aws presigned urls for multitenancy?

I want to have an app where multiple users upload files to a single S3 bucket, process the files and then place them to another S3 bucket where they can download the results.

I know how to do it for a single user but don't know how to convert it to be multitenant. Can I use presigned urls for upload and download so that I can skip the architecture changes?

Is that a recommended solution that is secure?

https://redd.it/zlen3p
@r_devops

Why is DevOps just Ops in 90% of posts here and job openings?

I get it there are two sides and often DevOps are there to deploy stuff but it feels way too one sided what am I missing?

https://redd.it/zlhoyq
@r_devops

New Devops Role

Hello Everyone,can anyone please guide me with the resources required for Devops Engineer role as I am switching into this role but not sure about the resources and courses to learn,also which websites we can refer to for entire Devops Engineer course for free

https://redd.it/zlhmpu
@r_devops

Msp devops shared tools

Hi. In the devops world where a company has multiple products how are the support tools managed ( monitoring, logging, etc)? In theory each team is managing its own stack but sounds unreasonably unproductive to have the same tools deployed over and over again...

https://redd.it/zllhw9
@r_devops

Why using Kaniko for building images when there's more privileged containers in play?

## Context
I've been hearing/studying a lot about Kaniko, but I'm not sure if it makes sense in every scenario.

Most people tend to highlight the security reasons for why running Kaniko is important when needing to use dind (docker in docker).

There are several privileged solutions, for example:

Gitlab-ci with Docker based runners (bind mounted to it's host sock), Portainer etc.

Yes, using Kaniko for building would decrease risks, but only if privileged containers are completely cut from the pipeline.

So, I wonder how you guys evaluate when to use it, and when it does not make sense at all.

## Sources
- https://github.com/GoogleContainerTools/kaniko

- https://docs.gitlab.com/ee/ci/docker/using\_kaniko.html

- https://www.youtube.com/watch?v=d96ybcELpFs

- https://gitlab.com/guided-explorations/containers/kaniko-docker-build

https://redd.it/zlmci2
@r_devops

Do you like being a devops engineer?

I am a devops engineer for the last 7 years now, and I feel like we have to keep learning new tools constantly to keep ourselves updated. This becomes a bit challenging at times.

https://redd.it/zln5r7
@r_devops

Sealed Secrets on Kubernetes with ArgoCD and Terraform

learn how to manage secrets securely on Kubernetes in the GitOps approach using Sealed Secrets, ArgoCD, and Terraform: https://piotrminkowski.com/2022/12/14/sealed-secrets-on-kubernetes-with-argocd-and-terraform/

https://redd.it/zln8co
@r_devops

hey guys I'm newbie to DevOps any advice

Hi there I'm new to this and trying to build my career around DevOps hopefully i can make it work any advice would be appreciated thanks in advance

https://redd.it/zlpink
@r_devops

Does every commit needs build and deployment -Continuous Integration ?

Hello, could you please clarify my doubts about the CI process when developing large-scale projects?

1. How does a developer test the functionality of their code after committing to a different branch?
2. Does each commit trigger an individual build, and does each build need to be deployed to test the functionality in the Dev environment? For example, I worked on minor functionality and committed my branch, and the CI tool triggered a build, ran unit tests, and generated a build file.
3. Where does this build go, does it go in an artficatory tool like Jfrog, and so on? Can I test its functionality before submitting a merge request?

​

Note :I m noob support engineer and sorry if this is such a silly question to ask

https://redd.it/zlq9go
@r_devops

Rotating secrets for on-prem infrastructure?

I was reading this article and it got me thinking. I feel like many are lazy when it comes to on-prem because it's not the cloud.

https://redd.it/zlrgcw
@r_devops

Free tool that let’s you query GPT3-based k8s expert

Hello everyone!

Together with few colleagues we built a tool that lets you discover kubectl commands using natural language. We know that Google and StackOverflow are great resources, but we've often found it difficult to express the right questions, especially when just starting out with k8s. Or you have to dig through endless answers to find the one you want. That's why we decided to use the power of generative AI (GPT3 and ChatGPT) to create PromptOps - so you can quickly find the kubectl commands you need.

