GCP Certificate lists

Hello guys, I was using AWS, now I am starting GCP. I have a question about the GCP certificate manager. On AWS has ACM, where I uploaded my certificates and listed them. But I cannot find an alternative this on GCP there is a Certificate Manager, which if am I right I can create my own CM and then can request for certs. But where I can find my all listed certificates? For example, if I want to attach some certificate to the load balancer how can attach it? I need a direct request or I can pick from somewhere a certificate for attaching? Thanks!!!

https://redd.it/ra5vuu
@r_devops

I Have no idea what I'm doing and I start a New role in a Month.

I quit my old job because I had been coasting for two years at that point, performance reviews finally caught up with me, and I could see the writing on the wall. Because the labor market is so tight and my previous company carries some prestige, I miraculously got a pretty good offer in some kind of cloud ops role.

So I applied to DevOps positions because the last time I remember being engaged at my job I was in a similar role. I'm beginning to think that had more to do with friendly coworkers and being a bright-eyed newgrad not yet burned out. For reference, I transitioned into webdev thereafter and struggled ever since. I pretty much gave up and no one noticed for a while. So even though I should be a seasoned webdev, I basically don't know any frameworks (theoretically I should know Springboot and Angular), still get intimidated by even the simplest directory structures, and I even struggle with basic code management stuff like using maven/IDEs/git. Basically, I suck with every tool I was supposed to be using.

I suck at everything that isn't telegraphed leetcode. I have a formal CS education so I'm fairly decent at anything that's just implementing raw data structure/algorithms without a real use case attached. If you wanted me to code up an A* algorithm or implement a B-tree, I probably could. You might think surely a University education would mean I know my way around a Linux shell... and like I know how to navigate a directory to submit an assignment. I have an AWS ASA certification from way back when. I fiddled with Terraform way back when. I technically work with splunk though I couldn't write up a functioning query if prompted. I've written a Jenkins pipeline like one time and always with a lot of help from internal tools.

I'm reading through the Google SRE book right now and there's so much shit they just glance over like it's fundamental 101 stuff. And almost every time I'm like "Fuck me, I don't know even know what OAuth2 is besides what my coworker does in Postman before the other api calls". I didn't learn security in school and it doesn't come naturally to me. Honestly, my old company actually had fairly good security protocols but to me it all just looked like pointless code bloat and impenetrable bureaucratic procedures. Now I'm supposed to be one of the guys charged with that stuff. Oops.

https://redd.it/r9zkfv
@r_devops

DuploCloud 10x faster than Terraform?

Saw this company at AWS Re:Invent this year claiming 10x faster than Terraform, with I guess instant compliance framework mapping for SOC2. We're looking to get our SOC2 and PCI soon. Does anyone use their software? https://duplocloud.com/

https://redd.it/rd0xf8
@r_devops

How close are your pre-prod and prod setups?

When we talk about pre-production setup for testing, the expectation is to have a platform as close as production to replicate prod behaviour. But I think it is really difficult to maintain that integrity in a large organization. With over 100+ microservices, you have to almost double the cost.

Also if there are deployments, you need to check if test build is deployed or release can be deployed.

Wanted to understand how do you guys maintain your pre-prod environments? And how close is it your production platform?

https://redd.it/rd1lxh
@r_devops

Installing Kraken CI in Kubernetes with Helm

Hello,
I have prepared a new installation method in the latest release 0.788. Now it is possible to install Kraken CI in Kubernetes using Helm chart.

More details can be found in a blog post:
https://kraken.ci/blog/installation-to-kubernetes

https://redd.it/rd1jka
@r_devops

Looking for Backup web application for Raspberry Pi (Docker)

Hi everyone,

I have a few websites running via Digitalocean, and i am using their backup function, but I want to have cold-storage backups of my websites plus docker volumes, containers etc also. At home I run a Raspberry Pi, and I was thinking, maybe some of you know a nice dashboard/interface/gui I ran run via Docker on Raspberry pi that will allow me to either automatically create backups or manually create them and place them on my hard drive (The one my Raspberry Pi is using).

I have tried to look around a bit, but the only one I can really find is RSync which doesn't seem to have a GUI.

https://redd.it/rd3suy
@r_devops

Maintaining configs for each repository when there are many repositories?

The problem

There is a slowly growing number of repositories and each one contains a configuration describing its pipeline. Sometimes we need to change the configuration and this requires going to each repository now. One of the problems going through each repository is that not all branches are going to be updated automatically. Configuration files are not identical even though some parts are. Going through each repository and updating it does not seem scalable so I'm thinking of a solution or a way to automate it.

Possible solutions

So far I thought about maybe including a step in configuration to download script from some bucket and run it - this is why we need to update in 1 place and all branches will get the update right away.

But what happens if I want to remove or add steps in the configuration file that is used to download the script? Sed and commit from script? Seems fragile but maybe I'm mistaken or this is something I should figure out in a different way.

Maybe centralize all configuration files in one repository and push them to corresponding repositories on push? Does not solve updating branches but makes managing configuration easier I guess.

Any thoughts?

https://redd.it/rd4wu1
@r_devops

Health check on VM app that runs interactively

I am looking to automate the deployment of an app that runs on Windows and needs to be run as an interactive login - it doesn't run as a service. I am planning to put the app within the startup profile of a service account and use Sysinternals Autologin to run the app.

I'd like to be able to run an Azure VM health check so that if the process were to fail, it would just delete and redeploy it. The app however doesn't open an inbound port so I cannot monitor it.

Is there a way I can achieve this? Any utility around that will create a dummy inbound service that mirrors the availability of another process?

https://redd.it/rd4dda
@r_devops

Best small database?

