Alternatives to Terraform

Every project I did in the last five years used Terraform. And I started to not like it anymore. The code is becoming very complex and unreadable. Do you guys know about any alternatives? Something that is modern, lightweight, easy to understand, and easy to maintain. I was thinking about experimenting with Pulumi since it would allow my dev colleagues to do more infrastructure work. What do you guys think?


EDIT: I tried terragrunt as well, but it doesn't feel like it reduces complexity. I operate stuff in AWS btw.

https://redd.it/10mo7wv
@r_devops

Cons & Pros of switching from Intel MBP to M1/M2 MBP?

Hi.

I currently have Intel MBP 16" 2019, and considering an upgrade to new M2 (need larger HD & more RAM).If you switched, what kind of issues have you encountered? Any problems with daily tools?

In my daily DevOps work, I use:

1. Multiple docker containers (mostly Debian/alpine)
2. K8s
3. asdf to manage multiple local versions of Ruby, Python, Crystal, Elixir, C++, Node. Any issues compiling, especially older < 2.4 Ruby?
4. Assortment of CLI tools
5. Parallels to run Windows 7 VM sometimes to test stuff / legacy programs
6. VSCode
7. Move back and forth large amounts of data daily - mostly 7z's of SQL, TXT & CSV files, for dev databases - MariaDB & PostgreSQL
8. MS Office for work stuff - teams, outlook, excel.
9. Any more or less popular Mac Apps that would not work for you or you couldn't find decent alternatives?

Any feedback is appreciated :D

https://redd.it/10mr0hw
@r_devops

Cloudfront Response Headers


hi everyone,

ME:

I’m a DevOps Engineer and just started my journey in AWS 3 months ago, I’ve been using Azure for the last 3 years. I don’t have much experience on deploying webapps, but I’m learning.

BACKGROUND:

One of our public websites in Prod has been flagged by vulnerable for attacks by the security team, they suggested to enable response headers in cloudfront:

- csp_no_policy_v2
- hsts_incorrect_v2
- x_content_type_options_incorrect_v2
- x_frame_options_incorrect_v2

I implemented it via Terraform and works well upon our testing and using curl, the response headers are showing properly.

Unfortunately, one of the QA told us that the website is not functioning properly, like failed logins and website could not be loaded on mobile device browsers such as Safari, and Chrome.

I reverted the changes and they did some testing again, and confirmed that it worked.

QUESTION AND CONFUSION:

How did that affect the website’s health and functionalities, when we only implemented response headers? Its not clear. Could someone please explained what happened?

I can’t find an article or resource explaing how it is connected?

For reference this is the headers that were implemented in Terraform:


+ security_headers_config {
+ content_security_policy {
+ content_security_policy = "default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: wss://*.smooch.io;"
+ override = true
}

+ content_type_options {
+ override = true
}

+ frame_options {
+ frame_option = "DENY"
+ override = true
}

+ strict_transport_security {
+ access_control_max_age_sec = 31536000
+ include_subdomains = true
+ override = true
}
}




THANK YOU SO MUCH!

https://redd.it/10mnxnv
@r_devops

IaC best practice question for build server

Hi All -

Probably a n00b question, but curious what the best practice is for installing software dependencies on a build server for Windows OS.

Should I be installing them from their respective download mirrors during build time or grab all the binaries for the particular version I want and store them on-prem (arty) and pull them in and install during the acutal build?

My concerns with pulling from mirrors (git for example) is if the mirror is down or if my build server picks up a new version that "borks" my CI/CD jobs.

Just looking for best practices for this sort of thing..

Thanks!

https://redd.it/10mw51z
@r_devops

MBP M1/M2 Pro/Max .. 32 or 64 GB?

Hey folks, I need to get a New laptop. I work mostly on devops stuff, coding, etc. I do need docker, etc.

