Refreshing knowledge on web app deployment (CDN, load balancers, DDoS protection, etc)

I've worked at big co's for 10+ years where all of this stuff was taken care of by separate team(s). Now I find myself at a seed stage startup and we're gearing up to launch our product.

I haven't done this in years (no time for side projects anymore, kids etc) so I'm keen to brush up on the latest best practices and so on.

We're on GCP, and deploying a typical react FE (with SSR) and a BE API. Everything is currently on some canned Cloud Run domain behind an auth wall. So the upcoming work is to productionise the public-facing infrastructure.

https://redd.it/1106hu5
@r_devops

Dynamic Version number in a pipeline

Hi!
So a developer recently updated a project to python 3.10 from 3.7 - obviously that made the pipeline fail because the python docker image was based on 3.7. For our python projects we use poetry and define our dependencies and python version in a toml file.
My idea was to parse this toml and fetch the python version needed and store this as a variable and pass this to the docker image tag.
Do you think this is a future-proof approach or would you solve it in a different way?

https://redd.it/10yjtxl
@r_devops

A convenient way for backing up and restoring your installed packages

Do you ever change your laptop/computer and wish that there was an easier way to reinstall all your packages from popular package managers such as Homebrew, etc. As a developer, it's redundant to always reinstall my Homebrew packages.

PRP CLI tool: https://github.com/Liopun/prp

This tool is a solution for automating restoring/reinstalling your Homebrew packages. All you have to do is run the tool on your current system and that gives you full portability of your Homebrew packages.

It saved my day!!!

https://redd.it/10y7bzv
@r_devops

Food Order App and Eks

Should i use spot instances or on demand for a eks cluster im deploying an food order app .

https://redd.it/110an97
@r_devops

USING CI/CD to test multiple layered applications

So far, I’ve used CI/CD to build and deploy simple web projects, like Flask with its own web server, or SSG. Testing is pretty straightforward: you spin up a container, run unit tests and if you’re happy go ahead and deploy it.

What if you have a more complex stack, like Java+NodeJS? Do you build a single container with everything (doesn’t sound good to me), do you spin up multiple containers (or even clusters) on the fly for unit testing, or what?

Sorry if my question is too basic, haven’t found much on the Internet.

https://redd.it/110bfsg
@r_devops

Deployment scripts vs individual CD steps

Which do you prefer to use in your CD pipelines?

View Poll

https://redd.it/110cp32
@r_devops

Suggest container Linux distro go to deploy Kubernetes on a Bare Metal Server

Understand that bare metal isn’t always the best deployment approach for Kubernetes, the highest reason is simply that we need to spend lowest cost, our team cannot afford GKE or AWS EKS. I'm not biggest head here, but I have permission to choose solution, and I willing to deal with headache. We used to run Docker on Debian hosting, then now moving to container distribution option. I searched then get too much option to consider.

Now I'm still wondering with Alpine or Fedora CoreOS. And sad that I don't have any compare matrix with clear criteria. We're just heading to a stable option with less critical bug, as least as not crash frequently also easy to automate process in the future. What's your suggestion option for production workload? And is there any special note when we pick this option at all?

https://redd.it/110bts6
@r_devops

How do I push a specific image to a specific repository on Docker hub?

I’m a relative docker noob. I have several images on my machine, which I have seen when I run docker images. In particular, the first two lines of the output are as follows:

​

|REPOSITORY|TAG|IMAGE ID|CREATED|SIZE|
|:-|:-|:-|:-|:-|
|flask-app|v1.1|8aadfefa0b2d|28 minutes ago|118MB|

I also have several repositories on Docker hub.

So, the question is: how do I push the image flask-app to a repository named flask-repo? What is the exact syntax to use for this? I’m really confused by all the slashes and colons required when I read the docs. The docs also seem to assume there’s only one image on my machine, but like I said, I have several: how would docker know which one to push?
Another bonus question, isn't "flask-app" the name of my image? I didn't create any repositories on my machine, they're on Docker hub. What's the difference between an image's name and it's tag? Which is more important?

https://redd.it/110ds77
@r_devops

A self hosting app to create one-time shareable secrets.

https://github.com/rpgeeganage/ots-share-app

I created this in last couple of days. I was let go from my software engineering job 2 weeks ago, I started building this last week while preparing for interviews.

