GO recommended over python for devops in 2022?

Hello, studying for becoming devops atm and I see go is recommended over python for a programming language? Any thoughts as to why? My devops friend says Python should definitely be the go to

https://redd.it/skczfz
@r_devops

Managing json config files for apps deployed to k8s at scale

Hello all,

we have several applications which are deployed to k8s (AWS) cluster on regular basis. Each of those apps use their own json config file with structure similar to the one below:

{"entity-1": {
"user": "user1",
"password": "pass",
"some_details": {
...
}
}}

As you can see there is also sensitive data, password, in the json (so far they were part of git repo but I managed to convince stakeholders to not do that any more).

Those json config files were mounted to pods as secrets/config maps.

When developers add a feature to the app additional objects are also added to the json file (sometimes with another user/password).

When you have multiple apps each with its own json config file it is difficult to manage that when it comes to deployment as it doesn't scale (i.e.: manually).

Do you have any idea how to make it scalable but also safe from automatic deployment point of view ? Where do you keep all those json files safely and deploy them automatically with all the password inside ?

I can use i.e.: AWS Secrets Manager but should I put the whole json config file in it or a subpart (just with the user/password) ? If subpart how to merge it with the rest of the json config file (as mounted secret/config map)?

​

Update: it is all about automatic deployment from CI/CD

https://redd.it/sji332
@r_devops

He passed CKA, CKAD, CKS in 6 months preparation without prior experience

https://training.linuxfoundation.org/blog/success-story-three-kubernetes-certifications-help-prepare-for-solution-architect-role/

​

Wow, unbelievable, I wonder how many people can achieve that in such a short time.

​

LF: How long did it take you to prepare for the certification?

TI: In total for the three certifications, I prepared for 6 months. I didn’t have any hands-on experience before that time.

​

LF: What resources did you use to prepare for the exam?

TI: I read books, explored the official website for the certifications and Kubernetes, and took online courses.

https://redd.it/skgq63
@r_devops

Are IAM roles infrastructure or app config?

We're somewhere in the middle of a long process of splitting up our monorepo to individual code repositories and came across a design decision that we need to make.

Some of our services require access to certain AWS services (S3, secrets manager, KMS) during runtime. Currently, IAM roles and policies needed by the service are deployed together with the service using Terraform as a single operation.

We've split out the infrastructure stuff to a separate repository, so things like Kubernetes cluster operations are handled independently of application deployment. But IAM configuration is neither here nor there. If we keep our IAM configuration in the infra repo, any change to application code that requires a change in permissions would require a separate, coordinated deployment of infrastructure changes. This adds operational overhead. The other option is storing IAM roles and policies in the application repo, allowing the app and its developers to manage their own permissions requirements. While this may be faster, it's also a potential security concern.

The other issue is the tooling we are currently using to deploy infrastructure (Terraform) is different from the tooling we are planning on using for application deployment (ArgoCD + Helm). I'd really rather we didn't have to trigger an infrastructure pipeline on every app deployment, but I also don't want every app repository to manage its own set of IAM roles and policies, both to avoid security concerns as well as tooling explosion. After writing this, I'm leaning towards central management of IAM as infrastructure.

So what do you do? Is IAM for applications part of app configuration or part of cloud infrastructure? Should it be centralized in one infrastructure repository or managed independently as part of app configuration?

https://redd.it/skgfis
@r_devops

Which os should I use inside docker?

Centos is becoming centos stream which is basically a beta version for rhel, is there a alternative os similar to centos which provides stable security updates for a longer period of time.

https://redd.it/sjgoyf
@r_devops

Too Simple To Fail: Marrying Nomad, Caddy, and Wireguard

I've been tinkering in my homelab with some solutions in my Nomad-based container cluster and wrote up some results from replacing my old Traefik setup with an approach that uses a combination of wireguard for inter-service communication, consul-template for generating dynamic Caddy configs, and then relying on Cadddy for its reverse proxying and TLS features. Thought it might be interesting to y'all.

https://blog.tjll.net/too-simple-to-fail-nomad-caddy-wireguard/

https://redd.it/skln79
@r_devops

What attracts you to DevOps

Hello Everyone,

​

I wanted to start a thread to learn a little bit about what makes DevOps tick. Since I am in a position where I constantly engage with DevOps / SREs It would really love to learn what you look for in a job.

