Branching and deployment strategy for continuous integration

What branching/merging/deployment strategy would you use for a development team of 5 developing a webapp with 10,000 users (not small, not large)?

Currently we have three environments: development, staging, production. Features are developed on feature branches and merged to master, causing an auto-deployment to staging. After smoke testing on staging the developer click-ops to production.

If an issue is discovered on staging, the developer creates a new branch (hotfix) which is merged again to master. There is no way to reverse the feature branch merge to master after the fact.

An added complication: if production ever goes down while the master branch is compromised, the system will auto-deploy the compromised master branch to production.

Also, the development environment is a free-for-all.

There has to be a better approach...

https://redd.it/yxzi8d
@r_devops

NGINX / NGINX Ingress / Envoy WAF Comparison

https://www.openappsec.io/post/comparing-nginx-waf-solutions-nginx-app-protect-waf-vs-open-appsec-open-source-ml-based-waf

Article compares the NGINX App Protect signature-based WAF solution and a new open-source initiative called “open-appsec,” which builds on machine learning and can be deployed as an add-on to both NGINX and NGINX Ingress open-source and premium (Plus) versions.

Documentation here: https://docs.openappsec.io/getting-started/start-with-kubernetes

https://redd.it/yy1l00
@r_devops

What is the point of having both a develop and a main branch aiming to be in sync?

I often notice teams have both a develop branch from where they pull featurebranches, only for them to merge into develop and then merge into main.

What's the point ? Seems like double bookkeeping to me.

https://redd.it/yy2wz7
@r_devops

Uptime for MongoDB atlas? No luck with asking atlas and nothing for dátadog integration

Im feeling like I’m just getting poor support and I’m a lazy docs reader, but I can’t seem to find anyway to easily get the uptime of a MongoDB atlas cluster

There is a mongo serverStatus function you can run but you need to run it on each node AND it just tells you the time the mongod process has been running which I’m guessing isn’t going to be the same as “uptime for the cluster” because when a new node is spun up or down, it doesn’t necessarily mean we had downtime (from the experience of a MongoDB atlas cluster consumer/user)

Are people just not measuring SLAs for the DBs lol? How does atlas measure their own SLA lol

https://redd.it/yy55ra
@r_devops

NPM version in container environments

I’ve recently begun a new job and found something interesting.

I’ve noticed this pattern where SWEs will make commits to simply bump their package.json version. This of course triggers a new build on their default branch. Then of course the thing they are applying a git tag too isn’t the image that was tested in a lower environment. (We do at least properly promote so there’s not a rebuild on tags).

So I’m curious how do you guys handle apps that are npm apps but are rest apis per se? In the past I’ve just always set the package.json version to 0.0.0 and disregarded it as I prefer the git tags/image tags as the source of truth. Now for npm packages of course the typical process is used.

https://redd.it/yy85hl
@r_devops

How do you yaml

A?:

accessModes:
- ReadWriteOnce

or

B?:

accessModes:
- ReadWriteOnce

Personally, I can't even with B. I don't know if it's some sort of chemical imbalance in my brain but I get ultra confused if I see yamls structured this way.

I want to know if I'm the only one or not. No explanation necessary. You do you.

View Poll

https://redd.it/yya8p7
@r_devops

Logic Apps & Workflow Configuration Import into an Azure DevOps CI/CD Pipeline

In my Azure test lab, I currently have a Landing Zone deployed in Terraform via a CI/CD pipeline in Azure DevOps.

I would like to deploy an Azure Logic App, however, I have an existing Logic App workflow config I'd like to import into said Logic App as part of the CICD build process (I was thinking maybe a task or something within the build pipeline?). Moving forward the Workflow configs should then be managed as part of the build pipeline with the config files being hosted in an Azure Repo.

My question is, has anyone ever done this before, and if so what is the best way of going about it? I've spent some time having a go but cannot find the most efficient way of going about it.

TIA :)

https://redd.it/yy2598
@r_devops

Packer + QEMU for Ubuntu 22.04.1 ARM64 ISO

Has someone ever tried creating a custom VM image using Packer + qemu-system-aarch64 with a dedicated Ubuntu 22.04.1 ARM64 ISO image?

I have extensive experience in QEMU and Packer especially for AMD64 and have templates that can boot images using UEFI for x86. However, I found an ISO file from Ubuntu for ARM and you actually have an ISO file there. AFAIK a lot of ARM based devices don't have UEFI implementation and bootloading is not the same as OVMF.

During a Deep-Dive I found a very nice post from Canonical's MAAS called about creating images which provides a fantastic Packer template that is ARM64 / AMD64 interchangeable but only caveat is that it uses Ubuntu's Cloud-Images

I wanted to try the Live Server Image for ARM64

Any expert here in Golden Image Creation can guide me through if this is possible or not?

https://redd.it/yy0d5p
@r_devops

Is it possible for Password policy implementation in EC2 Ubuntu os level?



