Managed to land a jr devops role in my company.

Any recommendations or tips you have for someone starting out? Something you wished sooner? I know DevOps looks very different organization to organization but any advice is helpful.

https://redd.it/yz1iwe
@r_devops

Deploying feature branch previews with AWS ECS. Is my concept okay?

I‘m a SWE who likes to tackle some smaller DevOps task. I‘m now in charge of building a feature branch preview pipeline with GH Actions and AWS.

I‘ve done such things twice already in old projects, but on prem with a k3s instance. While I could just spin up an EC2 and do the same thing there, I like the challenge and we‘re using ECS already so it makes sense.

My plan is to deploy an ECS service and assign that service to an LB target group. Then I would add a rule to an existing ALB that routes a specific subdomain, like pr-123.dev.example.com. We have a wildcard cert for *.dev.example.com and a CNAME record for the same wildcard pointing to the ALB.

1st question: is that approach flawed in any way? Is there an easier way to achieve the same thing in aws-land?

On PR/merge I‘m gonna find the created resources with some complex aws cli + jq magic and delete every resource: the service, the task definition, the ALB rule, the target group, the image(s) in ECR etc.

2nd question: is there an easy or easier way to do that cleanup? In k8s you can just delete a namespace and everything is gone (except that image). Can you give tags to any aws resource and delete every resource by tag maybe?

Ty

https://redd.it/yz2x5h
@r_devops

Have you guys managed Microsoft Intune in a Hybrid Linux environment with Windows Server and a lot of MDM tools / mobile devices ? (old and new : global accelerator, ManageEngine Desktop Central...)

Have you guys managed Microsoft Intune in a Hybrid Linux environment with Windows Server and a lot of MDM tools / mobile devices ? (old and new : global accelerator, ManageEngine Desktop Central, NinjaOne,Atera,Hexnode UEM,Ivanti Unified Endpoint Manager,IBM Security MaaS360, Datto RMM,BlackBerry UEM etc)

Have you been able to do the same or as good as Intune with others solutions from competitor or Microsoft Azure with ADDS/services is better than linux for that kind of stuffs/technology (identity/security for mobiles devices management) and AWS/Linux is better at others things ? or you used a different approach or policy in your enterprise to manage MDM ?

Do you feel that Azure and AWS are on par in term of features theses days or on the price ratio of stuffs your using in your company ? like do you feel you can do everything in linux on azure as well or easy as you can with aws etc for different kind of advanced scenario like devops stuffs or clusters or anything else etc

https://redd.it/yz5zvt
@r_devops

Best VPS for workspace and problems with it

Hi everyone,
I have some proprietary software which allows colleagues in my company to have a desktop in virtual machine, so we are choosing cloud provider for this and facing some problems with it.

1st problem is that this software as any other remote desktop software takes a lot of bandwidth to operate. We need at least 3gb/hr available bandwidth per hour (out of vm). It is not too much, but the problem appears when we want to install some programs on VM, send/receive files from our ftp, etc. So providers like aws and vultr are kinda unpredictable of how much you should pay for your usage. You can spend 2gb of houly traffic or 15 gb and you cannot predict how much you should pay

2nd problem is that providers like Digital Ocean, vultr are charging money even when your VM is turned off, which is not an option too

So we are looking for cloud provider which could give us at least 2tb of FREE monthly traffic (without hourly charging) + do not bill for the turned off VM (or at least have some workarounds like FAST snapshots to spin up a new vm)

Aws/gcp/azure - are too unpredictable in bandwidth prices, however they do not charge for disabled VMs

Digital ocean/vultr/linode have free bandwidth, but you cannot turn off your VM and stop billing process

https://redd.it/yz72xo
@r_devops

Any way to edit multiple jenkins pipelines at once?

I am learning jenkins and I use decelerative pipelines. I am trying to add one similar stage to multiple pipelines by writing a bash script which will loop through jobs and edit the config.xml.

The changes get reflected after I restart Jenkins. So far, I have been able to add the stage using grep and sed but I am not able to figure out how to fix the indentation.

Is there any easier way to edit pipelines in bulk?

https://redd.it/yyg71v
@r_devops

What do you think of using Terraform CLI workspaces to deploy quickly same resources in other AWS regions or other AWS Accounts ?

Usually, for a disaster recovery or for some other similar environments, you have the same config/resources to deploy either in some other AWS regions or on other AWS accounts. Which method you find easy to use ?
With terraform modules you have to write a little piece of TF codes for your environment to call the modules, manage yourself the TF state, etc.
What do you think about TF workspaces (in the community version of TF) which manages for you the the TF state ? You have just to create your workspace and apply the same TF code with your specific variables values in that new workspace.

