Alternative to Datadog?

I've been using Datadog for my apps and am fed up with their predatory billing practices. They don't let you modify your plan easily; you need to contact their (slow) support team any time you want to make a change to your plan.

I've been overcharged and ignored. I'm ready to move on to something more user friendly.

Any recommendations?

https://redd.it/uwv5zg
@r_devops

How Terraform Provider Iterative Helps ML Teams Save Resources By Managing Cloud Resources Properly

The founder's interview explains how the product helps machine learning teams manage their computing resources more efficiently. It offers full lifecycle management of computing resources (including GPUs and respawning spot instances) from several cloud vendors (AWS, Azure, GCP, K8s) without needing to be a cloud expert: Terraform Provider Iterative Helps Machine Learning Teams Save Resources And Money

https://redd.it/uwx5ak
@r_devops

Jenkinsfile shared library - refactor duplicate code

Hi guys!

I have four different pipelines that only differentiate with two variables, they all take the same parameters that I want and only default differently by adding the two internal variables. Else it is the same.

They then call a shared pipeline using these parameters. But the code is very duplicated and they ask for the same things. Could anyone recommend a read to solve this problem, making them share parameters or just how to structure it to avoid duplicated & messy code?

I tried to build a Groovy script to solve it but cannot seem to take parameters and pass them to the other "final-shared-Jenkins-pipeline".

I hope the question is not too confusing (I am pretty new). I would love any help. Got stuck for hours.

​

Thanks!!!

https://redd.it/ux06gv
@r_devops

New to DevOps - Kompose to Deployment Manifest generates too many files

I have a mismatch between my docker-compose version of superset (BI Dashboard) and what I have deployed on Kubernetes, which was generated with the help of a DevOps guy.

I try to close this mismatch I need to either try to use helm from Superset's repo, or Kompose to convert my docker-compose file. I tried the latter and it's creating a file for each service, how do I just create one manifest? Is it literally a concatenation of all of them?

https://redd.it/uwzhyl
@r_devops

Do you write templates and pipelines?

We're running a 2 man team supporting about 12 Devs in 3 sprint teams.

We're at a point where they come to us for standing up new resources where we will write IAC and pipelines for them.

With the imbalance on numbers we often hold up the teams while we do this work. Often they are late coming to us with the requirements also.

Wondering what other teams here are doing if you are working in a small team. Is it possible to shift towards getting Devs to self serve?

https://redd.it/uxdthj
@r_devops

What's the best cloud provider for me to mess around in and learn k8s without accidentally getting charged a lot of dollar?

I was thinking digital ocean?

I'm after fast set-up and transparent charges

https://redd.it/uxokyc
@r_devops

Kubernetes The IaC Way - Or how to install Kubernetes The Hard Way in one command using Infrastructure as Code

Wanting to better understand Kubernetes, I took on the well known "Kubernetes The Hard Way" project, on which I spent several days understanding and deploying.

After completing Mumshad's version of kubernetes-the-hard-way, I challenged myself to do it in one command using Infrastructure as Code.

As a result, Kubernetes installation is now fully automated and takes 10 minutes instead of several hours over several days.

Here is the link to the Github page: https://github.com/ydamni/kubernetes-the-iac-way

Currently, the project allows to install Kubernetes on two master nodes, two worker nodes and one load balancer node; in the 192.168.42.0/24 subnet.

In the future, the code will allow to generate as many nodes as desired in any subnet by editing the Vagrantfile.

I am open to any feedback, and would love to hear from you.

P.S. Before using my repository, I strongly recommend that those who have never deployed "Kubernetes The Hard Way” give it a try to better understand how Kubernetes works. You won't regret it.

https://redd.it/uy74lz
@r_devops

Don't open holes in the firewall to use Prometheus. Use a zero trust overlay network and keep your firewalls closed

Prometheus wants to reach out and scrape targets. In this series of posts I outlined how to deploy Prometheus on a zero trust overlay network based on OpenZiti to keep firewalls closed.

The post is long but hopefully easy to read. Part1 is setup, part 2 is the specifics and part 3 is the 'payoff' where you can see Prometheus scraping targets from one Kubernetes cluster to another (and vice versa).

Part 1 is here and links to parts 2 and 3:
https://openziti.github.io/articles/zitification/prometheus/part1.html

I forked the latest Prometheus released and embedded the Golang OpenZiti SDK into the server to allow listening and dialing over the overlay network. If interested you can find that code at https://github.com/openziti-test-kitchen/prometheus/tree/feature/zitify-federation.

https://redd.it/uxwup9
@r_devops

Don't open holes in the firewall to use Prometheus. Use a zero trust overlay network and keep your firewalls closed

Prometheus wants to reach out and scrape targets. In this series of posts I outlined how to deploy Prometheus on a zero trust overlay network based on OpenZiti to keep firewalls closed.

