How to learn ArgoCD without using a Cloud provider?

Can ArgoCD be hosted locally in your laptop and used to deploy to a local Kubernetes cluster?

https://redd.it/10rsj3l
@r_devops

I would like some constructive criticism on my resume

I recently found an entry level position in my area at a decent company and figured now would be a good time to plant myself in one company for a few years.

That said, I want to put my best foot forward as far as the resume is concerned. I'm using the resume that got me my most recent position, but I'm not sure how well it communicates my experiences or skills.

I'm open to plenty of changes, so don't be afraid to be direct. Thanks for taking the time to help!

https://i.imgur.com/My9UjoH.png

https://redd.it/10rtxik
@r_devops

I am getting the opportunity to shadow the DevOps team at the company I work for.

I am very new to this field and am just starting to learn, and I am afraid of approaching this team and looking awkward or like an idiot. I’m not even sure what questions to ask. Does anyone have any advice?

https://redd.it/10rtqoa
@r_devops

Fig Scripts: Build internal CLI tools really fast

Hey everyone! I'm Brendan, founder of Fig. Fig makes the shell easier and more collaborative.

We recently started working on Fig Scripts, a ridiculously easy way to build and share internal CLI tools. I've included more info below. You can try it out here or watch this quick demo video.

Our ask

Our team would love to hear any feedback from people in the field on what we’ve built. Where would you use this? What would you use instead? It’s still early, there are kinks, but we really would love to hear your thoughts (positive or negative)! 😊

\------------------

Why did we build this?

There is surprisingly a lot of friction involved in building an internal CLI. Instead of writing business logic, a lot of your time is spent on boilerplate: integrating with the CLI framework, reading/validating user input, working out how to distribute/update your tool, tracking usage and errors, even adding colored output... This is stupid. You should be spending your time writing your business logic, not doing boilerplate!

How does Fig Scripts work?

We’ve built a platform to build, distribute, and manage your internal scripts and CLI tools. We handle all the boilerplate, you focus on writing your business logic.

Some key features are:

Jupyter-notebook style interface with multi-language support (bash, python, js/ts...)
Easy input definition: Fig's out-of-the-box terminal UI library makes accepting user input easy. We even generate the CLI flags for you.
Instant cross-device sync: Changes are instantly provisioned to everyone on your team.
Built-in usage monitoring and error reporting: See how frequently scripts/subcommands are used and what the most common errors are.

Coming soon, we are going to add integrations with popular developer infrastructure (like AWS, Docker, GitHub), cron jobs, new cell types (like markdown), more language support, and the ability to run scripts in the cloud.

https://redd.it/10rxbs3
@r_devops

Helm-Dashboard is generally available with the release of V.1.0.0

Komodor’s latest open-source project, [Helm-Dashboard](https://github.com/komodorio/helm-dashboard) is generally available with the release of V.1.0.0

Coincidently at the same time the project crossed 3K stars on GitHub (and hundreds of daily active users), only three months since it was released!

Some of the cool new features you can expect to see in the new version:

* Auto-update repositories when installed into cluster
* The ability to reconfigure charts without access to their source
* Specifying multiple working namespaces
* Self-sufficient binary, no helm/kubectl requirement
* REST API documented

As always, we welcome everyone to provide feedback and suggestions on the project’s roadmap on our social channels, [GitHub](https://github.com/komodorio/helm-dashboard), or the [Slack Kommunity](https://join.slack.com/t/komodorkommunity/shared_invite/zt-1lz4cme86-2zIKTRtTFnzL_UNxaUS9yw). We’ve even created a [user survey form](https://docs.google.com/forms/d/e/1FAIpQLScwuJf-LmpA2zk_fVaCh2eStZn5IjP0yGPWQ785wPEvDJLP7A/viewform) to make it easier on you 🙂

https://redd.it/10rv6p5
@r_devops

Custom systemd service for NodeApp on uBuntu fails to connect to local MongoDB instance.

So I have a two tiered application running on separate instances on AWS, an API and Mongo.

The API (node app) instance provisions with a custom service to start the node app with forever as the uBuntu user.

When this happens I am unable to get responses from Mongo, but if I stop the service and start the app manually with node or forever it works.

So this seems like a service issue and perhaps permissions to establish a connection to Mongo db?

Any pointers on where to look for possible cause ?

Edit: Solved by adding any environment variables to the .service file.

https://redd.it/10rvumu
@r_devops

Have an interesting issue and i am outta ideas…

So here I am.

Have a windows user in our internal app, not local she’s in another state. When making certain requests to a certain endpoint in the app, nothing happens. No network events, no console messages, nothing. Our API logs show 204/304 for those reqs, which isn’t unusual.

Cloudfront or ec2 logs aren’t showing anything abnormal.

Thought maybe it’s a machine issue.

So pulled network config things, nothing outta the norm there.

We’ve tried multiple browsers, machines, flushed DNS, ran network device cleanup, ran system file cleanupall w/ the same results of her not being able to make certain reqs to certain endpoints.

Checked Chrome HSTS settings, removed domain in question from HSTS.

Checked hosts file, nothing outta the norm there.

She tried on a personal machine, as I don't have another one to give to her (outta state).

She drove to a coffee shop, same result.

Host is pingable from the machine... Host is not accessible by IP.

VPN didn't change anything.

Request is initiated as a fetch.

​

Copied the xhr request as curl, had them run it on their machine and curl threw an error that it couldn't resolve any of the headers when she ran it.

​

So, here we are... Thoughts?

