What OS are you running on your work laptop?

I have never had the option to use a Unix OS on my work laptop at any of my jobs so far... I find this quite frustrating and I usually end up carrying out a large chunk of my work via an Ubuntu/CentOS hop-on server.

So I'm curious how common it is for IT companies to allow their users to use Unix OS distributions on their machines...

https://redd.it/u70kfi
@r_devops

Management always assigning epics/bodies of work to individuals instead of the team as a whole.

This is my third team I've been on now. I have worked under at least 7 managers. The way the work has always been assigned no matter which manager I've had goes like this:

Manager needs something done and either assigns one of the teams members in sprint planning or some other planning session. "X I need you to work on this" sometimes they'll say "I need X to take the lead on this". Or in one on ones they ask the person to do some work for them.

I get that this is just a management style and probably works for lots of folks. But I'm wondering if it's rare to find a manager who just throws a body of work at the team and let's them figure out how to manage it amongst themselves?

I'm not a fan of the X person is responsible for this. It tends to lead to silos in my experience.

https://redd.it/u76jn5
@r_devops

Every monitoring system has an inbox, but why isn't there a central inbox for all my monitoring systems?

Like, Sentry, Datadog, Pagerduty etc. all have an inbox view for the alerts they generate, but there isn't a central inbox. The current way seems to be dump all notifications from all these sources to a team slack channel.
Why do we think this hasn't been centralized yet?
Some points that come to mins are, maybe it would be impossible to merge notification from all these sources because of the distict nature of the notifications and different workflow that happen for each source.

https://redd.it/u7042j
@r_devops

Hi r/devops! I've got a bit of a specific question that I'm having a hard time googling for... Which tends to be when I come to Reddit! I'm building a Pi Kubernetes cluster and I'm wondering about hardware/application monitoring.

Essentially, I want to monitor each of my Pis in addition to the Kubernetes plane and the apps running on it.

Let's say I use Prometheus to monitor all of it. Would I have one Prometheus instance running on the OS to monitor the hardware and a separate instance running on the Kubernetes cluster to monitor my apps & the cluster health? Or could I somehow monitor the underlying OS with a Prometheus running in the Kubernetes cluster?

Does it even make sense to monitor the Kubernetes cluster from within the Kubernetes cluster or should that monitoring live on the OS for reliability? Should I have a completely separate couple of nodes that only host prometheus and monitor the K8s nodes?

Any thoughts, experiences, and opinions are appreciated.

Oh, and by the way, I do understand that this is just a small home cluster so a lot of these choices are inconsequential, but the purpose of the cluster is to learn about best practices, so I'd like to set up the monitoring with that in mind. :)

https://redd.it/u7gq68
@r_devops

Hashicorp survey for 2021 says that there is lack of skills in multi-cloud.

Last year Hashicorp did a survey and among other things (e.g. cost) one the main issues is the lack of skills in the multi-cloud. Yesterday there was a new survey for 2022, but now it's closed.

I think that although the services operational costs might have decreased a bit since last year, the lack of skills is still an issue. But this is actually a good thing, because it's a hint for many devops and SW engineers to know where they should focus and learn new skills and also take advantage of that fact to set their salaries requirements.

DevSecOps and security seems to be the second pain point in the industry, but the survey was before the Log4Shell, which caught almost everyone with the pants down. Therefore, maybe this year security will pop in the first place.

https://redd.it/u7qs7v
@r_devops

Joining DevOps!

Hi guys,

I've managed to get a job as a Junior DevOps with a small company. I didn't expect to get it because 1 , I wasn't looking for a new job (got headhunted by a recruiter) and 2, I didn't have any DevOps skill.

I did the interview because I thought I got nothing to lose anyway and plus I am always interested in DevOps, 2 Interviews later (really nice and friendly team) I got the job!

During the interviews I've made sure they were aware that I don't have any DevOps experience and my cloud skill is a bit rusty due to my current company don't have any cloud infra, but I am willing to learn (which I am and I really excited for it!)

I will start in a month time, now the question is where should I start? I've asked them about which DevOps tool/program that they are using so I can start learning prior to the start date and they said they use Docker, BitBucket and Git.

