ADO, YAML, and Terraform question for VM builds

Currently we are deploying VMs to Azure using YAML pipelines with ARM templates. We pass a couple variables like VM name/size, RSG, region, ect. Throw the YAML pipeline in the variables section provided by ADO when we want to build a new VM. Since it’s ARM it doesn’t care that we are just rerunning the same pipeline each time but changing the variables for a new VM.

My question is how can we do something similar with Terraform? From my understanding if we were to rerun the same pipeline Terraform would go “oh hey I see you got this new server but also you didn’t mention the old one so yeah I’ll make you a bee server but at the same time delete your previous one.”

Any times or links to articles with some details would be great!

https://redd.it/r9bg8j
@r_devops

Udemy Coupon for Microsoft Azure Practice Tests

Hi

May this Christmas 🎄 brings lots of success in your career goals.

Take Microsoft Azure Practice Tests to Familiarize Yourself with the Real Exam Experience.


I have udemy coupon codes.
CHRISTMAS-SPECL





AZ-303
https://www.udemy.com/course/microsoft-azure-architect-technologies-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-304
https://www.udemy.com/course/microsoft-azure-architect-design-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-500
https://www.udemy.com/course/microsoft-azure-security-technologies-exam-practice-tests/?couponCode=CHRISTMAS-SPECL


AZ-400
https://www.udemy.com/course/microsoft-azure-devops-solutions-exam-practice-tests/?couponCode=CHRISTMAS-SPECL

AZ-700
https://www.udemy.com/course/designing-and-implementing-microsoft-azure-networking-solutions/?couponCode=CHRISTMAS-SPECL


#udemycoupon #udemycourse #AzureDevOps
#Azure #azurecertification #DevOps

https://redd.it/r9drg2
@r_devops

As a sysadmin, can I make our VM provisioning process more similar to devops best practices?

Hello everyone. I'm a junior sysadmin who has been trying to learn the devops ways for a short while now.

I would like to discuss with you about how we provision our VMs for our users and get feedback if it can be improved. I know everything can be improved, and it's nice that I want to learn but I'm not sure it's worth it if we have a certain way of doing it which has very little flaws.

Each employee in our organization gets a gateway provisioned for him (Usually a CentOS m4/m5 EC2 instance).

Our way of provisioning VMs is we have a web-ui that wraps a bunch of Ansible playbooks and bash scripts. When executed, the playbooks create the VM, configure automounts, VNC settings, join it to our domain, etc.

I was wondering if I can utilize other tools or best practices to perform the same tasks, maybe even make it better somehow? My current struggle is maintenance usually, which isn't really a struggle as it's just a minor inconvenience to debug errors in this process sometimes.

I'm pretty much clueless when it comes to IaC tools and even my Ansible isn't that good, but I'm willing to learn and it would be great to work on a tool that would bring me real world experience in this role, which might help me become DevOps one day.

Any suggestions are welcome.

Thanks

https://redd.it/r9dpd7
@r_devops

Use GOTOAWS to simplify the AWS CLI tool.

GoToAWS is a tool that simplifies the AWS CLI for several operations.

I'm not sure how well-known it is, so I wanted to show it off. This video is short and digestible, so I hope you all enjoy it.

https://www.youtube.com/watch?v=uLtx1PUUZJQ

Let me know if you have any questions!

Cheers!

https://redd.it/r9ijro
@r_devops

"Error in decrypting data with cmk"

I am trying to granularize my ECS task role permissions, it was Adminstrative access earlier, so for this server I gave every possible access it might need, along with AWSKeyManagementServicePowerUser, but it still throws the above error. But when I add Adminstrative Access, it works.

Without Adminstrative access, I am getting 405 error on my server.

I couldn't find higher permission for KMS than the above mentioned.


Any idea which permission should I give?

Also, I tried searching from Cloudtrail but there are just so many calls(heath checks) so it gets really hard to figure out mine.

https://redd.it/r9pb55
@r_devops

Best OpenSource password manager for enterprises??

So my company has been using some Keepass databases to manage passwords but now we're growing in clients, projects and employees and I'm looking for a proper solution to manage this kind of stuff (passwords, .keys, etc). In other jobs I've used Teampass, wich covers very well every single need we had, but it's been a little slow in releases and I'm looking for alternatives. I need something that can store any kind of credentials, share with teams and individuals, manage permissions, and self-hosted. What do you use for this kind of jobs?

https://redd.it/r9r5u7
@r_devops

Dedicated/Cloud/My Own GPU server with Tesla v100

Hello, I'm new to machine learning and want to start a project. I need to get hold of a server first. I've been searching and the lowest I could find was for 999 euro per month. It's still a lot like 8 times more than normal dedicated server. Does anyone know a cheap cloud or dedicated server which you have used? What about buying it? Any inputs?

https://redd.it/r9jkql
@r_devops

Linode vs GCP bucket storage service

I am having a hard time figuring out which storage bucket service is cheaper for less 50gb of data

I was comparing linode and GCP storage and it seems like GCP is cheaper, but I honestly am not sure

I have a server currently hosted on linode, but I was thinking of slowly migrating it to gcp for future scalability. I'm not sure if it's a better option to pick gcp storage or linode storage service?

Can I get your opinion on this

it seems hard to compare them

https://redd.it/r9wc3p
@r_devops

How Much Do You Really Care About K8s Jobs and CronJobs?

Hey all,

I work for a company in the DevOps tools space building a Kubernetes troubleshooting platform, and we're evaluating whether we can bring more value to our users by offering visibility & monitoring for K8s Jobs and CronJobs.

We've learned that for many organizations that use Jobs extensively, the existing tools don’t provide sufficient visibility (i.e status, latest runs, logs, context when Jobs fail, etc.)

