Would you consider a job with on-prem rather than public?

Had an interview today and the company is 100% on prem. I'm not too keen on this as I've got AWS and Azure experience and would feel it would be a waste to not use it and potentially hinder future job opportunities. As they say 'use it or your lose it'.

Would you make you reconsider if the company was on prem over public cloud? Why, why not?

https://redd.it/zniddk
@r_devops

React/Flask Minikube k8s pods are working, but not finding each other. How to fix?

I've got 2 pods for the front and back end, react and flask respectively that reside in the same namespace. Both are running individually functional pods, but the frontend is not finding its API. The way the project is configured currently is that react expects the API at pod's localhost:3000 I am unsure how the best way to route it to the API service is.

Since React has a proxy field in the package.json I dont know what the best way to fill that would be, as well as making the fetch requests in my files. Perhaps an env variable but how would I populate it with the proper address?

I have messed around with ingresses but was wondering if there is a more straight forward way to do it as an ingress seems like more overhead than is necessary, and I'm not all that familiar with how they work, to be honest.

https://redd.it/zni8hz
@r_devops

Moving from sysadmin to sre/devops. any certs or none at all?

I've been working as a SysAdmin for 2+ years since I graduated. My current company is pretty small, most of the things were on bare metal although now we've virtualised most of the things using vSphere, the infrastructure is solid but doesn't use most of the things I see job postings asking for nowadays (no K8s, no CI/CD, little things with Ansible set up before I got there, no Terraform and the only cloud services used are AWS S3/Glacier).

I started looking for SRE roles after I learned about the role from Google, since I love how they define it even if I know that not everywhere does it that way, but after seeing I lack most of the most demanded technologies, I enrolled to KodeKloud and plan to do the IaC path and the K8s one (which I started).

But I want to know how I can improve my chances in job interviews and how to make myself more attractive (maybe even avoiding starting from a completely bottom position too).

Right now I'm doing the course for CKAD on KodeKloud so I was interested in certs, but looking around and talking to people they mentioned mostly CKA and AWS SAA ones. Should I go for these if I'm looking to get a job similar to the SRE role that Google mentions? Should I just learn the technologies and forget about certs?

I feel like I have a good foundation with networking, scripting, databases and even programming as I've done that as a freelancer (mostly Java for mobile apps, though), all I'm missing in my CV is what I mentioned before imo. How do I increase my chances?

I'm from Europe if that matters.

https://redd.it/znkfz0
@r_devops

Need help

What exactly is DevOps? I am looking to grow my career and I am a union organizer.

I get that coding is basically looking for “bugs” and using some type of logic to solve the problem.

https://redd.it/znpl2z
@r_devops

Web UI for Managing Files in a Kubernetes Volume

I have a need to give access to users to manage files in a volume. For authentication I would prefer to use Duo SSO. Is anyone aware of anyone projects I may be able to use to make this happen?

https://redd.it/zniz1q
@r_devops

Anyone have luck whitelisting Terraform Registry?

I have a box that runs terraform commands and is locked down pretty securely. Since this box will only do a few tasks, we want to whitelist the specific IPs/CIDRs that are required. Now, however, I am running into an issue during terraform init where I get the below error:

Could not retrieve the list of available versions for provider hashicorp/aws: could not connect to `registry.terraform.io`: Failed to request discovery document: Get │ "`https://registry.terraform.io/.well-known/terraform.json`": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

With that, if I open up 0.0.0.0/0, it works just fine. So, it seems like a routing issue.

I am able to dig to `registry.terraform.io` to get the IP but whitelisting this IP `146.75.38.49` does not work. I have tried to search for an IP or CIDR range supplied by Hashicorp for this but with no luck.

Any ideas on how to proceed or troubleshoot? Or,

https://redd.it/znsbjz
@r_devops

GitHub Actions - How do you deal with the built-in cron scheduler being unreliable?

