How to people organize their Repos?

Our dev team are wondering what the best practice is for organizing GitHub repos around VS projects. I am responsible for all the DB stuff (i.e. SQL Server, SSIS, SSAS, SSRS etc). Is it best practice to create one repo for all these DB related VS solutions or create a separate repo for each one?

https://redd.it/11mvqxv
@r_devops

A 0.6 release of UI for Apache Kafka w/ cluster configuration wizard & ODD Platform integration is out!

Hi redditors!

Today I'm delighted to bring you the latest 0.6 release of UI for Apache Kafka, packed with new features and enhancements!

This version offers:
- A configuration wizard that simplifies cluster setup (right in web UI!). Now we can launch the app via AWS AMI image and setup a cluster on the go
- Integration with OpenDataDiscovery Platform to gain deeper insight into your metadata changes
- Support for protobuf imports & file references

Other minor, yet significant, enhancements include:
- Embedded Avro embedded serde plugin
- Improved ISR display on Topic overview (now you can view it per partition!)

And a cherry on top? Now we’re able to work around kafka ACL errors so you won’t need to confront pesky permission issues when using the app.

Don’t wait, the update is already available on github & @ AWS Marketplace!

Full changelog: https://github.com/provectus/kafka-ui/releases/tag/v0.6.0
Thanks to everyone who just started and continued to contribute!
In the next release, we'll focus a bit on expanding our RBAC possibilities (support for LDAP and universal OAuth providers) and some Wizard features!

https://redd.it/11mxpbj
@r_devops

RMM/UEM

Good morning everyone,


I've done quite a bit of Googling regarding this but haven't gotten very far. Short of taking advantage of all the free trials, which I will soon, it's hard to tell the difference from app to app.

With CMMC compliance on the horizon I need to remotely manage around 10 linux machines and 10 macs spread out across the states. Ideally I will be able to self host the central server but most of the options I have come across are cloud based.

Any suggestions or guidance is deeply appreciated.

Pros:

Opensource (TacticalRMM was all I found but there were some glaring concerns)
Can manage both Mac and Linux machines
Hosted on site
CIS/NIST configuration templates are a major plus

https://redd.it/11mvso9
@r_devops

SUSE Elemental Toolkit

Has anybody used Elemental Toolkit? Seems to provide a good tool set for k8s cluster lifecycle management, including OS build and maintenance

https://redd.it/11mtxom
@r_devops

Who uses Signoz in production

Just want to see how your experience has been so far. Things like upgrading. Resource consumption. Disk space. All that other stuff. Ease of operations ( for context, I’m looking for something that doesn’t require a whole lot of operations as I’d rather just pay for cloud at that point )

https://redd.it/11n272q
@r_devops

Is HashiCorp Certified: Terraform Associate (002) Worth It?

I have an upcoming internship this Summer in a DevOps role. I have never used Terraform first hand, but I do know it will be a tool I'll be using on the job. Is it worth pursuing an associate certification in order to prepare? Does anyone have any experience with this cert? How does it stack up time wise to prepare for?

https://redd.it/11n2k0z
@r_devops

Save $ on public S3 buckets using VPC endpoints via SQL

The cost savings of routing the traffic of public S3 buckets through VPC endpoints instead of NAT gateways in AWS can be quite large. NAT gateways are the default. We wrote a guide on how to do this with r/iasql using a couple of queries: https://iasql.com/blog/save-s3-vpc/

https://redd.it/11n5d6u
@r_devops

whats your development process for github actions and how are you testing them?

so, I have been getting in deep with github actions: terraform with a remote backend, automated testing, linting, automated building, etc.

and I am finding the development process to be slow. 3-4 minutes per iteration and I am iterating a lot because I am learning and small changes are more likely to succeed. but waiting for push, waiting for it to get picked up, waiting for the entire workflow to run is slow when I am making incremental changes. Plus its eating into my GA budget.


I know once my pipelines are all set, I shouldn't touch it much, but I'd love a more responsive, local environment for testing these workflows.

https://redd.it/11n4cn1
@r_devops

when companies provide you with a laptop as an employee and it comes with pre installed software, how does that software get installed?

