Deploying Laravel with Docker, Nginx, Let's Encrypt SSL and Supervisor

Hey redditors! Help Needed!

I am very new to containerizing approach of deploying applications. I am trying to deploy my Laravel app to Azure using Docker and ACI. I couldn't find any well explained articles or articles matching my requirements of deployment.

I am actually trying to setup a proper DevOps pipeline, with sequence being: I push my code to GitHub, Run GitHub Actions, Build Docker Image, Push to ACR and Pull in ACI.

I attempted to build the Laravel docker image in my local environment with Nginx and Supervisor in a single image and it works well. But now I want to use automated Let's Encrypt SSL in my Nginx server. If I rebuild the image every time requesting a new SSL certificate for my server with `certbot` that wouldn't be a right idea, right? So, what is the best way to do it?

https://redd.it/114e3z8
@r_devops

Sagemaker for production services? xpost from r/aws and r/dataengineering

I need to spin up Sagemaker resources (which ones exactly TBD) for the ML folks on my team. They will be building out a new backend service that will be plugged into the rest of our application stack. We'll likely run it inside an ECS cluster on GPU instances. . .

However, I noticed that Sagemaker can be wired up with https endpoints out of the box. I've used a bunch of AWS services over the years and let's just say, I'm not the biggest fan of some of them especially the all-in-one solutions like Amplify and AppSync or dear lord, Elastic Beanstalk.

I feel like I'm going to hit limitations with Sagemaker that will drive me crazy while I am quite familiar with deploying an ALB fronted service running on ECS (or EKS but ECS makes more sense for what I'm doing).

tl;dr any reason I should stick with Sagemaker endpoints? My spidey sense is tingling.

https://redd.it/114iuun
@r_devops

I don’t know if this is a golden opportunity or a scam…

Hi all,

First time poster here. I haven’t been focused on devops at all, instead studying heavily for the past almost 2 years to be a full stack web developer. I recently moved to a new city and went to a local Jr developer meetup looking to network.

While making my introductions, I admitted I had taken a long sidetracked route to learn a good deal about bash scripting, vim configuration, and understanding the workings of my systemd-less Linux distribution.

I also talked about currently working with an old friends startup which works with VueJS, MariaDB, knexjs, ObjectionJS, HapiJS, Docker, and NodeJS. Although technically this constitutes my first web dev job, I am still very very green.

Apparently all my nerd talk caught the ear of a senior devops engineer who was in attendance. He suggested we meet to talk about a possibility of working in devops instead of web development. Prior to this conversation, I had only heard about devops in passing, and hadn’t really investigated the field.

While I was very amicable with the engineer in question, I couldn’t help but feel like something is amiss. Granted I enjoy working at the command line and know the basics of ssh, bash, git, and the other tech I mentioned above, but I’m not even close to an expert. He seemed highly interested in somebody who had a passion for working at the terminal, regardless of their skill level.

He said there simply wasn’t enough people who knew even a small amount of these sorts of subjects, and he wanted to meet one on one with laptops in hand to see what I knew and what I was passionate about. This all sounds good, but I am on guard a bit because I wonder if I’m being scammed or if something else is amiss.

Are there any red flags in what I’ve described here? Don’t get me wrong, I’m going to meet with this fellow again to see what he’s looking for and if he’s seriously interested in possibly employing me, but I’m getting serious too good to be true vibes.

Any advice and/or constructive thoughts are appreciated. Thanks in advance.

https://redd.it/114m7tw
@r_devops

Can I generate keypair directly in terraform?

Hey all,

I need to create and import keypair in an instance that I'm creating with terraform. Ideally, the keypair should be created in terraform and imported to the newly created instance.

​

Thanks.

https://redd.it/114plwh
@r_devops

How many of you use twingate for accessing cloud environments or homelabs?

Recently someone recommended me twingate as a solution for accessing non-public resources in cloud environments. On the surface it seems like great alternative for things like wireguard, openvpn, ipsec, pritunl etc. which give you access to all protected network, and for things like tailscale/zerotier which give you access to only things with clients installed. Twingate can give access selectively for each user. Ive seen that people use it even for accessing their homelabs (NASes).

But i would like to hear other opinions about them, whether the company is trustworthy, whether they passed some security audits, things like that. Just to be sure that im not installing some trojan horse in networks which supposed to be protected.

https://redd.it/114mpcq
@r_devops

what do you do on a daily basis as a devops engineer?

Trying to understand how it varies based on company, role, experience and location. Please be as comprehensive as possible.

https://redd.it/114siyp
@r_devops

Outdated Default AWS IAM Policy Language Versions in Multiple AWS Services

https://www.cloudquery.io/blog/outdated-aws-iam-policy-language

​

Disclaimer: I'm the author. We did research on all AWS services that support the IAM policy language to look for outdated default versions that change interpretation of the IAM policy JSON.

https://redd.it/114us7r
@r_devops

Top 15 Kubectl plugins for security engineers

We have grouped in [this article the list of Kubectl plugins](https://sysdig.com/blog/top-15-kubectl-plugins-for-security-engineers/) that we strongly feel will be very useful for anyone, especially security engineers.


