Noob Chef Cookbook Question
I know chef is a powerful tool that is used to configure servers to your specification, but is the program itself(that your configuring your nodes for) also included in your chef cookbook?
Meaning does the cookbook itself takes care of everything, the server configuration and the actual program that will run on the server?
So basically, you don't have to have a chef cookbook configure the servers, and then have another tool deploy the program you want to run on the servers, but rather Chef takes care of all of it?
https://redd.it/10z0spx
@r_devops
I know chef is a powerful tool that is used to configure servers to your specification, but is the program itself(that your configuring your nodes for) also included in your chef cookbook?
Meaning does the cookbook itself takes care of everything, the server configuration and the actual program that will run on the server?
So basically, you don't have to have a chef cookbook configure the servers, and then have another tool deploy the program you want to run on the servers, but rather Chef takes care of all of it?
https://redd.it/10z0spx
@r_devops
Reddit
r/devops - Noob Chef Cookbook Question
1 vote and 3 comments so far on Reddit
Measuring SLO: Organic traffic or synthetic traffic
Hey guys,
So we want to measure the SLO for an endpoint that is critical for our users.
Google SRE book says to measure the uptime with the ALB requests count. This is good if the requests are coming in frequently. During business hours we get a constant amount of traffic, but at early morning hours, the requests are sparse.
So I am wondering, should we have our test sending synthetic traffic at a constant rate to check the endpoint is up? Is this usual practice?
Also, "uptime" of the service means many things. For example, APIs are up, admin dashboard is up, etc.
In these case, should we have SLO for all these critical endpoints and services, and if one fails, we count as downtime?
Thank you.
https://redd.it/10z7xku
@r_devops
Hey guys,
So we want to measure the SLO for an endpoint that is critical for our users.
Google SRE book says to measure the uptime with the ALB requests count. This is good if the requests are coming in frequently. During business hours we get a constant amount of traffic, but at early morning hours, the requests are sparse.
So I am wondering, should we have our test sending synthetic traffic at a constant rate to check the endpoint is up? Is this usual practice?
Also, "uptime" of the service means many things. For example, APIs are up, admin dashboard is up, etc.
In these case, should we have SLO for all these critical endpoints and services, and if one fails, we count as downtime?
Thank you.
https://redd.it/10z7xku
@r_devops
Reddit
Measuring SLO: Organic traffic or synthetic traffic
Posted in the devops community.
How to authenticate microservice API with Keycloak and Azure AD?
Hi Reddit,
I have setup the following:
* An OpenShift environment with a bunch of microservices exposing API endpoints
* A Keycloak instance that has an identity provider setup and working
* Azure AD with app registered already
I want all users who wish to use my endpoints to authenticate with Azure AD first to get a JWT, and then use my endpoint with the JWT as a bearer token.
So far, my research has led me to successfully set up Azure AD as Keycloak's identity provider, but I am quite lost from here onward. I found a few articles on how to set up a new client in Keycloak and use the client secret to obtain a JWT, however, that means there will be a shared secret key that all users need to use, instead of going through Azure AD.
Does anyone know how I can accomplish this?
https://redd.it/10z91l6
@r_devops
Hi Reddit,
I have setup the following:
* An OpenShift environment with a bunch of microservices exposing API endpoints
* A Keycloak instance that has an identity provider setup and working
* Azure AD with app registered already
I want all users who wish to use my endpoints to authenticate with Azure AD first to get a JWT, and then use my endpoint with the JWT as a bearer token.
So far, my research has led me to successfully set up Azure AD as Keycloak's identity provider, but I am quite lost from here onward. I found a few articles on how to set up a new client in Keycloak and use the client secret to obtain a JWT, however, that means there will be a shared secret key that all users need to use, instead of going through Azure AD.
Does anyone know how I can accomplish this?
https://redd.it/10z91l6
@r_devops
Reddit
r/devops - How to authenticate microservice API with Keycloak and Azure AD?
Posted in the devops community.
Is there a free tool that can do a team rotation like pagerduty?