I might be in the wrong subreddit.. but I'm curious:

My company recently got acquired by a much bigger company, and during that process, the parent company provided all new employees with a laptop, so they shipped 100+ laptops to employees, and you go through a setup process with the IT team, to assign the laptop to oneself.

Usually, there is some software already installed on the laptop after setup. I'm curious how the parent company creates these identical laptop setups for 100+ people...

Is it manual? Do they use a snapshot of an existing setup and then apply that to all laptops? Is there a company that provides this as a service?

Any info would be great, or directions to the right subreddit.

Thank you

https://redd.it/11n7zdb
@r_devops

Deploying CLIs to developer machines

We have some internal tools for interfacing with our Kubernetes clusters and other internal systems. They're all CLIs, some Bash scripts and Rust binaries, and we're looking to have them regularly built and deployed onto developers' machines (Linux and OSX).

Is there an existing solution for this ?

https://redd.it/11n39ie
@r_devops

Proxy Basic Auth Replacement Best Practice for Cloud Native / OIDC / Vault

What would be the up-to-date, cloud native, best practice for replacement of e.g. haProxy with ACLs and Basic Auth, with something like Envoy (it has RBAC) + JWT + Hashi Vault and/or OIDC provider like Okta/AD?

I want to secure web endpoints, which don't support auth natively. Current solution is haProxy with network ACLs and Basic Auth, but I want actual identity check (not network-based), ideally tied to an identity provider (in my case AD) with either rotating token or at least password stored in Vault (and I do realize that I might be mixing stuff here - AD and pwd/token being mutually exclusive, so either is fine, but I want to be able to auth with another software as well, not just human - not sure how to go about that with AD).

I've seen a solution with Envoy+something (I don't remember, maybe traefik?)+OpenPolicyAgent+Okta in K8s env. It was ugly :-D. I want something independent of k8s, so I can place it in front of a historical service running on a VM, and secure it while it's being migrated and ideally doesn't require 3 containers to implement :-D.

Thanks for any suggestions and pointers!

https://redd.it/11nas9j
@r_devops

How to change all links across a 200 page site, automatically?

An affiliate program needs me to change all links to their new landing page URL.

It is thousands of links across 200 pages. What is the best way?

https://redd.it/11n3127
@r_devops

Any way to automate CVS version control?

Company refuses to switch to git.. any way to automate CVS or create some type of pipeline with it? Right now I have to run cvsq on all dev files and then sign off on it.

https://redd.it/11n2nhy
@r_devops

DevOps with background in computer science

Hi. I'm currently facing a bit of a dilemma. So i recently started a position of devops trainee (i have a background in computer science and i actually enjoy programming).... However my company tends to be very "Ops" oriented, there's almost no work nor projects where we work directly with the developers, it's mostly "services" where they provide or maintain infrastructure. There's little to no-code involved (except for terraform used for IaC, which is mostly scripting) and I find it really boring working with that.... The most exciting task i came up with was developing a lambda (which i suggested, cause I was the few that knew how to code), where i can implement, create unit and integration tests and deploy it in a pipeline and it's very similar to the SWE types of tasks that I learnt in college, so I'm more familiar with and find it more exciting to do......

And I'm really debating now if I'm completely in the wrong job position (should i become a developer?), or if the company perception of DevOps is just off (but I'm actually very newbie and idk how i can help to improve its culture).....

https://redd.it/11mwirj
@r_devops

Top 10 DevOps Tips for Cloud and backend Applications (Presented in the Arabic Language)

Top 10 DevOps Tips for Cloud and backend Applications (Presented in the Arabic Language)

أهم 10 نصائح DevOps للتطبيقات السحابية

https://www.youtube.com/watch?v=c_ay2xZDRUw

https://redd.it/11mzx6e
@r_devops

How do you Bootstrap an Organization in Google Cloud Platform?

I found this process very intense from a team interaction point of view, especially when the conversation goes down a rabbit hole trying to solve the chicken and egg problem.

