How to exempt github actions bot from the rules of the protected brances

I developed a workflow with github actions that for each push builds some stuff and it is supposed to push the changes automatically. This worked fine until the workflow had to be merged on a branch which was protected. and did not allow pushing without a pull request first. Is there any way I could allow to bot to carry on with the push, any workaround?

I did find an action that creates a pull request automatically to the branch you push to, from another branch that this action creates (and then deletes). So I could use this with the 2 default branches in my repo and everytime something pushes into those, the action creates a separate branch and generates a PR from there. But this was not the approach I wanted because I wanted this thing to get built on every push.

Is there really no workaround on how to exempt github actions bot from being counted in the protection rules of the branches? I know we can exept users in the organization, but I really dont want to add a user as the author only for this reason.

https://redd.it/11gdhxx
@r_devops

What is the best open-source CI/CD platform?

I've used Gitlab in the past, but that is not open-source to the best of my understanding. And I don't like Jenkins and had a lot of confusion around installing CircleCI, any other suggestions?

https://redd.it/11gez33
@r_devops

KodeKloud or ACloudGuru

Hi, I need hands on training on Docker, Kubernetes/Kubectl, Jenkins, Terraform, Azure and possibly soon AWS since my company is about to migrate into it. I'm not chasing any certifications and I'm not looking to be a pro in a short mean of time. I just need practical knowledge of general DevOps toolchain. Would you say KodeKloud has better designed hands on labs than ACloudGuru? I brought these two because they are also offering a discount in their plans right now and they seem to be most popular ones also. I see majority of SE people on Reddit preferes KodeKloud but just wanted to get a direct recommendation for a learning platform like these? Thanks a lot!

https://redd.it/11gbhtj
@r_devops

DevOps challenges - what do you think? can you contribute ?


Hi people, today I bring to us interest topic (at least for me). Surely, sometime in your career you had concern about side/pet projects or "how can I increase my technical skills?". So, like a frontend engineer cloning a Twitter or some social medial, what kind of challenges you consider interest for DevOps engineer? I mean, in my case I think something like that:


Put an API in some git-based source code repository hosting (BitBucket, GitHub, GitLab)
Create a Pipeline with some CI/CD tool (Bitbucket pipelines, GitHub Actions, Jenkins)
Setup a VM in some cloud provider (AWS, Azure, GCP)
Deploy this API in the VM mentioned above
and so on..


have you seen some github repository with this challenges?
can you share some challenge that you consider interesting?


greetings :)

https://redd.it/11glzlq
@r_devops

Infrastructure as Code tools? Open poll

Choosing IaC tools can be daunting these days for a company interested in going there - LOTS of tools to choose from, aside from cloud or on prem.

When someone says "Infrastructure as Code" to you, what are the top 5 or so tools you think of?

https://redd.it/11gb0mz
@r_devops

Cloud engineer, like a fish out of water casual chat

Back in the day, I used to be a mediocre wizard with VBA and formulas in my non-software engineering job. People thought I was the bomb dot com! But then I switched over to QA automation (1yr) and now cloud infra (~1yr) , and it's a wake-up call. It's like being a technician or machinist - it's tough! Context switching, lack of domain knowledge, poor debugging tools, and sparse documentation can be draining. i'm not even working on critical tasks but can create critical problems ;)

I'm not one to back down from a challenge. I've learned so much about Kubernetes, GitLab, AWS, GCP, Helm, Terraform, debugging, breaking things, Flux, Linux, and networking (it's always the DNS!!) - you name it! But the learning never stops, and often it's like my brain can't handle any more information. Forget more than I remember. I like creating fitting existing cloud resource terraform modules into our infra, as it's bite-sized and I can adapt it to our needs.

Working with a good team has definitely helped, but lately, I feel like the senior is getting fed up with me. I mean, I'm not doing poorly, but I have questions and I think out loud better. Plus, I have good ideas that just need to be bounced around a bit. It's tough to collaborate over Slack, and we don't video pair that often anymore. Everyone is busy. Things to be done.

In my old engineering jobs, I could just walk over to someone and pick their brain. But in this virtual world, it's not so easy. That siad my boss is happy with my progress, or I'd really be stressing out. lIke many, we had a huge round of layoffs and I'm happy I was kept.

Overall, it's been a wild ride, but I'm excited to see where this journey takes me! I can't say this is for ever. I talked my way into this role to learn more about tech instead of going to school but I do prefer data analytics more.

Let's be real - transitioning to a technical role can be tough, but it's also incredibly rewarding (??). I may feel like a fish out of water, but I'm proud of how much I've learned and accomplished so far. And let's not forget about the paycheque - I'm not rolling in dough, but I'm certainly not complaining. So, what do you do with your hard-earned cash? Invest in stocks? Buy a boat? Splurge on fancy dinners? blow? Or do you save it all for a rainy day? Let's talk about the serious and not-so-serious sides of working in tech, including salaries and all the fun things we do with our money. What motivated you to pursue this? Passion for technology, a desire for a challenge, or something else entirely? girls?? What was your learning curve like over they years?

https://redd.it/11gazsm
@r_devops

Devops with no devs?

