Proof-of-Concept: Pass environment variables as docker secrets during runtime in your container with Docker Compose v2

Hi all,

I was going through some changelogs as well as a release blog post from Docker about their Compose v2 features and happened to stumble upon an interesting feature where you can let environment variables be passed into your container as a docker secrets i.e. instead of passing it as an env var you can pass the value at runtime as a secrets file.

Here the Proof-of-Concept repo

This mitigates the case where credentials as env vars are visible when performing docker inspect or docker compose exec <service> env

https://redd.it/11lc061
@r_devops

Strange Sonarcloud error message ?

Hi all, so to give a quick overview of the situation I am trying to run a code check using sonarcloud/sonarscanner in my Amazon EC2 server but keep getting the error saying "main component does not belong to specified organization" .What does this error message actually mean ?

https://redd.it/11l9wu0
@r_devops

Can one domain have two server locations?

I am using DigitalOcean with users in North America and Australia. My server is located in Canada. Is there a way I can add a second Australia server and redirect Australian users to the Australian server?

​

Or am I able to use a CDN or other third part service/software to help with this?

​

This is with the intention to increase the website load speed for Australian users.

https://redd.it/11l9uvg
@r_devops

Do you manage runbooks for operations and incident management?

Dear DevOps, I’m an indie developer developing a product to help DevOps engineers and software engineers generate runbooks and manage them up-to-date easily.

I would like to know if your company manages runbooks.

If you do,

What is the main purpose of runbooks?
Would you please share the runbook examples you have?

If you don’t,

Have you ever tried managing runbooks? Then what makes you stop using them?
How do you keep knowledge related to operations and incident management?

I wish to contribute to the DevOps community and industry, and your comments would be very helpful.

https://redd.it/11lg6r3
@r_devops

Best Enterprise engineering blogs

Some enterprises publish interesting blogs posts with their approaches of solving issues at large scale.

For example, this one from Atlassian about their CI/CD migration.

https://www.atlassian.com/engineering/how-we-migrated-complex-ci-cd-workflows-to-bitbucket-pipelines

And also enjoyed this post-incident post related with their 10-day partial outage

https://www.atlassian.com/engineering/post-incident-review-april-2022-outage

Another company that shares posts related to DevOps is Meta. https://engineering.fb.com/category/core-data/

​

What other large enterprises share their knowledge related with DevOps?

Share your favorite ones in the comments.

https://redd.it/11l9ag1
@r_devops

EKS , ALB , Route 53 help!


Hi , new on DevOps and AWS and im confused and maybe someone could give advice.
I followed the AWS Docs
So..

1.I created EKS Cluster
2.Deployed the ALB Controller /Cert-mng
3.Deployed my APP and Services ALB / ingress etc
4.Deployed mongodb as statefulset with an EBS Volume
5.Cluster autoscaler vertical

So it showed in the load balancers console as active without any target group.. BUT my questions are .

1.Is this the right method should i now create the Route53 ns record to point my subdomain to the ALB and should i worry about the DNS of ALB that changes , or how should i point Subdomain to ALB?

2.Or should i create from the console a ALB with a Target Group of my EC2 Node instances ?

3.When i deployed my app there are shown some Classic Load Balancers even it is deprecated from August 2021/22 IDK ?

4.My node group has an Auto-Scaling group , what happens with the EBS if my instances go up/down with it attach automatically with a instance or will it remain detached .

I see a lot of tutorials people implement different methods and i worry if it will not work correctly .

https://redd.it/11kxmtd
@r_devops

Storing build/deployment metadata in NoSQL

Many of our apps rely on key/value pairs during build / deployment phase.

These are stored in text format, as files, with source code.

Does it make sense to move all such metadata items, key/value pairs into a NoSQL database and implement webservices for persistence and retrieval ?

This is unstructured data sitting on files, moving it to a NoSQL DB, what is the benefit ?

Concern is:

1) Reliable system that is always up to serve key/value pairs for build/deployment

2) Over(ab)use pattern, since data is non-structured it is best to have it files. Otherwise a persistence layer has to be validated / developed/modified for every new artifact that dev team wants to create in a sprint.

Is this a Pro ?

1) Persistence API may help in enforcing some rules vs. free-form edits on a text file by development



Please suggest if this is something you would entertain in your project.

We could also have a mixed model, some info is in files (for mature, standard key/value pairs who need persistence validation) and some items (just started developing code/concept) may be in files.

https://redd.it/11i01nr
@r_devops

RabbitMq consumer not processing messages

We’re having a situation in one of our datacenters in which for some reason one of the rabbitmq consumers stops consuming. Consequently, the queue reaches well over 1000 and one of our app’s components stops functioning. Rabbitmq is installed as a package in the VM, while this component runs as a container in the same VM. Currently the workaround is to just restart rabbitmq, after which the dead consumer suddenly springs to life and starts consuming again. Anyway, what could be causing this issue? I've checked the app's logs and those of rabbitmq, all look normal, no errors reported.

https://redd.it/11lo4fg
@r_devops

Need help with a few topics

Hi everyone! I am a young and upcoming DevOps engineer, and there is a conference at my company, for which I want to participate in. The topic is to talk about new and upcoming accelerating technology in DevOps and cloud. I want to speak on an idea and have a demo on the same, can you guys help me come up with any topic that I can speak about? Would be great if it is DevOps related.
The last time I spoke on a green field implementation of CI CD on azure devops with the help of Infrastructure as code and talked about serverless infrastructure.
Would be great if someone can help me come up with some latest trends in devops or cloud that I can talk about

https://redd.it/11lqlgr
@r_devops

I have a big doubt, how to start studying.

