Devs deploying to Production and separation of duties?

Ok. So I work in security and I have to care about PCI, SOC2, SOX, Alphabet soup, etc…

How are you creating a compliant separation of duties scenario that auditors are going for?!

I know people are doing it. I want to drive developer enablement and push us to streamline the whole path to production.

https://redd.it/ycdafh
@r_devops

DevOps Interview questions

What are some common interview questions for devops in aws and python? I have an interview coming up and need to prepare for it….anything helpful is much appreciated!

https://redd.it/ycjmhv
@r_devops

DevOps Bulletin - Issue #74: AWS prices in your Google Sheets

Hey folks 👋🏻
Check out a sneak peek of the topics covered on this weekly issue:

* 🔐 "**EKS Security Checklist: 10 best practices for a secure cluste**r" - The best way to tighten your cluster security is to implement practices that have become industry standard and are recommended by the Kubernetes community. Here are 10 most EKS security tactics every team needs to protect its clusters.
* 🗂 "**Searchable Pod logs on Kubernetes in minutes**" - Containers generate huge volumes of log data. In a production environment, SREs, DevOps folks need a central location to query and analyse these logs, to do their job well.
* 📦 "**Quirks, caveats, and gotchas In SQLite**" - This document strives to highlight the principal differences between SQLite and other SQL implementations, as an aid to developers that are porting to or from SQLite or who are trying to build a system that works across multiple database engines.
* 🤖 "**An easier way to install tools for GitHub Actions**" - This blog post covers how to use Arkade in your GitHub Actions to get the typical kinds of tools you'll need to build code and run end-to-end tests.
* ⚡️ "**CloudFront vs Cloudflare, and how to reduce response times for both by \~35%+**" - Turn on Origin Shield if you use CloudFront and care about response times, even for dynamic / uncacheable content.
* 💡 "**Solving common problems with Kubernetes**" - This article is aimed at engineers who need to deploy their code using Kubernetes, but have no idea what Kubernetes is or how it works.
* 📹 Podcast of the week goes to "Leaving the Cloud" by Rework Podcast. **Cloud services have been used by tech companies for many years**, but it’s not the only way. Hear why 37signals is making the decision to go in another direction. David Heinemeier Hansson, co-founder of 37signals, and Eron Nicholson, Director of Operations, discuss why 37signals is making the move away from the cloud.
* 🛠 Project of the week goes to "**The AWS Pricing Google Sheets add-on**" - The add-on allows you to incorporate the latest AWS pricing data in your Google Sheets spreadsheets. This makes it easy to perform cloud cost analysis directly in Sheets without error-prone copy-and-paste from pricing website.
* 📕 Review of "**Infrastructure as Code, Patterns and Practices**" - The book teaches you to automate infrastructure by applying changes in a codified manner. You’ll learn how to create, test, and deploy infrastructure components in a way that’s easy to scale and share across an entire organization.

Complete issue: [https://www.devopsbulletin.com/issues/aws-prices-in-your-google-sheets](https://www.devopsbulletin.com/issues/aws-prices-in-your-google-sheets)

Feedback is welcome :)

https://redd.it/ycdy1i
@r_devops

Am I missing something about SAML?

We're currently undergoing a SAML implementation for third party services to simplify MFA enforcement and user management but SAML seems to be missing some things.

1. When a user leaves, if we delete the user from the IDP then they still exist in the third party service. Some services will still charge for that user.

2. Some services don't support role mapping so we have to go into the service UI anyway.

3. Some service providers don't let you either disable non-saml based login or enforce MFA.

Am I missing something here? Seems like it's not solving many of the problems that we'd hoped it would? Sure it makes creating users simple but often assigning the right roles and removing users doesn't seem much improved?

https://redd.it/ycocer
@r_devops

Next gen deployment strategy for a Hackathon?

Our group is running a Hackathon in a few weeks: brainstorm a project idea, and split into a groups and each build that project.

In preparation for that, I'm thinking about setting up a new environment for the project, maybe something like: Fly.io or Rancher or K3s, where we could try some new methods of building and deploying apps.

Fly.io seems to be doing a lot of interesting things. ISTR I've seen a demo or Rancher where it integrated into VSCode and you could get your code change up and running with a custom URL to test it out, something like that might be slick.

Our current environment is: Windows workstations, test locally, commit and push, then build in Jenkins, which creates Deb packages and pushes those to the Linux staging environment. It'd be nice to try something completely different. Our apps will likely be Java backend, Vue frontend. Probably will need something that can connect back to our existing database via a VPN, or be set up on a VM in on-prem.

Any ideas on something worth looking at getting set up to try?

https://redd.it/ycq8zt
@r_devops

Where do you generate your trace header?

I'm curious about where the distributed trace header (W3C Traceparent, etc) is typically injected into the request in people's application architectures.

I can imagine client devices, LBs or gateways being the origin, but would like to hear from folks who have actually implemented tracing.

https://redd.it/ycmyqc
@r_devops

Terraform -> Ansible -> Kubernetes -> Docker Containers

Am I missing anything? All those technologies seem to synergize with each other. Is there overlap, could this be simplified or improved?

