User permission tracking / logging systems.

I’m curious what methods you are using to manage user permissions. I work for a small startup, but as we grow it’s getting more difficult to manage who has access to what resources & at what level.
We had an employee take an offer elsewhere & it took a while to make sure we’d removed access everywhere.
We are moving toward SSO wherever possible, but that doesn’t encompass all of our needs.

TL;DR : what tools do you use to manage user access?

https://redd.it/11wlfpt
@r_devops

Easiest certification so I can check a box.

I have about 3.5 years experience in devops at a small business and I need to get a certification, any certification, for a sizeable raise. I dropped out of school and mostly work as a contractor on projects with a dev team etc. My company is going to pay for whatever certification I choose so I'm not worried about price. The thing is I am normally pretty worn down by the end of the day so I'd like to just get one that's easy and mostly stuff I'd already know. My work performance this quarter is what will earn me the raise I just need something I can knock out in a day or two to check the box without burning out.
I am pretty experienced with kubernetes on AWS and bare metal, less on GCP and none on azure. I can easily handle a small-medium sized job on my own and have been the only devops on multiple jobs.


Has anyone taken a cert that was quick and pretty easy and didn't have questions that were so specific that you needed to sit through a 8 hour course first?

https://redd.it/11wobhj
@r_devops

Getting Started/Distracted

Hi Guys,

I am a student about to graduate soon.
Exploring various fields in and around IT.
Currently settling to practice devops and see how it goes.

Can you please let me know what path did you follow and what you wish you knew before getting your hands here?

About me: I write minimal bots and scripts (python) for automation and testing. Have hands-on experience with Github and a beginner in Linux.

https://redd.it/11wphsu
@r_devops

Promoting a packer image between Auto Scaling Groups

I have two Auto Scaling groups with one instance, one for staging and other for production. When I am ready to deploy a change to the app I build a new image with packer and trigger an instance refresh in order to the new image be deployed, but I want to promote it to production so want to know which is the better pratice to change environment variables without building the image again?

https://redd.it/11wqups
@r_devops

Using sentry and Datadog, do they both fulfill the same requirements?

Hi,

My company currently uses datadog for monitoring which I have little experience with. I have some experience with Sentry which I used for error tracking on prod environments (we do saas).

MY question is can I use datadog to fulfill the same level of details and ease of use that I had from sentry, or do people usually use both and for different use cases? If I should just be using datadog for prod error tracking, how do I do it other than just having print statements? it seems a lot clunkier to use than sentry has been for me

Thanks!

https://redd.it/11wulns
@r_devops

continuous deployment with ArgoCD

started using ArgoCD lately, and really impressed with its ease of use and deployment capabilities in K8s cluster, one issue observed is when a new image is created how do ArgoCD know it and update it?

I'm using helm and one option is to manually update the image name in values.yaml , update it in Git and sync it and deploy with Argo, but this is not feasible if the app count managed say is more than 2-3+.

Heard about Argo Image updater but their documentation says " We would not recommend it yet for critical production workloads, but feel free to give it a spin."

Just curious how people achieve automated image updates with Argo in real-world production environments?

https://redd.it/11wvttk
@r_devops

New storage backend for Jaeger - Feedback welcome!

You certainly know Jaeger and its famous UI for distributed tracing.

But, while Jaeger can work in a standalone mode, it does not offer persistence, and you need to pick up a storage backend. Generally, Elasticsearch or Cassandra.

I worked for several months to provide a third choice: Quickwit, an OSS search engine that searches directly on object storage, you can think of Tempo that puts data on object storage but without an inverted index (which Quickwit has).

If you are using Jaeger (or not), I'm curious about your XP with deploying distributing tracing solutions such as Jaeger and your thoughts about such a third choice.

https://redd.it/11wx36u
@r_devops

Ressources to make reusable deployment I can test locally

Hi,

Today I started an internship at a company, and the person in charge of me is basically not there for two days. Colleagues tried to reach out to him, and he told them he may have something to do about deploying a Gitlab Runner and a Sonarqube at a big tech company. They don't use Kubernetes, so I can't just throw a helm chart at the problem, and I don't have any more information apart from that they often use VMs and Ansible.
I could make a bash script, but I fear I might reinvent the wheel or come up something that is not compatible. What is the usual way to get that done ? Do I have so few information that it's pointless, and I should just train at using Ansible with a book ?

https://redd.it/11wsojk
@r_devops

Joining Antler/EF as DevOps

A bit off topic, but I've recently heard of these two VCs and their zero day programs, where you join with or without an idea and create a startup from scratch. I have around 5 years of job experience and I also develop open source and full stack projects in my own time.

Unfortunately, I applied to Antler but got rejected.. had a nice devops-ish idea for a product and also wrote a bit about my experience but it didn't help.

