Helm-Dashboard now enables cluster installation

A few months ago, we at Komodor released a new open-source project called Helm-Dashboard, which got a lot of positive feedback and attention from the community. I’m happy to share that now Helm-Dashboard can be installed both locally AND on a cluster.

It’s basically a GUI for Helm, designed to solve some of the more acute pain points of Helm users by visualizing changes in Helm charts. The goal is to help beginner Helm users to get started with Helm, and for more experienced users to speed up operations. The new cluster installation capability would enable users to collaborate better and share the same view of their charts.

Check it out on GitHub: https://github.com/komodorio/helm-dashboard

Feel free to join our Slack Kommunity: https://join.slack.com/t/komodorkommunity/shared_invite/zt-1dm3cnkue-ov1Yh\~_95teA35QNx5yuMg

Give it a ⭐️ if you liked it :)

https://redd.it/zwg7wy
@r_devops

User lifecycle management and IaC

Wanted to know how people are managing user lifecycles in a way that is compatible with IaC. For example we use Okta for provisioning and managing users but Terraform for basically everything else and have found that trying to keep our Terraform up to date with user churn is a challenge for tools like PagerDuty and others where the list of users is important but consistently changing.

https://redd.it/zwg7lt
@r_devops

ARGOCD app not identifying resources

Hi,

I am trying to use the sample app, from the documentation and I cannot figure out why its not identifying the underlying resources.

I tried "refresh", "hard refresh" checked the logs but all seems ok... even reinstalled argo

Any pointers would be appreciated.

https://redd.it/zwdp9b
@r_devops

Does your team do sprints this week when half the team is out for the holidays?

*jokingly* suggested we just have a few days of learning time this week instead of starting another sprint, but that was shot down..

Oh well.. march forward! AGILITY!

https://redd.it/zwi9iu
@r_devops

Enterprise Mobility and DevOps Combine to Increase Productivity and Agility

DevOps solutions can take enterprise mobility to the next level by increasing speed and customizability. Here are the top four ways **DevOps remains a game-changer for mobility solutions**. Let’s connect to discuss.

https://redd.it/zx1kdm
@r_devops

Conflicted on which position to pursue

I have been working with 2 teams in my org. the last few months.
One of the teams is mostly on-prem, comprised of Sys. Engineers who manage servers (databases, web servers, etc) with plans to transition to cloud and adopt more of a DevOpsy workflow (already use Ansible, will be building out more automation, adopt DevOps principles/perspectives). I like the vibe of this team, and they seem understanding of the fact that I am fairly new to DevOps/Ops.

The 2nd team is comprised of Devs who work entirely with AWS (lambdas, kinesis streams, DMS, some others). This team works with a few of our larger internal products/processes. I have been named the Terraform SME as that has comprised the majority of the work I have been doing with that team. I think the expectation if I join this team is that I will be entirely in charge of all of our AWS resource deployments via Terraform. Also have been building out some Azure DevOps pipelines to automate this.

I started working with the 1st team before the 2nd but have done ~4x as much work with the 2nd team, on top of the duties associated with my normal role. I think this is in part to the large amount of scope creep I experience with the 2nd team, whereas the first team is understanding of the fact that I can only work with them on a part-time basis. I do enjoy working in AWS, but I worry that I may become overwhelmed being the “SME” with the 2nd team. I think the 1st team has a ton of growth potential long term with a gradual ramp up in terms of what I will be doing , whereas the 2nd team is already in a spot where I can get my hands dirty, but the expectation is that I know what I am doing from day one.

If you have any insights or advice please share, and if you need more context let me know

https://redd.it/zwvvda
@r_devops

Idea for self-provisioning test servers - brilliant or bllsht?

I need to retrofit the provision of ephemeral servers into existing test pipelines. Creating and managing the servers isn't a problem - it's finding the best way to integrate this functionality into the existing "Test Rails" framework.

My first idea was to modify the tests so they can make a REST call to a resource manager as the first step. This is only practical if Test Rails is modular and we can easily add a step - we can't modify thousands of individual tests.

My second idea is that we can "door knock" approach. The tests would continue using the existing account details but the DNS would now point to a proxy that's listening to the appropriate ports. When it sees a connection on port 5432 it would launch a postgresql database (or pull one from an existing pool) and either act as a traditional proxy and/or play some games with the TCP/IP packets so the client and server can talk directly.

There's a significant downside - we would need to bump the connection timeouts from seconds to minutes. The "timeout" will usually reflect the time to a meaningful message, not the time to a successful TCP/IP handshake.

We could avoid this delay by keeping a pool of 'hot' servers but that defeats the goal of cost reduction by only running the servers while they're in use. But this could be negotiated, e.g., we have a 'hot' pool during "regular business hours" and shut it down on the weekend. (It's in quotes because the people most concerned about costs also tend to forget that we're an international team and there is no "overnight" and even the "weekend" is only about 36 hours from the last person working late on Friday to the first person starting work early on Monday.)

My question - is this a brain-dead idea? If not are there already solutions to the problem?

