Terraform - Import existing infrastructure or recreate everything?

You have been given full control of your companies infrastructure (≈10 lambda functions, 2 RDS and 5 S3 buckets, all across 2 VPCs), and must manage it with Terraform. Which of the options would be best?

View Poll

https://redd.it/rpt9mw
@r_devops

A hashicorp vault plugin for ephemeral Jenkins users/api tokens

Hey folks!


I thought some of the folks here would be able to take advantage of a new vault plugin I've been working on. I recently had a need to have auto-expiring API tokens for Jenkins so I developed this plugin for vault to have a cleaner solution. Hopefully it helps some others here as well.


https://github.com/circa10a/vault-plugin-secrets-jenkins

https://redd.it/rpxstq
@r_devops

Managing an ec2 in 2022

Hi,
I work in a relatively small shopping oriented startup.
We have a mobile app with ~10k users and a back-office system which should handle similar load to the app.
We are expecting to grow steadily over the next year, probably to a max of 100k users in the best case.
The user traffic is quite steady during the day (with only a small percent of users active at any given time) and non-existent at night (good time for maintenance stuff).
We built our stack all in on aws with amplify including appsync, dynamodb, lambda etc.
In practice, the mobile app and the backoffice are using separate amplify stacks.
While the mobile app has benefited greatly from this stack, and graphql in particular, the backoffice system has become a pain to work with as the team grows and the usecases are getting more complex. Dev velocity is affected negatively, and simple product requirements often entail unnecessarily complex solutions.
As a result, we have been considering going back to the basics with a simple ec2 instance, and a monolith backend deployed on it, probably running on docker, 2016 style.
A big difference compared to 2016 is that there are good IaC solutions to help maintain this type of stack, simple as it may be.
We also considered ecs/fargate - but our bad experience with amplify discourages us from going into another aws rabbit hole.
I think that we can probably scale on a single ec2 instance over the next year while increasing dev velocity significantly, and we can reconsider scale when the time comes.
I do however have some reservations, in particular going back to an older type of stack (2016 style), and having to manage an ec2 in terms of patches, permissions etc (I have seen aws ssm can ease some of the pains).
I'd be glad to get some opinions on this topic, and open to hear other alternatives.

Thanks!

https://redd.it/rpv6m0
@r_devops

Kafka best practices in production

Many organisations utilise Kafka to enable data pipelines between applications and micro-services.
With its wide adoption and its integration into enterprise-level infrastructures, DevOps teams often face challenges ensuring that this open source application is deployed at scale in a secure and reliable way.
This blog explains the key considerations for setting up Kafka in production.

https://inder-devops.medium.com/kafka-best-practices-lessons-learned-by-inder-431dc5fafd3b

https://redd.it/rprwox
@r_devops

Cheapest GPU cloud instances for Machine Learning inference

I'm looking to find the cheapest available cloud providers for inference purposes.

More specifically, I need some GPU with CUDA cores to execute the inference in a matter of a few seconds.

I've tried DigitalOcean, GenesisCloud and Paperspace, with the latter being (slightly) the cheapest option - what they offer is pretty much the same and doesn't change much for me (OS, some CPU cores, some volume space and some bandwidth).

​

I don't think I can use spot instances, since [from what I know\] I would need to spin off the instance and the API every time it is shut off, and that wold take quite a bit of time, so I don't think it's an appropriate solution.

​

tldr: cheapest GPU instance to rent from any cloud service, for ML inference purposes;

https://redd.it/rpr94p
@r_devops

What would you do if you didn't have to collect a paycheck, still wanted to do DevOps, but weren't sure about working a standard 9-5 job anymore?

Let's say you found an old USB drive containing 30 BTC from an even older tech conference and suddenly had the ability to retire early (not that I did, just an example), or that you suddenly had enough passive income from, say, real estate investments or something similar. What would you to keep learning in the field, stay current, and contribute back to the community? Just curious.

https://redd.it/rq2xw8
@r_devops

What causes a kafka broker or consumer to crash

What are the main causes of crashes in kafka consumers and brokers ? The question can be expended to all servers why can't me give a server enough ressources to never ever crash ?

https://redd.it/rp36cw
@r_devops

Automating manual gitlab CI/CD Steps?

https://sanderknape.com/2019/02/automated-deployments-kubernetes-gitlab/#building-docker-in-gitlab shows how to build a Gitlab CI/CD pipeline for deploying to Kubernetes.

One manual set of steps involves:

1. creating a Gitlab Service Account YAML for k8s access
2. `kubectl describe secret gitlab-service-account-token-....` to get the token
3. create secret env var in gitlab CI/CD Settings from step 2's output
* That token is then referenced [here](https://gitlab.com/kevinmeredith/ci-cd-test/-/blob/master/.gitlab-ci.yml#L44) on this line, `kubectl config set-credentials gitlab --token="${SECRET_SERVICE_ACCOUNT_USER_TOKEN}"`

In the spirit of automating everything and infra as code, how can these manual set of steps be automated or source controlled?

https://redd.it/rq6tfn
@r_devops

What IDE do you use at work?

I started using atom a few years ago and my supervisor recommended VSCode since it uses less ram and is faster. I love VSCode and completely switched last year and love all the extensions and capabilities it has. Recently, I started looking into switching to neovim + tmux for work since it’s faster and has a lot of customization.