I’m a sysadmin working for a company that doesn’t do any internal development, more that we just consume. Every piece of software in the org outside a few web apps are 3rd party. App support team basically is just software usage experts, and when any real issues come up they refer to the vendor for support. Some of these vendors offer modern apps but mainly the workflow for us is like this: company needs something to do xyz, find vendor for xyz, purchase software, spin up infrastructure, install.

How can I as a sysadmin incorporate some of the devops methodologies and tools when we’re basically there just to setup and maintain OS and below? As we build workloads in azure I like the thought of maintaining repos for infrastructure, networking and policy as code but to what benefit can a sysadmin even do this when even in azure, workloads are still software installed on OS? It’s not like we have any repos to monitor to trigger infra deployment pipelines…

Is it possible to containerize any app that is currently an installed software? Is that even something the ops team / sysadmins who have previously been only OS and below should take on?

I’ve worked with git for personal projects, and have deployed workloads in azure with terraform, but I want to really dig in to the automation possibilities. Am I just so fresh to all this that I’m asking stupid questions and it all should be obvious?

https://redd.it/11gpxje
@r_devops

Question: Content for DevSecOps company flyer

Hello, I'm working as a DevOps with some security background in a small company; as I'm the only female on the team (soon to be another), I got assigned the task of doing a company flyer.
What would be something that would catch your eye on a flyer?
My current ideas are:

Cloud competency (all different that we are using // supporting)
Security competency (I worked on several projects where we helped companies achieve PCI DSS or iso9001/27001)
All the different technologies that we use
Projects that we did


Only requirement that I got is that it needs to be a one-page flyer.

Happy to hear your opinion!!
Ps. sorry, English is not my first language :)

https://redd.it/11dfo5m
@r_devops

Title: Seeking Suggestions for DevOps Internship Topics, Focused on Performance Testing and Delivery

Hello everyone,

I am excited to begin my upcoming DevOps internship and am currently seeking suggestions on internship topics, specifically related to performance testing and delivery. As an intern, I will be working with a team of experienced DevOps professionals, and I want to ensure that I am working on something that is both challenging and meaningful.

I would appreciate any suggestions on topics related to performance testing and delivery, such as tools and methodologies that are commonly used in the industry. Additionally, any tips or advice on how to effectively conduct performance testing and ensure smooth delivery of applications would be greatly appreciated.

Thank you in advance for your help!

https://redd.it/11dd1mf
@r_devops

Jira - Azure DevOps automation

Hi all,

We use Jira with Azure Repositories and Pipelines. I've been reading on this sub that in some organizations, devs just have to do a single PR and everything after that is handled automatic, up to production deploys.

I would like to implement something similar for my team but I'm not sure what tools are available to acomplish this and how to handle merge conflicts in the most automated way. There is a Jira - AZDO plugin created by Atlassian and MS but that has not been updated in 4 years.

I could also write a 'bot' that would act as a bridge between the 2 but perhaps there's a better (faster?) way to do it?

Best,

Simo

https://redd.it/11gsuf9
@r_devops

S3 delete files

I have some folders in my S3 bucket that start with 'myfolder-xxxxxxxx' . xxxxxx being the timestamp. I want to delete any files that are older than one day in these folders. I'm considering using the S3 lifecycle policy, but I'm not sure which prefix to use ('myfolder' or 'myfolder*'). Can someone please advise me on the best approach?

https://redd.it/11gso3z
@r_devops

Roboten, a Swedish startup is growing fast and we are looking for Head of Cloud Operations! 🚀

Read more and apply at the link ⬇️⬇️⬇️

https://careers.roboten.com/jobs/2291353-head-of-cloud-operations?utm\_source=facebook&utm\_medium=social&utm\_campaign=recruiter-a&utm\_term=pl045&utm\_content=20230303-ro03

https://redd.it/11gvjxi
@r_devops

GitOps - The Healthy Work Process?

Hello everyone :)

I'm quite new to GitOps, so I appreciate any piece of advice.

In the company where I work, we have a system that is maintained by several different teams.

Our process looks like this:


1) A developer merges application code to master
2) The new container tag is pushed to the GitOps Manifest repo (branch per environment approach)
2) A CI job is triggered by the change in manifest that run deploys the charts using helm upgrade.


If the deployment fails to boot, we need to manually rollback the manifest to a prior version, while meanwhile other deployments occur at the same time.


We thought of integrating ArgoCD to use Auto-Rollbacks. But we encounter some issues:
1) If you use Auto-Rollbacks you can't use Auto-Sync.
2) The rollback only rollbacks the cluster state, and leave the GitOps state out of sync, meaning that a manual intervention have to take place. If in the meanwhile additional deployments are committed before someone fixed the bad deployment, the bad deployment will hit again.


Any solutions or thoughts?

https://redd.it/11clgl2
@r_devops

Anyone else feeling that AWS & Kubernetes is going downhill as a career path?

Lately its becoming increasingly hard to convince companies to hire an expert in the field - so a strong senior.

And it's not like it only started with the recession FUD.

Let's look at some stats to back this up.

