Keeping vendor providers on track?

The situation: our service provider has limited capacity in terms of their resources. They also do not extend their roadmap out past a month. How can I, as a client (of a fortune 200 company) motivate the vendor to A. Move more quickly to more efficiently meet our business needs and B. Minimize slippage? C. Extend their roadmap out further?

https://redd.it/10yvuq9
@r_devops

What's DevOps like in Telecom?

Is it mostly managing (virtual) network functions? Sounds like an interesting space that isn't managing databases and websites/apps.

https://redd.it/10yvr7u
@r_devops

As DevOps-led automation has increased, machine identities are posing a threat to traditional cybersecurity, one of the challenges in managing the growing number of machine identities is the way systems authenticate them.

Clearly with DevOps led automation have come some issues, real ones, cybersecurity needs to step up their game due to the changes that have come thanks to DevOps, the new threat are machine identities.

What do you think is the best way to prevent machine identities from turning it into a security mess?

Source: https://thefintechspot.com/3-steps-to-mitigate-security-issues-created-by-machine-identities/

https://redd.it/10yyy45
@r_devops

Azure Security

Are there any good sources for learning Azure security?

https://redd.it/10z0jga
@r_devops

Node and Chef Cookbooks

I am currently learning how to use Chef, and I have a question regarding nodes and cookbooks. Can a node be linked to multiple cookbooks? If so, is it typical for nodes to be linked to several cookbooks in larger, more complex setups?

https://redd.it/10z036c
@r_devops

What is your opinion on using an all in one platform like ADO, GitLab Ci/Cd vs. multiple tools you need to integrate together?

Hello everyone! I’m joining a team that is new to DevOps practices and is running on Azure. I’m tempted to start with ADO since it’s easy to integrate in their environment and I’m building from the ground up, which makes an all in one platform appealing. However I don’t want to miss out on other tools that specialize in a certain aspect.

Just wondering what everyone thinks of these all inclusive platforms vs. combining multiple tools from multiple vendors.

https://redd.it/10z2aag
@r_devops

Is the Azure DevOps cert worth it?

The company I work for is 100% Azure and I was looking at getting the AZ-400 to learn about their tools. But since MS bought Github it looks like they abandoned their own devops tools in favor of that. I'm still majority ops, so this would also be a learning path for me.

https://redd.it/10yyu0n
@r_devops

dev sandbox environments

What do you use to practice and test?

https://redd.it/10z43lh
@r_devops

Noob Chef Cookbook Question

I know chef is a powerful tool that is used to configure servers to your specification, but is the program itself(that your configuring your nodes for) also included in your chef cookbook?

Meaning does the cookbook itself takes care of everything, the server configuration and the actual program that will run on the server?

So basically, you don't have to have a chef cookbook configure the servers, and then have another tool deploy the program you want to run on the servers, but rather Chef takes care of all of it?

https://redd.it/10z0spx
@r_devops

Measuring SLO: Organic traffic or synthetic traffic

Hey guys,

So we want to measure the SLO for an endpoint that is critical for our users.

Google SRE book says to measure the uptime with the ALB requests count. This is good if the requests are coming in frequently. During business hours we get a constant amount of traffic, but at early morning hours, the requests are sparse.

So I am wondering, should we have our test sending synthetic traffic at a constant rate to check the endpoint is up? Is this usual practice?

Also, "uptime" of the service means many things. For example, APIs are up, admin dashboard is up, etc.

In these case, should we have SLO for all these critical endpoints and services, and if one fails, we count as downtime?

Thank you.

https://redd.it/10z7xku
@r_devops

How to authenticate microservice API with Keycloak and Azure AD?

Hi Reddit,

I have setup the following:

* An OpenShift environment with a bunch of microservices exposing API endpoints
* A Keycloak instance that has an identity provider setup and working
* Azure AD with app registered already

I want all users who wish to use my endpoints to authenticate with Azure AD first to get a JWT, and then use my endpoint with the JWT as a bearer token.

So far, my research has led me to successfully set up Azure AD as Keycloak's identity provider, but I am quite lost from here onward. I found a few articles on how to set up a new client in Keycloak and use the client secret to obtain a JWT, however, that means there will be a shared secret key that all users need to use, instead of going through Azure AD.

