How to get into DevOps 2023?

I've been a software engineer almost a year now, and I'd like to pivot into DevOps in years to come.

Experienced ops, how did you get into it(entry level)? What would you advise?

https://redd.it/10qy326
@r_devops

Triggering Lambda from one region to all

I am using Event bridge to trigger a lambda function. Suppose a S3 bucket is created in us-west-2 region(same as lambda function) and another bucket in us-east-1 but lambda triggers for us-west-2 only. How can I solve this for other regions too ?

https://redd.it/10qo5wt
@r_devops

Are the AWS certs still worth it?

I've spent a lot of time on these so I hope so.

https://redd.it/10u6fyy
@r_devops

Cloudfront dist for site maintenance

Hello folks,
I have 100 sites which all are serving through cloudfront distribution and finally with cloudflare dns, now I want to go for site maintenance for certain time, so what I want is-
1. Show custom site maintenance page

2. Stop serving cloudfront


How should I do it

https://redd.it/10u78hj
@r_devops

Career advice for a new Junior DevOps

Hi, I started as DevOps Engineer job 6 months ago with no background, I only really knew Linux/AWS/Python and got myself AWS SAA cert and that's about it.

I got into a junior position in q company which has a product that is:

1) Not containerized - the application is just 1 big monolith mess that is also unoptimized.

2) Not in the Cloud - right now we just run on VM's

3) Undocumented - i feel like i can count on 1 hand the amount of people that are documenting stuff.

4) Understaffed - most of the people that made the product have left

Although as a DevOps I am supposed to support the infrastructure and developers I spend around half the time supporting the application.

Now, what bothers me most about this job is that I am not working with 'meta' tools(K8S, cloud, terraform, ansible etc...)

I am worrying this could be a career suicide nowadays and it would be hard to find a new job(when that day happens) that doesn't require experience on fancy tools.

Now don't get me wrong, we are currently not using the tools right now but it is planned to use the tools in the future the problem is that R&D thinks that moving the application from monolith to microservices/containers will take years so that puts me in a strange position in my career.

Do I stay around and see how it plays out, do I self-learn the tools and try to find a new job after 2 years?

What would you be doing in my position?

https://redd.it/10u8081
@r_devops

Laravel Containerization or serverless

Hello,

Just looking for opinions on which deployment better is more suitable for laravel apps. We currently deploy to EC2 and have recently been looking at modernising our approach.

Discussing with the dev teams there seems to be a real divide between which technology to use. While I can see the pros and cons of each approach I am edging towards a containerized deployment as it provides a more comfortable dev environment and tech like ECS Fargate can remove a lot of the infrastructure maintenance overhead.

Serverless while it maybe quicker to scale seems to have certain limitations in terms of response size. Some of our APIs have pretty huge response bodies (a problem for another day). API Gateway also has some limitations in the timeout which I think when we are under heavy load could cause issues for us.

Does anyone recommend one deployment method over the other? What experiences have you had? Anything to keep an eye out for?

https://redd.it/10qnu8d
@r_devops

What is the best resource (something similar to leetcode, codecademy) to learn the docker and practice it at the same time?

I'm looking for a platform similar to leetcode, codecademy where I can learn lessons and practice exercises while keeping track of my progress. Are there such sites for docker?

I want to get at least beginner level better before I setup VPS and practice on actual server.

https://redd.it/10ublw1
@r_devops

OneUptime: Open-Source StatusPage.io Alternative.

https://github.com/oneuptime/oneuptime

https://redd.it/10ud5ga
@r_devops

How to make sure that Lambda triggered by an event only executes when the event has been trigger by the right origin?

Hi, I am recent to DevOps and trying to learn on my own, but sometimes have questions around the best trade off, and thought this might be a good forum for it.


I currently have an AWS setup where I have multiple Lambdas that are triggered by events. The idea is that after Lambda #1 runs a service or makes status a change that will send an event and trigger Lambda #2 etc...


The challenge is that the event that triggers Lambda #2 might happen even without Lambda #1 has run.


