Question on CI/CD with Multiple Environments & Corresponding Branches

The flow I want to follow:

PR from Feature to Dev -> Build & Test -> Merge to Dev -> Docker Build, Tag using GitHub Short SHA, Push Container to Registry, Deploy Container to Dev Env

PR from Dev to Main -> Merge to Main -> Docker Pull & Deploy Container to Prod Env

How do I pull the corresponding Docker Image From The Registry for the code I am currently merging to Main? Do I have to build again on the merge to main everytime?

The GitHub SHA is different in the two workflows because of the merge commit that happens. And cannot always pull the latest I believe because the Dev lifecycle could be faster than Prod.

I'm open to alternative flows that allows keeping code for multiple envs in their respective branches as well.

https://redd.it/sxpkni
@r_devops

DevOps Bulletin Newsletter - Issue 39

Hey folks,

DevOps Bulletin - Digest #39 is out, the following topics are covered:

* 🚀 "A ‘Hello World’ GitOps example" - This post walks through a ‘hello world’ GitOps example using Docker, K8s, GitHub Actions and Terraform.
* 💰 Why sometimes you should press the $100k button: With S3's unlimited object storage you can easily end up with a shitload of data and thousand dollar bill.
* ⭐️ hands-on video tutorial introduces ArgoCD, how it works, why you might need it and how to deploy a hello-world application to Kubernetes with it. All of that in less than 20 minutes
* 🚨 "Startup guide to incident management" - If you’re working at an early stage startup and looking to get some good incident management foundations in place without investing excessive time and effort, this guide is quite literally for you
* ☁️ Introducing a Google Cloud architecture diagramming tool; this interface provides a list of all GCP products and services in one spot. No need to worry about finding the right icon or uploading an image from somewhere else – just focus on building the architecture with the components you need right there in the interface.

Complete issue: [https://www.devopsbulletin.com/issues/s3-storage-bill-of-almost-100k-month](https://www.devopsbulletin.com/issues/s3-storage-bill-of-almost-100k-month)

Feedback is welcome :)

https://redd.it/sxs4b7
@r_devops

Youtube in vid ad skip;

A chrome extension for youtube that tracks ⠀other users skip behaviour and uses that data to skip at video ads such as skillshare, brilliant, world of war, raid shadow legends, ect Is this a good idea?

https://redd.it/sxthfe
@r_devops

Local Development with Kubernetes Service Accounts

I'm a devops engineer and i'm trying to convert an application from using an AWS service account w/ key and secret for authentication, over to using a k8 service account to assume an AWS Role.

The challenge im facing is that the app developers use IntelliJ on their local machines to test their code, which requires hitting AWS resources. This means that they have possession of the key and secret for the service account (in our dev environment at least) on their local machines. If their IAM user is terminated, they still have possession of those keys and security is not ok with that. We don't have a good mechanism for key rotation, nor is there a plan for one.

...Hence using kubernetes service accounts to assume an AWS role and grant the application the AWS permissions that it needs to function. Since we are using EKS and the containers already assume the cluster role by default, this has been super easy to implement. But it totally breaks the ability for devs to run the applications locally in intelliJ.

I'd love to set them up with the ability to run the application locally using docker desktop's kubernetes environment or something like that. But then they have to build the app and then deploy it locally, which is far slower and less streamlined than intelliJ. They are used to being able to run the application without even having to build it.

I'd love any and all suggestions as I am totally out of ideas.

https://redd.it/sxtjv4
@r_devops

Is there an easier way to SSH to ECS containers?

When I want to SSH to ECS I use

aws ecs execute-command --cluster <Cluster> \
--task <taskId> \
--container <ContainerName> \
--interactive \
--command "/bin/sh"

&#x200B;

But the ECS container gets rebuilt on every pull request so I have to keep going to AWS and get the new task Id.

Is there any other more convenient way to SSH?

https://redd.it/sxw5gj
@r_devops

What is Developer Experience? a roundup of links and goodness

https://redmonk.com/jgovernor/2022/02/21/what-is-developer-experience-a-roundup-of-links-and-goodness/

https://redd.it/sxwm41
@r_devops

question about internet speeds...

So, I'm looking at moving to a new house. The place is awesome but it's also pretty rural, and it seems difficult to find internet plans that are more than 50mbps. I'm used to having a much faster connection than that, like at least 300.

I need to know if I can do my job from home before I commit to purchasing a property... y'all think 50mbps would cut it?

https://redd.it/sxzd6h
@r_devops

Does anyone here use oath2 proxy in front of Atlantis?

I'm trying to figure out how to insert https://github.com/bitly/oauth2_proxy in front of https://github.com/runatlantis/atlantis via terraform but have several questions. First, is there any publicly existing terraform repo that can set this up automagically on Kubernetes? My google-fu is coming up short. Second, are there are any automagic scripts that can generate the config values for you via github api? The end goal really is to just figure out how to get this as automated as possible so I can add auth to atlantis. Any additional suggestions appreciated!

https://redd.it/sy0o6c
@r_devops

Telepresence with Consul

I've gotten Telepresence working without Consul (and it's great!), but I'm having some trouble when I add Consul connect's Envoy sidecar. I see the `traffic-agent` sidecar for the service I'm intercepting, but all of the traffic is still flowing thru Envoy.

