Amazed with pulumi

I don't know if this post will be considered advertising. I have no relation with Pulumi n'or am I sponsored by them.


I just want to say that I'm amazed at what Pulumi can provide. I make twitch videos of my side projects and I was playing with Pulumi in creating my lambda function. I wanted to use my Pulumi code to...

1. Zip my lambda source
2. Upload it to S3 based on file changes
3. Update Function

I understand that much of what I wanted to do in Pulumi can be done easier in shell with a pipeline. I just wanted to test out Pulumi so that's my reasoning.

This means that I can run specific methods based on context or on all contexts and be able to pass that data into the resources I'll create with Pulumi if desired.


One criticism with Pulumi is that their docs are not the best.
Here is a shameful plug to my twitch video where I went through the pains and gains.

https://www.twitch.tv/videos/1628400489


Also PS. Most of this can also be done with CDK I'm sure.

https://redd.it/y8418w
@r_devops

Continuous Deploy an ASP.NET Core Web App in GCP Cloud Run

In this tutorial, we will see a methodical way to implement (CD) Continuous Deployment of an ASP .NET Core MVC Web App (.NET 6) on Google Cloud Run with the help of Google Cloud Build Trigger.

By the end of this tutorial, you will be able to have a full understanding of enabling Continuous Delivery of ASP .NET Core applications to Cloud Run via Cloud Build.

This tutorial covers in-depth concepts of working with Cloud Build triggers, Cloud Run features such as Logs, Revisions, SLOs etc.

The tutorial also helps you understand how to troubleshoot the Continuous Deployments on Cloud Run.

https://youtu.be/5M9yzZOJXaQ

https://redd.it/y8emmx
@r_devops

Pushd and Popd

Hey, this might not be specific to DevOps in general but I figure you devopsians might benefit from this like I have. You can use the command `pushd` to save your current directory in a terminal and send yourself back to the home directory. Then when you're done doing whatever it is you're doing you can use `popd` to get back. Found it pretty handy, thought someone else might too.

https://redd.it/y8ddas
@r_devops

Leaving job with no job lined up officially

Hi everyone,

I would like to send in my two weeks as a devops engineer / software developer to my company due to a very toxic coworker. Basically at a breaking point with this worker and have brought this issues up to management once before and again recently but seems like this doesn’t really help change a person.

I have an offer coming my way in a few weeks I believe but it’s still unofficial since I don’t have it in hand.

I’ve gotten to the point where I don’t even want to work due to this person where I may take days off with the little pto I have. It’s very sickening and most definitely taking a toll on me.


Do you all think it’s okay for me to jump ship and send in my two weeks? Financial wise I’m good, no loans, no debts, and no rent/mortgage.


I’ll keep studying LC and cracking the coding interview while applying to jobs while I wait for this official offer to come in.

https://redd.it/y8ipqz
@r_devops

looking to learn

I know this may seem like a very vague question, but I don't see any other way to get the answer close to what I'm looking for

I'm a beginner developer and I'm creating a project so I can learn as I go.

The project will have an initial website that will be a search bar, a system that searches for youtube videos regarding the exact match that activates a player and an artificial intelligence.

Do you who have experience know some content that makes this journey easier?

When I finish the project I intend to make it available, I believe it can be useful to someone.

https://redd.it/y8jftt
@r_devops

MariaDB Data-in-use Encryption using Intel SGX

Dear Community,

team enclaive.io has been working on adding data-in-use encryption to MariaDB. By data-in-use encryption, we mean that the whole database is encrypted during runtime. In contrast to data-at-rest encryption (https://mariadb.com/kb/en/encryption-key-management/), the query and data processing remains encrypted in memory. In other words, at no moment in time, MariaDB leaks data now. Hence, key rotations and the management of keys become somehow void.

We leverage confidential compute technology to enclave MariaDB. In a nutshell, confidential compute uses special security microinstructions provided by modern Intel/AMD CPUs to encrypt physical memory.