1. Terraform to provision infrastructure
2. Ansible for configuration management of that infrastructure
3. Kubernetes for docker container orchestration

https://redd.it/ycup6d
@r_devops

Platform Engineering: DevOps evolution or a fancy rename?

What is Platform Engineering? How is it different from DevOps, SRE or PaaS? Who should use it, and when should we introduce it?

As a veteran of the PaaS, and a DevOps enthusiast at present, I decided to delve into this topic, peel off the hype, and see what it’s about in practice. This also inspired my recent episode of OpenObservability Talks with George Hantzaras, Director, Cloud Platform Engineering at Citrix Systems.

https://horovits.medium.com/platform-engineering-devops-evolution-or-a-fancy-rename-a0cad2cdc819

https://redd.it/yd2fnx
@r_devops

DevOps Projects

Hi, I'm a beginner in DevOps and Cloud areas and I like to do projects to get some hands-on experience.

I will share a small project I did recently. It's a backend application and I wanted to deploy it to the Kubernetes cluster. So here are the things I did.

Infrastructure:-

1. Provisioned an Azure Kubernetes cluster (AKS) and Azure container registry using the console.

2. Then I wrote the Terraform Infrastructure as Code and tried to deploy those resources using IaC.

3. Configured the Terraform backend.

4. Added the Terraform code into a GitHub repository.

5. Configured GitHub Actions workflow and tried to provision resources using the CI/CD pipeline.


Application Deployment:-

1. I wrote the Dockerfile for the application.

2. Built the application Docker image and pushed it to the Azure container registry.

3. Wrote the Kubernetes manifest files for the application deployment.

4. Deployed application to the Kubernetes cluster manually.

5. Then added the Dockerfile and Kubernetes manifests to my backend application code repository.

6. Configured GitHub Actions workflow and tried to deploy the application using the CI/CD pipeline.

By doing this simple project I got some hands-on experience in Terraform, Docker, Kubernetes and GitHub Actions.

Can you guys share some good project ideas like this? It will helpful for self-learning guys like me.

Thanks for your idea and your time. 🫡

https://redd.it/yd2k77
@r_devops

How does DNS work on a massively scaled system?

Apologies as this isn't necessarily a "devops" related question, but this is quite an active subreddit and I know a lot of people here know networking well, so I thought you could help me understand something I can't wrap my head around. By all means please tell me which subreddit to re-post this too if it's not suited for here.

I'm a SWE, and I understand at a high level the concept of DNS, what it does etc. But I don't understand it in relation to massively scaled systems like Facebook, Amazon etc.

The analogy used is often it's akin to a phonebook. You type in Facebook.com into your browser, and behind the scenes this gets resolved to an IP. But Facebook isn't all hosted on one singular server with a static IP address. I'm pretty sure they serve content based on region and things like that. So if I type in their address on my browser while in London, it gets routed to their London or Europe instances of the site, and the same for other regions (please correct me if this is wrong).

My best guess is it's similar to something to a K8s Service, in that the IP the DNS resolves to is actually some sort of load balancer, that then routes the request to the relevant server based on location etc. But that's a pure guess. I'm really interested in learning more about how this actually works. So if anyone here can shed some light on it, I'd greatly appreciate it!

https://redd.it/yd5orz
@r_devops

Deploy ASP .NET 6 MVC Web App on Google Cloud Run using Cloud Build

Learn how to Deploy ASP .NET 6 MVC Web App on Google Cloud Run using Cloud Build

In this tutorial, we will see a methodical way to implement (CD) Continuous Deployment of an ASP .NET 6 MVC Web App on Google Cloud Run with the help of Google Cloud Build Trigger.

By the end of this tutorial, you will be able to have a full understanding of enabling Continuous Delivery of ASP .NET 6 applications to Cloud Run via Cloud Build.

This tutorial covers in-depth concepts of working with Cloud Build triggers, Cloud Run features such as Logs, Revisions, SLOs etc.

The tutorial also helps you understand how to troubleshoot the Continuous Deployments on Cloud Run.

https://youtu.be/5M9yzZOJXaQ

#cloud #google #aspnetcore #postgresql #cloudstorage #cloudarchitect #devops #cicd #cloudbuild #googlecloudplatform

https://redd.it/yd2zip
@r_devops

How to Map a Custom Domain to Google Cloud Run Service

Learn how to Map a Custom Domain to Google Cloud Run Service.

The Custom domain is with Godaddy registrar, and the DNS management is delegated to Cloud Flare.
We will first verify our domain ownership with GCP.
Then we will add a CName record to point our subdomain or custom domain to ghs .googlehosted .com.

https://youtu.be/lDtvpUYAFzA

https://redd.it/ydctek
@r_devops

Does Traefik by default, act as a firewall ?

When my Traefik proxy container is running on my server, I cant access it through SSH. I just get connection timed out

https://redd.it/yd2jap
@r_devops

I'm giving myself carpal tunnel... suggestions?