Background about my experience, been in IT for about 10 years (5 in support and 5 in Sysadmin)

Any pointer would be helpful!

https://redd.it/u7p6w9
@r_devops

Keycloak config management?

Hey, anyone uses here uses Keycloak at their workplace?

How do you guys handle configuration drift across different environments? People at my workplace keep changing some stuff and then when a release moves to another env, keycloak issues arise. I've looked at keycloak terraform provider however it might be too complicated for devs without any terraform experience.

Could anyone give some advice on keycloak config management?

https://redd.it/u7vowm
@r_devops

Error: Issues are disabled for this repo, but they are

so I just moved a github actions workflow from one internal org repo to a new one, (also internal org) and all of a sudden I get the following error message for the action:

Error: Issues are disabled for this repo

Issues is enabled on the settings page in general/features, and the workflow was working fine before in other repos. I'm running the following segment is what causing the issue:


- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.TEST_PAT }}
docker_name: 'owasp/zap2docker-stable'
target: 'https://localhost:8000'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'

Any idea where I should look at next to solve this issue? as mentioned I never encountered it before, and I was running it in different repos with the same settings in the same org, so this really comes out of nowhere to me.

https://redd.it/u85z4g
@r_devops

What to ask the company recruiter of a startup

It's hard to tell from the outside if a startup is in decent shape. What questions have people asked the company's recruiter that gave them an idea of the health of the startup overall?

https://redd.it/u88e67
@r_devops

Teaching junior developers

As an industry we tend to select for the autodidact who can teach themselves. I think we do this for two reasons. First since best programming practices aren't settled yet we want people to be able to adapt to change. Secondly it saves a certain amount of effort training.

However this seems short sighted on the effort front. Surely teaching will go faster than letting them discover on their own. Even accounting for both peoples time. Also while not everything is settled there is quite alot that is. TDD is good. IaC is good.

So I think I need to learn how to teach others well. Teach coding techniques, technologies, tools, and practices (like DevOps). How do you go about teaching DevOps to juniors?

https://redd.it/u89dv5
@r_devops

As the owner/lead architect of the cloud infrastructure for a rapidly growing startup, what type of process or concerns do you have around devs (indirectly) proposing infrastructure changes?

To provide a little context, I'm the tech lead of our DevOps team. We've tripled our Engineering team over the last year. With all this new blood comes all the new ideas of how we can improve things. I've historically tried my best to embrace innovation but we just wrapped up a project for a "minor" change that had crazy scope creep and turned into a major ordeal.

To avoid future problems of the same nature, I wanted to put together a list of things for the team to consider when we introduce new changes.

"Infrastructure changes" are anything from deploying a new microservice, to switching from Nginx to API Gateway, leveraging a new AWS service, and everything in between.

* Does this change require modifications to the local dev or sandbox environments?
* Does this change require modifications to automated testing in CI/CD?
* Does this change require modifications to how we deploy to production?
* Does this change impact our security posture in any way?
* Does this change use new AWS services or different features of AWS services than we currently use?
* Does this change serve to fulfill a currently unmet need?
* What alternatives have been considered?

This list isn't exhaustive but I'm interested to hear if you all have a similar set of concerns?

Cheers!

https://redd.it/u88ds5
@r_devops

Switching from fullstack to devops

I've been into web dev since 10 years, I am very strong in both backend and frontend, currently I am mainly working with React and Laravel.

Recently I got an interview for a Devops position. I'm not going to lie, I only started devops since 5 months when our devops guy left. Mainly what I do in my current company is to create Dockerfiles, docker-compose files, modify some k8s configuration files, configure Jenkins so it runs integration testing and deploys automatically, set up composer packages, git repositores, etc ... more like a dev guy is messing around with the already setup tools and fixing some stuffs.

To be honest I didn't even apply for this Devops position, my whole resume is about Backend Frontend webdev, but in my last position I simply put in the Jenkins, Docker, Kubernetes in my position description so this HR guy gave me a Devops interview. I thought no shit I will give it a try, if I fail anyway I should just see what are the options out in the market. So we had a two hours interview, it's a big company with 30 offices around the world, they said currently they do a lot of tasks manually and they need a dedicated guy who will only do Devops. I explained them what I am doing exactly in my current position, and for my surprise they liked it. I even told them do you guys want some Devops guy who are very experienced, or would it be okay if I learn on the job. They said they are still interested in someone who are like me, strong developer background and transition into Devops.