I was suggested by PCI-DSS requirement team to implement Password policy on our ec2 ubuntu servers. They have provided us with this link to follow: https://linuxhint.com/secure\_password\_policies\_ubuntu/

But, it's not working after I follow perfectly, still, I can create new passwords randomly for new users. What can be the issue here? Does ec2 really allow to implement of this on the os level?

https://redd.it/yyf10y
@r_devops

is there such thing as "encrypting" a repo hosted on Github?

Hello,

I was asked to look into encrypting a github repo hosted on github.com. I understand that all data on github's infra is encrypted since they have all their SOC compliance. Has anyone heard of this before? I'm aware of tools to encrypt individual files but not an entire repo...

https://redd.it/yxz8gk
@r_devops

I get this error when I commit with a CircleCi project I just made

no configuration was found in your project. please refer to https://circleci.com/docs/2.0/ to get started with your configuration.

https://redd.it/yxxv33
@r_devops

Was learning Go hard for you?

I spent all week trying to put together a lambda function which AWS already provided the code for but in python. I learned python on my own and figured learning Go would be easy but it's a totally different beast.

https://redd.it/yyjmks
@r_devops

Deep Dive in 5 minutes: How a pod is created?

https://www.youtube.com/watch?v=vv8aT1OdBw4

https://redd.it/yyje96
@r_devops

Does anyone have Server Hardening Document for AWS?

I need server hardening document for AWS as a part of PCI-DSS compliance requirements. We want to provide them with this document. Does anyone have any latest or near latest documents for AWS?

https://redd.it/yxlucr
@r_devops

Is there any automation solution that isn't "only" CI/CD except Jenkins?

All I want is a solution I can write workflows/pipelines into, arrange them in views and trigger them with parameters (that are more clever than basic strings..), in a way that is better than Jenkins with a better UI. It seems like almost all Devops automation solutions are related mainly to CI/CD, in the sense that they are connected in a 1-to-1 ratio to some code repository. I don't understand why I don't hear people complaining about it more.

My company has much more processes that need automation than CI/CD. We have data-pipelines, DB migrations, on-demand IaC, scheduled tasks, QA pipelines, Customer related pipelines etc.. For each of these we need some other product that is specific to that use case, or some Jenkins invented solution.

I may not be knowledgeable enough in the market, but I'm aware that there are paid solutions. What I'm looking for is something open-source, un-opinionated, mature and container-native. The closest I've come to is argo-workflows, which is an amazing project, but it's just not there yet in terms of front-end/friendliness.

https://redd.it/yyo6dk
@r_devops

Openshift build/ s2i

I have a fairly good understanding of how s2i works from lab/courses, but I am needing some inputs from the community. Does anyone actually use the functionality for building container images from source repos, or is it all external tools for builds(drone/GH Actions/GitLab etc). My last workplace only deployed prebuild images to openshift from a external private registry.

https://redd.it/yypuj6
@r_devops

Migrate database

What’s the best way to migrate large databases from aws to gcp?

We have large mongo databases that are 10TB plus and need to migrate them to gcp with very little downtime! Anyone have an idea the best practices for this?

https://redd.it/yyr6fy
@r_devops

LiveNation/Ticketmaster architecture?

I have a neophyte understanding of cloud architecture; can anyone proffer a guess as to why the LiveNation/Ticketmaster ticket app failed, or what their team missed or didn't plan for with the TS ticket sales?

https://redd.it/yysvs5
@r_devops

React Native CI/CD pipelines

I am wondering what everyone is doing for CI/CD pipelines for React Native apps. I am building my first React Native app and trying to figure out how I should go about setting up the CI/CD pipeline. I have them for everything else but never made one for React Native. Suggestions on good guides or personal experiences that might be helpful are welcome.

https://redd.it/yypi5k
@r_devops

Is the ymal from circleci good?

I created my project and it says “success”, but I’m not sure if it’s just a success by the test, or if it’s actually my whole project

https://redd.it/yyseya
@r_devops

Container image which provides easy access to most backup/restore utils used for managing database backups.

https://github.com/st3ga/dumputils-container


Hello folks.I find myself using these tools really often when switching data environments or when doing local tests on existing data. I wanted to have prepared environment whenever i need, so i created this container. I just started the project with a few scripts, .bashrc and the tools i use the most. Issue templates and CI are also done.

If you find this useful I will be glad if you can join with Enhancement suggestion, pull request or bug reporting.

I have a plan to include common SQL scripts and docs for PostgreSQL and mysql wrapped in shell scripts so they will be easy to access, read and execute from the container without the need of search engines and internet. Also crond may be added, so it can be used in the context of orchestration tools like Docker Compose or Kubernetes.

https://redd.it/yyzye5
@r_devops