How to apply gitops workflow with Vault and Kubernetes?

I deployed vault helm chart via ArgoCD in a Kubernetes cluster and I manually created hcl policies, users and approles with the vault cli by connecting to the container. I’d like to commit the hcl files to git and have a gitops workflow instead so when the deployment gets destroyed, I can easily reapply things that were created. How can I do this with vault helm?

https://redd.it/rnbxc6
@r_devops

Holiday plans voided by the log4j CVEs

Not much here. Just an empathy post for all those whose holidays that have been impacted by the recent log4j CVEs reported. You're not alone!

https://redd.it/rne1cq
@r_devops

Automatic two-way mirroring of Github repositories

I currently have access to a github repo that belongs to old school administrators that will not enable modern github features (such as deploy keys, actions, etc), which unfortunately inhibits my team's ability to implement basic ci/cd functionality.

I was wondering if there is a solution that allows for automatic two way mirroring of git repositories such that I can spin up my own private repo and implement integrations off the repo my team controls instead.

I was thinking a solution using webhooks to recognize when a change occurred in one repo and automatically mirror it to the other, that way users can work from either one.

Does something like this exist? Any advice on how to solve this particular predicament?

Thanks and Happy Holidays!

https://redd.it/rnf557
@r_devops

Top DevOps Automation Tools In 2022 And Beyond

Automation has become pivotal in today’s technologically advanced world. One can see a number of processes in which automation has played an important role. It has created a new sense of emergency in which either a person is busy automating processes or getting automated.  Because with the help of automation, the efficiency has increased manifold. As well as, the productivity and quality of the work have also improved.

As per the stats, circa 51% of companies are using marketing automation tools and around 58% have a plan to use automation tools.

Read this blog to learn which DevOps automation tools are popular and why.

https://redd.it/rngejd
@r_devops

Finessed my way into SWE role without containers

The role is a software engineering role rather heavy on cloud and DevOps / containerization. I think I got the job more because I had a positive attitude and was a referral from an acquaintance on the team, plus have a couple years of development experience, but that might be besides the point.

Where should I get started learning containers, Docker and maybe even cloud (with how it’s relevant or fits in)? I’m currently going through a crash course video on YouTube by academind since I used his videos to learn front-end / JavaScript. I can reference official documentation but it tends to get really dry really quick.

https://redd.it/rnhhuj
@r_devops

Cloud Malware analysis tool/api

Hello,

I am looking for some feedback on "Cloud Malware analysis tools/API".

The need, send suspicious "png, jpg, pdf" into a cloud tool in order to get a score of the possible threat of this file.

Does anyone is using a tool like this ?

Of course I need a good response time/availability since i will send a good amount of file/s to it.

​

Thanks.

https://redd.it/rnh35l
@r_devops

How should I deploy my website

I'm not sure if this is the right subreddit to ask,

But right now I'm a bit confused on how I should deploy my website. I'm deploying a scrabble website with word search, board analysis, and later on player vs player feature as well as puzzle feature. There will be a user login feature and the only thing we store about the user is the puzzles that they have done as well as the matches that they have played.

There's potentially some traffic to the website, so I was wondering whats the best way to deploy

https://redd.it/rnjbvu
@r_devops

How do I get devs access to EKS?

TLDR in the end

We've been exploring Okteto as a tool to allow devs to work in near-production environment with K8s.

Here's the issue - it's not possible or easy to onboard and manage hundreds of devs onto IAM.

We currently use an LDAP server to grant them access to EC2 Linux instances which is easy enough but IAM has more granular stuff for K8s which we want to use (and I beleive is the only way to get access - maybe I'm wrong)

Is there a way to work with IAM and LDAP so that groups and users can sync?

---

Eventually, we'd onboard teams (as groups) and grant them access to namespaces or deployments or projects in Rancher.

---
TLDR;
I want devs to be able to get a

.kubeconfig

file from Rancher for their user/group and then use it to work with Okteto to deploy and test their code on the cluster.

How do I get this up and running?

https://redd.it/rnjtmk
@r_devops

Merry Christmas! I am giving away my ebook Command Line: A Modern Introduction for free. Grab your copy as a gift :)

1. Go to https://stribny.gumroad.com/l/moderncommandline
2. Enter "christmas" as the discount code
3. Enjoy your Christmas gift:)

https://redd.it/rnl9z3
@r_devops

Which CI service allows running containers to test open source software?

