lambda pipeline and buildpec

So I have an application that I want to run in lambda, my pipeline looks like I pick the code from github and then I want to build in codebuild and I want the "jar" file from codebuild to go into an s3 bucket so that I can create a deploy stage for lambda so lambda can pick up the changes from there.

​

Does this sound like a good plan? Also. what should my buildspec.yml should look like, basically I want to copy the jar file present in /targets into s3

https://redd.it/t1pu53
@r_devops

Hashicorp Packer - VMware timeout over 1h

My builds using packer are timing out due to taking over 1h (windows updates...) if I disable the Windows Updates, works fine. Any idea how to overcome this issue? I can't seem to find what I'm looking for anywhere...

https://redd.it/t1xvxk
@r_devops

What Are My Options For Running SonarQube In A Pipeline?

I have previously run SonarQube using the gradle plugin and the server running on localhost.

I have also worked at larger companies where they have a dedicated server instance.

I now need to run it as part of a build pipeline and not just locally. However, managing a server, keeping it up to date with patches, leaving it running all the time when I don't need it etc seems like a pain and I'm on a shoestring without anyone to manage it.

There is a plugin that give the results on the pipeline (which I want), however, it geared all around having a standalone server.

What are my options for running SonarQube in an (Azure) pipeline?

NB: I need a guide or link on how to do the steps of the options too.

https://redd.it/t1o4yx
@r_devops

To Docker Swarm or to K8?

About to dive into the docs for one of these technologies. Start with Docker Swarm?

https://redd.it/t204vt
@r_devops

Custom authentication in Swagger

is this possible?

Essentially we have a custom oauth2 authentication and I am wondering if it is possible to modify the swagger/openapi files to reflect this

https://redd.it/t127ql
@r_devops

Any recommendations to learn Azure pipelines?

Hi guys,

I’m a junior devops engineer. I started two months ago and am still learning on the job. One of my next assignments is to create a pipeline in azure devops.

I was wondering if you guys got some recommendations to check or read (YouTube or other sources) for beginners.

I do have a cs background, don’t know if that matters.

Thanks in advance :)

https://redd.it/t24z1o
@r_devops

kubelet unreachable after switching networks

I created a cluster with kubeadm while at my house on my local machine. When I went to my office, the server was unreachable (kubectl get pods resulted in The connection to the server 192.168.1.0:8862 was refused - did you specify the right host or port?).

What is the reasoning behind this? Are there any links that can dumb this down for me? I was under the impression a cluster running locally wouldn't be affected by a change in network connection.

Note: I ran the usual fix sudo -i && swapoff -a && exit && strace -eopenat kubectl version and the kubelet still wasn't found. systemctl restart kubelet also didn't help. I ended up losing the logs since I returned home and kubeadm reset so I know I'm not giving much to work with, but I'm still curious as to why these issues occurred.

https://redd.it/t25y5l
@r_devops

Migra: Diff for PostgreSQL schemas

I thought the r/devops subreddit might be interested in this project I just found!

https://github.com/djrobstep/migra

https://redd.it/t27c02
@r_devops

Pre-requisite to learning Docker and Kubernetes?

I am not formally a software engineer. I'm a statistician, turned data scientist, turned data engineer, turned whatever my startup needs me to be lol.

I've watched a few videos about docker. And at a 30,000ft view understand the concept of K8s orchestrating docker. But I want to learn and understand enough about them to be able to use them effectively with Airflow.

Are there any pre-requisite things I should learn? And are there any resources you guys have that you would recommend for noobs to go from zero to one on these topics?

Edit: Also I'm familiar with Python and bash. I don't know Java and was hoping I could keep it that way. Would prefer depth than breadth in programming languages.

Thanks in advance

https://redd.it/t254v3
@r_devops

How did you get into Devops?

Interested to hear everyone’s path into the field. On purpose or accidentally?

https://redd.it/t2cp4o
@r_devops

Ukrainians are organizing a cyberarmy and call volunteers to fight Kremlin's regime in the cyberspace.

