Which Lets Encrypt client to use?

Dear fellow DevOps,

I am currently trying to run a service (Vault to be more precise), that's in a private subnet, but should have an SSL certificate.

We're currently running on GCP and use acme.sh. We have two projects, one for the service it self where it can store secrets and another project as ACME project to use the DNS alias mode.

The machines are managed in a Managed Instance Group and behind an internal L4 Loadbalancer

The process now looks like this:

1. Cloud init creates the gcloud profiles (via switching CLOUDSDK_ACTIVE_CONFIG_NAME)

2. Configure the systemd service files and packages via salt

2. In the startup script of the VM I activate the default profile and fetch the Lets Encrypt key to rest the limits from Lets Encrypt. Put the key in place

3. Install acme.sh

4. activate the get-certificate profile and kick off the certificate request

5. Change back to default profile and upload the LE key if it was empty in the beginning

In the end we use Caddy to reverse proxy to the service.

Unfortunately the problem is, that the cron job from acme.sh does not use the get-certificate profile and I'd have to customize that to renew certificates.

What client do you recommend in combination of GCP and DNS alias mode?

Thanks and BR

https://redd.it/y807h3
@r_devops

DevOps & Pipeline Runners: The Key to Sustainable App Development

DEVOPS WEBINAR!

📌Have you ever wondered how DevOps experts choose the best Pipeline Runners for the job? Join us as three DevOps experts discuss the tools they're using now and weigh the pros and cons of the most popular DevOps tools available.

📷 Save your seat! https://my.demio.com/ref/P1vnTtR1cOvEHVTz

https://redd.it/y88ejv
@r_devops

AppDynamics Mentor

Hello all , I appreciate if anyone who has been working with app dynamics to assist or mentor me both with your advice and support
I really appreciate this /r/devops thank you

https://redd.it/y88sjn
@r_devops

Amazed with pulumi

I don't know if this post will be considered advertising. I have no relation with Pulumi n'or am I sponsored by them.


I just want to say that I'm amazed at what Pulumi can provide. I make twitch videos of my side projects and I was playing with Pulumi in creating my lambda function. I wanted to use my Pulumi code to...

1. Zip my lambda source
2. Upload it to S3 based on file changes
3. Update Function

I understand that much of what I wanted to do in Pulumi can be done easier in shell with a pipeline. I just wanted to test out Pulumi so that's my reasoning.

This means that I can run specific methods based on context or on all contexts and be able to pass that data into the resources I'll create with Pulumi if desired.


One criticism with Pulumi is that their docs are not the best.
Here is a shameful plug to my twitch video where I went through the pains and gains.

https://www.twitch.tv/videos/1628400489


Also PS. Most of this can also be done with CDK I'm sure.

https://redd.it/y8418w
@r_devops

Continuous Deploy an ASP.NET Core Web App in GCP Cloud Run

In this tutorial, we will see a methodical way to implement (CD) Continuous Deployment of an ASP .NET Core MVC Web App (.NET 6) on Google Cloud Run with the help of Google Cloud Build Trigger.

By the end of this tutorial, you will be able to have a full understanding of enabling Continuous Delivery of ASP .NET Core applications to Cloud Run via Cloud Build.

This tutorial covers in-depth concepts of working with Cloud Build triggers, Cloud Run features such as Logs, Revisions, SLOs etc.

The tutorial also helps you understand how to troubleshoot the Continuous Deployments on Cloud Run.

https://youtu.be/5M9yzZOJXaQ

https://redd.it/y8emmx
@r_devops

Pushd and Popd

Hey, this might not be specific to DevOps in general but I figure you devopsians might benefit from this like I have. You can use the command `pushd` to save your current directory in a terminal and send yourself back to the home directory. Then when you're done doing whatever it is you're doing you can use `popd` to get back. Found it pretty handy, thought someone else might too.

https://redd.it/y8ddas
@r_devops

Leaving job with no job lined up officially

Hi everyone,

I would like to send in my two weeks as a devops engineer / software developer to my company due to a very toxic coworker. Basically at a breaking point with this worker and have brought this issues up to management once before and again recently but seems like this doesn’t really help change a person.

