DevOps vs DevSecOps: What's the Difference?

DevOps is the amalgamation of Development (Dev) and Operations (Op). **DevSecOps** combines development, security, and operations. DevSecOps incorporates security in every phase of the Software Development Lifecycle (SDLC).

https://redd.it/yf9124
@r_devops

Data Analyst/Data Engineering Role on DevOps Team?

Hi DevOps Community,

In the past year I’ve moved from a software engineering team over to an engineering team that supports DevOps tooling and have gone full circle for my current role on this team.

This team does perform cross collaboration work with a few other teams but from my understanding was that it seemed I would be able to boost and enhance my DevOps enngineromg skills set and enhance the following skills: Ansible, Docker, Kubernetes, Linux etc. more skills basically in this area.

Initially team needed me as a scrum master with some technical work on the side building reports for the DevOps tools we support, then moved to a product owner and finally full technical role which I prefer over everything else.

Most of my role now has been supporting and owning one DevOps tool/system and making sure the lights stay on and people have access to tooling. I get to work with K8S here and troubleshoot pod issues etc. The other half of my role is supporting some business intelligence work continuing building reports and helping build data pipelines.

This is my dilemma:
I feel like my career/role is split between what would normally be a data engineer/data analyst and a potentially full blown DevOps Engineer. I honestly don’t know if I should continue splitting my role between specific areas of work or focus on just one area. It honestly has led me to feeling some burnout. Somehow this data work has increased over the months and even other data work comes down the pipeline. Somehow we have put a small set of teammates to perform the data work but it makes no sense to me when there is another fully dedicated team that does this in another part of the company. This team I’m on seems to always want to own every piece of work they build and touch from scratch. I feel like they are just adding more work into their queue where it’s not needed.

I would honestly rather focus more on the sys admin and DevOps work more over the data work because I want to slowly get back into some security work again.

Any tips and suggestions are appreciated.

P.s. I definitely do not get paid enough to split my time between two varying roles and skills.

https://redd.it/yfagb5
@r_devops

Advice Please

Hi Reddit, I just started working as Salesforce devops 2 months ago (My first ever job, campus recruit). I'm really confused in as how to grow further in this domain, or if should I even stay in this domain or switch to Dev.
Currently the project I am working in uses Azure DevOps, So I was thinking of probably doing Azure certifications, but other than this I don't have any insights on what to do in the future.

https://redd.it/yffe1j
@r_devops

Remote positions in the UK

Looking on LinkedIn looks like majority of places are advertising as hybrid. The number of remote positions has decreased quite a lot. Interested to hear people's experience in finding fully remote roles in the UK recently.

https://redd.it/yfkg8b
@r_devops

Ho many of you use LXC / LXD instead of VMs on your local machines?

Since most of my Virtualbox VMs on my laptop are linux based (mostly ubuntu) i wonder wouldnt be better to switch them LXC. Ive used them A LOT on proxmox hypervisor in my previous company. And now, when im spinning few machines with kubernetes cluster on my laptop, it seems to me reasonable to move nodes to LXC to better utilize my laptop resources.

I even found nice article about it, bu i would prefer to use webui instead of command line.
https://www.virtualizationhowto.com/2021/07/lxc-container-management-gui-installation-and-configuration/

But whats your experience?

https://redd.it/yfjk2q
@r_devops

help IAM Identity Center (SSO) used to login into EKS Cluster

The problem: I can't use AWS SSO Authentication to manage my EKS Cluster

​

I can use awscli with sso user, I can login into AWS console with sso but my EKS can't understand sso role.

When kube config is configured for standard role based account, then there is no problem. I can manage my EKS

With SSO in kube config I have 2 problems:

1. When I am not adding SSO role to configmap/aws-auth:
2. When I add SSO role (arn:aws:iam::XXXXXXXXXXX:role/AWSReservedSSO_Administrator_XXXXXXXXXXXXXXX) to configmap/aws-auth:

I tried to:* aws sso login* set env for AWS_PROFILE

There is no documentation provided by AWS for this topic and it's frustrating.

Anyone have similar issues in the past and can help with it?

https://redd.it/yflqj5
@r_devops

GitHub Actions - prevent secret exfiltration on pullrequest triggers (organization repo)

I have read some considerations about possible secret exfiltration or other possible vulnerabilities when running pull\request triggered Actions, however they were mainly considering public repos where everyone can create a PR.

