Is Linux admin the end for platform/DevOps/sre?

I never had any Linux admin experience coming in DevOps/platform engineering/sre. So far I am doing pretty well without too much Linux expertise. I can do ci cd, manage kubernetes, design cloud architecture pretty well. However, looking at the SRE interviews for FAANG, they are very heavy on Linux. I feel like at that scale, open source tools can't solve your problems so you pretty much have to create your own tool and having a very strong Linux understanding is important to debug issues and find optimizations.

So is the career path coming to a full circle where Linux admin -> DevOps/platform/sre -> Linux admin who can automate things?

https://redd.it/yvm7lj
@r_devops

Teleport is the most disappointing tools I ever see

Hi,

I implement Teleport at the job and that look very great in the documentation.

I start with the Enterprise version, the only feature we want is SSO, but they don't, they only do SAML. Just for information, SSO is authentification and SAML is authentification with authorization. My reaction is "Okay, we will use the local user with the OSS version".

Teleport auth and proxy have a Helm Charts, but it could never work in more complex environments, that's probably why the official charts are on a directory named "example". Events with more complex deployment the documentation just say "Create 10-20 items externally", but again in an IaC or GitOps way, that couldn't work. Alright, I'm bifurcating the board to customize with our needs. This is a real hard because Teleport doesn't support any ingress controller on Kubernetes out-of-the-box.

Still in a IaC way, Teleport has no documentation how to create S3 or dynamoDB resources, because Teleport want to do it for you, but that create a drift of infrastructure that I need to explain to auditors.

The main usage I want is for Kubernetes clusters and honestly that work well with Sessions recordings. But for the databases integration, there is no flexibility on the tools, they only work with autodiscovery and again they absolutely want to make undocumented change in infrastructure. I just want to see the IAM role to create, but this is not an option, you must configure databases before seeing roles.

Add to that, the documentation is worst I had ever seen, they repeat the same steps at all pages. I think Teleport is for dumbass DevOps and if you have to pass any certifications or have IaC infrastructure, Teleport isn't the tools.

https://redd.it/yvlgul
@r_devops

Streamline Your Business Operations with Hi-end DevOps Solutions & Consulting Services



MindInventory delivers cutting-edge DevOps solutions and consulting services to automate your business process swiftly and cost-efficiently.

https://redd.it/yvo3jf
@r_devops

When a Unix systems engineer says...

Suggestion: When a Unix systems engineer says they are "skeptical" of cloud, stop the conversation and close the chat before you let out that existential wail of "why do I have to work with this person!!!!"

https://redd.it/yvj0it
@r_devops

What does your ideal DevOps tooling look like?

Hi, I’m an engineer at Fiberplane, a collaborative notebook tool to help with infrastructure debugging, incident resolution, and system analysis. Today we have entered our public beta, and I would like to ask you a question: What would help you in a product like this?

Personally, I’ve worked extensively on our Rich Text Editor and the Provider model (which are WASM-based plugins that allow us to integrate with Prometheus, Elasticsearch and others), so I would be especially curious to hear what you think about those!

Cheers!

PS.: I’ve left a link to our product in the self-promo thread.

https://redd.it/yvr77x
@r_devops

Confidential Computing 101

Confidential computing is the name of the technology that aims to secure data in use by using Trusted Execution Environments.

A trusted execution environment (TEE) is a secure area of a CPU. It guarantees confidentiality and integrity of code/data. The codes in the TEE cannot be replaced or modified by unauthorized entities, which may also be the computer owner itself.

https://cloudnativesimplified.substack.com/p/confidential-computing-101

https://redd.it/yvcdty
@r_devops

DevOps engineers role on Product teams

I am currently the sole DevOps engineer in a growing organization. We are currently making the switch to product lead teams from a traditional discipline focused teams (i.e. backend/frontend/mobile). I am talked with helping build the DevOps team (cloud engineers, sre, security engineer, etc.)

Where should DevOps engineers live? Within the product team pods, or in a separate team altogether?

https://redd.it/yreut6
@r_devops

robocopy did not work

In the destination folder, I had one garbage file. Despite using purge, robocopy was unable to remove it.

Also, I have the same file name in both the source and the destination, and I wanted to copy only the source files if they had the same file name, but it didn't work.

It also could not copy empty subdirectories from source

what adjustment I need in my command ?

robocopy.exe "C:\folder1" "C:\folder2" . /e /purge /r:1 /tee /np /log:C:\folder1\robo.log

https://redd.it/yvya4s
@r_devops

Need help in bash Scripting

I need to write a script for taking backup of all applications of Production environment and restore that on DR environment and also need help for creating the cronjobs
The help from the experienced folks will be very helpful.

https://redd.it/yqtsq7
@r_devops

GitLab Paid storage update psa

Just a heads up for anyone using gitlab saas service,

Storage of images and code used to not have a storage limit. It now does.

So if you're about to renew your plans, check how much storage youre using. Cause its pretty pricey to store things now..
Anyways, heads up!

https://redd.it/yw1pw3
@r_devops

How relevant, beneficial is RHCSA to learn DevOps-related Linux skills?

My understanding is it's a great cert for both theoretical and practical (especially this part) Linux knowledge. I am not looking to become a Linux or sysadmin but would like some Linux foundational knowledgebase for my future career move into developer or possibly DS.

Any advice or words of caution? If not, what other Linux certs would be great alternatives? Thank you!

https://redd.it/yw27lm
@r_devops

Backup and Restore of Containers With Kubernetes Checkpointing API

Hi /r/DevOps,

Today I published an article titled "Backup-and-Restore of Containers with Kubernetes Checkpointing API", where I explain how you can enable and use the recently introduced Kubernetes Checkpointing API to backup containers into archives and later restore them back into Pods.