Please let me know what you think. What are the pros and cons of each method ?

https://redd.it/yxk7wi
@r_devops

Career change

I’m a DevOps engineer for 5 years now . What’s my option for transition to python backend developer .. reason in my current role I been having stress from all these meetings for 2-3 hours every day and days I have 6 hours in our spring meetings . What should I do if I don’t like to talk to much and meet much . I got stress developed over time from toxic environment

https://redd.it/yxhnu1
@r_devops

Prometheus Alerting with Slack

Wondering if anyone has tips on how to make the slack alerts from alertmanager prettier?

If you've got good looking alerts can you share the templates?

https://redd.it/yzcop2
@r_devops

Deploying to AWS from GitHub actions: is this something Fortune 500 security reviews will cry about?

We have many large customers so we go through typical security reviews (archaic generic spreadsheet of questions etc)

For a few reasons, it would be helpful to move our deployment from AWS CodePipeline to GitHub actions.

Is this going to be a major issue? Should I be aware of any common critiques of this architecture security wise?

It’s not like CodePipeline was in a private VPC or anything anyway…

https://redd.it/yzft2b
@r_devops

Testing/mocking Customer IDP integrations

We provide Auth0 to our Customers for authenticating into a client apps. A common problem we run into is being able to test their authentication, as they provide, via SAML, additional properties for authorization. What I mean is due to policies on their end, we cannot test what the experience will be for them authenticating into our apps. In the end, what we are concerned with in addition to authentication itself, are the additional properties they are required to provide to use via SAML.

Has anyone set up a test IDP to simulate scenarios such as this?

Thanks

https://redd.it/yzigz0
@r_devops

Kubectl plugin to display OOMKilled pods/containers

This was something which remedied a work pain for me. It became quite a chore to sift through the output of

kubectl describe pod <name>

Or using `grep` when there are a lot of multi-container pods in a cluster.

&#x200B;

I wrote a plugin to solve the problem and I hope it is also useful for others as well! Providing a quick way to check previously killed containers via a known interface in `kubectl`

&#x200B;

https://github.com/jdockerty/kubectl-oomd

https://redd.it/yzgjah
@r_devops

Suggestions for dealing with airgapped registries and promoting from dev to prod?

Preface: Our compute environment is entirely on prem based on VMware Tanzu with the exception of our GitHub Enterprise which is SaaS.

We have our Dev and QA environments in a “lab” network environment and our staging and prod environments in our production network. Our security department has very specific rules and one of them is that there is no communication allowed between lab and prod networks. Currently, to get anything into or out of prod requires using a Citrix environment and manually copying files.

In each environment we have an airgapped registry and we are facing pain due to having to export images from the lab and manually copy them into the prod environment when we are ready to promote the code.

Since we are trying to build pipelines we need to automate the process but our security rules are standing in the way. Their stance is they wont support “promoting” from lab to prod as they have no visibility into what goes on in the lab.

My point was, well we’re doing it manually how is this any different if we automate it?

So as a complete CICD noob I am here to ask for advice. How do you deal with this scenario in your shop?

https://redd.it/yzpsxt
@r_devops

Did you receive any LeetCode (aka Data Structures / Algorithms) type questions during the interview process?

title.

View Poll

https://redd.it/yx98i9
@r_devops

DevOps Role.. but not really DevOps?

Hi all.

I graduated University in April of this year, and fortunately landed a job in a big Canadian bank within a DevOps centric role. Although, I am very grateful for this opportunity, as I come from a mechanical engineering background, I can't help but feel like I am not getting the exposure to true DevOps tools as I should be.


The role is a new graduate role, so I am not exposed to everything, but even my leads and managers and basically most people in the organization, don't use advanced software, such as the commonly mentioned tools in the sub Reddit, such as Ansible Kubernetes and Docker. My team says I am learning DevOps, but mostly all I've been doing is coordinating deployments, using Jenkins to automate deployment and working with UNIX command line.

&#x200B;

I feel like this is great experience, considering I don't come from a software engineering background, but I really do want to take the next step and learn/use some of the more advanced tools in the industry. How should I approach this? Should I begin applying for jobs in different industries? Should I look to get some sort of Amazon AWS certificates? Any guidance from someone more experienced would be great.

https://redd.it/yx92wk
@r_devops

What are some good resources(repositories, youtube channels) to practice building different DevOps projects

What are some good resources(repositories, youtube channels) to practice building different DevOps projects

https://redd.it/yzt73k
@r_devops

How do I deal with latency workloads in a multi-cluster Kubernetes-based platform?