For the past ~6 months, majority of cloud contracts posted across UK have been almost exclusively Azure & Google Cloud, even though they have much smaller market share than AWS.
Barely any AWS contracts.

Companies believe they can get a cheap "good enough" permie to do AWS work, company won't collapse, and upgrading the role to a senior level and senior pay, or a contract even, doesn't provide enough benefits anymore.

If that trend will continue, I think we're only going downhill from this point.

The same goes for Kubernetes.

Everyone is using it, but if you look at who is really using at scale, doing the most complex operations, it usually boils down to just a couple biggest banks and telecoms, and they sure need the experts.
And while I've worked for banks in the past, it's just too niche to make a living out of it long-term, especially in this economy.

The number of times I've been undercut out of senior, expert level job positions, just to see them downgrade the posted pay range and take someone with 2-3 YoE in DevOps has been extremely frustrating, and keeps happening time after time.

For context: I am a senior with ~10 YoE, trying to navigate a difficult remote market while living in Eastern Europe -
while geoblocking of job opportunities in IT keeps increasing to pre-covid levels

https://redd.it/11ci18h
@r_devops

figuring out the right ci/cd pipeline

I've read articles and posts that describe pipelines that are close but still don't click in my mind.

We develop services for kubernetes.

Each service with it's repository.

We're using bitbucket if that's relevant.

We have a few environments (let's say dev, staging, prod) and each one in a separate cloud project.

What I want to achieve is having each service repository have their own helm chart with all the templates required for the service to function and values for developers to be responsible for.

I also want to have argocd in each environment to keep syncing changes and preventing configuration drifts.

I can't figure out how the development and promotion of a new feature should flow to dev -> staging -> production from service repository.

Let's say I work on billing service and I branch out from master to a feature branch. I'm done tweaking the code and updated the helm chart and values file. What would be the process of pushing these changes so only dev will be updated? And then how do I promote staging?

Creating branches for each environment in a service repository is against trunk based development idea.

I can create a helm chart + values folder per environment in the main branch of the service repository and argo from each environment will look there but that means I need to constantly merge the main branch to do development tests.

Ideally after branching from main developer will be able to push and updated chart and values will go to dev so it can be tested by developer and once he is happy it should go to staging (maybe that's merge to main but than how do I auto pull request for prod deployment?).

So yeah... I kinda feel lost in the woods and I feel like the solution is much simpler than I think.

https://redd.it/11gxp02
@r_devops

How do you guys deal with Devops tools like docker, ansible, terraform and Kubernetes with all the different commands they individually have.

As the tittle says. I’ve been self studying devops tools n keeping track of all the different commands when switching different tools could be overwhelming. How do you guys deal with this. And in how many of these tools should one be really good at as a devops engineer?

https://redd.it/11bz4w2
@r_devops

SMS pumping attack

How to protect against SMS pumping attack for an app that is hosted on AWS

https://redd.it/11h07d6
@r_devops

Looking for teammate to join project (not a job posting)

Hi Sub,

I'd like to make an employee/dev onboarding system connected to azure ad/iam/or..whatever identity manager we think is fit. Make automated infrastructure/workspace deployment for That Dev/Ops/QA/.. or whatever employee is it. Have configurable groups/roles/policies/OUs(if aws)/Mgmt.Groups(if azure). Have VNC option too.. Onboarding user should give all necessary accesses and remote dev environment setup in minutes not days. There are solutions similar to this.. not gonna name them here, maybe not exactly like this.
Also this has to be zero trust network and access could be done with something like HC Boundary, obviously all resources needs to have proper tagging. Last thing is, I'd like to write boilerplate for this and keep it open so others can add modules for this. Say if someone wants to have DynamoDB/LakeFormation be part of the access grant during onboarding they can write their module for that. This all supposed to deploy with Terraform and could be run on vm,k8s,docker.. basically every time via CRI(container runtime interface) but on different machine setups.

If this makes sense to you Let do it together.

I'm looking for someone skilled or who'd like to put hours to improve.

I work as a DevOps, ex SWE., it's too much for 1 person to write, thus this post.. Thanks.

https://redd.it/11h3jyz
@r_devops

How to learn system performance as a beginner?

Is there any labs that I can built or do to learn it if I don’t have real life experience? I know Brendan Gregg has a great book but I can’t relate to it…

https://redd.it/11h343b
@r_devops

What's the nicest on-call scheduling and paging SaaS these days?

I've used both OpsGenie and PagerDuty in the past. I could just choose one of these, but I wondered, what's the new hotness for on-call scheduling and paging? The tool that everyone wishes their business was using?

I've seen LinkedIn Iris and LinkedIn OnCall, and I assume they're probably very good, however the team is tiny and we really don't want to run the software ourselves (and have to make sure it's dependably). So SaaS tools only, I suppose.

https://redd.it/11h2hi5
@r_devops

Is it possible to do infra as code without a virtual machine in windows?

Not a devops guy, so this question could be silly but looking to do this:

Terraform + Ansible to do auto provision
Gitlab
Where: Azure VM or bare metal running Windows Server
Someone said I need something like Oracle Virtualbox

https://redd.it/11h9bmh
@r_devops