I want to use the choreography cloud pattern on Kubernetes. As part of this I expect each microservice/service would have its own database.

The service is only going to write into it and later something might query on specific fields accross databases.

If deploying on aws or azure I know what I would use but I want to develop this at home on minikube so choosing something than can use minimal ram/cpu is ideal.

Does anyone have any suggestions?

https://redd.it/rd4aog
@r_devops

I got an AWS Role

Hello People,I applied for a job as an AWS Solutions Architect. I feel bad because I know I can not do the job. I lied my way through all 4 interviews.I can speak well and bold enough to say things I can not do.The job pays so well and I am so afraid they will figure out that I can not do anything. Please what do you advice I do? I need the money badly

https://redd.it/rd1ip1
@r_devops

Parallel terraform init

I'm running multiple deployments in different environments which means I have separate backends. How do I run terraform init in parallel? At the moment if I attempt to do this, they will all try to write to .terraform which is not ideal.
Is it possible to change the folder terraform caches data to?

https://redd.it/r9scub
@r_devops

3-year programming degreE

I'm currently enrolled in a 3 year software degree (CPU+Math+Algorithms+Architectures+Paradigms) but I realized I'm also interested in Linux/CLI/Cloud so I was told to look into "DevOps" which was basically told to be Sysadmin + little scripting + cloud certs

That's when I thought I may be better off dropping the degree and just getting certs and stuff but then I read this

>You need to understand data structures, algorithmic complexity, IPC, multiprocess execution models, how code runs inside an operating system (how userspace interacts with the kernel, how memory is allocated, how shared libraries work, etc).

>If you don't understand this stuff, you'll be at best a mediocre Dev/Ops/DevOps person. You can't design efficient system or debug a problem on a live system if you don't understand how all the pieces fit together.

Is the degree worth the time investment then? I'm going to start next year for the record and I may want to certify for redhat in the future..because..it sounds cool.

https://redd.it/rda5aw
@r_devops

Automate, Customize and Codify AWS PCI DSS with HCL and SQL

We released a guide on how to codify AWS PCI DSS compliance with open-source CloudQuery policies which works by running standard SQL on a PostgreSQL.

CloudQuery itself is an open-source cloud asset inventory that extracts all your cloud assets configuration and loads them into vanilla PostgreSQL. https://github.com/cloudquery/cloudquery

https://www.cloudquery.io/blog/running-aws-pci-dss-with-cloudquery-policies

https://redd.it/rdb7pz
@r_devops

Manual CI (continuous integration) Pipeline?

Im just getting into devops (emphasis on CI/CD) and having trouble understanding what i would actually be automating. How does one start understanding what they are actually automating?

I dont know how someone who is a non-dev could automate a build process if they rarely, if ever had to build software.

Thanks.

https://redd.it/rdeugj
@r_devops

Critical RCE Vulnerability: log4j - CVE-2021-44228

https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java

Many WAF vendors are already offering mitigation.

If you have anything JVM based, you look into this immediately. Things like Jenkins, Sonarqube, Neo4j, etc may rely on log4j and may be vulnerable.

https://redd.it/rdfq2r
@r_devops

An open source app stack for Kubernetes with sane defaults combined with developer self-service and GitOps patterns

Otomi makes developers self-serving and helps DevOps teams to guarantee application security and availability at the earliest stages in the development lifecycle when using Kubernetes while strongly relying on GitOps patterns, where the desired state is reflected as code and the cluster state is automatically updated.

Check out the GitHub project: https://github.com/redkubes/otomi-core

https://redd.it/rde7xy
@r_devops

What swag item is your favorite to get at conventions?

*Asking for DevRel research purposes

View Poll

https://redd.it/rdgsty
@r_devops

How to develop good security instincts?

I think as a developer, I have good readability/understandability/composition instincts. I think I have fair or at least acceptable instincts when it comes to stuff like design, efficiency, scalability, extensibility, automation, and even non-security related resiliency problems. But I'm pretty sure my security instincts are just crap possibly because it's sort of antithetical to readability (obscuring the system to an attacker is kind of the point). My mind doesn't naturally drift that direction when I'm thinking about systems and problems. This seems pretty bad for any developer much less one targeting a devops career path. Is there a good way to train my brain to think about problems in this way?

https://redd.it/rdg7oc
@r_devops

At what point do you bring up "comp" when talking to recruiters / hiring managers?

​

I've been trying to be really candid and send all recruiters a google document about myself that also happens to mention my current comp and comp expectations before we even have a phone conversation, and this has helped me avoid awkward phone calls and time wasting.

​

But I've had a few instances where the recruiter doesn't have solid details on comp bands or says its flexible or "conversational" once you go through the interview process etc.

​

I was asked to do a virtual onsite for a company I'm really interested in, but we hadn't really had the comp conversation. I obviously don't want to spend 5 hours interviewing for a job that doesn't pay enough, so I emailed and asked to clarify before we set up the full interview. The recruiter responded saying in somewhat abstract terms that we are in the right range, but I felt tacky even asking like that.

What's the right approach?

https://redd.it/rdlj0f
@r_devops

Capacity of blue/green environments

For folks using blue/green deployment for the production environments: Do each of these environments have enough capacity to independently support all your users?

https://redd.it/rdmjx3
@r_devops

Best Build and Deploy Tools for Enterprise ios and android mobile apps?

Apologies in advance for this newbie-ish question. As a project manager, I have been tasked with getting my team to build and deploy mobile apps (ios and android versions of the app). What is the best enterprise tool out there for this? We use BitBucket instead of Github. Something that is all inclusive and really makes it simple, with workflows, and even hooks into the app stores. Thx in advance and apologies again for this newbie-ish question.

https://redd.it/rdm6hl
@r_devops