I try to optimise based on principles while still knowing that we are in a state when we cannot adhere to them 100%. I proceed in a three phases approach:

* Inception Phase (Ring 0)
* Pre-operational Phase (Ring 1)
* Operational Phase (Ring 2)

You can imagine these 3 phases like the protection rings in an operation system where you gradually tighten the adhere to principles and policies. I explained in more detail in this video: [https://youtu.be/RDF4Yf5JhPI](https://youtu.be/RDF4Yf5JhPI)

Would appreciate any feedback.

https://redd.it/11njbmz
@r_devops

FeatureProbe: Streamline your DevOps workflow and achieve faster and safe feature releases with seamless feature flag open-source integration.

https://github.com/FeatureProbe/FeatureProbe

https://redd.it/11nk9na
@r_devops

How do you handle CSP Headers for a multi tenant application?

right now its just one CSP for all of our tenants and we keep adding domains if we see a block. as you can imagine our CSP is huge.

you think doing a * will not be a security issue? (my heart says it is.. lol)

Dev team seems dont think its a priority to include this in the application per tenant

https://redd.it/11nlice
@r_devops

Sonic Pi Can Help You Make Music Through Code. So cool.

https://gotopia.tech/articles/220/Sam-Aaron-SonicPi-can-help-you-make-music-through-code

https://redd.it/11nm35a
@r_devops

I'm looking for a good vulnerability management tool, big bonus if it can integrate into the deployment pipeline

Hello all.

Can anybody recommend a good vulnerability management tool for cloud-native applications?

I am currently trying to find something that can perform real time monitoring for a basic tech stack (java, php, go etc), api's and ideally infrastructure,

Bonus if it can perform static code analysis! I am hoping there is a singular tool I can get for all of this, but as it seems it looks like I may have to go with 2 or 3

Currently looking at Dynatrace, which has some great agent-based real time monitoring, but it lacks the overall infra and static code monitoring

Any help appreciated, thanks

https://redd.it/11nl6jf
@r_devops

Is Push based GirOps dying, or it's just me?

Personally, as a guy who works with k8s a lot, I prefer the Push GitOps because I feel that I have more control over what I'm dealing with. The whole ArgoCD tendency is driving me nuts, because I think that ArgoCD is cool if it's provided kinda as a service to devs, and they can use it to deploy what they need to have without my help, but if I'm running something I prefer other tools, for example Helmfile

I feel that Pull GitOps is displacing the Push one. And it seems a logical continuation of the getting rid of human factor thing, but still doesn't seem right to me. Because my job is to deal with systems and I need to be able to do it fast in case of emergency. And with pull-git-ops I don't feel that it's possible.

I had a lot of situations when I had to create/remove/update k8s resources manually to fix things fast and then write those changes to git repo without any hurry, because everything was fixed already. And, for example, when you have your whole infra deployed by ArgoCD with AutoSync enabled, you can't really do that without disabling it, and it feels like a very ugly workaround to me, like a sign that system doesn't work after all. (Or you do follow GitFlow, update manifests/charts/whatever, merge, and check if problem is solved, so fixing a problem is taking a way more time)

And the main benefit that I've been told is that you always can see everything that is running in the cluster and the state is always synced. But I can see anything that is running in the cluster with kubectl, (and I actually would never go to ArgoCD Dashboard myself), and the state is not always synced because someone would eventually disable syncing for fixing something and wouldn't enable it again. Also, I don't care what developers are running there, if I'm not afraid that they will ruin the cluster, but preventing a situation like this, is also a part of my job. And also you still can apply anything that won't be spotted by argocd, so you can't even be sure that you see everything there.

But I'm getting more and more confused about this ArgoCD topic while reading articles, talking to people, etc. I've got a feeling that everybody want to use this Pull gitOps approach for everything, but I still don't see real benefits. And since I've got a feeling that I'm becoming a minority, I think that I should consider changing my mind on this topic. So, if you prefer Pull GitOps for infra stuff, could you say why?

UPD: I meant Push based GitOps, of course, but I think that I can't change the name anymore

https://redd.it/11noszn
@r_devops