Docker Desktop's Grace period has ended

> Hello,

> As a reminder you’re receiving this email because on August 31, 2021 we updated the terms applicable to the Docker products or services you use.

> On January 31, 2022, the grace period ends for free commercial use of Docker Desktop in larger enterprises. Companies with more than 250 employees OR more than $10 million USD in annual revenue now require a paid subscription to use Docker Desktop. Read the blog or visit our FAQ to learn more about these updates.

> What you need to know:

> Docker Desktop remains free for personal use, education, non-commercial open source projects, and small businesses with fewer than 250 employees AND less than $10 million USD in annual revenue.
By continuing to use Docker, you are agreeing to the new Docker Subscription Service Agreement.
For organizations requiring Single Sign-On (SSO), it is now generally available for Docker Business subscribers.
To purchase a Docker subscription, visit our pricing page to compare subscription tiers, starting at just $5 per month, per user on an annual basis. For organizations with more than 50 users requiring an invoice, contact sales.

> Thank you,
The Docker Team

I am not part of any of the exception groups mentioned above. What should I migrate to?

https://redd.it/sggg5b
@r_devops

AWS DevOps Engineer Professional Certification -2022 Exam Prep

https://kanger.dev/aws-certified-devops-engineer-professional-courses-exam/

https://redd.it/sgeiqo
@r_devops

Are you facing the problem to increase cloud cost every month?

Are you facing the problem to increase cloud cost every month?

View Poll

https://redd.it/sftt6x
@r_devops

upgrading old version of gitlab

I have a really old version of self-hosted Gitlab, 12.7, and I need to upgrade it to latest.

Has anybody attempted an upgrade from this or similar version? I suspect I'd be better off creating a new instance and not bother upgrading. But then I need to migrate all the data (projects, repositories, etc).

I am looking to find out if anybody has gone through either of the exercise and what they'd recommend.

https://redd.it/sgmdr2
@r_devops

Is there something to log all alerts of rancher 1.6 like in rancher 2.x?

Hello, I need to log all the alerts in rancher 1.6 but I cannot find a documentation about it.

In rancher 2.x there is project alerts, tool > alerts, etc

No, I cannot update, it's not me who decides.

Can you help me? Thank you.

https://redd.it/sgwvdj
@r_devops

Docker Hub alternative for base images

A time ago Docker announced another limit. Now anonymous users are allowed no more than 100 pulls every 6 hours.

I have already stopped to use Docker Hub for storing my images in private repositories, but the problem is that for images build I am using base images from Docker Hub and build it from a shared environment (on Azure DevOps Microsoft-hosted agents and GitHub Actions hosted runners). In such situation there is no guarantee that the environment already haven't exceeded the limit.

As a result, made the demo repository for using Github packages to store base images built from the scratch. Currently it contains ubuntu and alpine images. Workflows are triggered every month. Images can be pulled anonymously.

https://redd.it/sh0mle
@r_devops

How to Develop Software 10x Faster with DevOps

https://levelup.gitconnected.com/how-to-develop-software-10x-faster-with-devops-ee43ca6d20af?sk=ce6345bc32022854ae9762c6938a830c

https://redd.it/sh0w88
@r_devops

Using Sentry in a NR shop? Justification

I am looking to introduce Sentry for error triage, but we are a big NewRelic shop and there is a large feature overlap. There always is with observability tools.

Is anyone running both tools and can help with some justifications I can throw to leadership? The error triage system in Sentry is exactly what we need in our tool belt, but I don’t know if that will overcome the NR maximalists. I am not throwing shade, NR fcking rules - it’s APM is waaaay behind Sentry here though, which makes sense as this has always been their bread and butter.