I'm curious to know how critical Jobs/CronJobs are to your business? Suppose a CronJob failed in the middle of the night, would you or anyone else lose sleep over it? would you like to have more visibility into K8s Jobs? If so, what are you missing most?

So what do you say, folks? Is this feature worth developing? Or in other words — do you really care about Jobs and CronJobs?


Here's a mockup of what this feature might look like.

https://redd.it/ra2az9
@r_devops

Helm Templates and Values: Make Re-usable Helm Charts

In the new lesson of Helm Lightning Course, I am going to talk about Helm templates and values - by the end of the lesson, you will learn how to create reusable Helm Charts: https://youtu.be/BGM3X59biFI

https://redd.it/ra3066
@r_devops

6 things to consider when defining your Apache Flink cluster size

One of the frequently asked questions by the Apache Flink community revolves around how to plan and calculate a Flink cluster size (i.e. how to define the number of resources you will need to run a specific Flink job). Defining your cluster size will obviously depend on various factors such as the use case, the scale of your application, and your specific service-level-agreements (SLAs). Additional factors that will have an impact on your Flink cluster size include the type of checkpointing in your application (incremental versus full checkpoints), and whether your Flink job processing is continuous or bursty. 


The following 6 aspects are, among others, some initial elements to consider when defining your Apache Flink cluster size:

1. The number of records and the size per record

2. The number of distinct keys and the state size per key

3. The number of state updates and the access patterns of your state backend

4. The network capacity

5. The disk bandwidth 

6. The number of machines and their available CPU and memory

​

More details and info: https://www.ververica.com/blog/6-things-to-consider-when-defining-your-apache-flink-cluster-size

https://redd.it/ra545l
@r_devops

DevOps Bulletin Newsletter - Issue 28

DevOps Bulletin - Digest #28 is out, the following topics are covered:

* **How to build a centralized logging platform with ELK, Kafka and K8s**
* **75 exercises to improve your Python regex skills**
* **The lazier way to manage everything Docker**
* **How to write an effective incident reports**
* **How to integrate your CI/CD pipeline with Kubernetes when using RBAC**


Complete issue: [https://issues.devopsbulletin.com/issues/writing-incident-reports.html](https://issues.devopsbulletin.com/issues/writing-incident-reports.html)

Feedback is welcome :)

https://redd.it/ra5ws8
@r_devops

Settings up k8s cluster on single vm

Hello there, I have task where I need to orchestrate ELK stack using K8s while having single vm only. I was told to use docker to create k8s cluster, so I tried to use KIND (kuberneteas inside docker) but it is more complicated to understand. So, is there any other way to achieve the goal?

https://redd.it/ra5tgm
@r_devops

Retrieva data from Azure App Configuration with Powershell?

Hi yall, I was suprised that MSFT calm hasn't made a PowerShell Module to work with App Configuration data, so I made my own: link It uses the az appconfig in‍ the background (so you need azure cli installed), but it added support for referencing to other keys, within the value. ## Install module install-module PSAzureAppConfiguration -Repository PSGallery ## Usage Log in Azure account using a service principal $clientId = 'client/app id' $tenantId = 'tenant id' $secret = 'client secret' az login --service-principal --username $clientId --password $secret --tenant $tenantId Get configuration: $MyConfig = Get-AppConfigurationKeyValue -Store MyAppConfigStore -Label Production

https://redd.it/ra6mua
@r_devops

How to Manage GitHub Actions Environment Variables and Secrets

Hey guys,

Muhammed Ali just wrote a new blog post you may enjoy on the ATA blog.

"How to Manage GitHub Actions Environment Variables and Secrets"

Summary:
Learn different ways to save your GitHub Action environment variables and secrets you can use when required while working with GitHub Actions.

https://adamtheautomator.com/github-actions-environment-variables/

https://redd.it/ra753u
@r_devops

What do folks use to draw network architecture diagrams?

I learned about plantUML and nwdiag in particular in the not so distant past but never really used it. I like the idea of documenting things in code and just generate the images whenever they're needed; makes updating and revising things real easy.

What do you guys use at work?

https://redd.it/raccx8
@r_devops

I have a CNAME pointing to our auth service, but customer wants a TXT verification record?

So I have a CNAME record: login.example.com \-> auth.com which works but our customer is requesting a TXT record for verification of DNS.

​

I don't know exactly what they're asking for and I'm not sure how I should go about doing this, anyone able to point to the right direction?

https://redd.it/rahiex
@r_devops

How to apply the same resource-policy in all buckets

Hi, guys.

I have a lot of s3 buckets on which I have to apply the same policy. Is there any way to do all with less effort?

There is another point that confuse me. Why if this apply only bucket by bucket, there are examples where use two or more resources.

{

"Id": "ExamplePolicy",

"Version": "2012-10-17",

"Statement": [

{

"Sid": "AllowSSLRequestsOnly",

"Action": "s3:*",

"Effect": "Deny",

"Resource": [

"arn:aws:s3:::DOC-EXAMPLE-BUCKET",

"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"

],

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}

},

"Principal": "*"

}

]

}

https://redd.it/rakd1g
@r_devops

Opensource CA for client cert management

I am looking for a project that runs a CA to manage client certs and CRLs. I'd like to have a gui I can hand over to operations people that can generate client certs for customers and revoke them as needed. Any recommendations? Thanks in advance.

https://redd.it/razpsk
@r_devops

So, it looks like AWS us-east-1 is experiencing issues…

https://downdetector.co.uk/status/aws-amazon-web-services/

Does that mean I can go home early for Christmas?

https://redd.it/rb27i2
@r_devops

What are the biggest security challenges for DevOps?

Feel free to suggest other options for things that keep you awake at night (including pager calls).

View Poll

https://redd.it/raydwi
@r_devops