Features:
✅ Ask Kubernetes questions in natural language, with support for conversations
✅ Each of the commands in the answers is validated
✅ You can share the conversation or just bookmark it for your own reference
✅ Completely free and no sign ups required!

👉 promptops.com

We are still in early development, we have a ton of ideas, but we wanted to hear from the experts. What do you think of the approach? Are the supporting explanations helpful? Let us know your thoughts!


Thank you

https://redd.it/zlxb9n
@r_devops

Best tools/resources for improving “developer experience.” Need to submit my 2023 asks next week.

Accepted a DevOps job earlier this year only to have a new director of engineering come on and want to restructure the team.

The good news is that the director of engineering really likes me and wants me to be in charge of the org’s developer experience.

From research and his expectations, it seems like the main idea behind developer experience is to improve the process around developers, so they can focus on coding. Which I think I might actually like a lot.

There’s some team-culture things I’ve read about that sound really interesting, but am looking for any tips on tools, conferences or workshops I can submit resource asks for that you would endorse.

Would appreciate any insights you may have as well as costs.

https://redd.it/zm0col
@r_devops

Are these any hidden fees or gotchas that I should consider before starting to use GKE autopilot?

Debating whether it is time for us to move away from self-managing scaling to allowing GKE do it for us. Would like to hear from those who have gone through the migration.

https://redd.it/zltrip
@r_devops

Got a job offer as a MS Azure DevOps what should I remember or need to learn?

A little background, I have 3 years experience only on both Shopify/Wordpress Front End developing, just finished a full stack web dev bootcamp last month. Tried google about it and its a really broad topic. Any tips or recommendations on what I should practice first?

https://redd.it/zly7gg
@r_devops

Best course of action Infrastructure(ops) to DevOps

Hi All
First off, I’ll start by saying I’m actually known as Automator lol by peers in tech community. I love automating almost anything with python. I work as infrastructure support engineer, operations mainly. I had massive aspiration to work as a network automation engineer(half way through CCNP). However one of the main reason behind that was not necessarily the route and switching aspect-it was the automation side.

As support engineer I am automating all aspects of our infrastructure. Recently automated saving configs of all network L2/L3 switches with a single python script. Also automated a spreadsheet of connected device for inventory(show mac address) this was done using python/panda lib and netmiko(ssh based module).

This resulted in saving countless hours of manual work as techs would have needed to trace each switch-port to each device.

Again another was the manager didn’t know which access switches all of the lIghtweight access points where connected to. Again I wrote a python script using using regExp/netmiko which shows which switch and port each APs was connected to etc.

Writing scripts such as end point availability ping to many devices in single broadcast domain etc.

At the moment I already have setup CI/CD pipelines using Jenkins/GitHub for all my scripts(hopefully will write a blog on how to setup a Jenkins pipeline with Terraform and checkout from GitHub) Very good with Terraform too!

My Linux skills is slightly below par, but currently using Ubuntu for day to day tasks.

Last but not least I absolutely love Docker! And have containerised all my python scripts. I already pushed few to Azure container registry. To cut the long story short I love automation! I believe devOps is way forward for me.

My background is freelance IT worker and now for past year work as infrastructure engineer in corporate environment. I hold a BSc in Computer Science(long time ago lol) and have several other certifications(MCP,CompTIA server+/net+ etc) What is the best course of action to move from support/infrastructure to devops? I’m currently working on obtaining az-700 and hopefully terraform cert after. Many thanks in advance!

https://redd.it/zm6wem
@r_devops

aws architecture questions

I want to do something similar to this:

https://github.com/aws-samples/amazon-textract-serverless-large-scale-document-processing/raw/master/arch.png

I have an app that uploads files to an S3 bucket, they get processed and the results get saved to another S3 bucket.

My questions:

1. How can the app retrieve the result? Should it poll the S3 bucket or the SQS queue?

2. How can I convert this architecture to handle multiple users? I mean multiple users using the same client app that uploads to a single S3 bucket. Is using presigned urls for upload (input) and download (output) a good way to do this?
It is important that user1 only has access to user1 files, user2 only to user2 files and so on.

https://redd.it/zm6844
@r_devops

Simple automation for a static AWS S3 hosted site



hello,

I have a simple static landing page hosted in AWS S3... in order to host it, I have followed the instructions here: https://channaly.medium.com/how-to-host-static-website-with-https-using-amazon-s3-251434490c59

Now, I will probably "launch" few more landing pages (about 10) and I was wondering how to automate the S3 provisioning and update once in a while the landing as well...

