SSH between EC2 in different VPC

I have server A at VPC A, server B at VPC B, I want to allow ssh to server B only from server A. I have made vpc peer connection between these two. Allowed security inbound rule only from server A private ip. Still I can't access, what mistake i did? Any help?

https://redd.it/zqjpbl
@r_devops

Devops Project Ideas for intern

Hello im looking for an internship Devops project Ideas.. Im a beginner so i think that here is the better place to discuss

https://redd.it/zqkyzt
@r_devops

What would it take for you to start using SSM to replace SSH?

I'm trying very hard to switch my organization to switch to AWS SSM for SSH operations.This will allow me to get rid of all SSH keys + eliminate keypairs for instance (and their inevitable duplication by engineers).Don't know if it's common knowledge but AWS have a plugin to make it run through AWS CLI: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html

Two main issues with this approach:

1. SSM connectivity is not a default and sometimes not straight forward: you need the agent which comes with AWS images, you need exposure from isolated subnets like an endpoint, you need IAM permissions and a couple more caveats
2. It doesn't replace a VPN completely because you sometimes still need other types of connections, like being able to reach a remote DB with a different protocol

I have two open source solutions I'm working with for the above:

1. A CLI that detects whether an instance has SSM potential (agent installed, network allowing access) and then makes the connection + adds permissions + opens network access (if the user permits). So you can take over almost every instance in the account
2. A router that can be pre-configured and deployed into a private subnet, where you can then reach out using SSM port forwarding (https://aws.amazon.com/blogs/aws/new-port-forwarding-using-aws-system-manager-sessions-manager/)

Happy to hear your thoughts

https://redd.it/zqlhu1
@r_devops

WSL Question

Is there anything WSL 2 can't do compared to a regular linux box for DevOps purposes? I am considering using WSL 2 for any of my linux related activities since my work uses PCs.

https://redd.it/zr7k0s
@r_devops

We create an open-source feautre flag sytem to help release faster and safe

https://github.com/featbit/featbit

We create an open-source feature flag system to help release faster and safer.

You can progressively release or roll back individual features to or from a specific group of users without redeployment. You can toggle a feature on and off to subsets of users.

Feel free to try it and give us feedback. Why not a new one with some different?

https://redd.it/zqp2v1
@r_devops

Cloud Hosted Gaming PC's for CI/CD

Hello there!

I work on a pretty hardware intensive game. We're looking to get away from using Jenkins with computers in my team's home-offices and go to something more robust. We need to deploy the game to Windows/Mac and Linux computers with dedicated GPUs to run the test suite. Even better if there's scalability so that we can have more than one engineer testing their branch at a time rather than having to wait for "the test box" to be available on each platform.

AWS, GCP and Azure are great if you just need to run a web application but they seem to fall short for what we need.

Does anyone have any suggestions for services that could fit our needs? We'd consider renting devices by the minute/hour or we'd consider renting monthly as well. Most services I've seen that have decent GPUs are running them for the purposes of AI or ML which is not idea. We don't need 4000GPU cores in parallel, we just want some boxes with a mix of AMD and NVidia gaming GPUs and some Mac Studios or Mac Mini's.

https://redd.it/zr7f9x
@r_devops

DevOps/CyberSecurity

Hello, I work in a company that doesn't have a CyberSecurity team and doesn't need one, but they have DevOps team! I'm more into networking, scripts rather than Developpment, my current job is C++ Developper I want to upgrade my skills into DevOps and stay close to CyberSecurity, what do you suggest to begin with?

Note: I'm doing DevOps because people told me it's so close to CyberSecurity, Is it true?

https://redd.it/zrehsx
@r_devops

Has anyone heard about the change in JFrog's pricing scheme?

I think for the cloud version it can be priced for a certain amount of CI/CD minutes or pay upfront for a set dollar amount. Allegedly to help clients optimizing costs. Has anyone done that? How is the economics working out?

https://redd.it/zqry2g
@r_devops

Github workflow security in an organization

Hello, we have an organization (Github Team plan) and we're giving write access to developers so that they can create feature branches and merge into main.