I want to deploy an application and the idea is that it can be deployed globally where the effect of network latency is brought to a minimum. Can i get help on how to start researching whether this is possible?

https://redd.it/ywudpx
@r_devops

What will the benefit be? AWS Security.

Hello there,


So earlier today i finished up my required tasks to begin the transition to devops. Last time i spoke with my boss about it i was supposed to be moving on to docker, etc. However my boss told me to focus on getting the AWS Security cert. What benefit would there be to an aspiring devops engineer having a security cert? I was expecting him to tell me to get the solutions architect / devops cert for amazon.


What do you all think?

https://redd.it/yx24zb
@r_devops

Should I switch Jobs?

Hi All,

I've received and verbally accepted a job offer but haven't signed the contract yet or handed in my notice.

I'm getting cold feet and thinking it isn't the right decision after recieving the contract.

I'm currently a senior site reliability engineer at a scale up tech company and like my work and team. I only looked for a new role as it was announced there was going to be redundancies. It turns out I'm not on the to be axed list.

The job offer I accepted is to be a team leader at a subsidiary of a big tech company (I could put the big tech company on my CV though). They are offering an additional £5k a year salary and £20k in RSU that vest after 4 years. However, they require me to be in the office 50% of the time and their working hours are longer. On average with longer working hours and commute I would be doing an additional 8 hours a week. They also are offering 10 days less holiday a year.

The new job seems a good opportunity in terms of career progression as I would be jumping up to a team leader position but in terms of finance and benefits it seems much worse. Should I back out?

I would feel bad backing out as I did negotiate with them and had a celebratory dinner with the recruiter.

https://redd.it/yzwlw9
@r_devops

All-inclusive online game: Redis, kafka, both?

So I probably got the general idea: redis is more of an in-memory db, while kafka is more of an event bus/queue (among others). I know this is not the whole description, but it's all I know atm.

Now, I have a Unity game, online, multiplayer, turn-based, with different dev environments/stages each with its own postgres instance, all that ci/cd infra for both the game (which runs on pc, webassembly, mobile), editor (pc) and the back end (.net 5, cross-platform, but mostly ran on linux under docker).

There are also 2 systems for live content: one for game assets (asset bundles in Unity terminology), one for gameplay configs (general game rules and per-level configs), and coming soon a liveops tool to manage the game's economy, schedule events and such, which will need its own backend.

Question is simple: could I hit many of those birds with 1 stone, in terms of the communication protocol?

Here are a few examples:

- when a game client web build (web assembly) was uploaded to a certain bucket in google cloud, there's an event fired to a messaging system (e.g. by a github action) and a python script which waits for that event: stops the current live WebGL webserver, downloads and replaces it, then starts the new one, so 'play.game.com' always reflects the latest build, and ofc 'play-dev.game.com' uses a different build.

- general-purpose messaging between back-end components

- anyone can host a game server, so a game server has to register itself with the master server (this already happens, but it might need extending in the future and a messaging system seems better for faster development. I'm currently using websockets for Everything, which is overkill)

- player x invites player y to his game

- chat-like functionalities (I already have a third-party solution for this, but other chat-like messages would be needed over which I have full control - or even a completely separate, rudimentary chat as a backup system in case the main one stops for some reason)

- logging/analytics (I know third-parties have analytics packages and Unity Analytics will be used here, but it's not a silver bullet, and ofc I'll need backend analytics as well, to understand how all of the systems communicate and identify abnormalities)

I know how to 'just do it', but story of my career is: "I didn't knew that tool existed - what an easier life I could've had, had I know about it"

Other details: this is currently a 1-man project (excluding art) that will soon expand to probably 5-10 people, and I foresee at least 8-10y of runtime. Game is not yet available to masses, and I imagine it'll roll out slowly: 100 ppl in 1st month, 1000 in second month etc. Anything can happen, but we don't expect massive sudden loads on the infrastructure, so performance is currently secondary

https://redd.it/yzyalq
@r_devops

Introduction to Docker: A Beginners Guide

Blog post on Introduction to Docker: A Beginners Guide that covers all the basic concepts of Docker, its Architecture, and how it can be used for real-world applications!

Link: https://karanjagtiani.medium.com/introduction-to-docker-a-beginners-guide-for-2023-cbf9be911352

https://redd.it/yzwg2m
@r_devops

Awesome CoreDNS

https://github.com/mariuskimmina/awesome-coredns

I started an awesome list for CoreDNS ressources. There are probably still a lot of things missing but I thought it was already worth publishing so that other people can add to it as well (PRs welcome).

https://redd.it/z00siu
@r_devops