Does anyone know of any free tooling that can give you a team rotation, like what pagerduty gives you, but with none of the other features? Anything like a Slack app or Google Calendar app that can do it would work for me.
https://redd.it/10y4sl7
@r_devops
Does anyone know of any free tooling that can give you a team rotation, like what pagerduty gives you, but with none of the other features? Anything like a Slack app or Google Calendar app that can do it would work for me.
https://redd.it/10y4sl7
@r_devops
Reddit
r/devops - Is there a free tool that can do a team rotation like pagerduty?
1 vote and 2 comments so far on Reddit
The Case for Pull Request Build Validation
Eliminating disruptions that introduce toil and unnecessary cognitive load is critical to building happy and healthy development teams
https://adamdingman.net/posts/build-validation/
https://redd.it/10zc3hi
@r_devops
Eliminating disruptions that introduce toil and unnecessary cognitive load is critical to building happy and healthy development teams
https://adamdingman.net/posts/build-validation/
https://redd.it/10zc3hi
@r_devops
adamdingman.net
The Case for Pull Request Build Validation
What is the problem to be solved? The Continuous Integration (CI) process is failing after following the approval of a pull request (PR) and the subsequent merge of code.
Not only does this block this specific change set from flowing through the CI/CD process…
Not only does this block this specific change set from flowing through the CI/CD process…
Cloud security people
Cloud sec people. What do you do in your job exactly?
How does your org measure your success
How much coding do you do on the daily
What do you like about cloud sec and what do you hate
https://redd.it/10zcpk8
@r_devops
Cloud sec people. What do you do in your job exactly?
How does your org measure your success
How much coding do you do on the daily
What do you like about cloud sec and what do you hate
https://redd.it/10zcpk8
@r_devops
Reddit
r/devops on Reddit: Cloud security people
Posted by u/Makhann007 - No votes and 1 comment
Freelance DevOps Engineers help
TL;DR: How to get jobs as a freelance DevOps?
I have 4 years of experience in DevOps and have worked as a freelance for about a year in a DevOps consultant company. Lately, I'm not getting enough projects and I have plenty of free tine to work.
Currently, I have 20 hours a week that I can work and in May I would like to get a full-time job (fully remote)
What do I need to do to find jobs as a freelance?
Appreciate any help🙏
https://redd.it/10xulp6
@r_devops
TL;DR: How to get jobs as a freelance DevOps?
I have 4 years of experience in DevOps and have worked as a freelance for about a year in a DevOps consultant company. Lately, I'm not getting enough projects and I have plenty of free tine to work.
Currently, I have 20 hours a week that I can work and in May I would like to get a full-time job (fully remote)
What do I need to do to find jobs as a freelance?
Appreciate any help🙏
https://redd.it/10xulp6
@r_devops
Reddit
r/devops - Freelance DevOps Engineers help
Posted in the devops community.
AWS Fargate Lumen/Laravel (or other) application logs into Cloud Watch
Hi all,
I have a lumen application running in Fargate which writes daily rotating logs to a directory in the container. I'd like thes logs to be streamed, pushed or pulled into CloudWatch. There seems to be some amount of logging happening as part of the standard fargate setup; I see http access requests going to the lumen application on the container logs but I want to also stream the logs the application writes.
After some extensive googling I've struggled to find much help on this. I've currently got two approaches:
1. Configure Lumen's logging driver to push to cloudwatch.
2. Configure Lumen to write logs to std > out at which seems to get picked up by the standard logging for the Fargate container.
If anyone has done this or can point me at some blog posts etc it would be greatly appreciated.
https://redd.it/10xttzw
@r_devops
Hi all,
I have a lumen application running in Fargate which writes daily rotating logs to a directory in the container. I'd like thes logs to be streamed, pushed or pulled into CloudWatch. There seems to be some amount of logging happening as part of the standard fargate setup; I see http access requests going to the lumen application on the container logs but I want to also stream the logs the application writes.
After some extensive googling I've struggled to find much help on this. I've currently got two approaches:
1. Configure Lumen's logging driver to push to cloudwatch.
2. Configure Lumen to write logs to std > out at which seems to get picked up by the standard logging for the Fargate container.