* Stern plugin
* RBAC-tool
* Cilium Plugin
* Kube Policy Advisor
* Kubectl-ssm-secret
* Kubelogin
* Kubectl-whisper-secret
* Kubectl-capture
* Kubectl-trace
* Access-matrix
* Rolesum
* Cert-manager
* np-viewer
* ksniff
* Inspektor-Gadget

Any that you miss?

https://redd.it/114me28
@r_devops

Advice on requesting to move back to previous role?

Hi All -

Curious if anyone has been in a similar position. I recently (6 months ago) moved to a new team internally to my company, but it's just *ok*. I thought this would've been a good move career wise, but I feel like my old role is still a better fit for me.

Is it in bad faith to reach back out to my old manager? They were quite upset that I had left the team, and really wanted me to stay. This is all internal in the same region if that matters.

Thanks!

https://redd.it/114x1yy
@r_devops

Comparing deployment pipelines using templating with GitOps

Greetings.

I have a setup with templated value files for Helm charts, prior to install/upgrade. That way the configuration repository just needs global yaml value files used for any project with any structure of their values.

Using it for shared annotations, labels, tolerations etc.

I'm wondering if anyone has experience or suggestions for to go about that in context of GitOps with pull mode like Argo CD.

Would you keep templates and push rendered files to git, or are there options available that remove need for templating without too much duplication?

https://redd.it/114icda
@r_devops

Industry standard on Terraform drifts

TLDR: What is the industry standard on detecting and handling drifts in terraform source code? What are the advantages and disadvantages of having VMs adhere to source code?

https://redd.it/1150fgp
@r_devops

Alerting. Prometheus Alertmanager vs Grafana Alerts

When setting up alerting for your infrastructure, do you find it better to use Alertmanager or the native alerting in grafana?

https://redd.it/1152z00
@r_devops

tearraform

Where to keep up with lates formating of terra form like for aws ? what is the best tool to write terra form. It seems lots of git projects have dated examples.

https://redd.it/11559ul
@r_devops

Streamline Cloud Governance with Cloud Custodian

# Looking to take control of your cloud environment? Check out our latest blog post on unlocking the power of cloud governance with Cloud Custodian. Learn how this open-source tool can help you address security, compliance, and cost optimization in your cloud environment.

https://medium.com/@arshad.zameer/unlocking-the-power-of-cloud-governance-with-cloud-custodian-why-you-need-it-b09eb831396b

https://redd.it/115634g
@r_devops

Real Shell scripts - to learn?

Where can I find shell scripts of real projects for learning purposes, I've been upgrading myself with shell scripting and I want to see others scripts for better understanding.

https://redd.it/1156wiw
@r_devops

Alternative to virtual-box on M1 macs for chef

Hi DevOps experts, I am wondering what would be an alternative to VirtualBox that can be used with Chef to run `kitchen verify` commands?

https://redd.it/115a1kh
@r_devops

Secretless Broker — Thoughts?

Ran into this GitHub repo for a secretless broker but seems like it didn't really catch on: https://github.com/cyberark/secretless-broker#using-secretless-broker-with-conjur-open-source

Idea seems to be for an application to proxy requests through a "secrets broker" with access to secrets from a vault that can then make a response to a resource like database and return the response back to the application.

This way, the application itself never has access to the secrets.

https://redd.it/115b3ui
@r_devops

Building Better CI/CD Pipelines

Wrote down some thoughts on pipelines, talking about


* When to run pipelines
* Caching
* Docker in Docker


[https://www.infrastructureposts.com/p/e5-building-better-cicd-pipelines](https://www.infrastructureposts.com/p/e5-building-better-cicd-pipelines)

https://redd.it/115c5az
@r_devops

Hikaru 0.16.0b released

Hikaru 0.16.0b adds support for Kubernetes 24.x, 25.x, and 26.x, along with their associated Python clients.

Hikaru provides a variety of tooling to work with Kubernetes configs in Python, YAML, or JSON, allowing you to move smoothly between each of these representations, and can also use the Python representation to directly interact with Kubernetes. Hikaru helps you migrate from YAML, easily create watches, detect changes in configuration, and more. You can find out more Hikaru here at the PyPI page:

https://pypi.org/project/hikaru/

...at the Github repo:

https://github.com/haxsaw/hikaru

...or read the full doc at ReadTheDocs:

https://hikaru.readthedocs.io/en/latest/index.html

https://redd.it/115d4k2
@r_devops

Is it a good idea to just use all the tools from one vendor or mix and match?

So I really like the Hashicorp stuff and to me it seems to make a lot of sense that if I’m using some of their stuff and I want to do something else that they have tools for to use that. For example, I’m using packer to create images. It seems to make sense to use terraform over cloud formation if there is only slight benefits of cloudformation over terraform (not sure if there are)

Is there a benefit when looking for other DevOps that they’re all hashicorp or was or whatever vendor? Or is it better to mix and match?

https://redd.it/115cv22
@r_devops

Free, selfhosted CI/CD with artifact storage

I am planning to use Concourse CI to build my application. After building, I need somewhere to put it, so I can get a download link.

For GitHub, it's just a matter of uploading the artifact and it's done and ready. GitLab is the same. And guess what? You can host GitLab! Except you can't mirror GitHub to GitLab (Pull) without paying 20 USD/month...


Can someone guide me through this? I feel like I have looked everywhere and nothing suits my needs.

https://redd.it/115eszc
@r_devops