How do I make sure that Lambda #2 only executes if Lambda #1 has been the trigger for the event that made Lambda #2 run?
Is using a store parameter that is set by Lambda #1 a reasonable solution, or are there better design patterns?



Thank you

https://redd.it/10ug5y4
@r_devops

Question about Health in IT

I been a DevOps engineer for 3 years, been in IT for 6 years. I've studied over 10,000 hours - I've been kinda logging them/keeping track every week to hit my study goals.

I've been noticing lately, even if I have my glasses on- sometimes I can't see. Like everything is kind of a blur. I visited an Optometrist last week and they said my eyesight 20/20, but they give me a very weak prescription with UV light protection lenses. So it seems like my eye sight is fine... it's just after staring at a computer screen 12 hours a day all week it feels like I can't focus on anything anymore. My brain is foggy, and it feels like my soul is forever enslaved by the computer. Sometimes people will talk to me and I can't hold a conversation, my brain is just buzzing/empty or full of IT related stuff and I don't even hear what people are saying to me.

I feel like I need to take a month off to just not look at my phone, not look at any TV's, computer screens, etc.

I try to eat as healthy as possible and exercise, any thoughts?

https://redd.it/10uhtda
@r_devops

What are thoughts about AWS CDK Pipelines?

I saw a demo about this library 2 years ago and thought it was neat to manage pipelines and cloud state via a code first framework.
Is it popular amongst Devops people?
Any experience with it?
Is it production ready in terms of stability and community?

https://redd.it/10uhoao
@r_devops

RAID10 on 8 x Enterprise NVMe drives - Terrible Performance - Help Needed

Hi,
8 x NVMe Samsung pm9a3 with software RAID10 we are getting a terrible performance of around 80k IOPS where we get around 1 million IOPS on a single drive.
The OS is Debian and CPU is Epyc.

What's your experience? Any help really?

Thanks

https://redd.it/10ugz5u
@r_devops

Are you running databases on Kubernetes?

Hello, I came across this Redhat survey claiming that 80% of the workloads deployed on Kubernetes were databases or data cache, based on the answers of their respondents.

I was intrigued by this because I always thought that Kubernetes workloads (i.e. containers) should be ephemeral and stateless. I tried searching on the internet and YouTube, but I'm struggling to find answers to my questions.

Are you running databases on Kubernetes? How does that work? What are you storing? Do all the pods connect to the same disk containing the database itself, or are all pods instances of the same HA database that is replicated between the pods?

https://redd.it/10umist
@r_devops

Are detached DEV cloud environments secure (and normal) for DevOps?

My organization is considering having cloud development accounts, that are fully managed by developers. Developers alone would have root/admin privileges. The environments would be Internet accessible, but not accessible from the VPN

The developers would be setting up permissions, networking policies, etc. Before bringing an environment back on the VPN, the developers would review the Terraform infrastructure code with security and networking team.

The problem is that our developers are not trained in security which could lead to unintentionally insecure Dev environments.

Have you seen development environments managed in this way before? Is it secure? Any issues?

https://redd.it/10uniyz
@r_devops

I'm getting tired of Terraform and want to give Pulumi a try. Looking for some suggestions

Coming from a TF background, I am starting to just get sick of all the nonsense surrounding making HCL work. I've used Terragrunt to keep code dry, and obtained my HTFCA.

The more I want to develop personal projects, the more I feel like coding in HCL is just slowing me down. All the little oddities and such.

So some questions I have for you Pulumi users:

1. Did you do this, and what were some of the pain points?
2. Did you end up going back?
3. How did you structure your repo(s)?
4. How did you break out your infrastructure files so that they made the most sense?
5. What language(s) did you use?
6. Edit: How did you implement policy-as-code such as linting, security checks, etc?
7. Any other gotchas I should look out for?

https://redd.it/10uoidy
@r_devops

Zero downtime hosting via horizontal scaling

Hey there

I‘m having trouble coming up with an idea for a shared hosting infra architecture.

My job is basically hosting highly customized web projects with an open-source CMS at its core.
We have a decent amount of customers paying only for shared ressources.
This is unmaintainable since we have to inform every single customer before updating the servers (dozens per server).