If anyone has done this or can point me at some blog posts etc it would be greatly appreciated.
https://redd.it/10xttzw
@r_devops
Reddit
r/devops - AWS Fargate Lumen/Laravel (or other) application logs into Cloud Watch
1 vote and 3 comments so far on Reddit
Strategies on working on call and maintaining health.
Just recently secured a role as an Azure DevOps engineer
My worry is being sleep deprived at 3am and I know to mitigate this is by sleeping earlier but does anyone have any other strategies to fix potential late night issues(1am+) and still maintain restful sleep and not be sleep deprived? Just knowing that sleep deprivation can be extremely detriment to our physical and mental health?
https://redd.it/10zfr8l
@r_devops
Just recently secured a role as an Azure DevOps engineer
My worry is being sleep deprived at 3am and I know to mitigate this is by sleeping earlier but does anyone have any other strategies to fix potential late night issues(1am+) and still maintain restful sleep and not be sleep deprived? Just knowing that sleep deprivation can be extremely detriment to our physical and mental health?
https://redd.it/10zfr8l
@r_devops
Reddit
r/devops on Reddit
Strategies on working on call and maintaining heal... - No votes and 1 comment
x86 and arm64 runners in config.toml
Good day. I have the config.toml file with x86 runners configuration. Is it possible (how?) to add arm64 runner and make sure there will be only pipelines for arm64 executed on this runner? Thank you very much for your help!
https://redd.it/10xqw0j
@r_devops
Good day. I have the config.toml file with x86 runners configuration. Is it possible (how?) to add arm64 runner and make sure there will be only pipelines for arm64 executed on this runner? Thank you very much for your help!
https://redd.it/10xqw0j
@r_devops
Reddit
r/devops - x86 and arm64 runners in config.toml
Posted in the devops community.
In a gitops world, what does your team do to reduce cycle time for devs?
I’m asking this question largely because I’m burnt out on the workflow at my company, which involves devs opening a PR to their own repo, ci publishes their image on merge, then devs open up a PR to the repo containing develop environment helm values files. These changes get merged, and then go to a gitops repo. Some companies might merge these changes automatically, some might make yet another PR.
One change, 2-3 PRs, just to get the change on a develop environment.
This has been the case at a couple companies I’ve worked for, as a software engineer or an SRE. I get that it works, and I don’t hate it, but I doubt all companies have such a slow process.
How do you address this problem at your company? What else are you doing to reduce cycle time?
https://redd.it/10zhh0v
@r_devops
I’m asking this question largely because I’m burnt out on the workflow at my company, which involves devs opening a PR to their own repo, ci publishes their image on merge, then devs open up a PR to the repo containing develop environment helm values files. These changes get merged, and then go to a gitops repo. Some companies might merge these changes automatically, some might make yet another PR.
One change, 2-3 PRs, just to get the change on a develop environment.
This has been the case at a couple companies I’ve worked for, as a software engineer or an SRE. I get that it works, and I don’t hate it, but I doubt all companies have such a slow process.
How do you address this problem at your company? What else are you doing to reduce cycle time?
https://redd.it/10zhh0v
@r_devops
Reddit
r/devops - In a gitops world, what does your team do to reduce cycle time for devs?
Posted in the devops community.
How much do you make per year from your DevOps / Cloud / SRE job in USD?
title (in us dollars)
View Poll
https://redd.it/10xurvm
@r_devops
title (in us dollars)
View Poll
https://redd.it/10xurvm
@r_devops
Article: Setup OpenVPN access server on Kubernetes
Hey everyone! In recent article, I explain how to access internal services within a cluster through deploying a VPN and use domain names rather than IP address, with the assistance of CoreDNS and DNS rewrites. I hope you find the information useful and informative. Kindly feel free to share your thoughts and feedback.
