Why add Varnish caching between CDN and origin

From my understanding, a CDN already does the caching, so why would you want to add a Varnish cache between the CDN and the origin. I'm sure there is a good explanation for it it's just not clear to me.

https://redd.it/10ss3hs
@r_devops

Kubernetes secrets management on autopilot

An article I wrote that discusses how we can automate secrets management within Kubernetes effortlessly, check it out!

https://maidul.medium.com/kubernetes-secrets-management-on-autopilot-36e0c6373024

https://redd.it/10svsdp
@r_devops

Higher ups want to move me into middle management (dev manager)

I'm an engineer with 8 years experience and am currently crushing those sweet sweet service mesh tickets. Had a normally scheduled meeting with a manager and they said that the company is changing and see me as having the skills to be a dev manager for the platform since they are making changes in the coming months. Im confused. I was on track for principal dev and now they want to me to switch. Is this a sign that the company will be laying people off and they like me so want me to move? Do they think I'm a bad engineer (forever learning but def not bad)? Or am i looking into it too much and should get back to work?

https://redd.it/10sx5cp
@r_devops

Don't be afraid of the "Transition"

Hi all,

I am writing this post here as I see most of the people whom I have talked about transitioning their career, have second thoughts about it. Just sharing my journey here.

If you want to move into a different role, position, or different industry. Just do it.

I have transitioned from a role in "Telecom" Radio Engineering to "DevOps" based role as an Infrastructure engineer. I had previously worked in the same domain & industry for the past 12+ years, growing vertically from a Systems Engineer to a Solution Architect.

However, I was not enjoying the domain and really wanted to move to Cloud/DevOps and thus I decided to make the switch.

I started applying to various open roles, with very few interview invites.

I was rejected by many organizations in the interview including Facebook, AWS & RedHat.

But after several iterations and several "feedbacks," I landed a role.

During this time, I constantly kept on working towards improving my skills, through self-learning and got certified myself in AWS SAA & CKA. Personally, for me, the biggest challenge was the massive gap in what is being taught and what is being implemented in the industry.

It has been a learning journey after landing in this role.

Had I would have not been determined to move to this role, I would not have been where I am.

I have been a silent lurker in this community as well and I just wanted to say a big "Thanks" to everyone here.

​

TL;DR- Don't give up.

https://redd.it/10sylqo
@r_devops

How can I transition from a traditional role to devops?

I am a network security engineer with little over one year experience. While looking into possible jobs to try in future, I figured devops is something I would like.

Working in netsec, I would say I've a strong foundation in networking and I've constantly been a part of configuring interfaces, creating changes w.r.t firewalls, switches and troubleshooting if there's any errors with proxy. Will it be useful to include this in my resume?

Pros:
So far I've fiddled with Git/GitLab(using yaml to deploy pipelines in 2 seperate environments using aws.. which i pretty much larger watching Freecodecamp video on YouTube) read on basics of devops regarding CI/CD, Version control and concepts and I've done across the devops roadmap on this sub which was very useful, I understand I've a lot to learn and catch up on like automation/scripting etc(btw I've done my bachelor's in CS, and few projects. So I've worked with python, C etc just never to automate infra)

Cons:
I've been little experience in building applications. If I'm asked to use react, API calls or work with code in general I would say I'm pretty much a novice, except the basic background I've had in programming since high school.

I'd prefer to work fully remote from home.

So my questions would be:

1. Is it feasible to think I can transition to devops directly?
2. If yes, and if I am going to dedicate my time more seriously to learn (let's say few hours everyday) how long will it be before i can realistically start looking for jobs?
3. Should I try a sysadmin/cloud engineer role before I try to work in devops?
4. I'm lost in trying to learn what's important for the job vs what's feasible, for example k8s is very important for interviews but i should probably prioritize Cloud, terraform or Jenkins(I've work experience with logs so i havent really checked out grafana etc)?

This has turned out to be alot longer than I expected but this has been on my mind for few weeks now and felt like just saying it in words would help. If I'm 10000th guy posting the same question here, then well.. even a link to op would be very helpful

https://redd.it/10syqen
@r_devops

how to migrate to helm

So we have a configuration repository written in typescript that generates yamls for our kubernetes. I think it would be a better practice to migrate it all to helm for easier deployment with terraform.

How / where do I start this migration considering I have only high level helm understand and small installation experience

https://redd.it/10spkwn
@r_devops

Unpopular opinion: CI/CD engines are an awful idea

I need scripts to run on github webhooks just as bad as you do. But this one-size-fits-all "lets make scripts but in yaml" shit has got to go.

Every CI/CD engine has a million different 'input' layers - environment variables, repo variables, workflows from various branches, maybe the git commit object. Oftentimes your scripts will have the ability to jam more variables into the 'input' layer for later scripts - such as in the case of the github environment variables. UNFORTUNATELY, it's never clear WHICH input layers are available to WHICH parts of the script. "Oh, no, you can't use outputs from this script to as arguments for something in our yaml, because the yaml is calculated first." Well thanks, Mr Nadella, I'll just torch my entire pipeline and start over.