Hi Devops folks,

I have a open source project, and I'd like to test it against a live DB.

Is there a service, which allows me to run containers while building the software?

I am relatively new to Github actions, it allows me make build and publish it to repository.

I am not sure if it allows, running containers of my choice while test section of the build runs.

Any service like CircleCI, TravisCI provides such service?

https://redd.it/rnj5y4
@r_devops

How your company selects a CI/CD tool?

I am an aspiring DevOps engineer and still learning. I was going through the CI/CD process so I really wanted to understand how a company or a start up selects a CI/CD tool?

The DevOps architects or DevOps managers make this decision or an engineering head/CTO makes this decision.

Or, is it the initial developers that were hired that make this decision.

Since there are a lot of CI/CD tools (Jenkins, CircleCI, Semaphore CI, Harness, TeamCity, etc) out there it can be very daunting exercise and I am really interested to know this with your experience.

https://redd.it/rnemdn
@r_devops

DevOps or Test Automation: Need help to decide next steps in my career

Hello good people. I need some guidance. Please help.

I am currently working as a Software QA engineer[Test Automation\]. I have three years of experience in test automation. I had completed my bachelor's in Software Engineering. After that, I join a company as a manual tester. After one year, My manager switch my project and put me in a project where my role is to automate the Backend test suite with Java and bash script. till now I am working on that project. In this project, I have to maintain a CI/CD pipeline. One year ago our client move the project to AWS so I got some good exposer to AWS. I work closely with our offshore DevOps team. Which makes me interested in DevOps activity. My current skill set is below:

1. I have experience in UI and API automation with JAVA, TestNG.
2. I have basic knowledge about CI/CD pipeline and workflow.
3. I used Jenkins, Elastik, and Rundeck on daily basis.
4. Basic knowledge about AWS infra.
5. I know Python [medium level\], Bash [can write script\].

My Questions are below:

1. I am moving to Canada next year so it is kinda hard for me to decide which path I should go to get a Job in Canada, Automation or DevOps?
2. If I want to move to DevOps what skills or Cert I should get to land my first job?
3. I am kinda decided to go for AWS SAA or AWS Sysops certificate [To learn more about AWS infra\]. Is it help me to land a job in the cloud?

Thanks, Everyone. I really appreciate your help.

https://redd.it/rnpx2u
@r_devops

Free Slack app to keep a status dashboard one click away from your team!

I have developed a free Slack app that I think might come in very handy for fellow DevOps engineers, with Status Center you can have a status dashboard, displaying the status of selected status pages, just one click away in your Slack workplace.

It can also notify you in real-time, directly on a Slack channel of your choosing.

We've only started working on this tool, and the number of status pages is limited, but there is a button for you to request new ones, we will be adding new ones quickly.

Looking forward to hear your feedback!

The tool: https://statuspal.io/status-center/slack/

https://redd.it/rnsb7b
@r_devops

Is there a way to make git tortoise and visual studio work faster on a project inside of WSL2?

Ok, I did the opposite by putting the project inside my Windows drive. Now, I have the project inside the WSL2 drive, so the website works faster and is much more responsive, but when using Visual Studio and tortoise it's super slow, so the search is slow and git tortoise sometimes freeze. Is there a fix for this?

https://redd.it/rnuye0
@r_devops

Suggestion for leasing physical/bare metal servers with 10G private bandwidth

I want to lease 2 or 3 servers for a month or two to run Linux networking benchmarks (max pps, throughput etc. for a give number of cores). I am looking for servers with 10G links and ideally 10G "private bandwidth" between the servers. I don't really need any public bandwidth from the internet. Pretty decent server processor (like Intel Xeon E-2246G) should do. Anywhere in US should be ok too.

