How to make sure that my company laptop isnt tracked in any way from them

Hello guys,

I am ready to take this big leap and make my dream true. To break the Matrix! So i am considering really serious to start working abroad instead of the country of my employer (both EU though). That would make it a bit easier on moving around as digital nomad or working from my home country and avoiding the nonsense expensive rent that i pay now for being close to office and going just 6-7 tims per year...

So, for what stuff i should check in my laptop?I have admin access so it shouldn't be problem to tweak stuff.

About the internet connection thing i know that even a VPN is not enough but isnt getting checked by the company and many people are also working abroad even temporary it shouldn't be a issue though i have come with a work around even for this...

Other useful tips/tools appreciated.

The only thing that i havent make sure how to cover yet its the issue if i use for months and months abroad my bank card from the employers country.

https://redd.it/10s68ux
@r_devops

Transport, finance and other high risk fields

Hello everyone, I wanted to know how do senior developers write safe code in fields such as transportation, finance and others, where code can lead to huge mistakes.

What are the best practices to follow? If there are no best practices what should a person be trained in before they can work in such fields before becoming a senior developer?

https://redd.it/10rwey9
@r_devops

Kubernetes, gcp and mutual tls

I want to be able to expose services on GKE with mutual TLS, which isn't handled by regular GCP HTTP(S) LoadBalancer

For now the architecture I have in mind would be something like this:

- create my services to be exposed (deployment and corresponding service)
- create a NGINX ingress in front of those (which is configured with mutual TLS)
- create a TCP LoadBalancer in front of the NGINX ingress

but I'm not sure exactly how to do this with Kubernetes, could someone show me?

https://redd.it/10rvl9v
@r_devops

What are the best SAST tool for Docker containers?

What are the best SAST tool for Docker containers? I think Checkov does some analysis, but I am wondering if there are better things out there for containers.

https://redd.it/10rqezq
@r_devops

Multiple AWS Accounts vs Multiple AWS IAM Users vs Multiple AWS IAM Roles

What do you mostly use for managing AWS in your organization? and why?

Please share your experience!

https://redd.it/10sc958
@r_devops

Has anyone done a comparison of Trivy vs Clair for container scanning?

If so, what did you find in your evaluation?

https://redd.it/10scdn3
@r_devops

Learnings from 17 years as a Google SRE

Companies have different ways of handling on-call. And Dave O'Connor has seen many different approaches. Dave is currently VP of SRE at Twilio. He also ran SRE at Elastic and spent 17 years as an SRE at Google. Here's an interview about Dave's on-call experience. Dave shared his learnings.

https://redd.it/10sehg5
@r_devops

Where do I search for DevOps internships?

Hello! I’m a Third year Computer Engineering student, learning to practise DevOps. Can anyone suggest me platforms to look up for internships which would be helpful for my DevOps career as it’s compulsory for Third year engineering students to do internship.
I’ve checked LinkedIn but, it’s just showing up local companies specific to India and there’s not a lot of remote internships available there.

I’m good at shell scripting, Linux CLI, Docker.
Also, can you suggest me what should I know theoretical and practical, to get and complete the internship successfully.

https://redd.it/10sdyhm
@r_devops

Broke the Kubernetes cluster, and asked ChatGPT to write me a poem about it in Shakespear style

"The cluster hath been shattered, the pods destroyed,
But fear not, for I shall repair it with joy.
Anon, 'twill be up and running with might,
And all shall be well in the morning light."

https://redd.it/10sfoie
@r_devops

How do you remodel Jenkins for a modern, container based environment?

Things in progress at our company:

Containerization of our large, mostly Windows based monolithic projects, making them modular and not dependent on Windows anymore
Slowly shifting to K8 for the projects, test-systems and tools that support it

But we are still using a 8 year old version of jenkins.
My task is to build everything anew in a better, modern and up-to-date way.

If you were in my shoes and Jenkins also a non-negotiable must-have for CI, how would you start?
Would you still use Jenkins for Continuous Delivery or something else?
Does Jenkins hinder the whole Kubernetes workflow?
Or is this the completely wrong way to start modernizing the toolchain?

What are your experiences with switching from old CICD & software architecture/design to full automation of modular/containerized applications?

https://redd.it/10sfknd
@r_devops

oAuth/OIDC: id token & access token issue

Following scenario:

I want a user to authenticate through a single page application to my plattform. Therefor I will use oAuth/OIDC. The platform contains several services, so I thought of passing around a token between them. All the authorization concerns are handled internally by the platform itself. A microservice only needs to know who a user is.

As far as I know, id-tokens always should remain at the client and not be passed around. The access token is used for authorization and should be passed to the API of my platform but should not be used for authorization.

How can I handle this?

​

BR and much thanks!! :)

https://redd.it/10rtfcn
@r_devops

In your company, which monitoring system do you use?

.

https://redd.it/10sicvz
@r_devops

What is the best redis client for mac out there?