I have an offer coming my way in a few weeks I believe but it’s still unofficial since I don’t have it in hand.

I’ve gotten to the point where I don’t even want to work due to this person where I may take days off with the little pto I have. It’s very sickening and most definitely taking a toll on me.


Do you all think it’s okay for me to jump ship and send in my two weeks? Financial wise I’m good, no loans, no debts, and no rent/mortgage.


I’ll keep studying LC and cracking the coding interview while applying to jobs while I wait for this official offer to come in.

https://redd.it/y8ipqz
@r_devops

looking to learn

I know this may seem like a very vague question, but I don't see any other way to get the answer close to what I'm looking for

I'm a beginner developer and I'm creating a project so I can learn as I go.

The project will have an initial website that will be a search bar, a system that searches for youtube videos regarding the exact match that activates a player and an artificial intelligence.

Do you who have experience know some content that makes this journey easier?

When I finish the project I intend to make it available, I believe it can be useful to someone.

https://redd.it/y8jftt
@r_devops

MariaDB Data-in-use Encryption using Intel SGX

Dear Community,

team enclaive.io has been working on adding data-in-use encryption to MariaDB. By data-in-use encryption, we mean that the whole database is encrypted during runtime. In contrast to data-at-rest encryption (https://mariadb.com/kb/en/encryption-key-management/), the query and data processing remains encrypted in memory. In other words, at no moment in time, MariaDB leaks data now. Hence, key rotations and the management of keys become somehow void.

We leverage confidential compute technology to enclave MariaDB. In a nutshell, confidential compute uses special security microinstructions provided by modern Intel/AMD CPUs to encrypt physical memory.

We have open-sourced the implementation. We prepared a docker container to get MariaDB running quickly.

GitHub: https://github.com/enclaive/enclaive-docker-mariadb-sgx

Demo Video: https://www.youtube.com/watch?v=PI2PosrdrCk

We would very much appreciate some feedback, beta-testing, likes, and solicit any form of support. Do you think the contribution should be merged with the MariaDB project?

https://redd.it/y8hakm
@r_devops

branch name as choice parameters in declarative pipeline Jenkins



I have tried to install git-parameter plugin already but I could not find those options in pipeline to fill those fields needed for parameterized build.

parameters {
choice(
name: 'Branch to build',
choices: 'dev', 'prod',
description: ''
)
}

I have used the above snippet in the format below:

import java.text.SimpleDateFormat

def branchname = ""

class Config {
static envForBranch = [
'test':'dev',
'develop': 'dev',
'master': 'prod',
]

}

pipeline {
agent any
triggers {
gitlab(triggerOnPush: true,
triggerOnMergeRequest: true,
branchFilterType: 'All')
}
options {
gitlabBuilds(builds: ['library', 'Artifacts', 'Docker Image', 'Deploy'])
ansiColor('xterm')
gitLabConnection('/*repo*/')
disableConcurrentBuilds()
}
parameters {
choice(
name: 'Branch to build',
choices: ['develop', 'master'],
description: ''
)
}

stages {

stage('Library') {
steps {
library (
/*code*/
])
)

While I use choices: \[${BRANCH\NAME}\] or choices: [{env.BRANCH_NAME}\] , I can not get all the branches available. I need to have a choice parameter which populates all available branches under scroll down button. As of now, I am able to get only `develop` and `master`.

https://redd.it/y8syo8
@r_devops

Do DevOps jobs without on-call duty exist?

I'm interested in the work, but I already have major difficulties with sleep. Is that a deal breaker for all things Infra/DevOps?

https://redd.it/y8ys5t
@r_devops

Finding the right host

Hello I hope I'm in the right place here but my employer is thinking about changing their host because we had some issues with them.
I found this article by css-tricks that's saying that you should go to the host that makes things easiest for you. Our tech stack consists mostly of PHP and Next.js. For Next.js I found that using Vercel hosting is very developer friendly with their automatic deployment and previews, but after looking up their support for PHP I only found a community maintained project to enable PHP on their hosting. Is it normal to have different hosts for different languages/projects? Wouldn't it be easier to have everything hosted in one place? And if so, does such a host exist?

https://redd.it/y8zj1a
@r_devops

CODEPipeline to deploy infrastucture with terraform

Hello,

Our current method of deploying infrastructure on AWS is each team member running terraform on their local machines and using an s3 bucket for holding the state.