Looking for suggestions for reliable providers that are not too expensive. This is the first time I am personally leasing servers and don't have much idea about the pros/cons of different providers.

https://redd.it/rnxnbu
@r_devops

Helm in 10min

Hello guys, I made a 10-min video 🎥 to explain Helm ⚓️ and its main concepts. The video shows how to package a Spring Boot app 🍃 and how to deploy it into a K8S cluster. Also, how to search for charts in public repositories and to install them locally.
If you have any feedback about the content or the editing process, please let me know 🙂

https://youtu.be/84Wvr54Rn2U

https://redd.it/ro766d
@r_devops

PSA If you are using AWS SES VERIFIED EMAIL ADDRESSES, the "NEW" UI will SHOW DKIM-verified addresses as valid, but the old UI will show they are invalid

So be prepared for some bugs

https://redd.it/ro74q4
@r_devops

How I scaled a real-time API monitoring platform using AWS and Laravel

Merry Christmas everyone 🎅🏻 Hope you're all enjoying the day. I decided to sit down a finish an article I've been meaning to write about scaling Treblle, our API monitoring platform.


We're processing over 7M+ log files per month from 500 APIs worldwide and we're doubling in volume each month. So I take you behind the scenes of my 3 failed attempts at scaling it and the final solution using a neat combination of AWS services and Laravel Vapor.


Read the article here and feel free to give me some feedback: https://treblle.com/blog/how-does-treblle-scale-on-aws-without-breaking-the-bank


PS. Not a DevOps expert just a regular developer - be gentle.

https://redd.it/rof0pm
@r_devops

Consul Connect confusion

Hi,

I'm going through the Consul Connect tutorial (https://learn.hashicorp.com/tutorials/consul/service-mesh-with-envoy-proxy) and I'm totally confused about certain aspects. I hope I'm just misunderstanding this stuff, because the design just seems totally counter-intuitive to me.

Let's say I just use Consul DNS service discovery (without Connect). I have a web application that connects to a Postgres server, which is available at postgres.service.consul. This works perfectly fine, as long as I don't use Connect.

When I start using Connect, I will fire up an envoy proxy, and now my application no longer connects via the "postgres.service.consul" hostname, but I need to connect to a locally-bound port, where Envoy is running (e.g.: localhost:5000).

How is this even scalable when you need to connect to multiple services? Let's say my web application needs to connect to 10 different services, basically I need to point my application to localhost:5000, localhost:5001, localhost:5002,... instead of postgres.service.consul, rabbitmq.service.consul, redis.service.consul,... when using Consul Connect?

This means that the whole DNS-based service discovery just disappears in smoke, I need to use localhost everywhere, and keep a list (maybe some excel-sheet?) to keep track which port number points to which service?

Please tell me I'm wrong, and I'm totally misunderstanding Consul Connect, because the scenario I describe above seems like a totally unmaintainable mess...

https://redd.it/roh6yu
@r_devops

Transitioning from Devops to normal software development

Odd question for this forum maybe, but was wondering if anyone has done the reverse of the typical SWE to devops transition and moved from devops to SWE. For reference I am about 2.5 years out of college and have held two different "devops" roles at a large company and a startup. Any tips besides just grinding leetcode? Cheers!

https://redd.it/roqbg2
@r_devops

Finding a US/Canada based role as a British citizen

I posted this past month with little luck. Thought id ask again. I am currently going through the Canadian FSW application with 471 points so I have a very good chance of being accepted for perm residency invite once this whole covid situation is resolved and they start accepting more people in that stream. I feel a job offer would really help my chances, as my age, would soon factor in and reduce my score next year as im turning 30 which would really kill my chances of a quick invitation.

Curious as a British citizen with almost 3 years worth of DevOps experience with an infrastructure background would find DevOps work that offers sponsorships. I would be open to accepting anything in the states too preferably west side.

My summary of skills include

Almost 3 years of experience in Linux administration (Centos, Redhat and Amazon Linux), bash scripting, CICD platforms, source control platforms and Docker.

Around two years of working with AWS, Terraform, Ansible, JIRA, Confluence and ServiceNow.

Almost a year worth of experience working with Kubernetes. I also have experience with the security side of Linux, one of the major projects I was involved in my current role was writing a CIS benchmarking script which was deployed across all Linux instances in AWS. Using Qualys I also actively look for and resolve vulnerabilities on the servers.

Degree in Computer networking and technologies, a good understanding of Cisco networking technologies, 2 years working as a Desktop Engineer/Sysadmin supporting windows-based environments prior to working as a DevOps Engineer.

https://redd.it/rovw0u
@r_devops