From main, we're deploying to prod based on the branch name and a tag specified in our .github/workflows/workflow.yaml file.

I'm not sure how we can prevent a developer from changing the workflow.yaml file on a feature branch, changing the trigger to on: push and bypassing all checks and pushing straight to live from this branch (another thing could be said about leaking secrets).

Any ideas?

https://redd.it/zrhijr
@r_devops

Leverage OpenTelemetry and Sprkl instrumentation to get k8s cluster observability

We developed k8s integration (Sprkl operator) to provide you Observability for your development clusters. We want you to try it out and are eager to hear your valuable feedback.

Sprkl is a Personal Observability platform - we provide Observability on your code change/s, instead of looking for relevant feedback and sort it out from many data points.

p.s. - here is a short video and our app is available to download (free) from our website or the VsCode marketplace

https://redd.it/zrmdj5
@r_devops

Windows or Mac for DevOps Engineering

Which laptop is better or preferred for working in the DevOps space?

https://redd.it/zrsdow
@r_devops

Why are start-up companies or companies which do not even use Kubernetes asking interview questions about Kubernetes

This is my second interview where I was bombarded with Kubernetes questions and in the end when I asked the DevOps lead if they use Kubernetes. He replied currently he does not see a reason why they want to move to Kubernetes. If so, then why he did ask me questions related to K8s for 15 min straight? My understanding is that they want to interview a candidate on tools that they currently use or the ones which they are planning to implement.

https://redd.it/zrwpss
@r_devops

Tools for SBOM vulnerabilities report-to-issue tracking

We scan our docker images using docker syft and grype. This gives us a good view of vulnerabilities for every build/release. Next step is to automatically track vulnerabilities in github or jira. Does anyone know of an open source tool that does that already?

essantially I'm looking for the `track` part of the `scan | check | track` pipeline.

The tool's required features seem quite straight forward:

1. take sbom / vulnerabilities as input
2. for each vuln found, lookup corresponding issue; if not found create it
3. update the issue or add a comment (e.g. update list of components, comment to track latest scan)
4. retrieve issue status and include back back into sbom
5. optionally output a summary report of new/changes vuln + issues

Ideally the tool works with either/or github, gitlab, jira. We are using cyclonedx as our sbom format, however the format is not critical.

https://redd.it/zrrlml
@r_devops

I am looking for someone in a devops role at a large company to speak with.

I work at a large company and am looking to into moving from my current infrastructure related role to something more devops. I have a lot of devops aspects to my current role, but that is not it's focus. I would like to talk to someone and ask dumb questions.

https://redd.it/zrxo5k
@r_devops

nginx proxy reverse on docker - how add authentication for selected domain?

I want add to selected domain like test.domain.com, authentication on password.


Bellow my configuration docker-compose.yml for nginx
+ letsencrypt and docker-compose.yml for single domain.

- docker-compose for nginx + le

services:
    nginx:
        container_name: nginx
        image: nginxproxy/nginx-proxy
        restart: unless-stopped
        ports:
            - 80:80
            - 443:443
        volumes:
            - /var/run/docker.sock:/tmp/docker.sock:ro
            - /var/docker/nginx/html:/usr/share/nginx/html
            - /var/docker/nginx/certs:/etc/nginx/certs
            - /var/docker/nginx/vhost:/etc/nginx/vhost.d
        logging:
            options:
                max-size: "10m"
                max-file: "3"

    letsencrypt-companion:
        container_name: nginx-le
        image: jrcs/letsencrypt-nginx-proxy-companion
        restart: unless-stopped
        volumes_from:
            - nginx
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - /var/docker/nginx/acme:/etc/acme.sh
        environment:
            DEFAULT_EMAIL: [email protected]

- docker-compose for single domain

services:
    web:
        container_name: test.domain.com
        image: kornkitti/express-hello-world
        expose:
            - "8080"
        environment:
            VIRTUAL_HOST: test.domain.com
            LETSENCRYPT_HOST:  test.domain.com
        networks:
          - proxy

networks:
  proxy:
    external:
      name: nginx_default

I want for domain test.domain.com add autehtnication on password, for other domains no.

https://redd.it/zrkuy5
@r_devops

AIOPs for Predictive Insights

Folks, I'd appreciate some thoughts and ideas going on this subject.