Hey everyone, I've built a small CICD pipeline that pushes code to AWS. I also want to execute that code through Github Actions, up until now the cron job that executes it ran on the EC2 instance itself. Now I have set up a workflow to run it from Github and it works, but it's pretty unreliable, it often executes ten minutes later and I read that it's not uncommon to be way worse:

https://upptime.js.org/blog/2021/01/22/github-actions-schedule-not-working/

One thing I saw Github recommend is just to "not run mission-critical jobs on it". But I find it very convenient to check right on Github if it has successfully executed my script. What's the easiest fix here?

https://redd.it/znndps
@r_devops

Having trouble with home project - beamdog/nwserver on ECS Fargate

Hi all,

I'm trying to get the beamdog/nwserver:latest docker image off the ground with a completely self-contained image that I can deploy to ECR. I want to do this because it's a fun project, it'll help me learn Docker, and also help me learn ECS/ECR.

The problem is that the instructions on their website only show how to run it in docker locally via CLI, and I'm at kind of a loss as to how to write the entire Dockerfile so that ECS Fargate can understand it and successfully deploy the running server binary.

Current issues:

1. When I follow the exact directions on their site, it runs just fine. I think. I've not yet been able to actually log into the server via the game client using my loopback, but it says that it loads the module and runs it just fine so I'll take that with a couple grains of salt. I assume it's some WSLv2 weirdness, as I'm doing this on Windows in WSLv2.
2. It seems like when you run the container, it expects the local filesystem to have the 'server' folder, along with 'modules', 'hak', and 'tlk' inside that folder. Then your module file should go in the 'modules' folder. Does this mean I will need to figure out how to attach an EFS volume to the task which has these same files? I'm seriously struggling to figure out if I can put the .mod file directly inside the container somewhere where the binary can find it.
3. It suggests to use either environment variables or --env-file to pass in the variables. Can I also just do this inside the Dockerfile using 'ENV'? It doesn't seem to work when I try it that way. There are a few ways I can skin this pig, namely using environment variables in terraform for the task definition, or doing it at build time, etc. I think the more secure way would be at build time during the pipeline.

Can anybody help me figure this out? I've tried it about 5 different ways, but it seems like the official image from Beamdog is the best way to go. (I've tried to compile the binary myself on ubuntu, I've tried NWNX - which is way overkill and much more complex, I've tried centos images...)

My current file looks something like this, but again, I don't think this will work unless the ECS task is able to run it the same way I run it on my local CLI...which I just don't know enough about how to set that up in AWS.

FROM beamdog/nwserver:latest

ARG NWNPLAYERPASSWORD
ARG NWNDMPASSWORD
ARG NWNADMINPASSWORD

ENV NWNPORT=5121
ENV NWNMODULE="MyCoolModuleName"
ENV NWNSERVERNAME="MyCoolModuleName"
ENV NWNPUBLICSERVER=1
ENV NWNMAXCLIENTS=32
ENV NWNMINLEVEL=1
ENV NWNMAXLEVEL=40
ENV NWNPAUSEANDPLAY=0
ENV NWNPVP=1
ENV NWNSERVERVAULT=0
ENV NWNELC=1
ENV NWNILR=1
ENV NWNGAMETYPE=0
ENV NWNONEPARTY=0
ENV NWNDIFFICULTY=3
ENV NWNAUTOSAVEINTERVAL=0
ENV NWNRELOADWHENEMPTY=0
ENV NWNPLAYERPASSWORD=$NWNPLAYERPASSWORD
ENV NWNDMPASSWORD=$NWNDMPASSWORD
ENV NWNADMINPASSWORD=$NWNADMINPASSWORD

https://redd.it/znufw6
@r_devops

Need advice

Is devops still a good field to go in, these days?

https://redd.it/znr42j
@r_devops

advice on career and personality

Hey everyone
I got my first traineeship few months ago but got pulled out of the team within the first month.
In the beginning I was told I don't have the knowledge which didn't make sense because it was a traineeship but today after a conversation I was told that the main reason was my attitude and that I was making the team unproductive.
In my life I have been told I am a connector and connect people together and that my presence and my energy in the room is big.
Sometimes without even doing anything.
In this team though I was never told anything, and in the opposite I felt good. Also I saw the team having the same energy without me.
I have had this issue all my life as a blessing and a curse but I am thinking if technical and devops is the right place for my personality
Any advice really appreciated 🙏

https://redd.it/zng6zi
@r_devops

Internal documentation thing

I would like to know how are you guys managing internal code documentation. API references, processes, instructions and so on. This area seems wild to me, i’ve seen lots of different things around, still not sure what is best. Also, who is defining documentation framework for you? Or maybe you define it for devs?

