Bicep templates

Hello.

Is there anywhere a big repository with bicep templates which you can look up for examples? Microsoft have a few but usually they're not filled with "values" but rather empty and from there i'll have to try my best until something doesn't work and then fix it.

Currently it just feels like i'm at times reinventing the wheel since some resources won't accept values which others would usually be accepting.

https://redd.it/z10yl2
@r_devops

do you action alerts in non-live environments?

At my company, we have alerting set up for all envs (dev/qa/live). I as the devops person responsible for multiple services, each of them having 10-20 alerts set up, am in charge of setting up the alerting and maintaining it/steering the dev team to do it.

Now our live services usually work fine and we rarely get alerts fired there, but a lot of times, it's the dev/qa alerts that fire, most of the time because of some failing dependency or bad data used in dev, or similar reason.

I'm usually inclined to ignore these and focus on actual work, but I'm pushed from above to action these alerts - refine thresholds, tamper with queries, etc. (or make sure developers take care of them).

How do you approach alerting in your teams?

https://redd.it/z0tyrt
@r_devops

Please recommend Student Information System solutions for higher ed (colleges and universities)

Looking for potential solutions to replace our university SIS which is Oracle People Soft. A few requirements our university needs for the SIS to have:

1. an active directory used for account creation, reading, updating, deleting, and authentification.
2. a built-in LMS like moodle.com to handle student enrolments, and attendance, create exam schedules, and be able to process final grades
3. a dashboard for reporting and analytics
4. a complete and comprehensive program for accounting control to track daily financial transactions
5. an online payment gateway for student payments and account balance updates
6. the SIS should be able to process online applications and student placement information
7. workflow processes for making grade changes, creating the course and major sheet exceptions

Currently, the existing solution has MOST of the things listed above as custom apps and integrations. I understand there is no perfect solution that will offer all of these, but any recommendations to handle most of the requirements with a ready-made solution are highly appreciated. Obviously, some things will have to be made as custom integrations, which is no problem, I'm more than welcome to opinions and feedback on potential options. Thanks in advance!

https://redd.it/z1ai3p
@r_devops

How much collaboration you need to fix your config when your deployment is broken?

I wonder if you work on isolation or you set up some kind of war room when you are facing a minor or major outage in your application.

We are thinking on adding capabilities for online simultaneous editing of config files for quick fixes or long term configuration definition, but I really don't know if it makes sense, specially if you are using GitOps or any git based configuration workflow. I can see some value, but I don't know if it is better to open a Zoom call and share your screen to work on it instead of having some kind of Etherpad like experience, even if we (Monokle) can do real time validation of your config files.

Do you see value in such a feature? What would be the requirements that would make this unacceptable if there are not there?

https://redd.it/z48k3b
@r_devops

Should i migrate from Kustomize to Helm?

Hi!
I'm currently facing some "limits" of a kustomize approach.. Basically i need a sort-of "Preview Environments" based on PR. I managed to get something that works using ArgoCD and it's PullRequestGenerator which use a specific kustomize overlay to deploy those environments when a PR is opened.
But the problem is: I need to pass some values to kustomize from ArgoCD, and i guess that there isn't a way of doing that easily.

Let's say that a PR is opened from a branch: feature-12

This will trigger a GH Action that push the container to a private registry tagged with branch name and other stuff.

ArgoCD then will be notified from a webhook that a PR is opened and will create a namespace (named like the branch) with all the stuff deployed.

From ArgoCD i can pass to kustomize some values, like prefixName and images, and that's fine.

But ideally the stuff just deployed from the PR should be reachable from specific URLs like feature-12.example.com or feature-12-api.example.com..

I cannot pass that value to kustomize.
So i think that the only way is to migrate to Helm and then pass those value with Values.yaml

Any suggestions about that?