​

And this has only been happening since Tuesday. No new deploys, no changes to our DNS, no updates to user machine.

https://redd.it/10rz7ic
@r_devops

Discovering Six Critical Docker Desktop Privilege Escalation Vulnerabilities. (Bonus: New OSS Tool!)

https://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-1


Eviatar also put his new tool PipeViewer up on github as well.
https://github.com/cyberark/PipeViewer

https://redd.it/10rynk0
@r_devops

My predictions for the future of observability

What do you want to see when it comes to the future of observability?

For me, I think our biggest opportunity is greater visibility into third-party cloud dependencies, because they are so common in our stacks, have a huge impact on our reliability, and reliable data about service health is so hard to get. My #1 hope is that we can have distributed tracing that crosses boundaries between my environments and the environments of the cloud vendors we build on.

I wrote about what I want here, and I'd love to hear what everyone else thinks the future has in store for us when it comes to observability.

https://redd.it/10s261i
@r_devops

How to make sure that my company laptop isnt tracked in any way from them

Hello guys,

I am ready to take this big leap and make my dream true. To break the Matrix! So i am considering really serious to start working abroad instead of the country of my employer (both EU though). That would make it a bit easier on moving around as digital nomad or working from my home country and avoiding the nonsense expensive rent that i pay now for being close to office and going just 6-7 tims per year...

So, for what stuff i should check in my laptop?I have admin access so it shouldn't be problem to tweak stuff.

About the internet connection thing i know that even a VPN is not enough but isnt getting checked by the company and many people are also working abroad even temporary it shouldn't be a issue though i have come with a work around even for this...

Other useful tips/tools appreciated.

The only thing that i havent make sure how to cover yet its the issue if i use for months and months abroad my bank card from the employers country.

https://redd.it/10s68ux
@r_devops

Transport, finance and other high risk fields

Hello everyone, I wanted to know how do senior developers write safe code in fields such as transportation, finance and others, where code can lead to huge mistakes.

What are the best practices to follow? If there are no best practices what should a person be trained in before they can work in such fields before becoming a senior developer?

https://redd.it/10rwey9
@r_devops

Kubernetes, gcp and mutual tls

I want to be able to expose services on GKE with mutual TLS, which isn't handled by regular GCP HTTP(S) LoadBalancer

For now the architecture I have in mind would be something like this:

- create my services to be exposed (deployment and corresponding service)
- create a NGINX ingress in front of those (which is configured with mutual TLS)
- create a TCP LoadBalancer in front of the NGINX ingress

but I'm not sure exactly how to do this with Kubernetes, could someone show me?

https://redd.it/10rvl9v
@r_devops

What are the best SAST tool for Docker containers?

What are the best SAST tool for Docker containers? I think Checkov does some analysis, but I am wondering if there are better things out there for containers.

https://redd.it/10rqezq
@r_devops

Multiple AWS Accounts vs Multiple AWS IAM Users vs Multiple AWS IAM Roles

What do you mostly use for managing AWS in your organization? and why?

Please share your experience!

https://redd.it/10sc958
@r_devops

Has anyone done a comparison of Trivy vs Clair for container scanning?

If so, what did you find in your evaluation?

https://redd.it/10scdn3
@r_devops

Learnings from 17 years as a Google SRE

Companies have different ways of handling on-call. And Dave O'Connor has seen many different approaches. Dave is currently VP of SRE at Twilio. He also ran SRE at Elastic and spent 17 years as an SRE at Google. Here's an interview about Dave's on-call experience. Dave shared his learnings.

https://redd.it/10sehg5
@r_devops

Where do I search for DevOps internships?

Hello! I’m a Third year Computer Engineering student, learning to practise DevOps. Can anyone suggest me platforms to look up for internships which would be helpful for my DevOps career as it’s compulsory for Third year engineering students to do internship.
I’ve checked LinkedIn but, it’s just showing up local companies specific to India and there’s not a lot of remote internships available there.

I’m good at shell scripting, Linux CLI, Docker.
Also, can you suggest me what should I know theoretical and practical, to get and complete the internship successfully.

https://redd.it/10sdyhm
@r_devops

Broke the Kubernetes cluster, and asked ChatGPT to write me a poem about it in Shakespear style

"The cluster hath been shattered, the pods destroyed,
But fear not, for I shall repair it with joy.
Anon, 'twill be up and running with might,
And all shall be well in the morning light."

https://redd.it/10sfoie
@r_devops

How do you remodel Jenkins for a modern, container based environment?

Things in progress at our company:

Containerization of our large, mostly Windows based monolithic projects, making them modular and not dependent on Windows anymore
Slowly shifting to K8 for the projects, test-systems and tools that support it

But we are still using a 8 year old version of jenkins.
My task is to build everything anew in a better, modern and up-to-date way.

If you were in my shoes and Jenkins also a non-negotiable must-have for CI, how would you start?
Would you still use Jenkins for Continuous Delivery or something else?
Does Jenkins hinder the whole Kubernetes workflow?
Or is this the completely wrong way to start modernizing the toolchain?

What are your experiences with switching from old CICD & software architecture/design to full automation of modular/containerized applications?

https://redd.it/10sfknd
@r_devops

oAuth/OIDC: id token & access token issue

Following scenario:

I want a user to authenticate through a single page application to my plattform. Therefor I will use oAuth/OIDC. The platform contains several services, so I thought of passing around a token between them. All the authorization concerns are handled internally by the platform itself. A microservice only needs to know who a user is.

As far as I know, id-tokens always should remain at the client and not be passed around. The access token is used for authorization and should be passed to the API of my platform but should not be used for authorization.

How can I handle this?

​

BR and much thanks!! :)

https://redd.it/10rtfcn
@r_devops

In your company, which monitoring system do you use?

.

https://redd.it/10sicvz
@r_devops