https://levelup.gitconnected.com/setup-openvpn-access-server-on-kubernetes-bdc35ca6b6c5
https://redd.it/10zm9ku
@r_devops
Hey everyone! In recent article, I explain how to access internal services within a cluster through deploying a VPN and use domain names rather than IP address, with the assistance of CoreDNS and DNS rewrites. I hope you find the information useful and informative. Kindly feel free to share your thoughts and feedback.
https://levelup.gitconnected.com/setup-openvpn-access-server-on-kubernetes-bdc35ca6b6c5
https://redd.it/10zm9ku
@r_devops
Medium
Access Kubernetes Cluster: VPN
Setup OpenVPN access server on Kubernetes using Helm
Tools and methodologies you are using for managing K8s / cloud infra network implementation and changes
Hi,
I'm asking because a team of engineers and myself are looking for feedback on a solution we are currently creating in this realm.
From our experience, this part of infra management is one of the most fiendishly difficult and daunting parts of our jobs, with a large, varied amount of methodologies and strategies.
Any input would be appreciated!
https://redd.it/10xwhnx
@r_devops
Hi,
I'm asking because a team of engineers and myself are looking for feedback on a solution we are currently creating in this realm.
From our experience, this part of infra management is one of the most fiendishly difficult and daunting parts of our jobs, with a large, varied amount of methodologies and strategies.
Any input would be appreciated!
https://redd.it/10xwhnx
@r_devops
Reddit
r/devops - Tools and methodologies you are using for managing K8s / cloud infra network implementation and changes
Posted in the devops community.
Recommendation
Can someone please suggest which laptop to buy for devops. (Macbook Air M2 16GB RAM, Windows i7)
https://redd.it/10xk06v
@r_devops
Can someone please suggest which laptop to buy for devops. (Macbook Air M2 16GB RAM, Windows i7)
https://redd.it/10xk06v
@r_devops
Reddit
r/devops on Reddit
Recommendation - No votes and no comments
Laptop Recomendation for Devops
Hii
Just wondering which OS you guys are running for DevOps.
I am planning to buy a Laptop for Devops task but not sure whether to buy MACBook Air M2 or not.
Can someone please suggest whether to go with MACBook Air or Windows i7 since virtualization is easier on Windows machines and on MAC we might have to pay for the Hypervisor tool.
https://redd.it/10xn621
@r_devops
Hii
Just wondering which OS you guys are running for DevOps.
I am planning to buy a Laptop for Devops task but not sure whether to buy MACBook Air M2 or not.
Can someone please suggest whether to go with MACBook Air or Windows i7 since virtualization is easier on Windows machines and on MAC we might have to pay for the Hypervisor tool.
https://redd.it/10xn621
@r_devops
Reddit
r/devops - Laptop Recomendation for Devops
Posted in the devops community.
flowchart of devops stages with tools in each stage
I need to do a flowchart of devops and show which stage the tools such as git,jira and aura are used.
What is the information in github commit like commit message.
What is the information in jira ticket.
please check this document-https://docs.google.com/document/d/1EXS2\_kl5lEWj\_CbCWHFW2k7JK8wdvT8\_/edit
https://redd.it/10x1sp6
@r_devops
I need to do a flowchart of devops and show which stage the tools such as git,jira and aura are used.
What is the information in github commit like commit message.
What is the information in jira ticket.
please check this document-https://docs.google.com/document/d/1EXS2\_kl5lEWj\_CbCWHFW2k7JK8wdvT8\_/edit
https://redd.it/10x1sp6
@r_devops
Google Docs
devops.docx
Jira tickets are used in the Plan and Track stages of the DevOps process. In the Plan stage, Jira is used to define the requirements and objectives of the project, as well as to create a backlog of tasks and issues to be tackled. In the Track stage, Jira…
any zero to hero course recommendations
Hi! I'm a Junior frontend developer, but I'm thinking about shift my career to DevOps engineering. I'm a self-taught developer and I need a full course which covers very basics to advance-intermediate levels. Any Udemy course recommendations would be great.
https://redd.it/10zrvm8
@r_devops
Hi! I'm a Junior frontend developer, but I'm thinking about shift my career to DevOps engineering. I'm a self-taught developer and I need a full course which covers very basics to advance-intermediate levels. Any Udemy course recommendations would be great.
https://redd.it/10zrvm8
@r_devops
Reddit
r/devops - any zero to hero course recommendations
Posted in the devops community.
