What is JWT? How does it work?

Learn what JWT is and how it works in this informative post.

Get a quick and easy-to-understand summary of this important security technology that's widely used in modern web applications. Check it out now!

https://mojoauth.com/blog/what-is-jwt/

https://redd.it/11r31py
@r_devops

Two devs are trying to find out if AWS Application Composer really is worth anyone's time

Designing serverless apps visually sounds good on paper. My friends made some practical projects to find out if AWS App Composer really does that well enough. Their conclusions is that the tool is not yet ready for commercial work, but it does have a promise. If you want to view their App Composer projects with details and code, I invite you to check it out.

https://redd.it/11qf38k
@r_devops

📢 DEPRECATION ALERT: Mar 20 traffic from the old Kubernetes registry k8s.gcr.io will be redirected to registry.k8s.io

📢ICYMI this Monday, Mar 20, traffic from the older k8s.gcr.io Kubernetes registry will be redirected to registry.k8s.io


If you run in a restricted environment and apply strict domain name or IP address access policies limited to k8s.gcr.io, the image pulls will not function after k8s.gcr.io starts redirecting to the new registry.


How can you know if you're affected? it only takes a single line kubectl command to find images from the old registry! (see on the below post)


The deprecated k8s.gcr.io registry will be phased out at some point. Please update your manifests as soon as possible to point to registry.k8s.io.


This is actually good news, as the new Kubernetes community image registry registry.k8s.io will save major egress traffic costs for users not running on Google cloud ☁️


Read more on this blog post:
https://kubernetes.io/blog/2023/03/10/image-registry-redirect/

https://redd.it/11sm10g
@r_devops

Question About Linking Repository To CI/CD

So I have a user account on the company Gitlab server.

When I want to link a repository to the company CI/CD tool by adding a custom private SSH key to CI/CD, am I adding the private SSH key that is linked to the public key of my own user account in Gitlab?

Am I correct in assuming this can't be right as everytime the CI/CD tool uses that REPO, it will have to pull the repo from my own Gitlab user account?

If this is the incorrect way to do it, what is the correct way to do it?

https://redd.it/11qescr
@r_devops

Test data for performance testing

There's some overlap here with data engineering and QA, but I'm more looking for information about how this problem is addressed in other companies and the role of devops/platform in it.

We badly need performance tests. Our service is used by hundreds of thousands of people all around the world. It has fallen over more times than I care to admit and I'm still a bit gobsmacked that we don't have any.

A sticking point we have is that the data in our non-production env where we would do these tests does not have anything like the same volume of production. We have many production RDS databases running on our platform. Our dot on the horizon is for the data from all these DBs to be ingested into a data warehouse where it can then be forwarded to multiple different endpoints. One of those would be the DBs on a non-production environment with a masking layer in between to scramble any sensitive columns. I'm glad we're agreed on the plan, but it feels quite ambitious and the data team who are building this aren't going to have it ready for a long time.

In the meantime, we need something a bit more straightforward. My first thought is to generate dummy data with a similar volume as production. It wouldn't be as good as data sourced from production but it would still allow us to get some value out of performance tests. Creating it looks to me like something that would be driven by developers and QAs, but I have little experience of doing it myself so I'm not sure how feasible it really is.

Can anyone share anything about how they've seen this problem tackled? Also setting up performance tests seems to be a task that involves different expertise working together (dev, platform, QA, data etc), so I'm curious about the different responsibilities that each role typically takes on. Thanks.

https://redd.it/11so5pi
@r_devops

Stuck on this fluentd parsing issue

tl;dr: I want to pull 2 fields from a log file that is a mix of json and log headers.

I'm a bit new to doing anything with fluentd that's doing anything other than fancy regex. Now, I'm trying to parse some logs that are partially JSON, then extract a few field and forward them on to their destination (stdout for now). Here's a log sample:


2023-03-09 00:00:00,029 (threadpool-12345) INFO [HiIAmALog] {statusMessage":"uh oh","status":"FAIL","totalTime":5,"code":34}

And here's my source:

<source>
@type tail
@id tail_log
tag log
path /tmp/log
pos_file /tmp/log.pos
time_format %Y-%m-%dT%H:%M:%S.%L%Z
keep_time_key false
read_from_head true
open_on_every_update true
<parse>
@type none
</parse>
</source>



I'm chopping off everything below the JSON string using a filter and a ruby gsub:

<filter log>
@type record_transformer
enable_ruby
<record>
message ${record["message"].gsub(/20.*HiIAmALog\] /,'')}
</record>
</filter>