Assume you have implemented an AIOps/observability stack and have established all of the descriptive KPIs (basic monitoring). What top predictive KPIs would you like for the ML component to generate on your infrastructure?

We just got into this phase of development. One of the KPIs we are working on is predicting when we'll run storage on certain disks based on utilization trends from 6-8 months of data we have. Another one we have is looking at the utilization of our M365 subscription and when we'd run out of licenses based on utilization with the data we have on employee hire/retire triggers.

https://redd.it/zrvzn6
@r_devops

Git pull vs. Pulling custom image

I am currently working on a production release pipeline and am asking myself why are people even using container registries to build and push their images when they could also pull the whole repository and run compose up?

Don't get me wrong, I know that docker is perfectly for setting up equal environments and I am using it too in production and development. I just would like to know if there are any benefits in choosing to pull released images instead?

From my perspective I am setting up every dependent service within docker-compose
for my app, which I would not have access to anymore if my release pipeline would pull the production image instead. On the other side when I choose to pull the repo I just run docker-compose up
from my production folder and all dependencies are installed - including the dockerized application via Dockerfile.

https://redd.it/zs5mq4
@r_devops

I’m doing my thesis and looking for those that work ON-CALL to participate in an anonymous online survey. Please help

I’m from CQUniversity and looking for those that work ON-CALL to participate in an anonymous online survey to study the effects of on-call work in the areas of sleep quality and anxiety.

Click the link https://cqu.syd1.qualtrics.com/jfe/form/SV\_eX3J6NYVyw8rJVc

CQUniversity is examining many of the issues affecting sleep and anxiety levels of on-call workers. The survey will be looking at the impact of an on-call workers on both anxiety and sleep.

By participating in this survey, you could be assisting researchers to identify key areas where employers and industries can make possible changes to support those in on-call settings, to experience better sleep, and improved anxiety levels, and thus long and short-term health outcomes in the future. Better health outcomes for workers equal improved efficiencies for businesses, the relevant sectors, and the community.

Thank you for your time I really appreciate it.

https://redd.it/zs7uow
@r_devops

Most favourite environment

I recently came to a conclusion that my favourite environment for deploying and running applications is serverless (AWS Lamba or GCP Function), due to its simplicity and minimum time it requires for maintenance.

At work and for my side projects I am using all possible variants to suit my needs i.e. charged intel e-2386 with 128GB of RAM for processing constant and heavy blockchain calculations, serverless for running static websites and small APIs, containers for local development and backend applications (microservices), etc.

Out of curiousity, I would like to ask here what is everyone's most preferable environment they are happy to work with the most:

View Poll

https://redd.it/zs79nh
@r_devops

TIL: There is a Flux web UI called Weave GitOps

I just learned today that there is a web UI for Flux called Weave GitOps

https://docs.gitops.weave.works/docs/intro

Does anyone use this? How does it compare to Argo? I’m already using Flux, not sure if I need a web UI at this point.

https://redd.it/zs8i7l
@r_devops

How Ambassador Edge Stack secures your microservices

Ambassador Edge Stack is an API Gateway & Ingress controller that offers Edge-as-a-Service & security features to app developers.

In this article, Supratip shares 8 ways Ambassador Edge Stack can be used to secure your microservices.

https://blog.getambassador.io/how-ambassador-edge-stack-secures-your-microservices-ebd4cdd1f99e

https://redd.it/zruyr0
@r_devops