The company has grown quite a bit in recent years and after a recent audit we now have to show a trail of who did what and why when deploying any infrastructure.

We have been playing with the idea of a codepipline in each account that deploys infrastructure once it is merged to the main branch. While this works in principle it does have its issues.

Has anyone done something similar? What approach did you take with this? We have also looked at Terraform cloud. Does anyone recommend (or not) this product?

https://redd.it/y8sxhz
@r_devops

mirrord 3.0 is out - run/debug your local process in the context of your k8s cluster

https://metalbear.co/blog/mirrord-3.0-is-out/
mirrord lets developers run local processes in the context of their cloud environment. It’s meant to provide the benefits of running your service on a cloud environment (e.g. staging) without actually going through the hassle of deploying it there, and without disrupting the environment by deploying untested code.

https://redd.it/y944db
@r_devops

Jenkins, Terraform, Ansible and AWS - how do they all connect?

DevOps newbie here, trying to learn how Jenkins, Terraform, Ansible and AWS connect. Can anyone give me a general, ELI5 rundown on the image in the link?

https://repository-images.githubusercontent.com/291145908/a7c9b680-ece2-11ea-9105-3d56cd7f2abc

https://redd.it/y957q9
@r_devops

How to put my skills into practice?

I am currently training to be Devops, doing several courses on AWS, Terraform, Jenkins, etc. But I feel that I need to put this knowledge into practice, perhaps with "real projects" or some fictitious project that involves all the tools. I don't currently work as a Devops, so I can't gain experience working in that environment. What dou you recommend? Everything is welcome!

https://redd.it/y90p3x
@r_devops

Switching from Nginx to Caddy - or not?

There has been a lot of praise for Caddy and its simple config file format.
I recently gave it a try, but even for my "simple" reverse proxy use-case, the config turned out to be more complicated than Nginx.
https://blog.cubieserver.de/2022/switching-from-caddy-to-nginx-or-not/

What has your experience been like?

https://redd.it/y985zr
@r_devops

Hacker News discussion: "DevOps is Broken"

Original article:
https://blog.massdriver.cloud/devops-is-bullshit

Hacker news discussion:
https://news.ycombinator.com/item?id=33274988

https://redd.it/y97ng5
@r_devops

How should infrastructure and CI/CD pipelines be documented?

3-4 months ago, we hired an experienced Devops lead with strong industry experience in AWS and our CI/CD techstack. While they've done a good job, one of our asks was for them to document the details on our infrastructure's setup in a clear way, and till now this isn't clear to anyone apart from this person.

So our questions here would be:

- How should things like infra/CI-CD be documented such that they could be explained to other tech staff, and stakeholders?
- What are the industry practices here for documentation apart from high level UML diagrams that show how various AWS services come together?

https://redd.it/y9k6c2
@r_devops

Traefik 1.7 - any sane way to store distributed certificates?

We are running our stack on Docker Swarm and use traefik 1.7 as a reverse proxy. We'd like to have 3 nodes running traefik and use round robin DNS to point to each of them. However, AFAIK traefik 1.x only supports Consul, etcd or Zookeeper as a distributed key value store for storing Let's Encrypt certs. Running any of these seems like an enormous overkill for such an easy task.

Is there any saner way of achieving distributed certs storage for traefik 1.x?

https://redd.it/y9n9bg
@r_devops

Cloud Computing Isn’t as Cost Effective as Hoped. So What’s Next?

https://www.youtube.com/watch?v=Vqgg-0fI4Co&ab\_channel=WallStreetJournal

Article posted by WSJ , Could some one share some thoughts on this ?

https://redd.it/y9ttsy
@r_devops