Here, I am talking about GitHub Team or Enterprise plans and repository which is not public.

My scenario is that I would like to have a pull_request triggered Action which will run Terraform Plan and output plan into the pull request comment so reviewers can easily take a look at expected changes to the infrastructure. This is following Terraform examples from the docs - https://developer.hashicorp.com/terraform/tutorials/automation/github-actions.

To run Terraform Plan, I need to pass secrets so the Terraform can authenticate to my cloud provider (in this case Azure) and perform Plan operation. Cloud credentials are obviously stored in GitHub secrets.

However, as anyone who can create a pull request can also modify pull request workflow yaml definition stored in the repo (in his specific branch against which pr workflow will be run), he can easily exfiltrate secrets used to authenticate to the cloud via logging them in workflow or just sending them via HTTP from his modified version of the workflow stored in the repo.

We would like to prevent situation where anyone from our organization who has access to create PRs can exfiltrate our secrets (including production secrets).

Any ideas?

https://redd.it/yfs45m
@r_devops

Any good AWS CDK example repos for Node.js full stack?

Hi there!

DevOps n00b here. I’m trying to create a full stack Node.js + Typescript app. Something that uses a React frontend and an Express backend. The backend also would need access to a Postgres database (RDS) as well as Redis (ElasticCache). Running the node app in a EC2 container would be nice as well as domain setup (domain.com for frontend and api.domain.com for backend).

I’ve looked at the examples repo that the CDK docs point to and didn’t find anything there. I’m a little surprised to not find anything as this seems like a fairly common setup for full stack web dev.

Any help is appreciated!

https://redd.it/yfoyaf
@r_devops

Dastardly a free DAST for web app CI/CD Pipelines

PortSwigger has released this free solution for those dealing with web app CI/CD pipelines.

It is a free Dynamic Application Security Testing tool which which has native integration with:

Github actions - [https://github.com/PortSwigger/dastardly-github-action](https://github.com/PortSwigger/dastardly-github-action)
Jenkins - https://portswigger.net/burp/documentation/dastardly/jenkins
Team City - [https://portswigger.net/burp/documentation/dastardly/teamcity](https://portswigger.net/burp/documentation/dastardly/teamcity)
and then any other - https://portswigger.net/burp/documentation/dastardly/generic

"Find 7 issues you care about - in 10 mins or less

Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline. It looks at your application from the outside - just like an attacker - giving it the sort of accuracy that most static analysis tools can only dream of. Scans run no longer than 10 mins."


https://portswigger.net/blog/free-dastardly-from-burp-suite

https://redd.it/yfqqvk
@r_devops

kubelog - a graphical log viewer for Kubernetes.

Hi, I've been working for quite some time on kubelog now, and I'm happy to finally share it with you. The official website is here: [https://kubelog.de/](https://kubelog.de/)

Some highlights are:

* Tail multiple pods in one view, even from different namespaces. The log output is combined and sorted by timestamp.
* Timeline view to identify problems and navigate to results quickly.
* Search with regular expressions. Use custom colors to visually highlight, and a summary, to quickly find and navigate in the results.
* Save searches, so they can be easily reused. Mark them as default, and they will be active directly when opening a new log.
* Multiple tabs and clusters

You can find some screenshots here:

[https://kubelog.de/docs/getting-started/introduction/](https://kubelog.de/docs/getting-started/introduction/)

https://redd.it/yg1p09
@r_devops

Online DevOps labs or bash scripting exercises? = Prepare for interviews

Hi,


I recently applied for a DevOps role, and they required me to do an online bash scripting test-taking data from Virtual Machines, which I was unprepared for and very difficult. Are there labs online I can go through to practice this?


Thank you!

https://redd.it/yg2h7v
@r_devops

Need Help - Finding a GitLab versioning solution for Monorepos

For work, we're looking to do an automated changelog, versioning, and publishing to atrifactory strategy for a pnpm monorepo. The pnpm to artifactory publishing works great, but after days of searching, it seems like all the major versioning package options for monorepos like `lerna`, `changesets`, and `auto` don't work with GitLab; each one with open issues.

Does anyone know of a solution? I'm tearing my hair out trying to find something that works. Our team isn't migrating to GitHub anytime soon which would solve a lot of these issues.

https://redd.it/yg2913
@r_devops

Monitoring in DevOps

there’s many of monitoring tools and plug-in. requirements and goals are different for each .. what should I use for Gitlab ci-cd tracing and monitoring

https://redd.it/ygb2px
@r_devops

We code most of our DevOps tooling in typescript - are we bad people?