P.S: Also kustomize insert namePrefix on a lot of stuff and those stuff are usually also in some container environments of the deployment.
Like an env that refer to: redis://redis-service:6379 when deployed to dev using dev as a namePrefix, will become: redis://dev-redis-service:6379, so the env must be patched as well. And while this is fine in a scenario with 3/4 different environments, that's not feasible in a scenario with multiple environments dinamically created by ArgoCD

https://redd.it/z49fdx
@r_devops

How to access a Cloud SQL instance in GCP from a different project?

I have 2 GCP projects. Each has its own VPC and one of them has a Cloud SQL instance. Thing is, after doing VPC peering between those two separate VPCs I still can't access the database from the VPC in the other project. Anything I'm missing here?

https://redd.it/z49wud
@r_devops

Is it possible to update .net core WebAPI in IIS without taking it down?

I'm currently using jenkins build server, basically building+deleting+deploying(copying), but the endpoint goes down while doing this.

Is it possible to use f.ex. Azure DevOps to update WebAPI in IIS without taking the application down?

https://redd.it/z49pvs
@r_devops

Need some help starting out

I've beed a software dev for like 5 years and now trying to get into devops, so I was playing around with networks and terraform.

I am trying to set up a haproxy and multiple services behind it. Haproxy has public ip, servers with services don't.

​

What is the proper way to configure hosts on the network that don't have public IPs? They can't access internet so I can't download required packages. Should they use a proxy to access internet? If yes, how? Or should they just have public IPs and firewall? Or should they download packages from local storage?

​

Would really appreciate any tips.

https://redd.it/z4czak
@r_devops

Where do you host your software versions for users to download?

I was uploading all my installers to our web hosting provider KnownHost, but they said it was not for storing those types of files. We moved to AWS with our own custom web server but that's giving us trouble. I'd like to move to something standard, we need to transfer our installers from our Azure build server, and then have a link to download the file.

Any recommendations?

https://redd.it/z4d26q
@r_devops

A typical Friday

Early morning on a black Friday, surfing around to see if there is anything to buy but end up with nothing, so I went to look at a personal project that hasn't been touched for a while, then ... make test failed due to Azure moved or dropped some of its open datasets, try to find another one but found azure cli is not installed, running brew but got 503, then found github is having problem with packages and pages.

TGI"B"F

https://redd.it/z4ftds
@r_devops

Confusion question

I am often confused when asking online community for help with a technical problem. The feedback is often something isn't clear or needs more details. These question are often gears to very specified tool. I am mostly trying to state my problem with a few lines of code and possible document I am using. My question is how does one formulate a very clear and detail tech question about something they are not fully understanding ? it seems like some people don't understand the reason something is unclear because the person asking for help doesn't know how to explain it. which often happens to newbies.

https://redd.it/z0w0cm
@r_devops

DevOps Gig

Can someone share any resources where we can find devops side gigs ?

https://redd.it/z0nuex
@r_devops

Are you using Cloud Composer in production?

Hi, we are looking into Cloud Composer to stop managing Airflow clusters ourselves (which is a pain). Are you using Cloud Composer in production? If yes, how are you dealing with environment upgrades (snapshots, etc.)? Are the upgrades smooth? I have seen that Cloud Composer 2 Environment upgrades is still Beta functionality.

https://redd.it/z47k8m
@r_devops

open-appsec (open-source machine-learning based WAF) - updates

We have added a new Killercoda playground that allows deploying open-appsec for NGINX - https://killercoda.com/open-appsec/scenario/simple-appsec-for-nginx

For more information about this option see the docs at https://docs.openappsec.io/getting-started/start-with-nginx

If you haven't Star the GitHub project already, please consider doing it. It helps us as a young project: https://github.com/openappsec/openappsec.

Thanks and have a great weekend!

https://redd.it/z4np2f
@r_devops

What’s the coolest thing you did this year?

Just curious what cool shit other people have been up to over the past year or so?

Any plans for some cool shit for next year?