I looked into the K8s configurations, I wouldn't be able to set these up from scratch right now, just only if I deep dive into it. With Docker and Docker composer I am quite comfortable, I also wrote a slick Jenkins script that does all the integration testing and deploy to the k8s. But to be honest I don't know what the fuk I am doing for why. As I said I am developer who was given these infrastructure and started gaining experience these ways. But when I check AWS certification question, I am like what the fuck am I reading. So I have doubts that I should go into a Devops position just because I modified a K8s configuration and I knew how to setup a docker-compose.yml

What do you guys think, would I be suffering if I accept this job? I have one month notice in my current company, the package is nice and I thought maybe I would study for the AWS Certified DevOps Engineer in this one month if I accept the offer so I don't get into a job like a complete idiot. \\

What do you guys think?

https://redd.it/u8jzel
@r_devops

Is it common to have nothing to do for basically... Weeks?

I've been at this company 2 years. Last six months I took a new position there being a "Lead" for automation development within a developer group. I'm not sure why "Lead" is in my job title because there's no other automation developers. I had thought more interesting work would be done, but it's all building in huge, legacy systems like an ancient POS codebase written in VB.NET or SAP systems.

Nothing wrong with those technologies but it isn't my skillset or interest, which everyone knew when I was offered the position. Instead the focus was on DevOps-y stuff like cloud automation, test automation, pipelines etc.

Maybe I just don't have enough big ideas, but there seems to be so little demand or interest in the work I do. I'll create pipelines to test and build the POS application. But when it comes down to it, they just keep doing local builds and deploying from their laptop with an ancient, home-grown windows desktop app. I suggest and report on how we can implement better deployment mechanisms, code quality tools, log aggregation. Management seems interested, then nothing happens (even when the cost of implementing this is fairly low)

I'll Introduce integrations to make collaboration easier with source control and JIRA. In the lead up management/teams will seem interested. Then no one uses it and that's that.

I get that part of my job is creating initiatives and finding situations where Automation can be applied. But on the day-to-day, the objectives and tasks I'm supposed to complete seem so wishy-washy that if I don't do anything no one notices. I can spend days doing absolutely no work without taking leave, and no one notices.

Most days I spend learning Kotlin and Android development because I want to transition to that area in a year or so.

https://redd.it/u8ks4q
@r_devops

Kerbi: a Helm Alternative - Looking for Initial Feedback

I'm sharing my new project with r/devops today to get initial reactions.

Docs: https://xavier-9.gitbook.io/kerbi/

Repo: https://github.com/xavier-mt/kerbi

This is non-commercial, and it is not a SaaS shoehorn.

# Perspective coming from of other tools

Helm, Kustomize, Kapitan, CDK8s, and KPT. My grading for the things I care about in these tools:

​

|Templating|Helm and Kustomize|Kapitan, KPT, CDK8s|
|:-|:-|:-|
|Feels familiar & native to K8s|8/10 and 9/10|5/10 average|
|DX^(1) scales w size/complexity|7/10 and 5/10|8.5/10 average|

​

|State & Revision MGMT|Helm and KPT|Everyone else|
|:-|:-|:-|
|Easy, built-in, feels native|10/10 and 8/10|N/A to 5/10|
|Loosely coupled w K8s|4.5/10|N/A to 10/10|

In the end, I still recommend Helm to most teams/projects. People already perceive Kubernetes as hard, and want the templating/state tool that feels most native to Kubernetes (99% of Kubernetes tutorials use YAML), vs an unfamiliar thing that itself must be learned.

Simplicity and stack integration seem like good predictors for adoption in modern languages, frameworks, and tooling. So again, Helm had every right to win (post Tiller...).

1: DX = Developer Experience

# Designing Kerbi

I set out to build something that you would describe to friends as: "a lot like Helm, but you can do fancier templating, and the state/release system doesn't highjack kubectl or touch your resources. And there's no app store.".