1. Creates shareable links which valid for a maximum of 24 hours.
2. The contents are encrypted with AES in CBC mode, with a 256-bit key. (Using Crypto-js)
3. Passwords are NOT sent to the backend server.
4. The app periodically deletes encrypted content after it expires, and the encrypted content gets deleted once the web UI fetches it.

https://redd.it/110csxv
@r_devops

How do you request and manage certificates on the application gateway level?

Long story short: We use cert-manager to generate TLS certitifates. Works perfectly. The problem is that I need the certificate at the Azure Application Gateway (TLS/SSL termination past the gateway) level, which in turn requires the certificate to be present at the Azure Key Vault.

Right now we are manually logging in with a service principal and push the certificates into Azure Key Vault. The entire process includes > 100 lines of code to just copy a certificate into the key store. Isn't there an easier way?

Seems like there should be an easy solution to this, but I can't seem to find any...

https://redd.it/110bi53
@r_devops

EBay watcher/ view bot


Hi, is there a view bot that increases your views on your listing, in order to boost it and reach more people? I don’t know much about coding and any help is greatly so appreciated. Please guide me if this is not the appropriate sub for this question.

https://redd.it/110cm3p
@r_devops

How to build a release from a fork on GitHub using Actions?

I am trying to build a fork of Deno on GitHub using Actions. Specifically I have commented lines in Cargo.toml to not include features that will not be used in the resulting deno executable. This is my first edit excluding certain features

[workspace]
resolver = "2"
members = [
#  "bench_util",
  "cli",
#  "cli/napi/sym",
  "core",
  "ops",
  "runtime",
  "serde_v8",
#  "test_ffi",
#  "test_napi",
#  "test_util",
#  "ext/broadcast_channel",
#  "ext/cache",
  "ext/console",
  "ext/crypto",
  "ext/fetch",
#  "ext/flash",
#  "ext/ffi",
  "ext/http",
  "ext/net",
  "ext/node",
  "ext/url",
  "ext/web",
#  "ext/webgpu",
  "ext/webidl",
  "ext/websocket",
#  "ext/webstorage",
#  "ext/napi",
  "lockfile",
]
# ...

and so forth.

I have essentially no experience using Rust or GitHub actions. Is this possible? What do I need to do to build a release that I can download locally to test? Thanks.

https://redd.it/110m71x
@r_devops

Kubernetes: converting terraform deployments and resources to something better, like helm?

Hello /r/DevOps :)

Our predecessors have used terraform for everything. its not bad, but we do have to keep messing with the "state" of application deployments, configurations and associated settings inside kubernetes. It's not really a nice way to handle these things.

What I'm after is a useful tool that would help us convert these deployments to a helm chart.

The way we see it is that helm would suit us better should we decide to use something like flux or argo in future, but it seems like a lot of work to manually roll our own helm charts with values etc.

https://redd.it/110o1ka
@r_devops

Will working on one cloud platform pigeonhole me?

I've got experience with AWS and Azure, more on the Azure side. I've just accepted a new role which is Azure with a bit of on-prem. Do you think working more on Azure for a couple of years will make it harder for me to get a job that's AWS in the future?

https://redd.it/110p0hr
@r_devops

Is there anything you would improve?

FROM node:14-alpine

WORKDIR /app

COPY package*.json ./

RUN npm install

COPY . .

EXPOSE 1337

CMD [ "npm", "start" ]

What can I add to this simple node container? Could you provide a list of things I could add to this to make it more usable or improve performance?

https://redd.it/110w1ft
@r_devops

Question about Docker Compose for a project on remote machine

Hello! I have a project with a docker-compose.yml file and it runs locally without any problems since the code is located on a local machine but I want to run it on a remote host, preferably without placing there the whole source codebase.