Interested in both personal / professional projects.

https://redd.it/z4pgrn
@r_devops

Sync all your cloud asses to Snowflake and build an "Infrastructure Lake"

Hey! Im the founder of https://github.com/cloudquery/cloudquery we are an open source high performance data integration platform focused on cloud infrastructure. We just released a new integration to Snowflake which can be super useful if you already use it and/or if you want historical data of your cloud infra and query it later.

https://redd.it/z4ql9v
@r_devops

terraform cli auto-completion with alias

I use tf as alias for terraform but the auto-completion is not available for the alias same as full command.

I googl'd this but couldn't find anything.

Any way to get cli auto-completion with my alias?

https://redd.it/z4t9fe
@r_devops

having Headache with k8s nginx ingress rewrites

So I have this very specific problem.

Let's say that I have such an Ingress.

spec:
rules:
- host: example.com
http:
paths:
- path: /some/path/(.*)
pathType: Prefix
backend:
service: example-service

my question is: can a pod which is connected with an example service recognize example.com/some/path as a root or domain name, I don't know what is the correct naming here but what I mean is that when I make some requests on my pod, for example, I POST a form with a button it, for example, redirects me to the example.com/login, which is wrong and I don't want that. What I would like to achieve is redirect to example.com/some/path/login

Some may say that I may change the source code of the pod application, well I can't (to some extent) and it has to be dynamic or maybe at least provided through ENV variable or something (applications are provided dynamically so I can't be really sure what is the source code)

Is the thing that I am trying to achieve even possible? Maybe with an extra nginx pod or something like that? I would gladly receive any help because I ran out of ideas.

https://redd.it/z4t3yx
@r_devops

Live Configuration vs Built Image


So I work in a fairly small environment, and it's local ESXi VMs that we are attempting to treat as on-prem cloud for internal infrastructure and development.

We are transitioning from a very broken deployment traditional model to DevOps.

We provision with Terraform, using pre-built Packer images, and configure with Ansible. I am interested in what other people are doing for configuring deployments and why: whether it is live in a deployed machine or in the image being deployed.

https://redd.it/z4t3y2
@r_devops

my new job scares me

i got a new job (didn’t started yet) that is so good that im scared and honestly dont know if i can handle the position.

https://redd.it/z4xtng
@r_devops

For devex folks specifically: how do you think about balancing dev empowerment with environment stability?

New to devex, very much still learning the ropes. Environment instability is my team's biggest productivity killer at this point -- broken tooling, rotted dev configurations and documentation, that sort of thing.

Right now I'm investigating k8s-based dev environments (e.g. kind + tilt) as one possible solution. I'm pretty new to k8s, and the API surface area is obviously huge -- my first reaction is that it's more than I'd expect devs on my team who don't already know k8s (frontend team, for instance) to learn. Obviously there are other options -- docker-compose may be enough for us for now, for instance -- but it does seem to highlight a tension I'm noticing elsewhere as I dive into this work: how do I figure out what stuff I want to offer to devs as guarantees/black boxes, vs. stuff I want to teach them to be able to do?

As another concrete example, I created a pretty elaborate caching regime for our Docker builds in CI, and wrote a script to generate docker buildx build commands with a particular array of --cache-froms and --tags. Its performance is excellent, if you actually use it and if you know how to write a modern Dockerfile with multi-stage builds. The tool doesn't really help you do either one, so in practice I'm heavily involved in the introduction of new images to CI.

In some sense, it's fine if people come to me for help with this stuff -- it is, after all, my job. But it obviously doesn't scale to have all dev env and infra changes go through me as the team grows, so in some cases I'll want to invest in building abstractions and teaching devs to do things in a "self-serve" way. How do you approach this in your own work? In the Docker example above, for instance, it's obviously possible to refine the experience provided by the caching script and teach more engineers how to write optimal Dockerfiles. But is it worth it? Or should I be making that investment in the dev environments, instead? These are of course subjective questions, but I'm curious what your thought processes are.

https://redd.it/z502kw
@r_devops