I call Kerbi a "Helm Alternative" as opposed to "a KPT alternative" or something else, because as explained above, I believe that Helm gets the important things right better than the others, and thus use it as the conceptual trunk.

Goal: score 8.5+/10 in each category:

​

|Criteria|Strategy|
|:-|:-|
|[Templating\] "Feels familiar and native to k8s" |Minimize overhead. Make trivial things trivial to do. Simple project structure, stick to YAML, stick to mature a templating language. |
|[Templating\] "DX scales w size/complexity" |Make it easy to write logic if needed, and make it easy to keep it separate from the your normal template files. Separate concerns. |
|[State & Revision\]. "Easy, built-in, feels native".|Make it obvious. Solve exactly the variable storage/retrieval problem, with as few new concepts as possible.|
|[State & Revision\]. "Loosely coupled w K8s"|Be a respectful neighbor with nothing to hide. Be powerful, while being minimally disruptive to existing Kubernetes workflows.|

​

Do you like it? I've been using Kerbi in production since last summer (transplanted from old repo), and it's working for me. Tell a friend, and let me know what you think.

https://redd.it/u8o89k
@r_devops

Any opinions on Aviatrix for managing a hybrid, multi-cloud network?

I was wondering if I could get some feedback and reviews from people who use Aviatrix. I'm currently looking for a way to centrally manage a hybrid and multi-cloud environment that feels a bit more native for networking folks. Also, I like that they have a terraform provider that I can utilize.

Interested in seeing other people's feelings about it.

https://redd.it/u8p5u1
@r_devops

So long, and thanks for all the fish.

Apparently I am a Software Developer rather than SRE now. Thanks all, it's been real. I'll be studying LeetCode for now on and forgetting everything I've learned as a SRE. I will no longer have to be on-call for infrastructure, I'll be throwing all problems that relate to my code and blaming DNS or/and the network, and working on implementing my own version of quicksort or timsort and call it indiesort. I will be building docker images locally on my laptop without any consideration for how it will be deployed in Kubernetes, since that is not my problem any more. Resource limits, auto scaling, data recovery, monitoring, and alerting? Also not my problem any more. I'll be finalizing my transition by unsubscribing from all SRE subs and forgetting everything I have learned in order to make room for software dev memes from twitter so it sounds like I know what I'm doing in client meetings. So long, and thanks for all the fish.

https://redd.it/u8uri2
@r_devops

For any junior DevOps folks out there, get comfortable with being absolutely clueless :)

So I started a DevOps internship with a cybersecurity firm roughly 5 months ago. My internship is gonna be over pretty shortly and I got the confirmation that they're going to be hiring me on full time. I've been lurking on this subreddit since the beginning of my internship constantly searching the key words "stress" & "too much to learn" in the search header lol.

I had absolutely no idea what I was getting myself into. DevOps is definitely not a role someone can just transition to in the course of several months. There's so much knowledge and expertise across different domains needed just to be able to do your job decently. On top of that, I had pretty much little to no prior experience doing development work. I did setup a couple servers on IBM cloud and did some small automation stuff to download anime torrents but that was about it.

My internship was extremely stressful. I spent a bunch of time outside of work and on the weekends just to stay afloat. I always constantly felt behind and my manager had very high expectations of me. I went from not knowing how to make a simple GET request to building out an API that connects connecting multiple pipelines and cloud services. I spent a lot of time troubleshooting very miniscule stuff like my script wasn't working because I wasn't in the right directory etc. I didn't get much help from my co-workers because they were always extremely busy so I got a ton of help from a lot of people online and bombarding stackoverflow.

I still feel extremely overwhelmed with my workload , but I've gotten a lot more comfortable with the process of learning how to find the right answers and asking the right questions. I'm really happy with how far I've came and for individuals out there who are seeking an entry level role in DevOps, I would highly recommend you to read the Phoenix project, study the architecture behind a couple tools like kube/aws code pipeline, get your hands dirty by doing some hands on stuff and know that it's okay to feel overwhelmed.

