docker-registry-registry-1 | OBFUSCATED_IP - - [22/Feb/2023:08:07:00 +0000\] "GET /v2/python/manifests/3.10.8-slim-bullseye HTTP/1.0" 200 13227 "" "Amazon CloudFront"
```


On the nginx reverse proxy serving my docker registry on the same EC2 instance:
```
OBFUSCATED_IP - - [22/Feb/2023:08:06:59 +0000\] "GET /v2/ HTTP/1.1" 200 2 "-" "Amazon CloudFront"
OBFUSCATED_IP - - [22/Feb/2023:08:07:00 +0000\] "HEAD /v2/python/manifests/3.10.8-slim-bullseye HTTP/1.1" 200 0 "-" "Amazon CloudFront"
OBFUSCATED_IP - - [22/Feb/2023:08:07:00 +0000\] "GET /v2/python/manifests/sha256:6a34910f419a1fdaf2b6d886a1b303eaaa093a828528e0f59b95ccc71feddfa4 HTTP/1.1" 404 182 "-" "Amazon CloudFront"
OBFUSCATED_IP - - [22/Feb/2023:08:07:00 +0000\] "GET /v2/python/manifests/3.10.8-slim-bullseye HTTP/1.1" 200 13227 "-" "Amazon CloudFront"
```
I wonder why this fallback happens when going through cloudfront.
Guessing some header mix up with CloudFront so that my registry cannot find the request digest?


Big thanks in advance for anyone having a clue!

https://redd.it/118t6aq
@r_devops

DevOps: Learning & Development - looking for feedback

My company (start-up, not too big, not too small with 70 tech employees) provides every employee with $2000 in Learning & Development budget.

I have two years of experience as a DevOps Engineer and aim for a senior role in the mid-term.

What L&D resources would you book or recommend?

Fyi: we can spend the budget on every L&D worldwide (books, conferences, E-Learning, coachings, trainings etc.)

https://redd.it/1173qdj
@r_devops

Best tool to deploy a lot of microservices in kuberentes

Hi,

I have a kuberentes running within the cloud (azure) and local (minikube) and I have at the moment around 10 services which I wrote in C# as docker images in a azure docker container.

At the moment I am deploying my services manually with kubectl (local) or kubernetes-task in Azure Devops (Azure kuberentes). It feels very mehhhh because I know the amount of services is fast growing.

Is there a tool to deploy all of that in a "good manner" like with a nice UI or something half automaticly?

https://redd.it/11764g9
@r_devops

Suggest some Devops project

Hello I’m working as intern and I want some Devops advance project with all tools and learn kubernetes in deep because my trainer does not have to much knowledge on kubernetes and my compony does not have any Devops project yet so
Where can I learn improve my self as Devops
Suggest some
Intership currently 3month

https://redd.it/116ckyy
@r_devops

Best options for SonarQube

hello, colleagues. Tell me how you can optimize sonarqube, which is hosted on azure web app (p1v2). Unfortunately, I can't increase the characteristics of the web app because of the money. But I would like to maximize the performance of sonar.

https://redd.it/11671hx
@r_devops

Being underpaid, what should I do?

Hey everyone,

I recently found out that a coworker who has the same level of experience and job responsibilities as me is getting paid 50% more than me. I was shocked and honestly feel pretty upset about it. Especially since my manager mentions I'm doing extremely well.

I always knew I was being paid a bit less than everyone else, but now I realize that I am extremely underpaid. I don't want to cause any trouble, but I also don't want to continue being undervalued and underpaid for the work that I do.

So, I'm wondering if anyone has been in a similar situation before, and what did you do about it? Should I bring it up with my boss or HR? Or should I just accept it and move on?

Any advice or insights would be greatly appreciated.

TLDR; I found out my coworker gets paid 50% more than me. What should I do?

https://redd.it/114lzpb
@r_devops

IaC git repo advice

I've started to use gitlab CI for internal service provisioning for my company's private cloud. Each service consists of templated configuration that is applied to the infrastructure using a mixture of python scripts, ansible, and terraform to configure the end-to-end network, compute, storage, and virtualisation stacks.

For the first service I'm testing with, there is a single repo with the python, ansible and terraform templates and a variable file that the templates reference. The CI pipeline is kicked off manually to begin service provisioning and configuring the infrastructure. The current workflow is for the engineer to create a new branch, update the variables file, commit, and then to run the CI pipeline from the new branch. After the service is provisioned the branch is left for future reference of how the service was provisioned.