Money aside, is 32 enough? Rather than money, my concern is that to get 64 GB I would need the Max processor, and that cpu has a bit less battery life than the Pro.

https://redd.it/10n2cr8
@r_devops

Interview for DevOps / SysOps position - need help !

Hey fellows sysadmins, I have a technical interview monday morning, for an amazing DevOps / SysOps job. It would be my dream job, and I'm trying to prepare as much as I can.

Can any of you shoot me tricky questions (other than those 5 same questions I find over and over) ?

Also, any advice for the interview or about interview prep is welcome :)

For context, here is the stack i'd be using :

Docker, Kubernetes, Ansible, Terraform, IaaS platforms such as AWS and Azure, SaaS or multi tenant software, Elasticsearch and Kibana, Platform monitoring such as Datadog, Grafana and Prometheus

I think I'm ok with Ansible and terraform, maybe even AWS. ES, Kibana, Datadog I lack experience in.

Thanks for any help you can give and wish me luck !!

https://redd.it/10mvzyz
@r_devops

What's the difference between a DevOps engineer and a 'Cloud Engineer'?

See this job ad: https://www.seek.com.au/job/59885404?savedSearchID=3e94a897-166e-4df8-9ea6-7ebcb74c2169&tracking=JMC-SAU-eDM-JobMail4.06-3886


Some of the technologies that are required I've noticed are also required in Devops roles. What is the difference between the two and are these technologies used in scaling web applications?

https://redd.it/10n0g5d
@r_devops

is there really no way to tell if a PR came from a fork in Drone?

I've tried adding a repo trigger condition like their docs suggests, and looking at all of the DRONE_ prefixed environment variables and none of them reference my fork or suggest that the pipeline is running because of my fork.

Even `git remote -v` just shows the upstream remote and not the fork.

Any ideas? I'm even open to trying the GitHub API if i have to but I'd really rather not.

https://redd.it/10n3pc5
@r_devops

How to use a custom external service LB on K3s

I am sharing my experience of using an external service LB on K3s:

https://cloudybytes.medium.com/k3s-using-loxilb-as-external-service-lb-2ea4ce61e159

Did anyone have experience of using other external LB like metalLB or Klipper with k3s ? Kindly share your experience if any.

https://redd.it/10n3n00
@r_devops

Moving to another fellow EU country as remote worker

Ok I thought to give it a go since I am sure here are some brilliant people who have broken the matrix and they are keen to look after their selfs and their best interests to live their life on the own terms so...

I am working in a company mostly remote.
I am close to office but I don't go more than few times per year and I have to pay a expensive rent on a small town also that restricts me to a lot things...
So I was thinking if it's possible to change country and rent to another city in another country and visit the company on these few occasions.
I don't intend to inform anyone of this for obvious reasons so I was wondering if it's possible to have any legal issues...
Is any way where the country government can check on that?
If I am not mistaken even working full remote for a company if you are applied to country's tax system you should have a permanent resident/address and you must also be 5 or 6 months stated in the country?
Anyone have done that?

https://redd.it/10mzbyt
@r_devops

Question about IT

Hello hello!
Can anyone explain to me please what is the difference btw a DevOps engineer, an Infrastructure engineer, and a software engineer?

https://redd.it/10n6oqz
@r_devops

Any gotchas with Organization name change?

We want to change our org name in DevOps. i.e. from https://dev.azure.com/companyA/ to https://dev.azure.com/companyB/

&#x200B;

This seems easy enough to do Organization Settings --> Name. Change the name, then update the URL and that's it.

&#x200B;

Aside from the obvious name and URL change, does it impact, in any way, the existing projects that are linked to the Organization name, including all source code, tickets, shared projects, and permissions?

https://redd.it/10mto23
@r_devops

Remediating flags from tools in the CI/CD pipeline

Because of the great responses on our previous article on this channel, we have created one of the promised follow up articles.

This one is focused on the how-to of fixing the initial set of flags the chosen tools in the CI/CD pipeline have raised. This includes raising the test coverage, and ensuring that all third party software is configured with best practices and passing security benchmarks.