For what it's worth I'm a java dev pulled into devops since I'm the type to set up servers in a home lab for fun. I know ansible, am learning terraform, etc., but when I think of a proxy like this I still think in terms of a java application, spring REST, etc., even if I have an NGINX frontend to that app.

https://redd.it/zwm81e
@r_devops

Best way to run k8s apps locally

I have set up pipelines for deployment to k8s for different environments, and the developers are happy. But how do I enable them to easily run our applications for development locally? We have 10 ish apps running in k8s and they all depend on each other. To develop on one locally, you often need to have at least one or two of the others running at the same time, sometimes all. All apps are Scala-based and have a Dockerfile in their repo root.

​

Are there any best practices for this? Was thinking of maybe using docker-compose or local k8s cluster (seems overly complicated for every dev though)

https://redd.it/zx6g75
@r_devops

The KCL Programming Language for DevOps

https://github.com/KusionStack/KCLVM

https://redd.it/zx8awi
@r_devops

Need some help deploying a Docker stack to AWS

Hello!

I have a small app that I've written that I'm trying to split across multiple machines. I've been using Docker compose to simulate this locally and now need to figure out how to deploy it on AWS.

The app consists of:

* a 'main' node that sends commands to 'worker' machines.
* *n* number of workers to any 'main' node
* 'workers' are exclusive to a 'main' node and can not be shared

Any idea on where I'd start with this? I was looking into using ECS but I'm a total AWS noob.

Thanks in advance!

https://redd.it/zwq6ik
@r_devops

Certificate Ripper v2 released - tool to extract server certificates

Hello everyone, today I have released version 2 of certificate ripper which includes the following new features:

Support for proxy with authentication
Exporting certificates as binary file (DER) and base64 encoded (PEM)
Exporting all certificates aka chain of a single url as a single file.
Specifying a custom file name for the exported files

It is an easy to use cli tool to extract the full chain of any server/website. The end user can inspect any sub fields and details easily on the command line. The native executables are available in the releases section see here: https://github.com/Hakky54/certificate-ripper/releases

Feel free to share your feedback or new idea's I will appreciate it:)

See here for the github repo: GitHub - Certificate Ripper

https://redd.it/zwvr1f
@r_devops

Establish a autonomy in your work

Hi guys,

And merry Christmas!

Another controversial subject that I would love to hear advices and tips'n tricks of fellow mindset ppl!
I know as DevOps or even system admin is not easy to have always a autonomy in how you work etc since stuff like team work is often needed and sync also with other teams etc but currently I am working in some nice Jenkins pipeline and I enjoy how I can work with a autonomy and with my own pace avoiding also unnecessary morning meetings or the teeth of management lol.
So I'd love to hear from the most experienced guys how you avoid fucked/messy projects (another poor guy took part on a very annoying messy immature product project and still I feel so sorry how it happened this to him and he swears that he ll make sure it won't happen at least to him ever again) and how you establishing boundaries and working with a autonomy...

https://redd.it/zwlq0u
@r_devops

Squid proxy service on docker with multiple ip on this same interface

I using squid on docker, and have problem with connect to other site by selected ip.
I always connected by default host ip, not additional failover ip.

My setup:

a) server
-dedicated server on ovh.org
-1 dedicated ip from server, and 6 additional by ovh service 'failover ip'
-each failover ip added to main interface, and I have on main eno1 interface has 7 ip.
-i added all failover-ip by this guide on ovh.org

b) problem
-I added to squid.conf my failover ip, but when I connect to this ip remote and using squid, I always using host ip, not additionaly. What is wrong?
-my gist setup docker-compose, and squid.conf
https://gist.github.com/mxcdh/22baa3d7fa2d9dcb2279520b81d71afa


p.s
When I logged to host, not on squid on docker, and put in terminal:

curl --interface ip-failover-1 icanhazip.com
ip-failover-1-results

It's working, but on squid no.

https://redd.it/zwjnoy
@r_devops

How to handle security updates to containers OSes?

Hi there, I am just starting to get a more in-depth understanding of how containers are to be handled compared to VMs. One thing I haven't found a good answer to is how security updates to container OSes are handled? So in case I have a functioning CI/CD pipeline and an application that currently is not further developed, would I be specifying an automatic rebuild every X weeks with an updated container OS and the applications dependencies and deploy it to test and see how it does?

How would I handle new vulnerabilities on the container?

https://redd.it/zxdtqd
@r_devops

Best tool for local Dev Env?

I'm trying to mimic our existing dev environment on the remote kubernetes, but I want the devs to run it locally. The thing is, I don't want to rewrite the stack. The devs are already familiar with ArgoCD and the installation of each app as a microservice.

I started to create a bash script that boots a Kind cluster and then supposedly installs ArgoCD on it and then installs the Apps from our Gitops repo; all of this is a bit bulky.

Currently our Jenkins has a job they use to branch out from our Gitops branch, build Images if necessary, and create an env from this branch in Argo. All of this code is already written, and duplicating it locally is a mess.