I'm studying front but it's not something I really want. I really wanted to work as a devops, I need to be full stack to start studying and understanding tools like terraform, grafana, kubernetes…? Or is there another starting point?

https://redd.it/11lr3wp
@r_devops

Do we still need to subject our work to source code analysis if we will use no-coding in our DevOps work?

Do we still need to subject our work to source code analysis if we will use no-coding in our DevOps work?

https://redd.it/11ls1jx
@r_devops

For Small to Medium startups: Don’t Use Kubernetes Please!

https://thetechtrailblazer.blog/2023/02/14/dont-use-kubernetes-please/

https://redd.it/11ltkis
@r_devops

PSA datadog outage

I have a few cronjobs to post metrics and events to datadog, and they've been failing for the past four hours, now I know why :(
https://status.datadoghq.com/

https://redd.it/11luq9r
@r_devops

Specific routing not working, see my config

See here

So, as you can see I have a specific routing policy for three labels up, all those labels are added in their corresponding Alerts, and Continue matching subsequent sibling nodes is enabled on this specific policy so it can move and process the nested policy, which also configured to grab alerts by a label. Nothing is coming to my teams, but If I leave the matcher empty I get all the alerts.

https://redd.it/11lteqv
@r_devops

Solution Inventory for processes we develop

My team is responsible for developing RPA processes, Integrations, etc.
We are wanting some sort of Solution Inventory (or whatever you would call it) to document details for each process we create/maintain. We would want to document the process, type, what it does, primary support, business SME, support Tier Rating, Active/Decommissioned, etc.

Do you utilize anything like this and if so what do you use?
I don't think there is a proper piece of Azure DevOps for this. (We use Wiki for Process documentation/ReadMe) and our company has an App Inventory in ServiceNow so we could potentially make our own there for our Solutions we develop.

https://redd.it/11lx0v0
@r_devops

CICD dashboard?

We have corporate standards to have standardize CI/cd.
That runs out of gitlab or azure devops.
Where the source code is scanned by sonar.
And the binaries are scanned by veracode.

Is anyone aware of a dashboard that can aggregate data from sonar/veracode/gitlab/ado to show the status of apps across all these sources?

Or am I just going to have to build it?

https://redd.it/11lz9p0
@r_devops

How and when to use Helm and Kustomize together

I've noticed the topic of do I use helm or kustomize coming up a lot. So I took this and dove into how and when to use Helm and Kustomize together.

I hope this blog post on the topic helps!

https://redd.it/11m0dgw
@r_devops

Would somebody pay for such a template / script?

Hi all,

I am in the middle of setting up a primary and secundary Samba4 AD DC for my home office.

This are VMs on my two Proxmox servers. As this is a cumbersome and annoying process, I thought about building script / Ansible / Whatever automation to build them.

Is this something somebody would pay some bucks to safe two to four (if you do it the first time) days to set the whole thing up?

If there is demand, where would I sell this? Is there a marketplace for stuff like this?

Thanks for your input!

https://redd.it/11m288v
@r_devops

What was the most devastating CLI command you've ever run?

A year or so back...
Running K8S in AWS EKS...

I was dinking around with the `aws-auth` configmap (where all the admins are defined for the control plane). I ended up running some commands that cleared out that configmap, leaving the cluster without any valid users or groups.


All K8S API access came to a halt.


Worse, I didn't realize that my actions caused this outage and thought the Control Plane had died.


Ended up spending the weekend rerolling the cluster.


In hindsight, I realized what I did, and sometimes wonder if I could have somehow just set the `aws-auth` configmap back to its original contents.


Has anyone else inadvertently run a similarly devastating command?

https://redd.it/11m3guf
@r_devops

What do you use for 'personal' task management at work and how do you manage priorities?

Since Jira is for teams and I'm the 'lone' devops guy, I'm asking myself what tools you use for task management and how you use them.

For working on customer project tasks I get normal Jira entries, but for everything else that's more company related I'm free to use whatever I have.

I'm using ToDoist now (for its Obsidian integration), but having Kanbans with 50 tasks in the inbox alone just isn't that helpful... even if i split it into maintenance, improvement, automation or other projects.

In time I'm just goinf to lose the overview over my tasks and can't even really decide what tasks with the 'must do' priority have to be done first.

How the hell do you guys manage all of that?

https://redd.it/11m2oo4
@r_devops

Should I install packages in alpine line by line to better make use of shared layers?

So I am new to Docker.

I generally install all my packages for that container in a single line like so:

apk install package1 package2 package3

Let's say containers A and B share package2.

Would it make sense to write the install as

Container A:

apk install package1

apk install package2

apk install pacakge3

Container B:

apk install package2

apk install package4

apk install package5

​

Would this help speed up the process of creating images and take up less space on my disk owing to shared layers?

https://redd.it/11m6sh5
@r_devops