Here's the link: https://betterprogramming.pub/backup-and-restore-of-containers-with-kubernetes-checkpointing-api-e310cf29cd4a

Feedback is very much appreciated!

https://redd.it/yw3ccn
@r_devops

Security Team wants me to join

The security team at my company wants me to join their team because they want more DevOps oriented people and they like my experience.

I’m not entirely sure which road is better. Should I stick with my DevOps team or start down the security path?

Thoughts?

https://redd.it/ywatx6
@r_devops

K8s and HIPPA/PHI compliant systems - Need advice!

I work on setting up aks clusters for a healthcare company and our security team wants no secrets in the cluster and even if there are any they should be encrypted. I am trying to understand how to solve the issue of not having secrets stored as kubernetes secrets since they are not encrypted.

So far for the application secrets e.g, database connection strings etc, we store them in azure-keyvault and we use azure-keyvault-secrets-store-csi-provider to bring those secrets and put them on a mount in the cluster only accessible to the pods, since we are usind dotnet applications, we made our applications look for the properties file via /appsettings.json. This setup is good since applications looking for the secrets would be picking them from the file instead of k8s secrets/configmap.

Now we are trying to setup ArgoCD as part of our GitOps setup, which would need cluster and repo secrets defined as `K8s secrets` for it to communicate with either cluster/repo. I dont think its possible to setup Argo without having kubernetes secrets.

Please help me with the following questions:

1. How do you handle the secrets in your applications again if they aren't supposed to be stored in k8s secrets

2. Is hashicorp vault gonna fix these two above issues, I still haven't looked into it but ig argo is looking for a k8s secret, then I dont think vault could help either.

Thank you.

https://redd.it/ywasp4
@r_devops

Question about PRs and chasing teams?

Wonder if this is the right place to post my question. We have new group of Devs and various characters. I want to avoid clashing but as Release Manager I’ve been told many years to chase and validate with team if all Pull Requests are done. Said that, I fell really stupid chasing group of very smart people if they did trivial thing. Any idea, and excuse my stupidity, how can I automate it so I do t have to chase unless it’s absolutely necessary?

https://redd.it/ywec7k
@r_devops

But it works on MY machine! Debugging GitHub Workflows with VS Code. Bad Practice?

I've been writing a ton of unit/integration and e2e tests in my career and often ran into issues were tests were failing in CI due to different environments. Especially once the number of architectural layers increase, e.g. in E2E tests, the likelihood for differences due to diverging environments increased as well.

For GitHub workflows I found a nifty little trick that would allow me to hijack GitHubs build machine and debug code directly in that machine, even push fixes back to the repository. Check it out: https://www.stateful.com/blog/debugging-github-workflows-with-vs-code

Do you think this will go away with devs moving to ephemeral workspaces? Do you see this as bad practice?

https://redd.it/yw43np
@r_devops

Remote management tool for various Linux servers

I am searching for an alternative for what we use today. Our use case is 2k plus servers with different os spread around the world. We currently use NeoRouter which is access based VPN.

We need a replacement as it support only 1000 servers. But the replacement must support centos 6 as lowest version.

Our requirements are that we need to grant users access to ssh into the server, also vnc on some. We need to easily be able to add a new user to a group of servers.

We tested:

- Teleport. It did not work in C6
- rPort. It is a hassle to connect for our end users to the servers (need to create a tunnel first)
- connectwise automate - really not a good option for linux, lacks real ssh

We would love if the software could:
- ACL for users (a must)
- Webgui script executions
- Server statistics / cpu memory etc / with warnings maybe?
- quick real ssh terminal
- easy file transfer
- vnc / http proxy

Any tip is appreciated!

https://redd.it/ywchsa
@r_devops

If you need to write an onboarding documentation for a junior devops or a non-devops, what would you include?

Let's say you have a complex cloud infrastructure using Ansible, Kubernetes and Terraform. What are the things you would include in an onboarding documentation for a junior devops or a non-devops to take on a senior role eventually?

https://redd.it/ywj1o9
@r_devops

Thoughts on Postgrad program in Devops?

Wondering if anyone can vouch for this "grad" online boot-camp/program
Devops Certification Bootcamp by Caltech CTME - California


It seems that they use Simplilearn for their instruction platform -- I saw some videos there and it seems low quality. Are you getting what you are paying for with this program? Will this add more knowledge to make you stronger/hirable as Devops candidate --- or just a waste of money?

https://redd.it/ywmpbz
@r_devops

Did your GitHub or Stack Overflow qualify you for a tech job when you had no degree or work history? Did the hiring manager/recruiter look at your profile to your knowledge? Assuming your GitHub demonstrated everything the job in question was requiring, did you get hired?

I’m asking because I’m conducting research on recruiting and the lack of fairness very qualified candidates receive.

If you weren’t hired, please briefly explain and give when this occurred. How many times? Did you get any sort of explanation? What company?

https://redd.it/ywirh1
@r_devops

Are there any companies that share their experience with Open Policy Agent in the recent years?

Hello,

I am searching for examples of companies implementing Open Policy Agent in their infrastructure, code and authorization mechanisms.

One good video about this is the one provided by Netflix - https://www.youtube.com/watch?v=R6tUNpRpdnY

But I just want to know if this is still one of the best Authorization solutions or if there is something better or are there any best practices in implementing it in code/infrastructure or any technical articles shared by infrastructure engineers or such people that are very motivated and understand the benefits of the technology/policy engine.

https://redd.it/ywocd2
@r_devops