Every CI/CD engine is trying to have some sort of rudimentary 'secrets management', but that's not its core competency. There are always rules - "only 100 secrets", or "Secrets can't be passed from job to job," or "We allow secrets but you can only put them in via our GUI" or "We use hashicorp vault as a secrets backend but we didn't study the docs so we're just using their 'approle' backend as a username/password." Looking at you, Mr Tabib.

Every CI/CD has obscure, insane 'defaults' left and right. "Oh, you ran a job that was called by another job called by another job, and everything succeeded, but one of the if statements didn't run? Our 100% proprietary fancy-pants no-source observer calls that a failure!"

FOR GOD'S SAKE, YOU ARE A GLORIFIED SCRIPT RUNNER.

I'm dying over here, you guys. What happened to the unix principle? What happened to each thing doing one thing really, really well and stringing it all together? Why does each CI/CD runner have a GUI and a CLI and two APIs and secrets management and slack integration and built in graphs and dashboards and runs shell scripts against my cappucino maker?!

Like, SO MUCH of our CI/CD in every place I've ever been could be done with docker containers and python. Github pull request? Send a webhook to the container, run the scripts, fuck off. Am I missing a GUI I admit it might be a little irritating to build my own GUI, but everything else? Emailing people from a script? Slacking people from a script? Correctly gathering secrets from my vault instance from a script? CORRECTLY PASSING RETURN VALUES BETWEEN SCRIPTS?!

But instead, I spend my days becoming a goddamn little cackling wizard on someone's particular dumbass piece of software with features we'll never use, hidden 'sane defaults' that get in the way, security that protects someone else, translating yaml to basic-bitch bash.

ugh. Thanks guys. rant over.

https://redd.it/10t0xqj
@r_devops

Helm CD vs GitOps

I'm trying to understand the advantages of implementing GitOps in our DevOps department.

Currently, we have microservices running on an EKS cluster, with each microservice having an associated Helm chart stored in a Git repository that describes its deployment.

Our CD process runs the Helm upgrade command after CI is completed. The desired “state” of our applications is stored in the Git repository, and changes to the desired “state” trigger an update to the actual state through the CI/CD pipeline. However, I'm considering the possibility that adding GitOps may not bring significant advantages and could instead introduce additional complexity to our pipelines.

Do you know what I may be missing and why GitOps could bring benefits over our current setup?

https://redd.it/10ssbpp
@r_devops

How do you fix an official docker container?

Trivy finds 1,000 issues even in official docker containers, so how do you learn to fix them? I am wondering how, because some of the errors seem to require fixing the operating system itself.

https://redd.it/10t4h8b
@r_devops

Specify at least 1 User command in Dockerfile with 1 non-root user as an arg

Why is this necessary, and why is it considered as a security issue? I never ever need to create a user to my Dockerfile, so I am trying to understand what this warning is about.

https://redd.it/10t5ib1
@r_devops

Nothing special...

Hey guys,

This is not particularly a startup/ product, mostly just a project idea. But anyone interested in Simplifying cloud hosting for developers?

As a developer I see that hosting, devops and deployment of applications can be a real challenge nowadays. Especially for small quick prototypes. Building applications on cloud platforms like AWS or Azure can be a tedious and complex task, even for experienced cloud engineers who still make mistakes with load balancer rules, instance management, and more. The result is often inefficient or expensive solutions.

To tackle this problem, I want to create app blueprints that can be added to Python, Node, Rust, or Java apps. These blueprints will connect the app to your AWS, Azure, GCP, or VSphere accounts, and spin up a cloud infrastructure with all the best practices built in: along side storage, databases, key vaults etc that you need.

I plan on it being just prebuilt IaC modules through Pulumi or Terraform, I believe there is a strong market for this as many developers want to use IaC but honestly don't really care about being as descriptive and pedantic as it forces you to be. I honestly believe the benefits are two-fold: Firstly, we make the process of hosting an application much easier, quicker, and more efficient. Secondly, we help developers avoid common mistakes and improve their cloud infrastructure, making their apps more secure, reliable and optimized.

I also think this kind of project is a great candidate for open source

Let me know if this is interesting to anyone/ this already exists.

https://redd.it/10sv2py
@r_devops

Error with SSL certificate using private key and certificate from organization with SAN added

I've generated a private key and CSR using openssl, then submitted the CSR to my organization. I received the certificate and used it along with the private key generated by openssl. Despite adding SAN, I am still encountering an error saying

"This server could not prove that it is localapp; its security certificate does not specify Subject Alternative Names. This may be caused by a misconfiguration or an attacker intercepting your connection."