So far i worked with markdowns in git, confluence, gh wikis, gitlab, google docs, office 365, custom internal portals and random combinations of the above…

Do you know any approach which you think works for your case?

https://redd.it/znjqns
@r_devops

group merge requests

When working with polyrepo architecture, a single change to the entire product often happens across multiple projects, and that means the teams have to coordinate multiple merge requests, which all run CI/CD processes that theoretically should be a single CI/CD pipeline, and a single merge request. Gitlab even recognizes this problem, as seen here:

[https://gitlab.com/groups/gitlab-org/-/epics/882](https://gitlab.com/groups/gitlab-org/-/epics/882)
https://gitlab.com/gitlab-org/gitlab/-/issues/3427

However, they claim that they found low demand when interacting with customers. My question is- how is that possible? As they said themselves, most people solve this problem by either using a monorepo (which has its own issues), ci patch-scripting (which is limited and requires a lot of work and decisions) or by using submodules (which might fit the bill for libraries, but not things that need to be deployed like microservices)

So I guess my question is, what do you guys do when you want to use a polyrepo architecture for developing microservices, and want to make a single change to your product that spans multiple repositories?

https://redd.it/zni83l
@r_devops

Automate the deployment of resources in AWS

Hello, newbie here, be nice...

Region: Bahrain + UAE

Services used: CodeCommit, CodeBuild, ECS, ECR

I'm using both of the regions, because CodeCommit and CodeBuild are not yet supported in UAE region. ECS and ECR are in UAE region.

How is it currently working: GitLab repos are mirrored to CodeCommit. I'm getting the source code from CodeCommit, use it in CodeBuild to build an image, push in to ECR and then use the image for a task definion (service) on ECS. But this is manual approach and I don't like it.

So, I want to automate the workflow but sadly, there is no CodePipeline available in either of the regions. Should I use Lambda which is listening to a certain event, which triggers the build process (maybe whenever a push commits to the master?) I don't really know what is the recommended approach.

Thank you in advance.

https://redd.it/zneccv
@r_devops

Artifactory as CDN/Package Manager, how to ask for latest version?

Companies are taking local backups of thousands of 3rd party libraries and storing these in different versions.

These dependencies eventually become vulnerable and clean-up becomes necessary, but simply deleting the old libraries will mess things up for a lot of developers.

I am familiar with NPM and package.json, where develops use tilde (\~) and caret(\^) to get minor or point releases of libraries... is the workflow similar with JFrog Artifactory?

How does one allow developers to get an approximate version of a dependency, and not direct-linking to a specific version?

Is this even possible, or should the company implement another solution?

https://redd.it/zndrom
@r_devops

How much would it cost to run this service on AWS?

I am developing a software service that will have:
a) a phone app with ~800 users
b) a web app for desktop with ~50 users

The phone app will mainly be used to:
a) track the location of an employee during their shift by sending latitude & longitude data to the server every ~5mins/ user / day for 8 hrs a day.
b) upload photos by the user to the database (~10 photos / user / day)

The web app will mainly be used to:
a) monitor the data recorded by the users of the phone app.
b) assign an agenda to each employee.

The tech stack will be:
Flutter for mobile & web apps
Node Js to run the server

How much will it cost to run the app per month?
What are the best ways of optimising cost (Storage/Compute/everything) ?

TL;DR:

How much will it cost per month to run a Node JS service and Flutter app on AWS with :
1) 2,304,000 latitude & longitude data uploads and fetches per month.
2) 240,000 photo uploads and fetches per month.
3) + Compute costs
What's the best way to optimize cost?

https://redd.it/zo2sfb
@r_devops

Atlantis users on EKS, how do you manage account credentials?

