasons.

I am getting completely unmotivated in my current work. My team lead is a great dude except for one thing, he is very biased. Usually there's the illusion of team collab where we all suggest and decide stuff, but at the end of the day the way we always end up doing whatever he thinks is right based on his previous experience.

From the tools we use, to the scripting we do. He prefers to create a 1000 lines of cryptic bash syntax, parsing nightmare strings instead of using Python for making life easier. No offense with bash but it was never designed as a programming language.

I advocate for using Python or Go, reusable code, using data structures, efficient coding, adding a more "dev" approach to scripting. He advocates for "If it gets the job done leave it be".

Same for how we design the pipelines, the infra, everything goes the way he says it should be and at the end of the day this is making me more and more unmotivated because I think our opinions are really not valuable.

https://redd.it/qlug65
@r_devops

Is there a way to strike balance between Software Development / DevOps ?

Currently employed and will be soon planning to search for a job in the market but I am a bit confused as to what is a general balance between Software Development Engineering roles and DevOps roles?

As a background I am not a Software Engineer by profession, but am an active software developer (R&D)

I tried finding potential positions in the Market and lo, and behold:

> Everyone wants everything!

> Great experience with modern programming languages C/C++, Java, Go, Python etc.

> Of Course: Agile Duh!

> DevOps: Kubernetes, Docker, AWS, Microsoft Azure, GCP, Jenkins


As a beginning I am sticking to: C/C++/Python/Go at the moment and will do all OOP and Data Structure Algorithms. As I am progressing, I feel like I am leaving out things related to DevOps like getting better at Docker / Buildx, better grip at Kubernetes / Getting some certs for Cloud Providers.

People in DevOps, is there a ROADMAP that you would suggest a fellow DevOps aspirant should follow in order to be covered from all sides?

https://redd.it/qlyce9
@r_devops

Terraform and Ansible

Hello,

I'm learning Terraform, and I already know Ansible.

I'm wondering what the best practice do you recommend if you want to do provisioning with Terraform and configuration with Ansible ?


Launching Terraform with Ansible or lauching Ansible with Terraform ?

And why !

https://redd.it/qm2osf
@r_devops

What is the best way to learn as much Puppet as possible within a week?

Hi all,

I'm just about to start a new job at a company heavily utilizing Puppet. So I can try and hit the ground running I've set myself the task to try and learn as much Puppet as I can in the next week. I've got several years of experence with Ansible but I'm very much aware Puppet is a different and in some ways more complex tool.

Could someone please point me to the best resources for getting competent with it quickly?

I figured out Ansible by setting myself automation tasks and figuring it out as I went along over a number of months but I don't have time for that now. I'm hoping for more of a video/written course with tutorials so I can get alot done in a short space of time. I was looking at CBT nuggets and a few other options but the courses were several years out of date.

Any advice would be very much appreciated. Thank you!

https://redd.it/qm6bz4
@r_devops

Abusing SAST in a Malicious Code Analysis Attack

Just saw this post on twitter. https://twitter.com/rotembar/status/1455933655021412353?s=20

Apparently SAST tools can be abused in a malicious code analysis attack. The original article is here.

https://medium.com/cider-sec/malicious-code-analysis-abusing-sast-mis-configurations-to-hack-ci-systems-13d5c1b37ffe

https://redd.it/qlzcqk
@r_devops

Canadian Intermediate or Senior “Cloud Engineers” (aka building and automating infrar on azure/aws /gcp). What is your base salary?


Google is saying avg is about 120k/yr. Hoping to get some real examples to compare.

https://redd.it/qlkyj2
@r_devops

Using https from a docker in docker container running alongside a docker daemon sidecar container on a pod in kubernetes



I'm running a deployment with an application that requires a bootstrap launcher script be run that runs docker commands (Discourse). The discourse container connects to the docker daemon fine unencrypted @ localhost:2375, but the launcher script runs a docker container that subsequently runs a git pull command via https, which fails since the traffic from the docker in docker daemon sidecar isn't encrypted with TLS.

I set out to encrypt with TLS, but quickly realized I can't simply provide the openssl commands to the containers command entrypoint since they require passwords to generate the CA, server, and client certificate keys.

That being the case, is there any way to encrypt traffic in this manner?

https://redd.it/qlwzp5
@r_devops

Moving an EC2 instance to another region

I tried creating a snapshot and then using that snapshot on a different machine, but I realized I can't create a volume out of a snapshot if the snapshot was made in a different region. Is there a way around this?

https://redd.it/qlwrgt
@r_devops

Is it possible to run cronjobs in a dockerized environment without using docker-compose?

I have just watched a video where a DevOps engineer stated that he hasn't used docker-compose in a long time.

In fact our DevOps team isn't good at using docker-compose either, every time I ask them to run a docker-compose task, I'll have to explain to them why they need to do it like that and what's the usefulness of docker-compose.

We outsource our DevOps tasks to a company specialized in DevOps, I thought that our DevOps team isn't good at docker, but when I heard that DevOps engineer speak, I'm starting to think that maybe docker-compose is a thing of the past and I'm getting old and rusty.

We dockerized the PHP application and we want to run it on AWS Fargate. I dockerized the PHP cronjobs using docker-compose. One container runs Php and another runs crontab.

Without using docker-compose, how one can docker-compose? do the DevOps copy-paste the same dockerfile into two fargate tasks? and how would they do that on a local machine?

https://redd.it/qmkqfw
@r_devops

Splitting up Ops team - Is this typical?

Hello all,
My team was upgraded (?) from a traditional Operations team supporting networking, storage, and server hardware, deploying our apps in a docker environment and managing state of roughly 100 servers before we had some outside help in moving everything to AWS. This was roughly 2 years ago, and it's been a great adventure learning cloud technologies and how to maintain them with Terraform. We (my team) are a mix of traditional sysadmins-turn-cloud-ops, DBAs, and we have some development experience, but not a lot. Speaking for myself, my abilities begin with BASH and end with Powershell. We all have our areas of specialty, but are fairly interchangeable on the core infra stuff.

We now have a return-to-work plan set for January and we're being told that our team will be physically split with each of us joining a separate development team. The stated goal is that we will increase collaboration and improve our products, but it is also true that they don't have anywhere to put our team if they don't split us up. This makes me question the motivation behind this decision.

I would like to know if this sounds like a sound strategy from those of you who work in similar ways. Devs, have you ever had a member of Ops on your team full-time? Ops folks, have you ever been made to work full-time with a dev team? Is there even still a dividing line between Dev and Ops? Do most Devs now also maintain their own infrastructure?

This is all new to me, so I am very interested in your feedback. Thanks in advance.

https://redd.it/qmnein
@r_devops