Our goals are: easy maintenance and high reliability/„failsafe“ and further horizontal scaling via snapshots


Would it be viable to create


Web servers:
- 1 cluster containing 3 web servers with a load balancer in front (easiest part)

Database:
- 1 database cluster containing 3 db nodes with a load balancer in front (easy but can get quite costly)

Persistant data:
- Self hosted minIO cluster (amazon s3 is ridiculously expensive)


What are some ways to make a session not disconnect in case the webserver goes down?


Maybe someone could point me in the right direction or give some helpful insight, that would be amazing

https://redd.it/10ur55j
@r_devops

CI/CD tooling choices

I'm always curious about the **why** when it comes to others' tooling choices. I'm a public cloud consultant, and prefer certain things between AWS/Azure native, as well as third-party. Lately I've been wondering about CI/CD after seeing a couple comments on Azure DevOps and GitHub Actions. My role in consulting for a while has pretty much been support what is currently in use, with some greenfields here and there. I'm less concerned with the agnostic approach because of flexibility of switching clouds, it happens less than acquiring/merging companies who are on a different cloud; but even in that instance one company's tooling just goes away in favor of the other, so unless there are a ton of A&M's, consistent tooling between clouds isn't a deal breaker.


Below are a few pointed things I'm curious about, if you could completely redo your CI/CD tooling with zero push back and costs were of no concern:

* If you're an AWS shop, do you actually like CodePipeline/CodeDeploy/etc over third-party?
* What specifically do you like/dislike about it to justify it?
* If you're an Azure shop, do you actually like DevOps over third-party?
* What specifically do you like/dislike about it?
* Why are you not using GitHub Actions in a greenfield? I could understand it's not a direct replacement for matured shops, at least at this time.
* Do you mix and match some things, such as using AWS/Azure for build but then use something like ArgoCD, Octopus Deploy, or a number of others for CD?
* Same question for CI?

https://redd.it/10ushi6
@r_devops

A No Code Terraform Tool

Hey guys! What do you think about having a visual Terraform editor? 👋😊

It looks like No Code tools are becoming quite popular so I was thinking how awesome it would be if you could create your Terraform configuration with a No Code approach!

Would anyone be interested in using such a tool? 🤔

https://redd.it/10uv31w
@r_devops

Let share pros and cons for Data base management in Container Environment and Virtualization

Could you please share this with me as the title?

https://redd.it/10uzov3
@r_devops

Securing Admin access to Apache APISIX

API Gateways are critical components in one’s infrastructure. If an attacker could change the configuration of routes, they could direct traffic to their infrastructure. Consequences could range from data theft to financial losses. Worse, data theft could only be noticed after a long time by mirroring the load. Hence, protecting your API Gateway is of utmost importance.

In this short blog post, I’ll list a couple of ways to secure your Apache APISIX admin access.

Read more

https://redd.it/10v0fmy
@r_devops

Surf CLI - New Feature: Fuzzy search DynamoDB (even encoded data)

**DynamoDB:**

[https://github.com/Isan-Rivkin/surf#aws-dynamodb-usage](https://github.com/Isan-Rivkin/surf#aws-dynamodb-usage)

​

**TLDR**

* surf ddb --query "my-text-\*" --table "\^prod" --out json
* Pattern matching inside objects
* Additional Supported formats: JSON, Protobuf, Base64, Binary

​

**Supported Platforms**

* surf <platform> -q <some text>
* AWS Route53, DynamoDB, ACM, S3, Opensearch
* Elasticsearch
* [Logz.io](https://logz.io/)
* Hashicorp Vault, Consul

&#x200B;

**Overview**

SURF is built for Infrastructure Engineers as a CLI tool that enables searching any pattern across different platforms. Usually, the results are returned with a direct web URL.

The search process depends on the context, for example: if you're searching in Vault it'll pattern match against keys. Instead, if you're searching in Route53 AWS a DNS address it'll return links to the targets behind it (e.g Load balancer).

https://redd.it/10v119c
@r_devops