I wonder if there's any tool out there that is un-opinioneted enough to allow this without changing the stack?

https://redd.it/zxi690
@r_devops

Terrafrom on the cloud

I've got a SaaS solution, that I deploy for each client on the Cloud (GCP) using terraform (networking, SQL, DNS, GKE...). I usually create manually a project each time, update the terraform google provider and hit apply.

Is there a solution out there to handle this on the cloud? destroy the project and the resources after a free trial for example? handle licensing on a dashboard and it will save the tf state on the cloud?

Thanks for reading me

https://redd.it/zxhmqw
@r_devops

POLL: How do you orchestrate your provisioning?

Whether your using ansible/terraform/etc. I'm curious to learn about how others orchestrate provisioning. It's been over 10 years since Jenkins was created, and it seems to me it still does most of the work in most orgs.

How big is your team?
Do you use SaaS (TFE/Ansible Tower etc)?
Who can provision? Central team, or service owners?

As for me...

Team:

Working with a team of ~30 devs. I'm on a small team of maybe 2-3 "Systems" team members.

Stack + IaC:

Terraform+helm for most infrastructure (running eks on AWS). We create generic modules and allow devs to implement/deploy them in their code repos.

How do we provision?

Jenkins is still our workhorse, but starting to look elsewhere. Considering Terraform cloud, but getting a feel for what's out there and who uses what right now. Service owners can run deployment pipelines, which will deploy both infrastructure and their application.

https://redd.it/zxl0lu
@r_devops

Hikaru v0.12.0b released

Hikaru 0.12.0b was (finally) released today with support for the Python Kubernetes client 22.x. Hikaru provides a variety of tooling to work with Kubernetes configs in Python, YAML, or JSON, allowing you to move smoothly between each of these representations, and can also use the Python representation to directly interact with Kubernetes. You can find out more Hikaru here at the PyPI page:

https://pypi.org/project/hikaru/

...at the Github repo:

https://github.com/haxsaw/hikaru

...or read the full doc at ReadTheDocs:

https://hikaru.readthedocs.io/en/latest/index.html

https://redd.it/zxo86n
@r_devops

Cisco DevNet Associate learning materials are horrendous

I wonder whether anyone else is in the same boat as me. I had been learning MERN stack technology but stopped when I saw the UK government offering a free course that helps you get the Cisco DevNet Associate certification.

I enrolled on the course but I'm not sure I'm going to pass it. The exam is in about 12 weeks' time. I never knew anything about networking before I began the course.

I understand quite a lot of the course material (eg Network Fundamentals and Understanding and Using APIs) but when it comes to some parts, eg Cisco Platforms and Development, I struggle badly.

I like to think I'm not stupid but I find Cisco's learning materials to be awful. They simply state facts without really explaining anything. And there's tonnes of that kind of stuff to learn. The learning materials often try to explain things by using new terms that I have never heard of before. So getting through the material is exhausting, slow going and dispiriting.

After looking at Cisco Platforms and Development I have lost the urge to carry on with the course (and maybe the will to live too! :) ).

I wonder whether there is anyone else here in the same boat or anyone who was in the same boat in the past?

https://redd.it/zxq0in
@r_devops

Has anyone attended the Level Up In Tech bootcamp?

So I’ve been seeing on LinkedIn this bootcamp called Level Up In Tech where it’s a 24 week programs that helps you obtain the necessary certifications and skills to break into Cloud and become a DevOps Engineer.

From the different types of posts I’ve seen on LinkedIn, the individuals who are enrolled in the program come from different backgrounds…a lot of them with no previous tech experience. However, it seems like they are having success with the program and I am amazed at how a bootcamp can make this possible.

Based on some of the testimonials that I’ve seen from this bootcamp, some people were able to make the shift into cloud and is making 65k+, 75k+, 100k+. I did not know that this was possible for people with no previous tech experience.

Has anyone personally heard of this bootcamp on LinkedIn? If so, do you know anyone who has personally attended this program and have gotten these results?

I am considering making the transition from IT Support to Cloud Computing and this bootcamp seems very tempting and promising.

https://redd.it/zxesr2
@r_devops

I’m doing my thesis and looking for those that work ON-CALL to participate in an anonymous online survey. Please help

I’m from CQUniversity and looking for those that work ON-CALL to participate in an anonymous online survey to study the effects of on-call work in the areas of sleep quality and anxiety.

Click the link https://cqu.syd1.qualtrics.com/jfe/form/SV\_eX3J6NYVyw8rJVc

CQUniversity is examining many of the issues affecting sleep and anxiety levels of on-call workers. The survey will be looking at the impact of an on-call workers on both anxiety and sleep.

By participating in this survey, you could be assisting researchers to identify key areas where employers and industries can make possible changes to support those in on-call settings, to experience better sleep, and improved anxiety levels, and thus long and short-term health outcomes in the future. Better health outcomes for workers equal improved efficiencies for businesses, the relevant sectors, and the community.

Thank you for your time I really appreciate it.

https://redd.it/zxs1kz
@r_devops