I want to stop using redis-cli but can't find a client out there that's free or at least not too expensive. Would appreciate it if you know one

https://redd.it/10sjjih
@r_devops

EKS - managing SSL/routing through annotations and controller vs managing routing outside of EKS on the ALB/LB

I have a client, who is stubborn on trying to manage rules and routing and TLS on the ALB instead of letting the controller do the work through annotations. I am trying to convince them that this would be an anti pattern for Kubernetes deployments.

points for controller + cert manager etc.

\- reduce blast radius to the pod that annotated

\- let developers test faster by deploying and not worrying about rules getting added for something to work

\- all the neat features the LB controller brings

\- group workloads to use a certain LB

\- dynamically provision the LB

\- scaling will be easy as adding new pods and annotations

\- industry standard??

points for putting the SSL cert on the ALB and then managing target groups/rules either manually or through terraform.

\- will need to manage the target groups and rules outside of EKS

\- increases the blast radius to all the pods in the cluster

\- scaling will become tedius

\- ips on pods can change, so before every apply or change, will need to ensure the target groups point to the right ips etc

What other points might i have missed which can tip in favor of one or the other?

https://redd.it/10sl20e
@r_devops

Puppet Bolt: multilevel inventory file

Hey all,
We've been using puppet bolt for a while now. For our new deploymwnt strategy we would like to use a multilevel inventory file, however I can't find any examples of the file or the code to call the file correctly in a bolt command.

Can anyone help me and provide these examples?

https://redd.it/10rrzab
@r_devops

Why no dabases mentionned in Road to devops

I noticed that the Road to devops site that is very practical does not have any databases.

I would expect it to have at least Postgres and MySQL mentionned.

Any thoughts? Some DB knowledge seems like something important to acquire IMHO

https://redd.it/10ry1db
@r_devops

GitLab CI: How to run only after deployment?

Hi Reddit,

I am putting database deployment into the CI pipeline, and thanks to Liquibase, that is made simple by only having to run a single command.

The problem is every time a merge request is created in GitLab, the pipeline will run before the merge happens. I would like it to run after the merge has been completed, and not before.

I tried using $CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" but it still runs at the merge request creation.

I do have GitLab premium and enabled the merge result pipeline, but I just couldn't figure out how to use it.

Does anyone know how to accomplish that?

https://redd.it/10spomx
@r_devops

From IT to DevOps

After 9 year of working as an IT Support finally got this first junior DevOps job offer after trying so hard to make this transition.

Learned for almost a year , i did so many courses and paid labs , also plan to take kubernetes and SAA exam soon and .
BUT i dont have any prior hands on experience in production with Kubernetes, Docker , CICD ,EKS .

Can someone give me some tips , advice or any self well documented step by step procedures on how to deploy apps in EKS etc, best practices and anything that could help in this difficult beginning period.

Thanks

https://redd.it/10sqxir
@r_devops

Should I accept the position?

Current job - working as contractor ( my employer has managed services contract with them) to a large govt bank in UAE. I was only supposed to manage Vmware vsphere and nsx. At this point had learned bit of Azure, terraform and Kubernetes by side projects and certifications. Since NSX is comes under networks so I ended up working for my current boss (Irish) who is really supportive and overall great leader to work for. I saw a gap where network team did not have azure and infra as code expertise and after discussing with my boss I started working in those areas and have become the go to guy for any azure related projects and using terraform to automate lot of deployment flows. This has brought lot of praise to my boss as his team was lagging behind on those areas and he now relies heavily on me also he is very vocal in recognising my effort when ever he gets chance. I am not early riser and come in late then every one else but he told not to worry about it. I do work late to compensate but already don’t have to wake up early.

After completing a year, I asked him if I can get hired directly as they have great pay and benefits ( company takes care of housing and kids eduction) and he said it might happen but not any time soon.

I wanted to test waters and got a job offer. Where pay is same as I am already at higher pay band but they have much better benefits-

36 days leave comparing to 22 days now.

Yearly bonus, equal to 2-3 months of pay.

Direct hire position with chance of pay rise in next year. My current employer has no notion of promotion or pay hikes. They just send you client where you work as long as client is happy.

Kids eduction allowance

I will have more things to learn based on job description and not limited to network devops. Like an overall Azure cloud engineer/devops + Kubernetes.


should I take this offer to my current boss and find out if he really wants to hire me direct and if he does not then just accept new job and move on? On other hand I am thinking to stay put as I am comfortable here and have great supportive boss, i still have few interesting projects in pipeline. Help me out guys what would you do in my shoes?
Also there is always the unknown factor of how your new colleagues or manager will be as that can cause unnecessary stress trying to settle in a new job where you have prove your self.

https://redd.it/10ssmon
@r_devops

Why add Varnish caching between CDN and origin

From my understanding, a CDN already does the caching, so why would you want to add a Varnish cache between the CDN and the origin. I'm sure there is a good explanation for it it's just not clear to me.

https://redd.it/10ss3hs
@r_devops

Kubernetes secrets management on autopilot

An article I wrote that discusses how we can automate secrets management within Kubernetes effortlessly, check it out!

https://maidul.medium.com/kubernetes-secrets-management-on-autopilot-36e0c6373024

https://redd.it/10svsdp
@r_devops