We have open-sourced the implementation. We prepared a docker container to get MariaDB running quickly.

GitHub: https://github.com/enclaive/enclaive-docker-mariadb-sgx

Demo Video: https://www.youtube.com/watch?v=PI2PosrdrCk

We would very much appreciate some feedback, beta-testing, likes, and solicit any form of support. Do you think the contribution should be merged with the MariaDB project?

https://redd.it/y8hakm
@r_devops

branch name as choice parameters in declarative pipeline Jenkins



I have tried to install git-parameter plugin already but I could not find those options in pipeline to fill those fields needed for parameterized build.

parameters {
choice(
name: 'Branch to build',
choices: 'dev', 'prod',
description: ''
)
}

I have used the above snippet in the format below:

import java.text.SimpleDateFormat

def branchname = ""

class Config {
static envForBranch = [
'test':'dev',
'develop': 'dev',
'master': 'prod',
]

}

pipeline {
agent any
triggers {
gitlab(triggerOnPush: true,
triggerOnMergeRequest: true,
branchFilterType: 'All')
}
options {
gitlabBuilds(builds: ['library', 'Artifacts', 'Docker Image', 'Deploy'])
ansiColor('xterm')
gitLabConnection('/*repo*/')
disableConcurrentBuilds()
}
parameters {
choice(
name: 'Branch to build',
choices: ['develop', 'master'],
description: ''
)
}

stages {

stage('Library') {
steps {
library (
/*code*/
])
)

While I use choices: \[${BRANCH\NAME}\] or choices: [{env.BRANCH_NAME}\] , I can not get all the branches available. I need to have a choice parameter which populates all available branches under scroll down button. As of now, I am able to get only `develop` and `master`.

https://redd.it/y8syo8
@r_devops

Do DevOps jobs without on-call duty exist?

I'm interested in the work, but I already have major difficulties with sleep. Is that a deal breaker for all things Infra/DevOps?

https://redd.it/y8ys5t
@r_devops

Finding the right host

Hello I hope I'm in the right place here but my employer is thinking about changing their host because we had some issues with them.
I found this article by css-tricks that's saying that you should go to the host that makes things easiest for you. Our tech stack consists mostly of PHP and Next.js. For Next.js I found that using Vercel hosting is very developer friendly with their automatic deployment and previews, but after looking up their support for PHP I only found a community maintained project to enable PHP on their hosting. Is it normal to have different hosts for different languages/projects? Wouldn't it be easier to have everything hosted in one place? And if so, does such a host exist?

https://redd.it/y8zj1a
@r_devops

CODEPipeline to deploy infrastucture with terraform

Hello,

Our current method of deploying infrastructure on AWS is each team member running terraform on their local machines and using an s3 bucket for holding the state.

The company has grown quite a bit in recent years and after a recent audit we now have to show a trail of who did what and why when deploying any infrastructure.

We have been playing with the idea of a codepipline in each account that deploys infrastructure once it is merged to the main branch. While this works in principle it does have its issues.

Has anyone done something similar? What approach did you take with this? We have also looked at Terraform cloud. Does anyone recommend (or not) this product?

https://redd.it/y8sxhz
@r_devops

mirrord 3.0 is out - run/debug your local process in the context of your k8s cluster

https://metalbear.co/blog/mirrord-3.0-is-out/
mirrord lets developers run local processes in the context of their cloud environment. It’s meant to provide the benefits of running your service on a cloud environment (e.g. staging) without actually going through the hassle of deploying it there, and without disrupting the environment by deploying untested code.

https://redd.it/y944db
@r_devops

Jenkins, Terraform, Ansible and AWS - how do they all connect?

DevOps newbie here, trying to learn how Jenkins, Terraform, Ansible and AWS connect. Can anyone give me a general, ELI5 rundown on the image in the link?

https://repository-images.githubusercontent.com/291145908/a7c9b680-ece2-11ea-9105-3d56cd7f2abc

https://redd.it/y957q9
@r_devops

How to put my skills into practice?