My problem stems from that I develop on WSL for work and Ubuntu at home and like to use my mouse to copy and paste and move around within VSCode. I don’t think you can use your mouse within neovim + tmux. Plus the integration of extensions for ansible, terraform and what not is not the best when comparing to VSCode. Maybe it’s my configuration setup and I’m doing it wrong but I am wondering what the Devops community is using for their environment and why.

View Poll

https://redd.it/rpupat
@r_devops

Kubernetes Monitoring

What are you guys currently monitoring in Kubernetes? I’m not looking for products to monitor but rather when you monitor.

Assume on Prem, blade servers. CentOs.

https://redd.it/rqax3y
@r_devops

CHAOS CARNIVAL 2022

ChaosNative is back with Chaos Carnival 2.0 this January 2022!

A 2-day ChaosEngineering conference worth remembering!

With 30+ chaos sessions, [LIVE\] Chaos Panel, and exclusive workshops, this conference is going to be the perfect mixture for SREs, QA Engineers, and Cloud-Native Developers which you do not want to miss!

Register here: https://chaoscarnival.io/register

https://redd.it/rqa5gx
@r_devops

How do you monitor your Prometheus instances?

We have Opsgenie Prometheus and alert manager running. In alertmanager we can setup heartbeats to Opsgenie which would then alert if that dies. But what is the best way of keeping track of Prometheus? Just trust k8s to reschedule prom if it dies and not keep track of it?

https://redd.it/rqc33e
@r_devops

How to setup Azure Bicep Deployment with GitHub Action ?

I have my latest video created on my YouTube channel which explains how to setup GitHub workflow to deploy azure bicep code with multi-stage deployment.

kindly refer to the link below to watch the video, please share subscribe and comment in case if you have any queries

https://youtu.be/3pOAAII64Tw?sub\_confirmation=1

https://redd.it/rqe8zp
@r_devops

Accessing a file in a GitHub repo for beginners



I wasn't going to post videos this week to take a break and encourage others to take a break but saw a number of confused people how to use files in a GitHub repo so little video :-)

https://youtu.be/icinLH7uQjM

Note I recommend EVERYONE understands Git and a part of my DevOps Master Class I have an entire class on mastering Git at https://youtu.be/hQJktcBzJUs and has a full repo so you can follow along (https://github.com/johnthebrit/DevOpsMC/tree/main/Part02MasterGit)

https://redd.it/rqgqie
@r_devops

I want to run separate containers for multiple projects

So i work in a company which have on premises server. Which have 20+ running projects

The thing is we are using same docker-compose for every project. Is there any way in which we can have separate docker-compose for specific project

I.e we are having nginx container for all of our projects and same goes to php container. If we make changes in one project and get error in it every website goes down for a brief period and some client sites are running on it as well

https://redd.it/rqhw64
@r_devops

uptrace - distributed tracing using OpenTelemetry and ClickHouse

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/uptrace/uptrace

https://redd.it/rqm5jd
@r_devops

Node GitHub app that will do infrastructure and deployment

So I am working on a project and I have to do an app that will do some automated deployment and I was thinking about using a GitHub app that will use OAuth and be able to push files to another branch (the infrastructure branch) and there will be a workflow file that will apply the terraform code to create an EC2 instance. And on the main branch, I will make a workflow file (pushed through the GitHub app) that will create a container and push it to ECR and update the EC2 instance. Is it better to create a separate branch for infrastructure and just update the EC2 instance or should I have the infrastructure and the EC2 update on the same branch? Thanks in advance for helping :D

https://redd.it/rqmcqm
@r_devops

What's the diff b/w Azure PowerShell task and Power Shell task?

Documentation says "Use this task to run a PowerShell script within an Azure environment. The Azure context is authenticated with the provided Azure Resource Manager service connection."

does this mean azure PowerShell task run outside of pipeline's Agent Pool?

https://redd.it/rqo3hh
@r_devops

Free intro to Linux commandline/server course starting 3 January 2022


This free month-long course is re-starting again on the first Monday of next month.

This course has been running successfully now every month since February 2020 - more detail at: https://LinuxUpskillChallenge.org - daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is also used for support/discussion.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

Any feedback very welcome.

https://redd.it/rqnx4q
@r_devops

How does your team handle PR reviews?

How does your organization currently handle reviews and approval for pull requests? Is is manual or automated? Do you need a review and approval before merging?

https://redd.it/rqpu4l
@r_devops

How to go about creating testing environments?

Hi guys,

I am currently new to the whole devops scene and I am currently learning my way through solving tasks at my company (startup). We want to create SIT and UAT environments. Currently, our code goes to prod only right now and we want a place to review and test out functionality before others see it as we are planning to go live sometime next year.

​

We currently host our application on GCP Compute Engine inside one virtual machine as a VPS. The virtual machine currently contains our Database, Backend, and Frontend. I need some guidance and steps on what I should do moving forward. Deffinitely I want to seperate out the database, backend, and frontend from being in one virtual machine. But how should the infrastructure look like? Should I go about learning and doing it on Kubernetes Engine or leave it in Compute Engine? Also, which ever way is decided, how should I create the environments? Simply create snapshot of the prod environment and create new machines or is there a certain methodology and best practices I need to be aware of?

https://redd.it/rqsh1k
@r_devops