This gives me a nice, clean JSON string as output:

{message":"uh oh","status":"FAIL","totalTime":5,"code":34}


Next, I'm trying a filter like this to get just statusMessage and code:

<filter log>
<record>
statusMessage ${record["statusMessage"]}
code ${record["message"]["code"]}
</record>
type record_transformer
enable_ruby
</filter>

I know at this point this is just a string, not a JSON object, so I can't actually parse the fields. I've tried using ruby to_json method to transform it, but it's not working. Does anyone have any suggestions? I've been banging my head on this for too long. Thanks in advance for any help you can give.

https://redd.it/11snkem
@r_devops

How often do you do deployments at your startup/company? A poll!

Just to get a feel for how DevOps/SRE culture has impacted the deployment frequency at various companies/startups.

Thank you very much for your answer!

View Poll

https://redd.it/11spacb
@r_devops

Transfer from Ops to DevOps

Lets say I am working as an «operations operator» (directly translated, no idea what the actual title is) for an internet company and study software development bachelors on the side. How hard would it be to get a DevOps job right after graduating?

https://redd.it/11qh0mu
@r_devops

any pentester that you would recommend?

preferably modern ones and can pentest desktop and mobile

https://redd.it/11su6uv
@r_devops

An adventure with SLOs, generic Prometheus alerting rules, and complex PromQL queries

I'm working on a library called Autometrics that makes it easy to add metrics to a code base and recently worked on support for SLOs/alerts. We ended up with a solution that enables us to have a single set of Prometheus recording/alerting rules that will work for any autometrics-instrumented project and the libraries use some fun label tricks to enable specific rules.

I wrote up a blog post about this experience here in case others are interested: https://fiberplane.com/blog/an-adventure-with-slos-generic-prometheus-alerting-rules-and-complex-promql-queries

https://redd.it/11svszk
@r_devops

Best Tools for Kubernetes Local Development: A Comprehensive Guide

Testing your code before deploying it to a production environment is vital.

One of the ways to do this is to develop and test your code using a local Kubernetes cluster.

In this article, Shingai shared the best tools for Kubernetes local development 👇

https://blog.getambassador.io/best-tools-for-kubernetes-local-development-a-comprehensive-guide-3577d351d31e?utm\_source=Social-Media&utm\_medium=Reddit&utm\_campaign=SM

https://redd.it/11sx8un
@r_devops

Can I get help with my resume?

Hello everyone!

I am asking for help as it is the first time I've had to update my cv since before I graduated and I'm really struggling.

I've done quite a few task in my current job and I don't even know how to group them together or if I should try to summarized everything in 3- 4 points , tbh I feel it's looking awful and it's just a word salad so I haven't finished it in case I was wasting my time and I had to completely change it.

Also, I have some TA experience in grad classes and I did an internship as a data engineer should I add them to my cv considering I will be searching for devops job?

Any advice or criticism would be greatly appreciated !

https://imgur.com/a/rJMuydN

Thanks!

https://redd.it/11sxglh
@r_devops

Why is identity federation better than an alternative?

This is something I've yet to find a good answer on. Identity federation is supposedly to best zero trust way of handling automation, but how is this the case? I agree that a single account with access to everything is bad, but that's essentially what a "federated account" that's able to assume other permissions is as well.

I see the only difference being that assuming other permissions requires an extra token to pass around, and you can segment the tokens and permissions better but is that all there is to the benefits? So instead of leaking that one single account and access with it, you also have to leak the password for the assumed identities with actual permissions?

If the main account has access to read the secrets required to assume permissions, did anything really change security-wise? Perhaps the attacker must now figure out what permissions to assume? Is there some secret to the main accounts permissions that makes this really good in comparison to some alternative?

https://redd.it/11t03qu
@r_devops

Is this a "manage up" or "shut up" situation with a new devops manager?

Hey /r/Devops, how's it goin? You good? Good.

I need some help, or would like for some feedback on something. I'm an IC (individual contributor) again after a few years as a team lead, while I was effective and my teams had really good outcomes and my subordinates had really encouraging and positive things to say about my leadership style when I left the company...

...I came to realize being a workplace leader was asking more of me than I wanted to give to it and it was taking a serious mental toll, so I departed my last job and took a sabbatical for a few months.

Found a new job not long after reactivating the job search and have been very happy where I am over the last year and a half as an IC on an embedded platform team. Instead of one devops "team", we have practitioners partitioned out to different development pods in the organization (best I can tell it's very similar to the spotify team model) working as platform engineers.