I realise this is not best practice as branches should really be used for testing and developing the actual templates and code, not for service instances. What are some suggestions on how I could improve this git CI workflow?

Sticking with one repo - could you create a variable file for each service instance to avoid the per-instance branches? So the engineer would create a new branch, create the new variable file, raise a PR, and once approved/merged to master the CI pipeline would have a method of running the python scripts, ansible, and terraform templates using only the new variable file (as existing services shouldn't be touched)?

https://redd.it/1191vm5
@r_devops

Is it important to know java/python in Devops Engineer role?

Lot of people suggest or lot of Devops courses have a programming language as a tool in Devops journey. As a real practitioner, do you think it is important, if so where do you use it in your day to day job?

https://redd.it/1191bkw
@r_devops

Kubernetes. Rolling updates but for several resources, not only Pods.

So we know that Kubernetes can provide rolling updates, slowly replacing the older deployed components with new ones through a variety of controllers. Deployments, Statefulsets, Daemonsets and so on.

What if I'd like to do the same for a collection of resources, and not only Pods ?

Small example: A deployment with ConfigMaps and Secrets. I'd like to have a gradual deployment that replaces the old Pods and the old config and the old secrets, this while keeping old pods, old config and old secrets there so that the old pods can still use those until they are replaced.

I could script this no problem, but I don't see (yet) how can I declaratively do this either with kubernetes manifests or Helm. Hence the question.

For me it would be like, say there are 3 pods that use also config and secrets.

* T-X: a way to say "up to the moment labeled T-X"
* T-4: 3 old pods, with old config and old secret
* T-3: Deploy and do a rolling update on the entire package (Pod, Config, Secret).
* T-2: 1 new pod with new config and new secret, 2 old pods with old config and old secret
* T-1: 2 new pods with new config and new secret, 1 old pod with old config and old secret
* T-0: 3 new pods with new config and new secret, 0 old pods with old config and old secret
* T+1: remove old config and old secret.

Of course this is only an example, I could have a package involving also services, PVC, and other resources. Thus a subset of the deployed Kubernetes objects.

What are the Kube resources to achieve that, if any? (again I could script this no problem)

https://redd.it/1193kvs
@r_devops

How do you ensure you've understood the task at hand?

Starting a new job soon and I want to set a good impression from the get go (don't we all). One the things I've noticed when picking up a task is not understanding the task or not having enough info, or both. So my usual recourse is to get on call with someone to get the info I need.

Something I've noticed is I sometimes listen to the person explaining something but don't follow along. Quite often I've come off of calls and still clueless. This sounds silly but I've often thought asking basic or too many questions will make me look like I don't know what I'm doing. When getting on call with someone for help, are there any things you do if you don't understand what the other person is saying/explaining. The worst thing for me is coming a way from a call completely clueless just to save face.

Solutions I can think of is:
- Spend some time researching before a call (this isn't always possible).
- Repeating back to the other person to ensure I've understood it.

Tldr: Basically, I'm afraid of asking dumb questions and sometimes suffer in silence.

https://redd.it/11966b8
@r_devops

Save on AWS by deleting untagged ECR images

Learn how unused/untagged ECR images can rack up your AWS bill unnecessarily and how to get rid of them

https://iasql.com/blog/ecr-save/

https://redd.it/1198ako
@r_devops

Do you have self-managed DBs (on a VM instead of a paid service) and which team does manage them?

Hey there,

in my current company I am part of the team who manages a few huger monolithic databases in addition to a few for microservices.

The bigger ones are around 3 proxies, 1 main, around 8 replicas each.

My question is:

If you do use self-hosted DBs, are you having a team of classical DBAs for this or more a team of infrastructure engineers which should also be able to code and write interfaces for teams to access for example dev DBs?

https://redd.it/119awnt
@r_devops

Noob Directories Question

So we have one resource that is formatted like this,

%w(dir1 dir2 dir3 dir4).each do |directory|
directory "#{node'foo''bar'}/#{directory}" do
owner cookbookowner
group cookbookowner
mode 0777
action :create
end
end


I know this is looping through and creating directories dir1, dir2, dir3, and dir4. However, I noticed that when I inspect these directories in the test instance, some of the directories have files in them? I can't seem to find any resources that creates the aforementioned files in certain directories so how do these files exist? Shouldn't they be all empty directories

https://redd.it/119bl5k
@r_devops

Boss left and now I need to clean up his mess. Looking for advice/venting.

Work on a 3-person DevOps team at a 100+ adtech firm.


My boss, the 4th one on the team who had hired us, abruptly left last week - circumstances still aren’t clear as to why.