Coming from poverty, getting a full time job doing something that I find really cool and pays well is pretty bonkers to me. Now I just want to wrap up my comp sci degree, continue to learn as much as I can and spend my weekends doing some leisure activities.

Here's a brief itinerary of my internship experience.

1st Month:

\- Read and update documentation

\- Build some basic pipelines

2nd Month:

\- Shadow with another engineer on building an automated solution

\- Got into some trouble for just shadowing and not contributing to engineers work

3rd Month:

\- Build an automation solution for a niche use case

\- Destroy the automated solution because it's no longer needed

4th Month:

\- Work on building the automated solution again because business needs have changed and create an API for this automated solution for organization to use

5th Month:

\- Configure this API to connect with multiple cloud services. Interview with different stakeholder on different use cases for this automated solution

\- Bathe in glory

\- Go back to gym cuz I gained a crap ton of weight lol

https://redd.it/u93dxk
@r_devops

Looking for a good AWS/Google Cloud comparison tool/resource?

Hello everyone!

Not sure if this is the right place to post this, but I was wondering if anyone knew of a good resource out there that highlights the similarities and differences between AWS and the Google Cloud Platform as a whole? Things such as their different services, networking configuration processes, even tribal lingo too.

I'm interviewing for a new company and have spent all of my short DevOps career in the AWS architecture, and know very little about GCP. I've tried Googling for a decent resource but haven't found anything that explains more than just the equivalent services between the two.

https://redd.it/u9k8iz
@r_devops

How long does it take for your company to install software for you? (for restricted local admin environments)

I wrote a few weeks back about not having admin access.


One of the problems with not having local admin access is the inability to install software (which isn't a bad idea considering software installs are the most common attack vector). So I'm ok with this so long as the company process is built properly.


So I followed the company process, submitting a request to install Wireshark on my local machine. I submitted the request on April 6th, was asked on April 20th if I was "approved" to use this tool, and finally today (April 22nd) the software was made available to me in the software portal so I can actually install. It's a few versions behind at this point, but whatever, at least I finally have it installed.


So to recap, I could download and install Wireshark myself in <5 mins. Or, via my **awesome** company process, submit a request and have it installed 16 days later.


Am I crazy for thinking this is unnecessarily long? Wait a day, two days, three even? Sure, not everyone can jump on something right away. But does it really make sense for a software install (really, just a check box to enable it to appear in my software portal) take 16 days?


Yes, I work for a large financial organization and we are very bad with process and doing anything quick or modern... I've been here for a few years now and it's stuff like this that makes me want to jump. I've tolerated it for a few years and "gave it a chance" to improve, but after 3 years I think I've given it all the chance it deserves.

https://redd.it/u9ebo4
@r_devops

Who should be doing oncall?

At the company I work for, we are two DevOps engineers (myself and another colleague), and we have been doing the oncall duties for a few years. We manage all the infrastructure and we do are former full-stack engineers from the same company, so we have full context of the product code and the infrastructure as well. This means that, when an incident arise, we are very capable of solving it, including making product code changes when needed.

However, the company has grown a lot recently, both in the number of developers and the product itself (many new functionalities, etc.). My colleague and I are no longer writing product code every day, so it's hard to keep up with the product code changes. Meaning that we would probably need a considerable amount of time to understand what is going wrong with the code before we can solve it.

My question is, who is usually doing oncall at your current companies?

- If answer is the developer engineers ==> How can they respond when there's an issue related to infrastructure? (eg: a server instance going down)

- If answer is DevOps engineers or sys admins ==> How can they respond when there's an issue related to the product software? (eg: a non obvious software bug causing downtime or performance degradation)

https://redd.it/u9ligp
@r_devops

What would your ideal technical interview look like?

I am a DevOps engineer, not a recruiter. My team does technical/meet the team interviews for candidates. I want to make a technical interview process that avoids all the annoying shit other companies do. I have my own ideas but wanted to take into account other people's too.

For example: Fuck coding interviews. I don't care if you memorized the syntax, that's what Google is for. Plus I think most people are significantly worse at coding/typing when people are sitting there staring at them, so it's not an accurate measure of anything.

https://redd.it/u9sah8
@r_devops