Our apps are written in typescript, node backend, react frontend. So it made sense to use typescript everywhere we could.

We use cdktf with typescript instead of using the native HCL language for terraform and almost all of our build, deploy etc scripts are typescript.

We use ts-node to execute them so we don't have to transpile them into js first (although obviously that happens in the background).

So far this is working really well for us but I know it's not the norm so just wondered if there was any obvious down sides you fine folk can think of?

https://redd.it/ygj2eh
@r_devops

What tools do you use to map out microservices?

Hey all! Just wanted to ask a pretty general question but its been bugging me.

Currently, just using a combination of Draw.io, custom solutions and grafana. It just seems like a lot of trade offs and work being repeated. Wondering if anyone has a solid solution for this "problem." I guess a bit more detail, just looking for something that lets teams manage their own portion of the "map" so we can hopefully get a high level overview and then "drop" into lower levels.

Seems like datadog comes up a lot when I poke around in this area but I can't say I've had experience with them.

Thanks!

https://redd.it/yglmre
@r_devops

As a devops engineer where have you done real coding not bash/powershell scripting

Just want to know what language current industry trends require and where exactly have you used it

Example: I have written python scripts for cleaning up azure resources but most of the work I get it done using bash/pwshell

https://redd.it/ygdtw2
@r_devops

Should I forget about it?

A recruiter reached out to me for a position of DevOps at a start-up that offers low cost food to less deserving school going children in Kenya and I bombed the interview (it was a simple on-site conversational interview about my past projects, experience and also programming languages I've used).

It seemed like it was a fairly simple solution that involved using IoT wrist bands and the tech stack is React + Spring Boot.

I was to start this month but I got an email that they were having internal issues and they've paused hiring for now. I have been jobless for the past 8 months and this news kinda sucked because I was very hopeful things would go my way and the fact that I was working for an NGO that was working to solve hunger in young children gave me a sense of purpose to work.

Was the HR politely rejecting me or should I give them more time maybe they'll get back at me?

https://redd.it/ygl0pn
@r_devops

Best way to learn YAML for Azure Pipelines?

Hi,

I'm looking for advice on how to become proficient in Azure Pipelines. Any good resources, training paths, roadmaps, general advice for this?

TIA!

https://redd.it/ygskku
@r_devops

How Are You Collecting CICD Metrics?

I think this is an area of observability that not many people are really doing well.

I'd like to start collecting metrics on the performance of our pipelines, and looked into something like Datadog metric collection via Github Actions.

But I'd just like to get your take on how you're collecting metrics for your pipelines. Are you running an extra step at the end, to collect the data per pipeline? Or per stage/step? Or are you running as a cron, hitting the api?

https://redd.it/ygzxor
@r_devops

Kibana asks for Enrollment Token while trying to implement ELK stack in ECS Fargate.

Kinda Noobie Question. I'm trying to implement ELK stack in ECS Fargate for my own practice.

I created individual basic docker images of Elasticsearch, Kibana and Logstash and pushed it to ECR registry.

I then use it to create a Task Definition and use the task definition to create a service and a cluster. There is only one Elasticsearch container, one Kibana Container, and one Logstash Container and no multiple containers with Loadbalancer. When I implement it this way Kibana is asking for Enrollment Token which we need to generate from the Terminal of Elasticsearch Container. But if I setup ELK stack with the same images in an EC2 instance or my local machine it's working properly with the token.

From what I've searched it might be because ECS automatically enables all the security features of Elasticsearch and we can't disable it. But not 100% sure. That might be the reason why I also can only access Elasticsearch page using HTTPS protocol instead of HTTP. I tried to disable the security but It is not getting disabled.

Is there any way to setup ELK in ECS Fargate without the means to generate Token or is there a way to execute commands to generate Token in the Elasticsearch container in Fargate.

https://redd.it/yh0z3z
@r_devops

What happens if a file hasn't changed while taking a snapshot in github?

So, git works like this:



1) You commit.

2) git takes picture(snapshot) of what all your files look like at that moment and stores reference to that "snapshot".

If files haven't been changed what happens here?

The answer is written in the source website, but I didn't get it.


Source: https://git-scm.com/book/en/v2/Getting-Started-What-is-Git%3F

https://redd.it/yh664o
@r_devops