Maybe I should reach out to Sentry for a use case? Big company here, thousands of servers.

https://redd.it/sh38rc
@r_devops

GitLab Down

Looks like major outage: https://status.gitlab.com/

Incident Status

Service Disruption

Components

Website, API, Git Operations, Container Registry, GitLab Pages, CI/CD - GitLab SaaS Shared Runners, CI/CD - GitLab SaaS Private Runners, CI/CD - Windows Shared Runners (Beta), SAML SSO - GitLab SaaS, Background Processing, GitLab Customers Portal, Support Services, packages.gitlab.com, version.gitlab.com, forum.gitlab.com, Canary, dashboards.gitlab.com

Locations

Google Compute Engine, Azure, Digital Ocean, Zendesk, AWS

https://redd.it/sh3yn1
@r_devops

The things that drive you nuts the most with Jenkins

Hi all, I’m a cloud engineer and got setting up Jenkins for a smaller team of developers as a task for the next 3 weeks, and since I have some terrifying memories of using Jenkins from years back, I’d like to save myself from the possible horrors this time.

I remember constant struggles with plugin dependencies, scaling Jenkins was always a chore as well, with the need to handle everything configuration-related in the UI repeatedly. Painful updates – I remember manually replacing war files in Tomcat. And God forbid if Jenkins went down. It’s a miracle that I’m not yet bald at the ripe age of 31, from handling all the cases when Jenkins just straight up shat its pants.
I’m wondering if there are any more problems that I haven’t thought of, that I should keep in mind for when I’ll be handling this task.

Apart from the problems, are there any new interesting (and better of course!) ways to run Jenkins?
I saw that running Jenkins on Docker is probably the easiest way to go about setting up a basic instance but all of us know that there’s much more to it than that and there’s always a need to set up integrations with eg. various auths, persistence etc.

https://redd.it/sh4ia7
@r_devops

Does coding necessary for DevOps engineer

what are the key places using coding of either Python or Golang of DevOps world? Why coding must.

https://redd.it/sh3xoy
@r_devops

DevOps Bulletin Newsletter - Issue 36

Hey folks,

DevOps Bulletin - Digest #36 is out, the following topics are covered:

🔒 Kubernetes API access security hardening: Do you want to implement strong authentication and authorization in the Kubernetes cluster you manage? Learn about the best practices concerning API access control hardening in the Kubernetes cluster.
🤩 10 real-world stories of how we’ve compromised CI/CD pipelines: Everything from Jenkins to Docker to Kubernetes to laptops are mentioned, there’s probably something relevant to your environment
🚀 GitHub Actions through annotated examples
⭐️ Introduction to eBPF and how it can be used to add security, networking, and other capabilities in the Linux kernel space
PostgreSQL guide: If you are a PostgreSQL data architect or an administrator and want to understand how to implement advanced functionalities and master complex administrative tasks with PostgreSQL, then this guide is perfect for you.
🎬 The official Kubernetes Documentary: this film captures the story directly from the people who lived it, featuring interviews with prominent engineers from Google, Red Hat, Twitter and others. So exciting to see how the whole Kubernetes journey started ❤️

Complete issue: https://www.devopsbulletin.com/issues

Feedback is welcome :)

https://redd.it/sh7nw6
@r_devops

HOW to leverage Github Actions and Terraform

I'm looking at ways to better use GH Actions in support of deployment methods.

We currently build out multiple environments that are the same(ish).

- each customer is a new AWS/Azure/GCP environment
- all environments conform to an overall architectural and security standard but many components and services are configured specific to the client.
- some clients may have pieces others don't
- I'm mostly only interested in deployment and not on-going operations.

We layout our TF code with each tool or system in a folder. EG 'iam/security/database/app1/etc...'

As these environments are built out essentially folder by folder over weeks and months having a GH action attempt to deploy everything at once is obvisoly a non-starter.

Should I have a single action for each folder, expecting engineers to add the action when they start their work on that piece?

Or is there a way I can have GH actions only attempt to TF fmt/init/plan/apply on the changed files and assume the rest of the environmental dependencies are there?

Or something else entirely?

https://redd.it/sh9ew8
@r_devops

Cherrybomb is a CLI tool that helps you avoid undefined user behavior by validating your API specifications.

Cherrybomb is a CLI tool that helps you avoid undefined user behavior by validating your API specifications.