Have any of y'all gotten Telepresence+Consul working? Thanks!

https://redd.it/sy4raf
@r_devops

Does anyone have experience using KodeKloud as a learning tool? What was your experience?

It is on sale right now. I enjoy the structure for learning and it is on sale right now. Any experience? And alternatives you enjoy?

https://redd.it/sy6e5w
@r_devops

Any folks from the zerossl project lurking these forums? Your user signup page cert is expired.

https://app.zerossl.com/signup

I was looking for an alternative to cert-manager/letsencrypt because of rate limiting pains. This does not look as promising :(

https://redd.it/sy9p9f
@r_devops

EKS ingress

I want to set ALB ingress. For some reason Ingress forwards paths to services.for example. If I access mydomain/ng-test/ I get redirected to nginx-test-service but in pod log I see

\[error\] 35#35: \*16 "/usr/share/nginx/html/**ng-test**/index.html" is not found (2: No such file or directory),

Can I somehow force ingress not to add path?

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alb-app
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/certificate-arn: ***********
nginx.ingress.kubernetes.io/rewrite-target: / #test ....?
spec:
#ingressClassName: alb
rules:
- http:
paths:
- path: /ng-test/
pathType: Prefix
backend:
service:
name: nginx-test-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: xxxx
port:
number: 8989

https://redd.it/sy536o
@r_devops

How to build Lakehouse with Azure Synapse

In today's article, we are going to see what lake house is and how azure synapse can be used to implement lakehouse architecture. https://clouddatascience.medium.com/how-to-build-lakehouse-with-azure-synapse-56ddf831c1b9

https://redd.it/sydl5c
@r_devops

Branching strategy for Infrastructure as a code

Hi folks,

I am very curious about people's way to manage infrastructure in a git and looking for a way to improve mine.
So, we are using terraform and store code separately from source code. The infrastructure code is relatively complex and on general divided by 2 modules(global resources, regional resources) then each environment call modules from own environment folder and supplying variables.
I have aproblem for branching strategy for module (it's a separate repo). The software release happens not often (1 in few month, because before going to prod it is tested on like 4 environments).
So we have a master branch, where the prod deployed from SW released version (say 2.6.30).
Then we have a develop branch with the version that reflect current development (let's say, 3.x)
Then sometimes developers start a complete different version (4.x) while releasing fixes and features for the current master and develop branches.
So,we have a sort of branching hell.
Do you guys have any tips on how to support this scheme?

https://redd.it/syi0ye
@r_devops

Which source code management alerts are most important to monitor?

Assume the alerts are sent to a central channel and not to the individual user who performs the action.

View Poll

https://redd.it/syhdy5
@r_devops

Facing an issue with Step Function

I want to run a function every 2 mins but I want to start those 2 mins only after the excution of that function is complete. I saw that this is a usecase of Step Function so when I created my workflow.

Start -> Run ECS Task -> wait(2mins) and now I want to run the function again in an infinite loop. But step funtion is not allowing that, it need an "End" statement.

Any workaround for this?

https://redd.it/syk9k2
@r_devops

Has git conquered the source control world?

Are there people who still use other source control like ClearCase, SVN, etc, other than old projects that are sort of abandoned?

https://redd.it/syo6tm
@r_devops

CRLF vs LF Git FIX

git config --global core.autocrlf true

Does this allow mac/windows users to treat CRLF and LF as the same or will this ONLY remove the warning error?
Currently when i do file comparison via filezilla it shows my files as different which is a pain when working in a team.


If I pull from github when synced with server it shows conflicts.
I think this is due to me being windows and team being Mac so I'm looking for a long term solution!

https://redd.it/sylkgl
@r_devops

DevOps projects

How are you guys doing of presenting DevOps projects in your resumes.
How to do or demonstrate a DevOps project in GitHub?

Shoot your opinions and answers

#devops

https://redd.it/syk3ae
@r_devops

Remote work cost of living calculator

There’s been a few discussions on here recently about remote salaries and how they normally vary by location based on cost of living.

Is there any online resource we can use to predict what companies cost of living based salaries will be?

Example, I’m currently looking to move out of NYC area but don’t want to totally screw up my salary. I’m looking at Frederick Md or Dutchess County Ny. I think Maryland is safe but I’d prefer Dutchess county (Poughkeepsie area. Even tho it’s high tax and reasonably pricy I think it will fail the COL calculator.

https://redd.it/sypi9i
@r_devops

Why can't I create a standard public IP in Azure?

Hey,

I'm trying to create a Standard Public IP in Azure but when I do it errors out saying I have insufficient quota for Basic Public IPs. I know I do, that's why I'm trying to create a Standard, not a Basic because I have plenty of Standards left to use.

I originally tried this in Terraform but not I'm just doing it in the Azure portal to troubleshoot. I'm selecting Standard in the SKU so I don't know what the problem is or why it thinks I'm trying to create a Basic.

Any help would be appreciated.

Thanks


UPDATE: I deleted a Basic IP and tried to create a Standard. It worked but now when I check my quota both the Basic and Standard have gone up by 1. Does a Standard Public IP also use up your Basic Public IP quota?

https://redd.it/syks00
@r_devops