The post is long but hopefully easy to read. Part1 is setup, part 2 is the specifics and part 3 is the 'payoff' where you can see Prometheus scraping targets from one Kubernetes cluster to another (and vice versa).

Part 1 is here and links to parts 2 and 3:
https://openziti.github.io/articles/zitification/prometheus/part1.html

I forked the latest Prometheus released and embedded the Golang OpenZiti SDK into the server to allow listening and dialing over the overlay network. If interested you can find that code at https://github.com/openziti-test-kitchen/prometheus/tree/feature/zitify-federation.

https://redd.it/uxwup9
@r_devops

Am I naive

Hi everyone. First time posting on this sub, gonna try to keep it as short as I can.

Earlier this week I accepted an internal promotion as a DevOps engineer in my very large, well known news/media company. I am ALREADY feeling intense imposter syndrome and am starting to second guess things.

I am coming from a support role supporting the company's primary web application and a few other smaller apps, which I did for about 8 months. In that time, I was able to take over the current CI/CD process, which is basically manually merging GitHub PRs into different branches and watching the existing automation work magic.

Prior to that role, I've had a few other IT admin roles where I supported on-premise Windows infrastructure, with my only AWS experience being with a service that is not generally well known (AppStream). I've also been taking coding classes, right now primarily in JavaScript, but am hitting python soon. My goal is to eventually get a dev job, ideally in front-end, but my thought was to use the new role to get my CI/CD skills up for that move.

I have little to no knowledge of Jenkins, GitHub Actions, and/or Terraform. And now, my boss (who was my boss before the move) is throwing workflows and docs at me left and right that make no sense to me.

During my interviews, I believe I was pretty honest about my skill level and I actually thought I wasn't gonna get it. However, the director and VP (above my boss) who hired me said they were impressed with a mediocre monitoring solution I pulled out of thin air (google script automation to pull in rss feeds and send an email alert if there was an incident).

They also told me that while they work to backfill my old role, I would be "eased in" to this new role so I had time to learn, since they were aware that I'm relatively new to this.

Am I naive for believing them? Thanks for reading.

https://redd.it/uyi4pl
@r_devops

Monorepo for unrelated services, or setting up micro services for each?

Hi all,

I'm responsible for a repository at work, which basically handles all of the miscellaneous services that don't quite fit anywhere else in our ecosystem.

the thing that makes me want to go the micro services route is that right now, we have to schedule monthly releases for this repo, and if one thing breaks in production, everything needs to be rolled back; including the changes that were successful but unfortunately broke because of an unrelated service. And then often times we'll need to cherry pick some changes into a release and leave some out because a release needs to happen even if something else in the repo isn't working. I would also feel more comfortable developing a more agile approach and releasing frequently if I knew the micro services were self contained and small to roll back.

but at the same time, we have dependencies which are shared by all these services.In other words, there would be more overhead; having to set up these dependencies for each micro service and deploy them all.. also, I would need to take time breaking up the mono repo..

I've mostly been a pure software developer up until now, but I suppose my boss is giving me more devops responsibilities, just want to make sure I'm making the right decision here.

thanks!

https://redd.it/uyk4dk
@r_devops

Need advice on becoming a DevOps Engineer.

I am a Senior System Engineer. I mostly am writing python scripts, scraping bots,doing automation. Linux has been my OS since 2016. I manage multiple linux vps. I also work on Laravel as a Backend. So I know php too but Python has always been my favorite.

I know about Networking, a basic understanding of penetration testing and preventions from a few common attacks.

Wanted to get into DevOps, so went ahead and learned Docker (skipped Docker Swarm), working with YAML and Dockerfile. Tried Jenkins once. Have worked on Github and GitLab many times.

What should be my next step? I would love some advices. I think Kubernetes, as I skipped Docker Swarm. I just need to know what to do next, I'll find a way to learn. Thank you.

https://redd.it/uyytta
@r_devops

Need advice on becoming a DevOps Engineer.

I am a Senior System Engineer. I mostly am writing python scripts, scraping bots,doing automation. Linux has been my OS since 2016. I manage multiple linux vps. I also work on Laravel as a Backend. So I know php too but Python has always been my favorite.

I know about Networking, a basic understanding of penetration testing and preventions from a few common attacks.

Wanted to get into DevOps, so went ahead and learned Docker (skipped Docker Swarm), working with YAML and Dockerfile. Tried Jenkins once. Have worked on Github and GitLab many times.

What should be my next step? I would love some advices. I think Kubernetes, as I skipped Docker Swarm. I just need to know what to do next, I'll find a way to learn. Thank you.

https://redd.it/uyytta
@r_devops

Storing env vars in .git/config?

