CodeSmash - Building in Public - Add Stacks to the Canvas

https://youtu.be/aBT0qPnl42U

Getting closer to the MVP! This time, we show how you can add AWS resources to your canvas and make them part of your stack.

https://redd.it/112n6c4
@r_devops

optimize devops using machine learning

What are some of the ways the devops process can be optimized using machine learning?

Has anyone seen any research papers on this topic where data from git or jira or similiar tools is used as input in machine learning models to optimize devops?

Can't find any such research papers

https://redd.it/112t2aa
@r_devops

Working using a in-house tool at early career stage

Background-
Hello, Junior DevOps Engineer here ( atleast by profile name ) and I have been using only an inhouse platform tool for infra provisioning since the start of my career ( aug, 2021 )
I do use various other tools and tech aswell in my day job ( jenkins, AWS, nexus, git etc ) but my majority of my work is using a inhouse framework that uses terraGrunt for infra provisioning and it has the end product are K8s pods which run the infra ( there is a lot of things in between but it’s all learned from the platform team and not researched by me ) been like this in my 1.5 years exp.

Question - Is it good for my career and upskilling in long term ( I’m 23 years old) to be using this tool for so long and also going forward or is it not a good thing for a newbie.
Out of all the things I do, I’m best at running this tool.


PS. Sorry for my english, it’s my second language

https://redd.it/112spgz
@r_devops

What do you use for DDoS prevention on your Kubernetes cluster?

I've been researching a Firewall for our GKE cluster, mainly for DDoS prevention and I haven't seen anything but Google Cloud Armor, I've tried Falco and it seems it doesn't detect DDoS -or I couldn't get it to do so", so what are you using for your clusters?

https://redd.it/112utrq
@r_devops

Are we gonna see end of ops in Devops.


I often learn that in Devops - developer roles / jobs seems to be more important and a necessity for Devops role to exits and devops engineer seem to know more about ops and it's associated networking etc..

https://redd.it/112vj5d
@r_devops

Deep Dive into open-appsec Machine Learning Technology

https://www.openappsec.io/post/deep-dive-into-open-appsec-machine-learning-technology

https://github.com/openappsec/openappsec

https://redd.it/112vc6e
@r_devops

Fiberplane Providers: Open-sourcing our plugin system to connect to observability tools

Hi, my name is Arend and I’m one of the engineers at Fiberplane. We’re excited to share that we’ve open-sourced our plugin system, which lets you connect your favorite SRE tools to Fiberplane. Prometheus, Elasticsearch, and Loki are already plugged in, with CloudWatch and Sentry providers now being developed in the open.

Fiberplane is an incident resolution tool. In a Fiberplane notebook, you can debug infrastructure, resolve incidents and run postmortems while resolving incidents. You can stream output from your terminal straight into notebooks using the fp CLI command and display graphs and query logs straight from Prometheus, Elasticsearch, and Loki. Fiberplane also comes with templates that let you generate runbooks.

Fiberplane Providers compile to WebAssembly and can run both in the browser and in the Fiberplane Daemon, which you can install inside your Kubernetes cluster. Now that our entire provider stack is open source, you can create custom integrations with observability, monitoring, and CI/CD tools, issue tracking, and version control.

To ease the creation of custom providers, we’re also open-sourcing our Provider Development Kit (PDK), written in Rust.

What integration would you still like to see?

https://fiberplane.com/blog/opensourcing-providers

https://redd.it/112xyl4
@r_devops

Nexus HA free alternative

On our company, we use Sonatype Nexus regularly and while it works perfectly, there's no High Availability option of it for free.

Can you guys recommend me any alternative that covers these requirements?

https://redd.it/112xymh
@r_devops

How long should your PR tests take?

I have a process which will build and deploy our entire application to an ephemeral build server and execute some automated API test cases against the application, the entire process takes about 22 minutes

To me, having a full battery of tests cases executed against your PR in a way that developers are unable to do locally (devs cant run the full application locally because of memory constraints) totally justifies the 22 minute wait time, it has already demonstrated value because our daily build test cases are failing less frequently and we catch things earlier. At least one of the senior devs on my team disagrees with my position.

but is 22 minutes too long? heck lets just round up and say 30 minutes. how long does it take a developer to create a PR, have it tested, and merge it in on your team?

https://redd.it/112zqwx
@r_devops

Which frontend framework do you mostly use?

I know DevOps is mostly backend but every once in a while there is a need to do some front end stuff, which frontend framework do you all mostly use?

https://redd.it/113132o
@r_devops

Creating a Platform for internal use of developers

Not sure if this is the kind of work that a DevOps engineer do, because currently the company that I'm working with is they would like us to create a platform that the developer will be using to enhance the developer experience can you provide any insight on this.

https://redd.it/112zv20
@r_devops

Why are people using Terraform Cloud? I may be missing something, but why can't terraform just be run in GitHub Actions?

I feel that for 99% of companies, a terraform runner fundamentally only needs the following flow:

1. Run terraform plan on every PR
2. Run terraform apply on merge to master/main branch.
3. Handle of concurrency by queuing multiple applies together.
4. Terraform secrets can be handled using GitHub Secrets.