Preferred browser/search engines
This isn't really a DevOps question, per se... but I'm curious about some preferred tech choices for DevOps folks out there.
What are your preferred browser and search engine? I'm curious if I'm too paranoid about tracking and online browsing privacy. So what are all of you doing?
I'm all in on Brave and Duck Duck Go.
View Poll
https://redd.it/10wy516
@r_devops
This isn't really a DevOps question, per se... but I'm curious about some preferred tech choices for DevOps folks out there.
What are your preferred browser and search engine? I'm curious if I'm too paranoid about tracking and online browsing privacy. So what are all of you doing?
I'm all in on Brave and Duck Duck Go.
View Poll
https://redd.it/10wy516
@r_devops
Feeling like my career has stalled out, could use some advice
First, some background. I live in an area where the dominant industry is government/consulting (take a wild guess where). Unfortunately most of my professional experience is in this industry, though I have at least attempted to keep my skills relevant. Quick rundown of my experience:
* 5 years in support: Nuff said.
* 4 years in linux/web admin: This is where I got the bulk of my experience in \*nix, networking, config management, bash/python scripting, and cloud basics. However most of the work was supporting open source or commercial off the shelf apps, and I really wanted experience being on a product team. So I made a lateral move to devops.
* 3 years in devops/cloud infra: This is where I really started learning AWS, CI/CD, git, terraform, etc. But remember, still government: no containerization, mostly monolith app frameworks (rails, django, spring boot). Helped the company win a major multimillion dollar contract, got promoted twice, and ended up as a defacto team lead. I was not unhappy but somewhat bored, and I had the chance to work under a very talented ex-coworker at a bay area startup.
Currently I have been at this startup for 1 year as an "SRE". When I came onboard the release + deployment process was a nightmare (a majority of the prod deploy process still happened locally on developer laptops!), so I spent the better part of last year fixing it. Getting terraform into its own CI/CD system (spacelift), DRYing up the terraform and circle code, migrating lambdas to docker so we could have a unified build system (and stop hitting the zip file limit due to node\_modules), allowing for individual "service" deploys instead of a single monolith release, automating release notes, etc. While I wouldn't say things are perfect, things are MUCH better than they used to be.
Let me bring you to recently. My boss decided to leave the company a few months ago so I now report directly to the CTO. He's a good guy but he is a developer at heart and doesn't really know what to do with me and a more junior "SRE" coworker now that infrastructure, CI/CD, and security automation are in a reasonably good place. I use "SRE" with a heavy dose of sarcasm because reliability doesn't matter here. We have a few VIP clients who prop up the whole company but outside of them no one uses the product. The product itself is a data platform so as long as some VIP can log in and see reasonably accurate data, nothing else matters. Data issues are understandably handled by the data eng/sci team, which is an area I'm highly inexperienced in. Speaking of "services", the product is just a front end, API, and a bunch of highly coupled loosely tethered batch data processing tasks that are kicked off on schedule. Oh and to top it off we lost one of those VIP clients, did a 25% RIF, and lost our one IT guy, so now my jr coworker and I have to pick up random IT tasks.
After the RIF I decided to start applying for jobs again. My resume is senior enough to get some attention, but almost everywhere I have applied has rejected me after a first round technical screen with the hiring manager. I'm trying to get feedback but I think it boils down to not having enough general SWE experience for startups who dont need someone doing IaC 100% of the time. And not having any k8s or "microservices at scale" experience is cutting me out of mid to large orgs. So I'm now faced with the terrifying reality of a golden handcuffs situation with my current employer and I'm not sure what to do.
1. Go back to government? The bar is lower, the money is good, but I assume you've all read this post: [https://www.reddit.com/r/devops/comments/10yw7sm/question\_for\_any\_of\_you\_that\_work\_in\_the\_fedgov/](https://www.reddit.com/r/devops/comments/10yw7sm/question_for_any_of_you_that_work_in_the_fedgov/)
2. Take a pay cut to get a more junior/mid SRE position to gain k8s experience? That would hurt like hell as my wife has health issues and can't work full time, I'm the breadwinner.