​

https://github.com/blst-security/cherrybomb

https://redd.it/shbldd
@r_devops

API Integration Advice

Hey guys,

​

So I've been in the data integration game for some time, but I'm kinda embarrassed to admit I've usually been looped in when the API endpoints/middleware are already well-established and it's just straightforward implementation.

​

If you were doing an API integration (from scratch) between, for example, an ecommerce back-end like WooCommerce and another service, what kind of infrastructure/orchestration would you need to configure/setup to lay the proper foundation?

​

Thanks everyone - I always have found the feedback and discussion here really informative and helpful!

https://redd.it/shbe2e
@r_devops

Host system running different OS distro in docker container - any negative effects?

I was just thinking: does it make a difference if I use an Ubuntu based image and run it on a different OS family, e.g. CentOS or Fedora? Any performance implications?

https://redd.it/shfb7c
@r_devops

Automating role-based authorisation strategy in Jenkins

I’m using the role-based authorisation strategy plugin GUI to manually administer and assign permissions to different roles, based on the projects/folders required.

Has anyone had experience automating this? Something such as jenkins configuration as code, but without the need to restart jenkins each time a new role/project is onboarded.

I have found a hacky solution that uses a custom .json file to list the roles and groups as they’re added, and a groovy system config script to read these changes.

My confusion lies in where to feed in this script/.json file. Putting it in the dockerfile would require a new image to be built and a jenkins restart for the changes to take effect right?

The plugin doc mentions a script, but doesn’t provide much information on how and where to implement it in the jenkins controller build process, in the beginning or as a pipeline job itself…

How are you managing your jenkins roles and permissions matrix for projects?

https://redd.it/shennc
@r_devops

Changing of mindset

Starting taking ownership of devop functions at my job. Working with Cloud formation and Release management. My boss has given me full ownership of these processes meaning I should be single point of truth for any fixes or updates. I am really struggling with this because I have always sent problems to more senior members to show me how to fix them. Now I am that person who should have the solutions. How does a devops/ software programmer become better at being the owner of a process ?

https://redd.it/shjhu5
@r_devops

What VPN/access solution do the big tech companies use?

What does Microsoft/Apple/Netflix etc use for allowing employees to access internal systems?

I'm a jr DevOps engineer working for a (currently small) startup, looking to employ thousands of people a year, and have been tasked with looking into highly scalable remote access solutions. I would like to know what existing companies use for this, and what any of you would recommend.

https://redd.it/shjs0i
@r_devops

CentOS8 core package repositories are no longer available

We've been waiting for it to happen, and today docker images and cloud compute nodes are no longer able to access the core CentOS8 image repos:

CentOS Linux 8 - AppStream 113 B/s | 38 B 00:00

Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: No URLs in mirrorlist

The command '/bin/sh -c yum install -y rpm-build rpmlint yum-utils elrepo-release jq' returned a non-zero code: 1

Makefile:77: recipe for target 'centos-8' failed

Same error occurs for all repos, just appstream comes first.

This occurs with trusted images and AWS AMIs, because the repo mirrorlist is now inactive.

https://redd.it/shbdbv
@r_devops

(New project / feedback request) - ssm-provisioner - A script that provides the ability to provision AWS instances via SSM

Hey all,

Thought I'd post about a new project I've been working on during my free time - ssm-provisioner.

I'll keep this somewhat short, but the main point of this project is to offer a simple method of SSM-based provisioning through Terraform.

Obviously, provisioners are not an ideal choice in most situations, but I've occasionally found need of something like this for personal projects where I'm not entirely worried about "production" quality deployment, but still would rather have a more secure option for live provisioning.

That's about it! It runs on the MIT license, and I'll be leveraging a formal semantic release and test process for it - mainly so I can keep some of my NPM and miscellaneous maintainer skills a bit more sharp.

Let me know what you think, and feel free to add issues, feedback, perhaps even some code if you'd like. I'll be fine tuning the contribution process, test suite, etc - for an upcoming "stable" release after I've had some good run time and feedback for this.

https://redd.it/shmgj3
@r_devops