Does anyone know how I can accomplish this?

https://redd.it/10z91l6
@r_devops

Is there a free tool that can do a team rotation like pagerduty?

Does anyone know of any free tooling that can give you a team rotation, like what pagerduty gives you, but with none of the other features? Anything like a Slack app or Google Calendar app that can do it would work for me.

https://redd.it/10y4sl7
@r_devops

The Case for Pull Request Build Validation

Eliminating disruptions that introduce toil and unnecessary cognitive load is critical to building happy and healthy development teams

https://adamdingman.net/posts/build-validation/

https://redd.it/10zc3hi
@r_devops

Cloud security people

Cloud sec people. What do you do in your job exactly?

How does your org measure your success

How much coding do you do on the daily

What do you like about cloud sec and what do you hate

https://redd.it/10zcpk8
@r_devops

Freelance DevOps Engineers help

TL;DR: How to get jobs as a freelance DevOps?

I have 4 years of experience in DevOps and have worked as a freelance for about a year in a DevOps consultant company. Lately, I'm not getting enough projects and I have plenty of free tine to work.

Currently, I have 20 hours a week that I can work and in May I would like to get a full-time job (fully remote)

What do I need to do to find jobs as a freelance?
Appreciate any help🙏

https://redd.it/10xulp6
@r_devops

AWS Fargate Lumen/Laravel (or other) application logs into Cloud Watch

Hi all,

I have a lumen application running in Fargate which writes daily rotating logs to a directory in the container. I'd like thes logs to be streamed, pushed or pulled into CloudWatch. There seems to be some amount of logging happening as part of the standard fargate setup; I see http access requests going to the lumen application on the container logs but I want to also stream the logs the application writes.


After some extensive googling I've struggled to find much help on this. I've currently got two approaches:

1. Configure Lumen's logging driver to push to cloudwatch.
2. Configure Lumen to write logs to std > out at which seems to get picked up by the standard logging for the Fargate container.

If anyone has done this or can point me at some blog posts etc it would be greatly appreciated.

https://redd.it/10xttzw
@r_devops

Strategies on working on call and maintaining health.

Just recently secured a role as an Azure DevOps engineer

My worry is being sleep deprived at 3am and I know to mitigate this is by sleeping earlier but does anyone have any other strategies to fix potential late night issues(1am+) and still maintain restful sleep and not be sleep deprived? Just knowing that sleep deprivation can be extremely detriment to our physical and mental health?

https://redd.it/10zfr8l
@r_devops

x86 and arm64 runners in config.toml

Good day. I have the config.toml file with x86 runners configuration. Is it possible (how?) to add arm64 runner and make sure there will be only pipelines for arm64 executed on this runner? Thank you very much for your help!

https://redd.it/10xqw0j
@r_devops

In a gitops world, what does your team do to reduce cycle time for devs?

I’m asking this question largely because I’m burnt out on the workflow at my company, which involves devs opening a PR to their own repo, ci publishes their image on merge, then devs open up a PR to the repo containing develop environment helm values files. These changes get merged, and then go to a gitops repo. Some companies might merge these changes automatically, some might make yet another PR.

One change, 2-3 PRs, just to get the change on a develop environment.

This has been the case at a couple companies I’ve worked for, as a software engineer or an SRE. I get that it works, and I don’t hate it, but I doubt all companies have such a slow process.

How do you address this problem at your company? What else are you doing to reduce cycle time?

https://redd.it/10zhh0v
@r_devops

How much do you make per year from your DevOps / Cloud / SRE job in USD?

title (in us dollars)

View Poll

https://redd.it/10xurvm
@r_devops

Article: Setup OpenVPN access server on Kubernetes

Hey everyone! In recent article, I explain how to access internal services within a cluster through deploying a VPN and use domain names rather than IP address, with the assistance of CoreDNS and DNS rewrites. I hope you find the information useful and informative. Kindly feel free to share your thoughts and feedback.

https://levelup.gitconnected.com/setup-openvpn-access-server-on-kubernetes-bdc35ca6b6c5

https://redd.it/10zm9ku
@r_devops