This is a twitter twitter.com/FedorovMykhailo/status/1497642156076511233 post by Mykhailo Fedorov Vice Prime Minister of Ukraine and Minister of Digital Transformation of Ukraine

https://redd.it/t2mk8i
@r_devops

How to Setup a Jenkins to DockerHub Pipeline with Multi-Arch Images

I recently wrote on how to create a GitHub to Jenkins pipeline. I have also talked about building and pushing multi-architecture images to the Docker registry.

Link to tutorial: https://santoshk.dev/posts/2022/how-to-setup-a-jenkins-to-dockerhub-pipeline-with-multi-arch-images/

https://redd.it/t2szd2
@r_devops

Sonar Qube error



for some reason, the code I pushed will not pass Sonar Qube and it says

Missing blame information for the following files and then lists a bunch of files from my repo. I've looked at all the information on Stack Overflow but still no sucess

https://redd.it/t2v01k
@r_devops

Can someone help me debug an oauth2-proxy issue? It's for an infra provisioning repo I plan to fully open source when complete.

End goal: https://auth.wayofthesys.com/oauth2 should redirect to DigitalOcean or GitHub provider and allow sign in. Currently results in an "oops something went wrong" error at DigitalOcean and a "404 page not found" error at GitHub.

Repo is located here, with link to where I believe the oauth2-proxy command is failing: https://github.com/autotune/pritunl-k8s-tf-do/blob/6f1afcdce7d9acde640c07f1598dd211f791890e/terraform/cluster_resources.tf#L27

Anyone have any suggestions? I'm willing to pay $200 USDT if you can successfully troubleshoot the issue.

https://redd.it/t2xqcy
@r_devops

Hey r/devops , 🇺🇦🔥 Hackers start war on Russia, are you in? #FckPutin

The most important bug bounty this year, by hackenproof

show the dictator what you think about invading Ukraine and shooting children. hunt every vulnerability in Russian infra and media and report to us (or exploit and report to show Ukraine your support).

https://hackenproof.com/ukraine-will-win/save-millions-lives-hackers-against-russia

https://redd.it/t2x3fg
@r_devops

Terraform Orchestration at scale - Generate an Orchestration graph?

Hi, there's an interesting terraform problem I have, regarding orchestration across multiple workspaces and I was wondering what everyone else was doing.

Let's assume that you need to build a workflow for a cloud platform. You've identified some top level groups of workspaces that represent the following resources:

* Accounts (aws or subscriptions on Azure, it doesn't matter)
* Resources that are above accounts (Organization resources or what goes on an Azure Management Group)
* Resources that are deployed inside Accounts (e.g a bucket or a whole Kubernetes Cluster)

In the above scenario you have 3 separate groups of workspaces that need to be deployed in sequence (or what is called a layering approach today):

1. Organization
2. Accounts
3. Account resources

Ideally you want this separation so that you can have small granular states, reduce blast radius and accelerate plan/apply's. Putting everything that lives in an account is an anti-pattern and can become a scaling bottle neck, as per the hashicorp best practices.

To build a workflow that supports the above, there's **two options** I see:

**1)** **Split these top layers into their own separate git repository** ending up with something like this, where each resource group has its own workspace (and the relevant main.tf)

organization.git:
iam/
resource_1/
resource_n/
main.tf
accounts.git
account_1/
account/
resource_1/
resource_n/
account_n/
account/
resource_1/
resource_n/

**2)** **Create a monorepo with a structure similar to this, where each resource group has its own workspace as well.**

platform.git:
organization/
iam/
resource_1/
resource_n/
main.tf
accounts/
account_1/
account/
resource_1/
resource_n/
account_n/
account/
resource_1/
resource_n/

The challenge with both approaches is that you need to have a mechanism that will orchestrate the terraform plan/apply's across multiple nested workspaces.

Terraform simply does not provide that. For example, **with the first approach the sequence of terraform plan / apply should potentially look like this**, based on dependencies across workspaces:

1. Organization::IAM
2. Organization::Resource 1 & Resource 2 on parallel (no dependencies)
3. Organization::Resource N last (depends on previous resources)
4. Account\_1-n workspaces run on parallel
5. Account\_1::Resource\_1 because all other accounts might depend on it
6. Account\_n::Resource\_1 & Account\_n::Resource\_2 run on parallel (no dependencies)

​

Based on the above sequence, it seems that in both scenarios we've generated a Directed Acyclic Graph (DAG) that describes the execution workflow.