Googling I found some suggestions to that but I'm struggling to get which solution is what I should go with or maybe there is even a better approach:

1) just upload it to registry and then docker pull it on a remote machine. The drawbacks here apparently are that free hub is limited space-wise and that I will also have to modify docker-compose.yml for a remote machine (right now it specifies where to find Dockerfile for each service, for remote it seems I'd have to use image: myname\myimage instead)

2) use docker context, create remote context, docker context use remote, docker compose up -d and it will be uploaded to a remote machine. Nice but very slow for some reason...

3) save images locally \ load them on a remote machine after transferring them over scp. I can't explain why but I have that gut feeling it's not a good approach while technically it could work

4) git clone the entire project to remote and then docker compose up. Simple, will work, but I don't want to move codebase over there, it's not necessary to have all the code to serve an app

5) use known and esteemed tools for orchestration. Overkill for my goal so I think

https://redd.it/110wskq
@r_devops

Terraform scripts

Just wondering the good practice in other companies, do the dev needs to write the Terraform infra code for their own project or the DevOps guys takes care of that?

https://redd.it/110xb3p
@r_devops

SOS: Laid Off, Possible Internal Transfer to SWE/DevOps role

Hey everyone, I need some help deciding my future. I was laid off in mid Jan, but am in the company system until Mar 1st. I was working as a full stack developer. I have 8 years of experience. I also have SOME experience with DevOps, mainly setting up CI/CD pipelines (build, testing, deploy) for some smaller projects. I have minimal experience with setting up observability.

A manager from another team looked at my resume and submitted me for a role working as a senior software engineer with a focus on DevOps. I would be working on the core product (building CRUD APIs, AWS lambdas, etc…), but I would also be the go-to for setting up observability, alerts, and the design of SLO/SLI for the applications in our AWS environment as well as setting up the CI/CD pipelines.

With my limited experience in DevOps/SRE, is this a role I would crash and burn in? Or is it trivial enough to setup observability and get comfortable within a few months (1-2)? I’m horrified at the idea that I would be the go-to person for that. If the situation was reversed-an Ops person with limited development experience being thrown into a development-heavy role, I’d expect that person to struggle for about a year, especially as a go-to.

I’m going through many emotions with my layoff, but I’m pretty much looking for “DevOps is non trivial given your background, you should not be the go-to for that stuff, you will destroy your team” or “with your experience, it should be pretty simple and you’ll be flying in no time”. Thank you, everyone 🙏

https://redd.it/110xbma
@r_devops

Linux Skills

Hi. Can someone suggest some good resources to learn Linux for DevOps Engineers?

https://redd.it/110yeb6
@r_devops

Start a bat file remotely which never returns anything (jmeter-server.bat)

So we are doing distributed testing of our web-app using JMeter. For that you need to have the jmeter-server.bat file running in background as it acts as sort of a listener. The problem arises when one of the slave machine out of 4 restarts due to the load and the test is effectively stuck right there as the master machine expects some output from the 4th machine. Currently the automation is done via ansible-playbooks which are called in Jenkins. There are more or less 15 tests that are downstream to one another. So even if one test is stuck, the time is wasted until someone check on the machines.

Things I've tried so far:

1. I've tried using the Windows Task Scheduler and kept the jmeter-server.bat to run without any user loggin in, but it starts the bat file in background which in-turn spawns all the child processes in the background as well i.e. starts Selenium Chrome in headless mode.
2. I've tried adding the jmeter-server.bat in startup and configuring the system to AutoLogon without any password to trigger a session which will call the startup file. But unfortunately the idea was scrapped by IT for being insecure.
3. Tried using the ansible playbook by using the win_command but it again gets stuck as the batch file never returns anything.
4. Created a service as well for the bat file, but again the child processes started in background.

https://redd.it/110xtz8
@r_devops

Moving on from Opensearch. What do I do with the historical logs/data?

Started using a lot of ELK, AWS, Opensearch for my personal project. With the scale I have (not a lot), I have migrated my present sys to GCP.
I have a years worth of system log data in Opensearch. I would ideally love to keep the data but can’t figure out the best way.

I can S3 cold store it but I wanted to see if I can store that on some tools I already use - Loki or Google cloud tools?

What would the pros and cons be here?

https://redd.it/11122t8
@r_devops