The problem is my new manager, who now manages all of PlatformEng whereas previously we reported to the manager of the pod we were assigned to. He's been at the company only a few months now and brought with him a very "us versus them", and high-blame mentality. Specifically blaming dev teams for almost everything.

I don't hold such an adversarial opinion of the developers I support, but the new manager's tone and statements are constantly full of accusation towards them whenever we're reviewing the previous night's PagerDuty incidents during our standups, 1:1's between he and I, and sometimes it even leaks into sprint planning with the rest of the platform team.

Which I have two problems with:

a) Many times now the blame he's applying for why something broke or why a certain deployment incident happened are demonstrably and provably incorrect on many levels, but are consistently targeted at the teams we support. This has had the result of people chasing down red herrings to fix certain things under his orders.

b) if I don't step in and curtly change the topic back to our 1:1 agenda or if on our PE meetings if no one says anything about time left, he absolutely will chew up an entire meeting ranting about what other teams or managers are doing or aren't doing to his satisfaction.

He and I have a perfectly fine and so far healthy working relationship, I can ask for things and have confidence he'll act on it, if there's a blocker he's so far been consistent about doing something about it, so I got nothing to really say about that specific side of the coin, but the other side...I just don't find very helpful.

What do you do here?

Manage up? How do I do this tactfully, but effectively?
Shut up.

tl;dr - New manager wants to blame developers for everything instead of finding ways to solve our shared problems, has the effect of frequently taking team members off task, and prevents project planning because he wants to rant for the entirety of 1 on 1's and other meetings.

https://redd.it/11szz1o
@r_devops

Courses for Cloud Computing

Hey there

My previous job was running with on-premise infrastructure and I was doing plenty of different things - provisioning VMs, creating and managing Kubernetes clusters, writing applications (backend & frontend), etc… In general I am very up to date with new technologies - and have good background in the entire hardware and software stack.

In a few weeks time I will be moving to a company that works only on cloud-computing infrastructure, and not using on-premise hardware and infrastructure anymore. I am not at all concerned about my ability to work with those environments, but I do want to learn about how to use cloud computing well.

What is the best way in your opinion to earn that knowledge and experience in the few weeks I have prior to starting that job? Any particular courses that you recommend?

Thanks a-lot in advance.

https://redd.it/11t1pm3
@r_devops

Learning Git

As an Ops guy I haven't really used Git to its full potential, but I feel as though I'm missing out on a lot of features to make my own workflows more efficient.

I'm looking for a way to learn more about the more advanced concepts withing risking nuking my own environments (although probably the best way to learn).

Is there any online (interactive) course / labs you'd recommend, or a book with practical hands-on examples?

https://redd.it/11t5dlz
@r_devops

Developer Dashboards?

Hello!

What's people's experience with developer dashboards? Minimally something that can show CI status across different branches, but could also pull in test status from, e.g., TestRail, show code coverage stats/trends, maybe have links to autogenerated (in CI) API docs for code, etc.

Thanks!

https://redd.it/11t5cf6
@r_devops

What do you really think of your daily standup?

Most posts about daily standup/daily scrum are polarized- it's either the most important meeting of the day or a total waste of time. I'm a developer turned founder, and I'm trying to find out what the majority really thinks of daily standup and share the results. Share your opinions in Typeform. There's a thank you at the end. https://y90utja3h0v.typeform.com/to/xlCGiutr

https://redd.it/11t7i3x
@r_devops

Is this possible to generate unique certificate for different subdomains based on root cert?

I have a case with multiple hundred virtual desktops shared with user, all of these desktops will have a subdomain, like desktop1.mysite.com, desktop2.mysite.com , etc. Assuming I have a CA certificate generated for mysite.com. Is this possible to generate the separate certificates for these subdomains, keeping in mind that user will have access to the private key? May I do it by myself programmatically, using openssl for example?

https://redd.it/11t00q9
@r_devops

Devops start

Hi there,

Is this a good career to transition to out of being an IT support specialist? Does anyone have some personal insight into how long/difficult the road is to get into this career path?

Thanks so much!!

https://redd.it/11tbpcc
@r_devops

Experience working and using Managed Service Providers?

Hey all, was just wondering if anyone has experience redistributing or selling MSP's through partnerships. Saw Stellar Cyber released a partner program for users and thought I'd potentially give it a shot.

I know there's others like SecureFirst, Fortinet, SecureWorks etc. If anyone has experience with any of these platforms whether you use them for your company or work as a partner I'd love to know more, thanks!

https://redd.it/11tcd5g
@r_devops