I created a demo repository [https://github.com/motatoes/tfcloud-alt\] and it seems to work just fine. What am I missing?

https://redd.it/1133ktw
@r_devops

Help me understand why is MDM needed

The mid-size company I work for several years now has recently started pushing more IT management software on all employees.
We as DevOps have admin permissions on basically everything, so in my personal view, an MDM software/agent installed by the IT dept running under root only adds a potential attack vector, in case it's compromised.

I just honestly don't understand what sort of added value is there by having a 3rd party agent running as root on my MBP. If the laptop is stolen, the disk is encrypted, so I find the 'remotely wipe the disk' argument weak, and I believe you could also just do it from iCloud anyway(?)

I get the argument of treating the work computer as that, company property, but that does not explain why it's needed.
I most certainly don't need an IT support, I don't need an IT guy silently installing random crap, and having an agent running as root on my machine makes me feel as if I have a piece of malware installed.

Anyway, maybe it's just my OCD, but i'd like to hear your thoughts on this. And if you have any example for how it objectively has any benefit for me, the company or otherwise. (What problem does it solve, and/or what does it improve)

If the company trusts DevOps with permissions to wipe out entire production environments, but not to self manage a laptop is kinda bizarre imo.

https://redd.it/1134ku2
@r_devops

VPS provider with terraform support and firewall solution

Hey everyone!

I'm looking for the second VPS provider like Hetzner, which I really love for prices and tech stack support

​

Whould you recommend some besides big ones that has good support for terraform, keep prices on Hetzner level, has own firewall solution and servers are not located in US?

​

Which I should consider? Thank you very much in advance, I really stuck on this one

There are companies like Kamatera - everything is great but price x3-x4 comparing to Hetz

https://redd.it/112sje1
@r_devops

Unpopular opinion: I like ads in this sub

Whenever someone tries to advertise their product here people point them out like it's something bad, or try to find out if they have commercial intentions. Well, why is it bad?
These posts turn out to be the most interesting to me. I don't care that someone tries to make money, and here's why:

What's good in these posts is that there is an ops problem and a possible solution to it. It exposes me to either problems I haven't thought about before or solutions I can continue to think about on my own. Nobody forces you to buy any of these products, the ideas themselves are just nice to look at, and yes, even seeing examples of how people pitch those ideas so one day I might pitch my own.

https://redd.it/1138sws
@r_devops

How do you test k8s works as expected after automatic image updates?

I am setting up automatic dependencies update for some packages I use (NPM) using Renovate, and it will auto merge unless the CI is not passing. I have set up a test in CI so that I can detect failure after upgrading packages.

But for external images that I use in K8S, how can I test that they work after I have automatically upgraded them? Specifically I want to know if all nodes would run fine after an upgrade.

https://redd.it/113ahb8
@r_devops

How to handle non-existent on-boarding

Hey all,

I've recently started a new job and I'm having a lot of trouble getting going, it's been 3 and a half months and I feel next to totally useless. Their has basically been 0 on-boarding which makes contributing exceedingly frustrating, I am constantly getting blocked and rely on calling in team members for help. Ironically when I have contributed it's because other teams actually have documentation and I'm able to use it to make some sort of impact.

I get the feeling that since I'm a senior DevOps Engineer they expected to just give me tasks and have me solve them. I feel like since I'm totally new to this system, my knowledge has little to no overlap with their systems, and I'm having to attempt to educate myself entirely on my own this feels very unfair.

Really unsure how to handle this, never been in a situation where there is really 0 documentation for a system. Also 90% of it is on Windows machines which I've never used in a production DevOps environment so I want to rip my hair out all the time.

https://redd.it/113bhw4
@r_devops

Deploy AWS Lambda from S3 vs docker Repo

Was wondering if anyone had opinions on lamdas deployed from zipped code on s3 vs a docker image lambda function from ECR or Docker Hub.

The images seem quite large, but I have liked working with developers with images, so we don't have to worry about code working once deployed (at least not that much). However, the images are pretty big and take a long time to upload during the deploy step.

Anyone who has used zip files from s3 to deploy lambdas can you let me know how zipped files are organized on s3 and what has/has not worked for you?

Going to post this to r/AWS as well, since it is kind of specific to AWS.

https://redd.it/113cfls
@r_devops

what are the top 5 services - in AWS - a devops engineer must know in and out

There are hundreds of services in AWS, if we are to learn for a devops role, what are the top 5 services a devops engineer must know. It is obvious that it depends from company to company. You could say what are you top 5 services that you have used or think you should know or your company uses.

https://redd.it/112mqcm
@r_devops

Q about Salaries and Layoffs in Tech

When big tech companies are doing layoffs, are salaries a big consideration in who they layoff - or are they just laying off whole teams? The main question I have is - can you help protect yourself during times of layoffs by not being greedy with salary? In other words, if you don't push and scheme for maximum salary, will you be viewed as "a great bargain" and more likely to be kept on board?

https://redd.it/113ezrx
@r_devops

Folks who implemented Istio...

What were the big challenges you encountered while implementing Istio?

https://redd.it/113epl2
@r_devops