Enjoy the read, and feedback is always welcome: https://www.coguard.io/post/security-hardening-react

https://redd.it/10muk1b
@r_devops

Advice for a student

Hello ,

I don't know if the right place to ask my question, so sorry in advance.

I am currently a computer science student on my penultimate year of study, and I want to start a career as a DevOps engineer (after taking a year off).

I've already had the opportunity to learn a lot of technology related to the field (docker, terraform, Jenkins ....), and I've come to wonder if I should start learning more about this technology or if by the time I work my knowledge will have become useless.

Should I already get certifications ( AWS , terraform ....) or should I wait? Or do I wait for the moment when I would like to work to get trained, to get the certifications .

Thank you in advance for your advice and feedback.

Ps: if the post doesn't fit here, can you advise me a /r where I can ask my question?

https://redd.it/10mtymz
@r_devops

Anyone studying for RHCSA?

Studying for RHCSA. Anyone else doing this that wants to help keep each other accountable? Any discord servers that may have people studying for this?

https://redd.it/10nda8i
@r_devops

OneUptime: Open Source StatusPage.io Alternative

Hey r/devops,

I'm working on a project called OneUptime. Its an open-source StatusPage.io alternative. All of it is MIT licensed on GitHub. You can check the project out here: https://github.com/oneuptime/oneuptime

Please let me know what you think.

https://redd.it/10nfihi
@r_devops

Can anyone give tasks to practise in Devops and Aws?

We are group of self learning Devops studs. We are unable to offord premium training programs. we want some real time experience persons to guide and give us simple to moderate tasks that you perform as part of your Devops job.

We have setup free GCP account for playground. Thank you in advance.

https://redd.it/10merfb
@r_devops

How long would it take you to deploy a ECS cluster in a brand new AWS account?

Recently I did some work for my client which included setting up an ECS cluster, load balancer and a database for prod and dev environments. Also automated deployment by using Gitlab CI/CD.

My initial estimate was between 8 and 10 hours but it took my longer.

Now I am just wondering how long would take someone else?

Just to note that deployment was trough GUI because it probably matters discussion wise.

https://redd.it/10medw7
@r_devops

How do you define SLO (and SLA) for a cloud platform

So we're starting to define our SLA. We're an AWS based SaaS platform.
I have read the Google SRE book on SLI/SLO/SLA, and the way to go is with request based SLO.

However, I'm confused that should we not take in to account the SLAs of the services we use in the backend.

As a simple example, if I'm running a web server on AWS, and this server is using a RDS database, our web server cannot have a SLO better than the Dabs SLA, can it?

If the SLA for the DB is 99.9%, our web server cannot have a SLO of 99.99%. isn't that right?
If the uptime of the DB is 99.9%, the web server cannot have an uptime of 99.99%.

Or should I not take in to account the services we use to serve the web server traffic?

https://redd.it/10nhle0
@r_devops

Are there any advanced Jenkins Scripted Pipeline tutorials available?

I've recently joined a new DevOps team and they use Scripted pipelines to an extent that I have never seen before. My background consists of 2 years working with declarative pipelines and 1.5 years of groovy. I've checked out the docs for Jenkins and there seems to be one small section dedicated to explaining scripted pipelines. There aren't too many tutorials on the site either. Can anyone suggest any intermediate to advanced tutorials for scripted pipelines?

https://redd.it/10njapx
@r_devops

How to handle multiple log streams inside one container?

I have a single app service that runs inside the docker container.
The app service itself has five different log streams, all of them are important and has different format. Some in json, some in a plain text. Right now, all these log streams are pointed into stdout, and it gives me a headache to handle it, since these log streams should be separated and handled differently.
I can easily configure this service to write logs into separate log files inside the container. But in this case, what will be the best way to read them? What is your proposal to handle this situation?

I am using simple docker swarm if it's important.

https://redd.it/10nnoht
@r_devops