I am currently training to be Devops, doing several courses on AWS, Terraform, Jenkins, etc. But I feel that I need to put this knowledge into practice, perhaps with "real projects" or some fictitious project that involves all the tools. I don't currently work as a Devops, so I can't gain experience working in that environment. What dou you recommend? Everything is welcome!

https://redd.it/y90p3x
@r_devops

Switching from Nginx to Caddy - or not?

There has been a lot of praise for Caddy and its simple config file format.
I recently gave it a try, but even for my "simple" reverse proxy use-case, the config turned out to be more complicated than Nginx.
https://blog.cubieserver.de/2022/switching-from-caddy-to-nginx-or-not/

What has your experience been like?

https://redd.it/y985zr
@r_devops

Hacker News discussion: "DevOps is Broken"

Original article:
https://blog.massdriver.cloud/devops-is-bullshit

Hacker news discussion:
https://news.ycombinator.com/item?id=33274988

https://redd.it/y97ng5
@r_devops

How should infrastructure and CI/CD pipelines be documented?

3-4 months ago, we hired an experienced Devops lead with strong industry experience in AWS and our CI/CD techstack. While they've done a good job, one of our asks was for them to document the details on our infrastructure's setup in a clear way, and till now this isn't clear to anyone apart from this person.

So our questions here would be:

- How should things like infra/CI-CD be documented such that they could be explained to other tech staff, and stakeholders?
- What are the industry practices here for documentation apart from high level UML diagrams that show how various AWS services come together?

https://redd.it/y9k6c2
@r_devops

Traefik 1.7 - any sane way to store distributed certificates?

We are running our stack on Docker Swarm and use traefik 1.7 as a reverse proxy. We'd like to have 3 nodes running traefik and use round robin DNS to point to each of them. However, AFAIK traefik 1.x only supports Consul, etcd or Zookeeper as a distributed key value store for storing Let's Encrypt certs. Running any of these seems like an enormous overkill for such an easy task.

Is there any saner way of achieving distributed certs storage for traefik 1.x?

https://redd.it/y9n9bg
@r_devops

Cloud Computing Isn’t as Cost Effective as Hoped. So What’s Next?

https://www.youtube.com/watch?v=Vqgg-0fI4Co&ab\_channel=WallStreetJournal

Article posted by WSJ , Could some one share some thoughts on this ?

https://redd.it/y9ttsy
@r_devops

metalbear-co/mirrord: Connect your local process and your cloud environment, and run local code in cloud conditions.

>mirrord lets developers run local processes in the context of their cloud environment. It’s meant to provide the benefits of running your service on a cloud environment (e.g. staging) without actually going through the hassle of deploying it there, and without disrupting the environment by deploying untested code. It comes as a Visual Studio Code extension, an IntelliJ plugin and a CLI tool

mirrord on GitHub

https://redd.it/y9ufvs
@r_devops

Options for Application Configuration Management (e.g. ConfigHub)?

I'm currently investigating some tools that may help us manage our configuration for several of our applications. tl;dr: we have several applications with yaml files on top of yaml files that make it a) difficult to tell what's in production b) hard to validate configuration values and c) preclude non-developers from taking a peek at config.

ConfigHub seems to scratch the itch for us, but may fall short in our security review given its limited authentication options. I am having a hell of a time finding alternatives that offer something similar. Google searches seem to bring up everything from SolarWinds to Puppet/Chef - I don't need something that is managing IT assets or orchestrating my infrastructure, I just need something that acts as a push/pull config repo.

https://redd.it/y9vtzi
@r_devops

Starting a boot camp soon, need advice

It’s for software dev, but will involve DevOps basics as well as fundamentals in azure. Would it be overkill to then try and get AWS fundamentals alongside (in my free time)?

https://redd.it/ya0tjk
@r_devops