Was a super cool dude who mostly kept us away from a lot of outside asks as they all ran through him.


We have \~30 developers we’re supporting over a couple of time zones so I was actually pretty happy he took so much pride in being a filter.


Over the last couple of days, it’s pretty clear that he was running the entire devops department out of his head.


There’s no SOPs, helpdocs or resources my team or devs can go to - at least without searching through mountains of emails and Slack messages.


The other two team members are going to be working on support while I build out everything thats been missing over the next month.


It’s my first time taking tribal knowledge and putting it together outside of something like Google Docs/Sheets.


Looking for any advice on the best ways to go about it. Sorry for the vent.

https://redd.it/119eubv
@r_devops

This Week's DevOps Newsletter: AWS Security, Kubernetes Dashboards, and Open-Source Projects

Hi there,

I have a lot of exciting topics to cover in this week's DevOps newsletter, including:

AWS Security: A comprehensive guide on how to secure your AWS environment using AWS security best practices and gain a comprehensive understanding of AWS security services.
Kubernetes Dashboards: The rise of Serverless monoliths and the best practices for running Java apps on Kubernetes. Additionally, I'm sharing an architecture for enforcing RBAC in a cloud storage system and an open-source utility that scans live Kubernetes clusters and reports potential issues with deployed resources and configurations.
Hashicorp Certified Terraform Associate: For those interested in Terraform, I have a preparation guide for becoming a Hashicorp Certified Terraform Associate.
Open-Source Projects of the Week: Check out a ChatGPT-powered gym workout generator and a CLI that creates screenshots based on terminal command output. I also explore why open-source is broken and uncover the truth about git metrics tools.

If any of these topics interest you, you can read the full issue here: https://www.devopsbulletin.com/issues/aws-security-pillar

Cheers

https://redd.it/119exbp
@r_devops

How to achieve synchronized deployment of Frontend and Backend applications to PRD?

Hello,I'm new to web apps and trying to deploy one to production which consists of:

1. React App on Frontend (deployed on AWS S3 + Cloudfront)
2. Python (Flask) AWS Lambda + API Gateway on the backend (deployed using AWS SAM)

Both FE and BE have separate repositories. After testing the latest versions of FE and BE on staging env, I want to deploy to production without any downtime.

When deploying FE_V0 -> FE_V1 it may happen that BE_V0 is not updated to BE_V1 and vice-versa. During this time FE_V1 will have an incompatible BE and will not function. It may also happen that FE_V1 is successfully deployed but BE_V1 deployment fails and will result in a longer downtime.

What strategy and services do you employ for the synchronized deployment of FE and BE apps? The ideal situation will be to:

1. Deploy FE_V1 and BE_V1, while FE_V0 and BE_V0 are still active.
2. Switch the customer-facing application to (FE_V1 + BE_V1) together or redirect the traffic incrementally from V0 to V1 combination.

Thanks for your input.

https://redd.it/1194gof
@r_devops

No longer using GitLab?

Looking to hear from folks who are no longer using GitLab. Trying to understand why they stopped using the product and who they’re using now instead?

https://redd.it/119jhj6
@r_devops

Aliasing kubectl with "kc"

Who else has done this and what other aliases do you use? Typing the full "kubectl" is a bit annoying.

https://redd.it/119ln0e
@r_devops

Alternative path to the Devops roadmap on roadmap. sh

I’m have been reading various articles in this subreddit and since realized that the roadmap.sh roadmap is frowned upon. To be honest I have been using it as a guide to prepare myself for a Devops/SRE role.

My question is what is a good roadmap to follow. The way my mind works is that i need to have a clear path laid out of the tools I need to learn so I don’t go off on many tangents. What I have learnt/know so far include:

Linux,
Bash,
Ansible,
Python,
A little Golang,
Networking,
Version control - Git,
Docker


I appreciate any advice in advance.

https://redd.it/119mhdt
@r_devops

How do you check what might be overriding elements in the DOM on production?

I have a bunch of favicons exporting files from the src directory, but on production the link elements points to a cdn on cloudfront, and I don't see any webpack config doing this. What might be doing this, and what should I look for in the browser, network requests or elsewhere?

https://redd.it/119njix
@r_devops

Our Enterprise DevOps Dispatch is online!

Our weekly dispatch is online. Sign up if you don't want to miss one: https://techaccelerationandresilience.com/short-notes/dispatch-0823

#devops #sre #platformengineering #dispatch #newsletter #techstrategy

https://redd.it/119amr5
@r_devops