Any global generic "pull through cache" for container images on kubernetes?

I've searched the internet and found solutions that are based on the fact that Kubernetes nodes run the docker daemon (since 1.24 they don't) and it's only for Dockerhub registry itself. So they ask you to run a local mirror and configure the Kubernetes nodes to use a local registry as a pull through proxy. However, what i'm looking for is to add a layer on Kubernetes that will "fool" pods that go outside the cluster to go first through this mirror proxy that will cache those images they are requesting if they don't exist. This can make pulling much faster and reduce rate limiting to docker.io and cache images across regions from any other registry.

Did anyone implement this solution? any ideas? can the problem I'm trying to solve be solved in another way?

EDIT: MutatingWebhook that will override all pod image definitions into Harbor proxies may seem like a viable solution but it's a bit of over-engineering

https://redd.it/1176yk2
@r_devops

Cgroups - Deep Dive into Resource Management in Kubernetes

Hi /r/DevOps,

Today I published an article titled "Cgroups - Deep Dive into Resource Management in Kubernetes", where I explain how resource allocation works in Kubernetes in-depth - from resource requests/limits in YAML PodSpec all the way to systemd and cgroups filesystem.

Here's the link: https://betterprogramming.pub/cgroups-deep-dive-into-resource-management-in-kubernetes-5970e23620f2

Feedback is very much appreciated!

https://redd.it/11779rq
@r_devops

Spot.io ? Rolls don't work at all

Did anyone of you fellow gentlemen faced such issue :D ?

I have a simple cluster with one node-group that has two nodes :D

I'm asking Spot.io to Roll by 50% batch, so two batches of nodes.

There is not really much running in the cluster.

And best I can get is a debug info that:

"Unable to find a matching configuration for the new node"

And nothing happens. Is their service just really bad or I have no luck ?

https://redd.it/117car4
@r_devops

Best editor for YAML file

I use Linux and I want know what is best editor for edit and fix common problem like formating and iden in linux?

I want this editor can fix commom problem in yaml files and I do not want use online yaml checker site for check my yaml file.

https://redd.it/1176oug
@r_devops

Discussion: Postman Restricts Local-Only Collection Runner

Postman has just announced heavy restrictions on usage of the local-only Collection Runner in their application. There is already discussion blowing up in their forums about both restricting unlimited use of local functionality to their enterprise tier and the short timeframe of the change.

If you have a Basic subscription, you can only use Collection Runner 25 times per month. If you have Professional, you get 250 runs. If you have Enterprise, you get unlimited. This has nothing to do with Collections run on their cloud resources, which are billed separately. This is specifically for collection runs on your own PC against your own servers.

I know this is likely to impact my company as we have Basic licensing and use Collection Runner heavily for regression testing and other automated flows when testing new functionality. It's been a significant part of our work to shift left. What impact will this have on your company? Will you upgrade licensing? Work around it with Newman? Will you find a different application and migrate?

https://redd.it/117g0co
@r_devops

Got my first job offer for a new grad role - should I negotiate salary?

Hey everyone,

I got an email from the recruiter that she will be extending me a formal offer by tomorrow. We have not discussed salary or anything like that yet. Should I negotiate the salary after I get sent the formal offer, even if it’s my first job out of college, and if it’s a new grad role?

Thank you

https://redd.it/117gz6s
@r_devops

I made an absolute beginners tutorial for Ansible

Hello everyone. I just thought I'd share with a basic overview of Ansible. I'm sure most of the people on this sub are well versed with Ansible and know more than me, however, I thought I'd contribute by making a tutorial video of things I wish I had explained to me when I first started out.

https://youtu.be/CWjD8j04RPk

https://redd.it/117iye7
@r_devops

Blog Post: Ten Highly Effective DevOps OKRs

I write this article about DevOps OKRs and would love to know what you all think about it!


https://www.getdistilled.io/blog/ten-highly-effective-devops-okrs/

https://redd.it/117j7mo
@r_devops

Post on Helm

I recently did a post on Helm and how to use it to deploy applications to your Kubernetes cluster, how to build your own charts, hosting your own Chart Museum instance to publish Helm Charts, etc

https://ruan.dev/posts/everything-you-need-to-know-about-helm/

https://redd.it/117ik1i
@r_devops

Is there any point in uploading my scripts to gitlab?

I've worked help desk for 5 years.

Now Im a jr security analyst and I've made a handful of powershell scripts for my own team to use that automate mundane tasks we have to do daily. None of my scripts change anything and they arent used by any other teams. They just collect information from different sources and normalize the data.

The devops manager gave me access to gitlab and said I can upload my scripts there if I want. But whats the point? Im not a devops engineer. I've never used gitlab. Im not writing ansible or terraform playbooks that manage the infrastructure.


I mentioned my experience as an indicator for "I don't understand the devops process or why gitlab would be necessary to me."

https://redd.it/117nxj0
@r_devops

Tips for job fair booth tech company

Hey guys

My employer is participating at a job fair for developers in poland.
Since we mostly own pretty average and boring stuff for advertising our company at fairs we decided to change it up.

So to make it quick:

What have you guys seen on fairs that caught your attention and got you drawn towards?
What’s important to you when attending such a fair as a developer? No gos and must haves?
Just give me everything you have in mind.

We really want to create something cool and worthwhile for both sides, so every opinion is appreciated.

Have a nice week 🤝🏼

https://redd.it/1174sk1
@r_devops

OMG I JUST PASSED THE GCP PROFESSIONAL DEVOPS ENGINEER!!!

I’m so excited ….I will write a full write as soon as it sinks in!!! I can’t believe this!!

It was TOUGH! in fact terraform associate is a cake walk compared to THIS!!!

https://redd.it/117qe5i
@r_devops

What were the ancient tools used in late 90's early 00's ?