I know salaries are competitive, especially where I am recruiting in California. So I like to know the kinds of fringe benefits, perks, and programs that entice DevOps people to take a second look at a job posting!

​

Thanks in advance!

https://redd.it/skkren
@r_devops

How do you use Jenkins?

Hello guys! I'm a sysadmin and started recently to learn DevOps stuff in order to upgrade my career. It seems I have some trouble understanding Jenkins because I cannot see what real life problems can be resolved by Jenkins. How do you use it in your organization? Could you please provide some examples? One friend showed me that he gets code from git and run it on jenkins and I cannot understand why taking code from git and run it locally can help me. It would be great if you can provide some practical use cases. Thanks and sorry if you find my lack of knowledge offensive or funny.

https://redd.it/skmtq3
@r_devops

Would you consider the DevOps Role as more of a lone-wolf or teamoriented job-Role?

Hey guys,

im currently a sysadmin working my way towards devops and iam trying to figure out if the job is what i think it is...
Since its very important to me to be working in a team environment i was thinking if you guys who are working as devops already think that the typical devops role is more a lone wolf type of role or a teamplayer oriented role? Or ist it impossible to generalize this?

Greetings and have a great weekend

https://redd.it/skonwo
@r_devops

How do you deliver updates of desktop applications to customers?

Hello,

I have created multiple one-off desktop applications but what if they had many features to be added over time. How does one send updates without moving builds and files through mails and drives?

https://redd.it/skr5wy
@r_devops

Making Jenkins Pipelines more like a DAG

Hi! At my org we're eventually going to make the transition to gitlab. One feature I'm particularly looking forward to is the ability to make pipelines like they're a DAG:

https://docs.gitlab.com/ee/ci/directed\_acyclic\_graph/


Is there a way to simulate this in a Jenkins pipeline? One of the biggest problems my project is facing is long build times because nothing is parallel, plus certain stages fail due to dumb things like network timeouts. While we retry certain parts of our pipeline, this doesn't always work. It would be nice to be able to restart the pipeline at certain points, remembering any stashes we made in "parent" stages. I did find this stackoverflow page, but I was wondering if there were any other thoughts here:
https://stackoverflow.com/questions/38129745/jenkins-build-pipeline-restart-at-stage

https://redd.it/skpulk
@r_devops

How do you collaborate Terraform and Terragrunt code?

Coding and running terraform code locally is good for testing.

Working in a team, the requirement for CI arises and you can’t keep running the code from your local dev environment.

Doing a research I’ve found Atlantis the only open source project that does CI for Terragrunt. Other projects are CircleCI (SaaS). Are there any other options? How do you collaborate and run Terragrunt code in your team?

What’s your workflow?

https://redd.it/skp3bs
@r_devops

I’ve just realized something that my boss probably hates to hear. I think that the point of DevOps is for employees to have free time.

That means they may not always be busy. But you have to consider this is the goal in order for the team to have free time to help swarm issues and ensure quality.

https://redd.it/skxe5f
@r_devops

From power industry to devops

Hi,

I believe all of you here have just good passion in devops. I'm a plant engineer which is so far off in software but would be willing to learn to the devops industry. What are the things i need to do to start entry jobs for me to become devops? I'm 29 yrs old. Can I still do it or is it too late for me?

https://redd.it/sl024l
@r_devops

Akamai self learning

Can someone suggest any online course of akamai in youtube, udemy or any platform.
I was unable to find any kind of akamai focussed video series.

https://redd.it/skot58
@r_devops

Can someone clarify Devops tools?