What am I doing wrong?

https://redd.it/10t81ro
@r_devops

Not able to complete Vagrant up, with custom.ssh.password in Vagrantfile

Hello guys, I'm new to Vagrant, trying to learn sorry if this question is too dumb. I'm using below vagrantfile. Rather than using default password "vagrant", I'm trying to use custom config.ssh.password. I tried few things, I'm able to figure out.

# vi: set ft=ruby :

Vagrant.configure("2") do |config|

# Define new vm called Master
config.vm.define "master" do |master|
master.vm.box = "bento/ubuntu-22.04"
master.vm.hostname= "controlplane"
master.ssh.username = 'test'
master.ssh.password = 'test'

## for private Network which would create a bridge to physical network
# master.vm.network "privatenetwork", ip: "192.168.56.111"

## for Public Network which would directly attach user to the physical network
master.vm.network "publicnetwork", type: "bridge", bridge: "wlp3s0", ip: "192.168.1.222"

master.vm.provider "virtualbox" do |provider|
provider.memory = 2048
provider.cpus = 1
end

end

end

Terminal_ouput :

==> master: Waiting for machine to boot. This may take a few minutes...
master: SSH address: 127.0.0.1:2222
master: SSH username: test
master: SSH auth method: password
[email protected]'s password:
[email protected]'s password:
master: Warning: Authentication failure. Retrying...
[email protected]'s password:

​

https://redd.it/10t866l
@r_devops

How is "branch deploy" useful?

https://github.blog/2023-02-02-enabling-branch-deployments-through-issueops-with-github-actions/

I don't get how this kind of deployment is better, as it means the state on production is not the state of main?
Example, I deploy a branch feat/awesome-button. I will see the awesome button in production. But if someone pull main, they won't see the button as the branch wasn't merged yet?

https://redd.it/10tamdl
@r_devops

Hiding a website/url's identity

Hey all,

I'm sorry if this isn't the right sub for this, but devops is the closest field I could think of that may answer my question.

I have a friend who's looking into starting website/blog of a "politically sensitive" nature. The guy's a journalist with a history of quite a few death threats over his liberal views, especially from religious sources. So you can understand that the guy's safety and anonymity are paramount. What would be the best practice for such an endeavor? Over-seas hosting? Where?

I'm helping him set it up so my understanding of the tech is mostly from the developer's pov.

Thank you!

https://redd.it/10td3m6
@r_devops

What webinar would you actually take the time to watch?

Hi there! I'm a course and webinar creator for DevOps. I'd love to get your feedback on the topics you really want to hear about in a 30-40 minute webinar. This is all thought leadership -no sales or marketing.
What would be helpful for you? Drop your ideas here, and thank you!

https://redd.it/10su2br
@r_devops

GitHub Actions for Continuous Integration



GitHub Actions for Continuous Integration

​

https://community.cisco.com/t5/devops-knowledge-articles/github-actions-for-continuous-integration/ta-p/4762097

​

The continuous integration (CI) pipeline which I’m about to share is worth sharing because it accomplishes two things in particular, which you may have assumed GitHub Actions would do out of the box, but for which I had to do some research to find and implement niche tools. These two things are:

1) Detect exactly which file(s) have changed in a Push to GitHub and assign the properties of those files to variables.

2) After running a script using those variables, automatically Commit and Push back into the GitHub repository.

The idea for this project came from our team’s desire to attach audio versions of the blogs and articles we post to the Cisco Community. This will enable those who are visually impaired and give everyone else the option to listen instead of reading. I also wanted to have a place to store all my blog and article documents, other than a folder on my desktop. This source of truth (SOT) of text templates and their associated audio MP3s will also serve as an archive for future use of this knowledge.

https://redd.it/10rsgif
@r_devops

How are you editing helm charts?

Hi there,

I'm currently using IntelliJ IDEA with the Kubernetes plugin to edit my helm charts.

It's nice, but it's not complete. I'm looking for a better way, to help me on periodic refactor and overcome some of the annoying YAML/Helm shenanigans and boilerplate.

I'm also thinking of offloading some of the helm chart parts (mainly around deployments) to developers. The developers mostly don't know helm and know very little k8s, and I'm looking for a way to make it easier for them. Know any editor/tool/helper that can help?

In general, I would love to know, in your company, are developers involved in editing helm charts? And if so, which parts mostly?

https://redd.it/10rq8d6
@r_devops

Freelancer site

Hi, what is is the best website to offer my services as DevOps SRE? Thanks!

https://redd.it/10rorxd
@r_devops

When you npm build and deploy what do you do with the build file after?

I did a npm build so I can I deploy on netlify. But it's in my folder project now. I shouldn't push it to my Github right? Should I just delete it and then everytime I update my project I make a new npm build?

https://redd.it/10ruitg
@r_devops

Fedora CoreOS in 2023?

When CoreOS was shutdown and rebranded to Fedora CoreOS with less and missing features the project was basically dead for me. Is anyone using the fedora version and can tell me how it is going? If not, which alternatives are you using as Docker Base OS? Thanks!

https://redd.it/10tk67a
@r_devops