* Has anyone considered using a workflow engine to orchestrate the execution of all these workspaces? (airflow / argo worfklows)
* Is there a better way to manage resources across an entire Cloud Organization by minimizing manual orchestration but still keeping state small and granular?

https://redd.it/t2ow0l
@r_devops

Is it a DevOps engineer's responsibility to come up with the status and workflows for epics, user stories, bugs etc, as well as how confluence space and page should be structured? As well as determining the RBAC?

As per title

https://redd.it/t327xw
@r_devops

Input needed from someone who's built a chrome extension for Gmail or Gmail Add-on

Hello beautiful people :)

If you've built a chrome extension for Gmail or a Gmail Add-on. I'd like to know if it's possible to parse user data from my web app and show this data inside an email when a user from my site sends an email to someone.

So basically my extension or Gmail add-on will check the email of the user who sends the email, and fetch the data from my site relating to that sender's email address , then finally populate the email with that data.

The receiver of the email can see certain information relating to the sender (perhaps next to the sender's name). For example, the receiver can see a hyperlinked image displaying the rank of the sender (fetched from my website). Then when the receiver clicks on the image, they'll be re-directed to the sender's profile page on my website.

Is this possible?

https://redd.it/t38cdg
@r_devops

What do you use for Storing and distributing software builds to customers

Hi all, asking here about your solution on distributing your software builds to customers.
I'm pretty curious about pricing and authentication process.
Cheers!

https://redd.it/t2t3pe
@r_devops

DevOps Bulletin Newsletter - Issue 40

Hey folks,
My weekly DevOps newsletter aka DevOps Bulletin -  Digest #40 is out. Check out a sneak peek of the topics covered on this weekly issue:

🧪 "Integration testing with Docker and AtomicJar" - Control your testing in containers with your code! A hands-on demo that walk you through testcontainers.org, AtomicJar and how to use API's to control Docker from Go, Java, Python, Node, Rust, Scala, and more.
🤯 "Discovering thousands of open databases on AWS" - this post covers a security researcher journey on finding public databases hosted on AWS with sensitive data about Fortune-500 companies, Hospitals, Crypto platforms, Startups during due diligence, and more.
😅 "Can you get pwned with CSS?" - not really, a basic Content Security Policy can save you from the possible harm caused by inline CSS.
🔒 "How to migrate from Amazon Cognito" - If you're interested in migrating away from Cognito due to the horrible UX or lack of features, then this guide is for you.
🎮 "How I got Kubernetes to run on a PS4" - The title says it all 🤯
⭐️ "Building for the 99% Developers" - a must read, it covers why there's a huge gap between developer-influencers are writing about and the daily reality of most developers.

Complete issue: https://www.devopsbulletin.com/issues/running-kubernetes-on-a-ps4

Feedback is welcome :)

https://redd.it/t3bldi
@r_devops

Transitioning from Infosec to DevOps

I hope this isn't redundant but is there any advice you'd give someone who's considering transitioning from Infosec to DevOps?


I've been in infosec for the past 3 years as part of a red team. My main role was in 'infra' which was usually infrastructure deployment and management of web servers, mail servers etc. I taught myself rudimentary Ansible, Terraform and Docker just so I could automate some of that work and I really had a thrill doing it. I also really enjoy other parts of security - the research, pentests, the community. I really enjoy everything I do in the infra role more than I do the security stuff - although it's really cool too. I've looked into the DevOps roadmap and I have most of the skills required - other than the DevOpsy ones (Terraform, Prometheus, Jenkins, K8) since security also requires a bit of the skill and knowledge posted (OS basics, bash/python scripting, networking, living in the terminal etc). DevOps as a career seems really intriguing while challenging in a way I think I'd really enjoy. So, I suppose my questions are:


1. Are there any certs required? (infosec is pretty anal about certs)
2. What would you say are the key/fundamental technologies I should look into learning first?
3. Other than the resources posted here, are there tools/sites/courses I could learn from? (smth like TryHackMe for infosec)

https://redd.it/t3h87p
@r_devops