I use VScode, and trying to see if Terraform or Ansible would do the job...

As far as I am concern, for VM/container provisioning is typically done with Terraform, while Configuration management (push updates) should be done by Ansible....

the challenge here is that I am not provisioning a VM/container, but only an S3 bucket and setting up all the SSL certificates....

anybody can suggest the right approach, please?

Thank you

https://redd.it/zlqhgu
@r_devops

can a kubenet reuse docker bridge/service code?

If I have multiple AKS clusters using kubenet, can they all use the same docker bridge and service cidrs? I remember reading it in the docs, but wanted to be sure. Should we just reserve a 172.0.x.x/16 for docker bridge and some other unused cidr for service? I just want to make sure this won't conflict with any other vnets as we use internal ips only via a policy.

https://redd.it/zlvihc
@r_devops

Recommended repo strategy for multiple Dockerfiles

I have been tasked with moving over \~100 Dockerfiles that an old dev team have been keeping on their onedrive and have been building manually for years into repos and create appropriate build jobs etc.

My manager requested that we put them in a single repo and have a directory for each Dockerfile.

My question is. Is this way a good way to manage this? Wouldn't this make the build jobs more complicated? I understand a single repo being the source of truth for all "team X" Dockerfiles but the best way i can see builds properly running is by extracting the directories that contains diffs and build these but for some reason i don't know if this is a good approach.

He also suggested to use a branch for each Dockerfile but i immediately denied this one since it breaks the real purpose of a branch. Maybe again i am overthinking this.

How would you guys handle such situation? Each Dockerfile on it's own repo? All dockerifiles in one repo? Tags? Branch?

Any suggestions will be highly appreciated.

https://redd.it/zlnqfc
@r_devops

Advice on Cert Path for Entry Level Dev Ops

I'm considering jumping careers from non-IT military to a civilian IT career field. I'd like to get some advice at the certification lineup I'm following to accomplish that.

Brief background:

- project management intensive military career
- learning linux (mostly debian or Red Hat), Python, and postgresql as a hobby over the past 3 or 4 years.
- tinker with a poweredge r710, thinkcenter sff pc, managed switch, and raspberry pi in homelab
- running a few VM's and services using QEMU/KVM, docker, and podman

Cert objectives in order in current plan:

RHCSA (done) -> Sec+ (in progress) -> RHCE -> CKA

PMP (at some point before I transition)

Does this seem like a good lineup to land a job?

Edit: formatting

https://redd.it/zmcetf
@r_devops

Do you feel the cloud is replacing all traditional sysadmin tasks/roles slowly ? To the point where no business except the top Fortune 500 will have their own Datacenter on premise ? or everything is going Devops ?

A) Do you feel the cloud is replacing all traditional sysadmin tasks/roles slowly ? To the point where no business except the top Fortune 500 will have their own Datacenter on premise ? or it wouldn't make sense to administer large active directory domain on premise with exchange and all the rest ? or large linux env etc ? or everything is going Devops ?

B) Do you believe that being a guru of 1 os like Windows Server or Linux and all the scripting and special knowledge that come with it is being less and less important by the day because of the cloud and automation ? (large container env with K8 clusters, ansible and all the rest of cloud services you can run depending on your business needs) I talked with a few senior sysadmin who are seeing kids out of university with no knowledge of on premise who start learning the cloud right away, couldn't that cause many complex problems down the road if you don't understand under the hood how things works ?


C) Do you see the cloud starting to affect pure network engineer gears like the large cisco, jupiter stuffs like automating switch config and many others things tru the cloud instead of using ios to configure everything by hands with CCIE ? SDN seem to be changing the names of the game devops seem to be able to replace a few guys with 1 guy with the help of the cloud ?


D) What you prefer with AWS that you don't have or doesn't work with Azure or vice versa ? Is Azure still mainly Windows Server and AWS mainly linux or they both see a good showing on both theses days ? What kind of config you have seen or built that is less expensive on premise than on the Cloud ? Does Data privacy bother you ?

https://redd.it/zmekck
@r_devops