I am just curious to see how people have their Atlantis configured. I assumed the easiest way was to have the Atlantis pod log into its own role and other accounts allow that role to assume a deployer-type role in their respective account. However, I do not want to hardcode any credentials for Atlantis.

Is there a way to get Atlantis to use its IRSA role for terraform changes? If so, how would I configure this? Or, by default, does any traffic leaving the pod assume the pod's IRSA? And then I could just allow that role to assume other roles across accounts?

https://redd.it/zmzfhp
@r_devops

I think IaC is a lot better than “ClickOps”!

Infrastructure as Code is imho way better than *ClickOps (*where you manage infrastructure through a GUI which is slow and prone to errors that only accumulate as environments gradually diverge).

ClickOps practices typically lack versioning, eliminating any hope of clean audit trails. Since you can't reuse configs, it becomes impossible to roll them out to multiple environments.

One of ClickOp's biggest weaknesses is that it's highly dependent on individuals. If your knowledgeable engineers who were in charge of configs jump ship, your infrastructure will be dead in the water until you can decipher the configurations they left behind.

Do you use ClickOp? If yes why?

https://redd.it/znfctz
@r_devops

Terraform azure VM connect to Github

Hello Everyone,

​

I just started to learn DevOps recently I have an infrastructure background and also do a bit of coding.

I have a flask web app in GitHub and I'd like to copy it on Linux VMs whenever I create the environment. Previously I had the code on my PC only and I copied them with provisional but now as I use Github whenever I push an update to my flask app, I'd like to terraform to destroy my current VM and install it with the new one(run terraform manually from my PC). My problem is that I don't know how to connect my Linux VM to GitHub and get it to download the latest codes.

So I was thinking to copy over my private key from my PC as the public key is added to GitHub but in that case, I have to use provisional which is not recommended also not too sure copy my private key also the best practice after I copy the private key I'd just run a custom data file which clone the repo and run the app. I could hardcode my login details to Github into the custom data file as well but this is also something I'd not like to do especially I'll upload the whole terraform code to github at some point.

​

What would be the best solution if I run the terraform code from my PC and want the new VMs to get the code from github?

​

Later I'm planning to upload my terraform code to GitHub and use GitHub action to deploy the VMs. when there is a new push on the main Branch. In that case, i think I can just use GitHub secrets to login when i run the github action.

Thank you for the advice in advance I know maybe what I try to do is totally dumb and there is a much better solution to deploy code to VM.

https://redd.it/zo9m6y
@r_devops

What is the difference between a Microservice- & a Cloud Native Application

To me, this seems to be almost the same, maybe with a very (almost neglectable) small difference, in the idea of breaking up an application in smaller bits being a bit more important to Microservice-Apps than to Cloud Native Apps. If that even is the case.

https://redd.it/zobb18
@r_devops

How would you show “Wireframes” for a code deployment tool?

My boss is high-level and not technical. When I pull up code to show him the deployment workflow he immediately freaks out and says he doesn’t follow. But he asked for a “Wireframe demo” of our new code workflow tool, GitHub Actions.

I created documentation for the tool, including high-level capabilities, guardrails, etc. But, he seems to want to see how the tool is working without viewing any code. This is frustrating. I guess I could show him the UI-only which is a small part of the picture. But to understand things like actions; then it requires viewing code.

I’m not sure to show him how the tool is working without showing code.

https://redd.it/zodt7j
@r_devops

Beginning my transition from Cyber to DevOps. Any tips?

Saw the roadmap, and I'm re-sharpening my Java from college as a first step along with linux refresh, then switching to learning Docker and Kubernetes and maybe terraform. Decent plan?

Done some very, very minimal automation with AD/PowerShell to incremenet GPO changes incrementally.

Some projects with Python + Twilio notifications using a docker container to send SMS when a VM was infected with malware. Some basic superclass demonstrations with employees from school.

Have not yet begun to grind leetcode. Need better programming skillset, so doing 100 hour Udemy course to refresh, since I've been doing Cybersecurity for the past 2 years.

Suggestions on improving my workflow plan?

https://redd.it/znec0h
@r_devops