I think something about my chair armrest/desk height/mouse/something else configuration is compressing my median nerve in just the right way to start causing issues. Occasional feeling like, not like my hand is asleep, but like its just starting to fall asleep, and problems with tightness and popping in my wrist the next day if, after work, I do anything in the workshop involving hand tools.


I don't know enough about desk ergonomics to know what to do to prevent this. While we're at it, I have lower back issues too, so maybe I need a new chair?


Any insight is appreciated. I'm 34... if I do this until I'm 60 I'm gonna look like Quasimodo.

https://redd.it/ydepwg
@r_devops

What might cause the master instance to not reboot?

I have a proxy and I have three instances. Two slaves and one master, and the master when we shut it down manually won't restart and stay healthy. What might be causing this? I have something set up in Nomad, but I can't figure out what might be the causes for this, and what to look for to troubleshoot.

https://redd.it/ydp0co
@r_devops

random question: What is the average percentage of errors you'll be facing in your daily devops work routine?

Just wanted to know how much a devops person spends a day on solving the errors

https://redd.it/ydnh06
@r_devops

Regex based web tail for Kubernetes

https://youtu.be/86wHchb2LxI

Like a kubectl logs... but through a web console and a regex based filter

https://redd.it/ydrk48
@r_devops

Prometheus metrics on Cloudwatch

I am trying to integrate Prometheus with our servers to get application level metrics, so I was following this "Monitor and scale your Amazon ECS on AWS Fargate application using Prometheus metrics" blog.

The cloudformation template works and I am running cloudwatch agent in my cluster but for some reason I cannot see prometheus metrics in Cloudwatch. The only difference I could find is that in this blog they are using public subnet but my server is in private subnet and in my case I am using a common security group with all traffic allowed in both inbound and outbound rules for the cloudwatch agent and my server.

​

Any suggestion on what I am doing wrong?

https://redd.it/ydtlw0
@r_devops

Advice please. Reddit gold for help. :)

I am an experienced developer but a DevOps n00b. I recently taught myself the basic of Kubernetes / EKS / Jenkins and Cloud Formation.

I have a large project where I will be rolling out the same code base for 60 different clients, it's a cross of Sass/PaaS I guess? Where each customer has their own Kubernetes cluster running their app(s), a Redis cluster and an Elastic Search Cluster.

I have a Jenkins server setup that can does the following:

- Takes the base repos an builds the Docker images for the apps
- Deploys a Kubernetes control cluster via EKS inside VPC.
- Deploys customer 1's applicaiton to that cluster.
- Deploy an Aurora DB cluster inside the same VPC for the application to uses.
- Deploys Elastic Search and Redis clusters for the app to use inside the VPC.

I can manage applications updates etc via the Jenkins job by passing in a new image version for the app etc..

Ok so that's all working, great! But now I have this situation:

I need to roll this out for 60 different customers. The larger customers will sit in their own VPC, having the entire cluster to themselves.

Smaller customers may share a VPC, i.e. share a DB/ES/Redis cluster just have different databases and indexes etc.

Each customer will need to have their infrastructure and/or application updated at some point, but not neccessarily all at the same time.

My question is how should I manage all of this? I really want a dashboard where I can see all of the clusters, all of the customers on those clusters, and the versions they are currently running for each of their applications and infrastructure.

Should I look to create this dashboard manually, should it be a job in Jenkins? Should I look at Gitlab or something similar?

How would you manage all of this? What tools should I learn to help me?

Thank you in advance! Good answers will be rewarded with Reddit gold!

https://redd.it/ydvoaf
@r_devops

I have got 2 offers, one with better pay, worse stack, second better stack + more grow opportunities but less pay

Hey guys,

I have got 2 job offers where the first one is an insurance company, they offer better stack (Terraform, AWS, Python) with guaranteed AWS Certification that they sign you for ( "AWS Solutions Architect – Associate" ), there is even one day a month only just to study (paid),

The second one is a bank, they offer less preferable stack for me (internal cloud, Linux, NGINX, Tomcat, RedHat and Azure DevOps) but with much better pay, they also need on-call rotation 24/7 unfortunately, which would be once in 6 weeks,

Which one do you think I should pursue?

​

The one thing is that I accepted the bank offer already, which I can pull out from of course, but that might make me blacklisted.

https://redd.it/ydvxy5
@r_devops

Devops Niches?

Can I focus on a niche in devops that doesn't have on call duties?

I am an older programmer and currently coming back into the job market (out to help my spouse beat cancer) I have a background in both dev and sys admin.

Recently have discovered devops and find I relate a lot to the role. I am enjoying working with the cloud and recently achieved my SAA. But I haven't worked formally as a devops, but find myself really enjoying terraform and kub.

I want to be realistic and I may pivot to data eng just to keep my sanity working for a company. I tend to like a solitary role and that's why I am not keen on going straight back as a full stack dev. Standups and demdanding clients were never my joy of software dev. LOL.

Any advice?

Thanks!

https://redd.it/ye6pmc
@r_devops