I just realized you can effectively use git config as a place to store and reference environmental variables.

For example, you can write:

git config env.private charlie
git config env.public bob

and in .git/config you will see:

env
private = charlie
public = bob

You can just read these variables too:

git config env.public
bob

---

What I am wondering is, why not just use this in place of the typical .env file usage where you just keep some KEY=VALUES in plaintext and don't commit it?

It seems far harder to accidentally commit your git config, and it even ships with one-level-deep yaml-esque organization!

https://redd.it/v02aoi
@r_devops

Do you use nano/vim?

Do i need to learn any of these type of text editor?
Or i will always have vscode or something like that?

How often do you use these?

Which is the "better"?

https://redd.it/v06r4y
@r_devops

Salary Sharing Thread May 2022

This thread is for sharing recent offers you've gotten or current salaries.

Please only post an offer if you're including hard numbers, but feel free to use a throwaway account if you're concerned about anonymity.

Education:

Prior Experience:

Company/Industry:

Title:

Tenure length:

Location:

Base Pay

Relocation/Signing Bonus:

Stock and/or recurring bonuses:

Total comp

Last thread was a huge success so bringing it back on popular demand

https://redd.it/v0h3z7
@r_devops

DevOps Bulletin Newsletter - Issue 53

Hey folks,
My weekly DevOps newsletter aka DevOps Bulletin -  Digest #53 is out. Check out a sneak peek of the topics covered on this weekly issue:

* 🏗️ "**Building a Frontend Testing Pipeline**" - This hands-on tutorial will walk you through implementing a testing pipeline from scratch.
* 🧠 "**Think like Git**" - This article is for people who already know how to use git day-to-day, but want a deeper understand of the why of git to do a better job reasoning about what should or should not be possible rather than just memorizing incantations.
* 🧾 "Software bill of materials: What it is and why you need one" - **Learn what a software bill of materials is and why it is important for DevOps**
* 🤯 "**Over 380k+ open Kubernetes API servers**" - Damn! If you are notified of an instance that is accessible, please consider implementing authorization for access or block at the firewall level to reduce your exposed attack surface.
* 🌎 "**Lessons learned from running Apache Airflow at scale**" - Shopify shares some of the lessons learned and solutions they built in order to run Airflow at scale.
* 🔒 "**RBAC explained with examples**" - Kubernetes RBAC tutorial with two examples, using ServiceAccounts and OpenSSL to create separate contexts for users.
* 📦 "**Robust Terraform setup with workspaces**" - Snowflakes as code is an anti-pattern where separate instances of infrastructure code are maintained for multiple instances of infrastructure that are intended to be essentially the same.
* 📹 Video of the week goes to a talk given by David Flanagan where he shares the key methods, tools and **takeaways from fixing over 50 Kubernetes clusters live**.
* 🛠 Project of the week goes to "OWASP WrongSecrets p0wnable app" - an **open-source app packed with various ways of how to not store your secrets**. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.

Complete issue: [https://www.devopsbulletin.com/issues/kubernetes-toolkits](https://www.devopsbulletin.com/issues/kubernetes-toolkits)

Feedback is welcome :)

https://redd.it/v10h7u
@r_devops

Build flexible abstraction for any Kubernetes Resources with CUE and KubeVela

https://kubevela.io/blog/2022/05/30/abstraction-kubevela

https://redd.it/v0wts4
@r_devops

What do you guys think about Thalès ?

I have the opportunity to do a work-study program in devOps at Thalès. I know it's a large group that touches on cutting-edge technologies, on exciting subjects such as defense and aerospace, and I tell myself that it can be very interesting and educational.

For those who know the company, what do you think? Do you consider it a gateway to well-paid and interesting jobs?

https://redd.it/v0wi5g
@r_devops

Why you shouldn't consider using Oracle Cloud

Worst practices you can imagine like deleting your account without any warning.

And if you will go to support you are going to get a standard answer: we are not going to tell you the reason bye.

They don't even bother to let you move your data.

And the reason is that i am holding Russian passport. But i am not in Russia, nor i am anyhow connected to. But the real point is that Oracle got a lot of corrupted money from Putin regime for years and i have been witnessing that since i was working on a civilian government company in the past.

​

Company that i am currently working for migrating away from OCI and the reason for that is vendor-locking practices. Oracle tries to lock you on their databases for example.

​

OCI is the worst choice for personal and business needs. Just facts.

https://redd.it/v1rcac
@r_devops

Devops Exercises

https://github.com/sottlmarek/DevSecOps

Complete exercises and scripts + Question Answers +Test etc

https://redd.it/v1qqfh
@r_devops