So I'm trying to wrap my head how everything fits together:

- Docker is for creating containers, sort of smth in between a virtual environment and VM used for delivering my site and its dependencies (do I have to include the installed version of Python in the container or do I install it on the VM?)

- Kubernetes is used to manage clusters of nodes running containers, right?

- Git is our versioning control system

- what are Terraform, Ansible and Jenkins and what are their differences/uses?

- are there other tools I am missing?

I'm planning on building a Django project, even if its a small site I want to configure it the full dev ops way to scale in the future if possible, and get some experience early, any tips?

For starters I'm thinking of running on Heroku but to be able to later deploy on a Cloud provider if needed. What's unique to Heroku to just get started? I also want to be able to pull data from other sites directly into the project/database.

https://redd.it/skmjvt
@r_devops

incident communication best practices

this is arguably one of the most important aspects to effective incident response. what do you find challenging or works well in your org? we wrote about the stages of it here as well.

https://redd.it/skl167
@r_devops

HashiCorp Vault difficult to install in AWS EC2 with SSL or am I a newbie?

Attempt 1:

Tried installing it with AWS Cloud formation, the fields inside AWS didn't match their medium post or youtube video. [https://www.hashicorp.com/resources/deploy-a-production-ready-vault-cluster-on-aws-in-5-minutes\]

Attempt 2:

Tried installing it with Terraform following along a YouTube series

https://www.youtube.com/watch?v=7qynYJI3lRk&list=PLesRB-DxZa8aTqGMk1MIRmR0zzfrCq1ck&ab\_channel=TechGuidesandThoughts

At this point I'm 3 hours in, wanting to blast my head off.

Attempt 3:

https://gist.github.com/goforbg/0abe3264ef082963d6491e28f100549a

I stumbled upon a script that installs it using docker compose, which worked well.

Everything worked well in the third attempt, it was with docker-compose. But I got stuck trying to install the SSL certificate using the one tutorial the internet pointed me towards - https://www.monterail.com/blog/2017/lets-encrypt-vault-free-ssl-tls-certificate.

6 hours in, I hate myself.

Then after a lot of digging I got to know, the author actually mismatched the keys to be put inside the config! https://github.com/hashicorp/vault/issues/2641

I have decided I don't care anymore. I would happily pay AWS Secrets Manager instead.

https://redd.it/sl5vsz
@r_devops

Complete opensource ci cd tools

Hi, I am new to ci & cd and have to set up both.I was going to use jenkins but while exploring other post relevant to it everyone seems to discourage it.Seems like gitlab is popular choice but i want something opensource.So, What are completely open source ci, cd tools like jenkins.

https://redd.it/skif8r
@r_devops

Maintaining up to date customer documentation with regular releases

I'm trying to figure out what the best balance for being able to release new features/UI changes quickly while still allowing our customer facing documentation to be up to date as quickly as possible.

While this doesn't directly relate to the work 'DevOps' do, I figured this would be the best community to ask what you or your companies do with regards to this.

Any common practices in the SaaS space in this area, or is it a constant scramble? Is the release schedule dependant on all resources being ready prior to push to prod, or is there an expectation that there will be lag.

Any input on this subject would be deeply appreciated, I struggle to find anything meaningful on the subject.

https://redd.it/sl9h36
@r_devops

Any companies that offer fully remote and no grinding leetcode

In my current role, i make 100k and i am the only devops who manages terraform, eks cluster, cicd jenkins, scripting, logging with opensearch. I feel like i can upgrade my pay a little by switching. I have a good knack for learning but can’t bring myself to grind those data structures and algo interviews. I liked my work as if was a chill environment but now there’s daily scrums and burn down charts and accountability which kills the fun and creativity for me. Any recommendations please. Thanks

https://redd.it/sl8xfe
@r_devops