I'm interested in stories and experiences from people that had to maintain a fleet of server two decades ago, without terraform, ansible or any modern tool that we take for granted today.

What was the smartest thing you invented or saw in action that would help the sysadmin do a task in 2 minutes instead of 2 days?

I can think of many different ways to automate things without configuration management tools, but what was actually used?

https://redd.it/117q820
@r_devops

AWS EC2 vCPU limit increase

I am working on a project that requires me to use a new account to create an instance with GPU. This instance requires 4 vCPU and my current allowance for vCPU is 0.
I have applied for three petitions to increase the VCPU but all of them got rejected. In the three petitions, I tried different combinations of number of vCPU request and also one different location and I also mentioned that it is an academic project.

I want to ask what I should do to increase my vCPU limit to at least 4. Are there any specific locations on which my change of getting allotted is higher? Does anyone have any experience with this?

This is the reply I get from them every time:
Service quotas are put in place to help you gradually ramp up activity and decrease the likelihood of large bills due to sudden, unexpected spikes.

https://redd.it/117psxg
@r_devops

First devops job

Hi all. How was your first job as a devops engineer after finishing a bootcamp or program? Did you feel that you knew how to perform all of the tasks that were asked? Were you thoroughly trained?

https://redd.it/117ucld
@r_devops

How do you keep track of the deployments and the branches they come from?

As the title states, there’s a little chaos on our testing environments because we are not keeping an evidence of some sort regarding the branches where the configmaps and deploymentconfigs come from. Sometimes people just deploy new pods and mess up the QA work. So how could we keep track and know (without digging into jenkins and fabric) what branch was used last time someone deployed a new pod?
For context we are working on a microserviced app, on-prem with openshift and use jenkins with helm charts for pipelines and bitbucket for version control.

https://redd.it/1175xkc
@r_devops

Noob Chef Question

When you are running commands using chef, does it automatically run those commands as root?

https://redd.it/117vjit
@r_devops

Documentation as a service

What do you use for docs? I work at a mid size tech company (~100 Devs) and our tech docs are all over the place 🙈 Confluence, GitHub Wiki, markdown in GitHub and even a couple of home cooked Hugo sites... So yeah, company wide doc search is essentially impossible...

Am I alone with this problem?

What do you guys use for internal docs? Would you recommend any (free or paid) tool that you can plug into GitHub for markdown or tech docs (sphinx, jsdoc, golang package docs, terraform module doc, helm charts etc...)?

For extra info, we are rolling out Backstage and are thinking of using their tech docs feature but it is tightly bound to service entities so wouldn't apply to team docs for example.

https://redd.it/117wpsf
@r_devops

How do you manage your PROD Access?

Hello Folks,

We want to provide our operation team some permissions (On Azure) during the deployment window and then revoke once they have completed the operation.

What is the best way to achieve it or how do you guys usually do it?

I'm thinking to have some pipeline which could accept some input like operation team name, grant/revoke as inputs and run some az cli commands.

Please share your thoughts.

https://redd.it/117w7q1
@r_devops

Company wide identity provider

In the future we want to use a central identity provider in our company to authenticate and authorize our internal and external users against our applications and APIs.

The project is mainly driven by middle management and product managers. I am in the role of the DevOps engineer and take care of the infrastructure of our applications. Deploying an identity provider kind of falls under my tasks.

I've been working with AWS for years, so a natural choice would be to go with Cognito. While I like AWS products in general, I have doubts about whether Cognito is the right choice. Especially since people who are not fit in AWS should also work with it (operate it). But also because Cognito cannot be customized to the same extent as other identity providers.

In our company, there is currently only (dangerous) half-knowledge on the subject. I'm familiar with the basics of OAuth and OIDC, and I'm just getting more familiar with how it works. However, I am still a bit confused about which criteria to use to select a suitable identity provider.

My questions are: How should I proceed? Which criteria are decisive in your opinion? Should the software developers have a say in the selection? Should we hire an expert to assist us? Is there anyone here who has switched from Cognito to another authentication service? If so, why? Is there another recommendation? Is self-hosting a viable option?

Although this might not be something DevOps engineers usually do, I really enjoy digging into the nuts and bolts of this topic. I feel confident, that given enough time, I can make an informed decision. But management wants us to start as soon as possible with the first prototype.

https://redd.it/117yqln
@r_devops

Company wide identity provider

In the future we want to use a central identity provider in our company to authenticate and authorize our internal and external users against our applications and APIs.

The project is mainly driven by middle management and product managers. I am in the role of the DevOps engineer and take care of the infrastructure of our applications. Deploying an identity provider kind of falls under my tasks.

I've been working with AWS for years, so a natural choice would be to go with Cognito. While I like AWS products in general, I have doubts about whether Cognito is the right choice. Especially since people who are not fit in AWS should also work with it (operate it). But also because Cognito cannot be customized to the same extent as other identity providers.

In our company, there is currently only (dangerous) half-knowledge on the subject. I'm familiar with the basics of OAuth and OIDC, and I'm just getting more familiar with how it works. However, I am still a bit confused about which criteria to use to select a suitable identity provider.

My questions are: How should I proceed? Which criteria are decisive in your opinion? Should the software developers have a say in the selection? Should we hire an expert to assist us? Is there anyone here who has switched from Cognito to another authentication service? If so, why? Is there another recommendation? Is self-hosting a viable option?

Although this might not be something DevOps engineers usually do, I really enjoy digging into the nuts and bolts of this topic. I feel confident, that given enough time, I can make an informed decision. But management wants us to start as soon as possible with the first prototype.

https://redd.it/117yqln
@r_devops