3. Move into a lateral position
First, some background. I live in an area where the dominant industry is government/consulting (take a wild guess where). Unfortunately most of my professional experience is in this industry, though I have at least attempted to keep my skills relevant. Quick rundown of my experience:
* 5 years in support: Nuff said.
* 4 years in linux/web admin: This is where I got the bulk of my experience in \*nix, networking, config management, bash/python scripting, and cloud basics. However most of the work was supporting open source or commercial off the shelf apps, and I really wanted experience being on a product team. So I made a lateral move to devops.
* 3 years in devops/cloud infra: This is where I really started learning AWS, CI/CD, git, terraform, etc. But remember, still government: no containerization, mostly monolith app frameworks (rails, django, spring boot). Helped the company win a major multimillion dollar contract, got promoted twice, and ended up as a defacto team lead. I was not unhappy but somewhat bored, and I had the chance to work under a very talented ex-coworker at a bay area startup.
Currently I have been at this startup for 1 year as an "SRE". When I came onboard the release + deployment process was a nightmare (a majority of the prod deploy process still happened locally on developer laptops!), so I spent the better part of last year fixing it. Getting terraform into its own CI/CD system (spacelift), DRYing up the terraform and circle code, migrating lambdas to docker so we could have a unified build system (and stop hitting the zip file limit due to node\_modules), allowing for individual "service" deploys instead of a single monolith release, automating release notes, etc. While I wouldn't say things are perfect, things are MUCH better than they used to be.
Let me bring you to recently. My boss decided to leave the company a few months ago so I now report directly to the CTO. He's a good guy but he is a developer at heart and doesn't really know what to do with me and a more junior "SRE" coworker now that infrastructure, CI/CD, and security automation are in a reasonably good place. I use "SRE" with a heavy dose of sarcasm because reliability doesn't matter here. We have a few VIP clients who prop up the whole company but outside of them no one uses the product. The product itself is a data platform so as long as some VIP can log in and see reasonably accurate data, nothing else matters. Data issues are understandably handled by the data eng/sci team, which is an area I'm highly inexperienced in. Speaking of "services", the product is just a front end, API, and a bunch of highly coupled loosely tethered batch data processing tasks that are kicked off on schedule. Oh and to top it off we lost one of those VIP clients, did a 25% RIF, and lost our one IT guy, so now my jr coworker and I have to pick up random IT tasks.
After the RIF I decided to start applying for jobs again. My resume is senior enough to get some attention, but almost everywhere I have applied has rejected me after a first round technical screen with the hiring manager. I'm trying to get feedback but I think it boils down to not having enough general SWE experience for startups who dont need someone doing IaC 100% of the time. And not having any k8s or "microservices at scale" experience is cutting me out of mid to large orgs. So I'm now faced with the terrifying reality of a golden handcuffs situation with my current employer and I'm not sure what to do.
1. Go back to government? The bar is lower, the money is good, but I assume you've all read this post: [https://www.reddit.com/r/devops/comments/10yw7sm/question\_for\_any\_of\_you\_that\_work\_in\_the\_fedgov/](https://www.reddit.com/r/devops/comments/10yw7sm/question_for_any_of_you_that_work_in_the_fedgov/)
2. Take a pay cut to get a more junior/mid SRE position to gain k8s experience? That would hurt like hell as my wife has health issues and can't work full time, I'm the breadwinner.
3. Move into a lateral position
Reddit
r/devops - [NSFW] Question for any of you that work in the FedGov
116 votes and 81 comments so far on Reddit
in solutions architecture or security engineering? This is what I'm considering most as there seems to be less competition for these types of jobs.
https://redd.it/10zv95a
@r_devops
https://redd.it/10zv95a
@r_devops
Reddit
r/devops on Reddit
Feeling like my career has stalled out, could use some advice