My question is, did anybody here do this or something similar, are there any more cool programs like this? If you did, what can I do to try again or get in, as devops or just as a generic tech founder? It really bummed me out because I thought I had a shot.

https://redd.it/11wqj0q
@r_devops

Pipeline Protection/ Security (additionally for Variable libraries)

Hello All. Can you help me with applying Pipeline protection in Azure where
1) Prod Pipeline uses the prod service connection and
2) dev Pipeline cannot use the prod service connection and should use the Service connection of dev alone.

This needs to be done using terraform.

I have no prior experience in handling these type of issue. Can you explain and provide a solution that I can use?

TIA.

https://redd.it/11wnnbn
@r_devops

Raises: Associate —> DevOps Engineer

Hey all, associate devops engineer here and I’m working my tail off to get promoted at the end of the year. Just curious - what % did your salary get bumped when you got promoted out of the associate role?

https://redd.it/11x3qnz
@r_devops

Python projects for devops

Hi, I'm learning python scripting, I had a few courses, wrote a few simple projects from courses. I didn't have any python scripts in my projects at work, so I'm wondering how devops use python scripting, I think in some lambdas in aws like "shutdown some instances". And I need some project ideas, what to write and how to be prepare to work as a devops in python.

https://redd.it/11wf08z
@r_devops

Recommend tooling for Docker image and .NET SBOM generation.

Looking into finding some quality tools to generate SBOMs as part of Github Actions build pipeline for docker images and .NET project. Recommend some, please.

Thanks!

https://redd.it/11wlbng
@r_devops

What is the best tooling to generate OCI images and .NET project SBOMs?

Looked into cdxgen and docker sbom, not really satisfied with the output of both and especially with cdxgen's reliability. Wonder if there is better tooling available.

Thanks!

https://redd.it/11wkjy1
@r_devops

How Logistics And Transportation Apps Streamline Business Operation And Maximize Efficiency

**Logistics and transportation apps** have transformed the way businesses manage their supply chain operations. As we have discussed in this blog, Solution Analysts is a leading DevOps development company with extensive experience in creating high-performing and feature-rich native mobile and web applications for diverse industries.

https://redd.it/11x8tw1
@r_devops

How do you make the pod use all CPU request?

I have an app that runs computational tasks. I have set CPU requests for the pod, but the app chooses to run slowly and use less CPU. Is there a way to force the app use all the CPU available in order for it to execute faster?

https://redd.it/11wibep
@r_devops

Trying to switch to devops as a complete newbie

Hey guys 22 M here worked as a test analyst and was contributing in both automation and manual testing, tried to switch internally but the management never allowed me to and I resigned from the company. Currently learning Linux jenkins AWS and terraform and ansible( beginner level). need suggestions in preparing for the interview and topics i have to be strong. Overall IT exp is around 1.4 years.

https://redd.it/11xb6lj
@r_devops

Dependency tracker for (really big) builds / deploys

I was asked an interesting question the other day about dependency tracking for build components, so thought I'd ask here to find out what other folk are doing to keep on top of this...

For most of the projects I've worked on, you just have a variables file with the expected version of the components so the build or deploy grabs the versions it has been told to - which have been tested and approved to work with each other...

But if the number of these components doubles? Or is a massive number to begin with - a dependencies file doesn't scale... Do you aggregate things in to bundles? Keep the granularity and use a databases for this? How would that work?

What are your thoughts? Is this something you've tackled before?

https://redd.it/11xcqvk
@r_devops

Helm Upgrade causing the pods to go in the pending state

After doing helm upgrade, pods go into pending state because helm upgrade applies the rollout strategy and it tries to create the replicas of the new pods but since the node has limited resources which causes all the pods to remain in the pending state.

Precisely i get this error : Warning FailedScheduling 6m2s default-scheduler 0/1 nodes are available: 1 Too many pods. preemption: 0/1 nodes are available: 1 No preemption victims found for incoming po.

I don't have the option to increase the node size or count, is there any solution to the problem ?

https://redd.it/11xdesv
@r_devops

DSC Tutorials / DSC Not working?

Hello.

​

I'm trying to get better at DevOps, in this instance i'm trying to learn how to place artifacts on a virtual machine, and how to execute a DSC Scripts, so i can configure a Domain Controller, with users and everything.

My issue so far is, i don't know how DSC should be working, me inserting a 3 line Powershell Script and then using it as a DSC works, however that isn't best practice for sure, and i like to create a DSC which i'm from my DevOps repository places on my virtual machine which isn't connected by a Site2Site, or by the use of a Dedicated host ( for cost reasons ) which means WinRM isn't a possbility.

This is my current DSC, the attempts is to run a custom script, which performs a invoke on my VM to retreive 3 files from my Storage Account, this however isn't working as intended.

Does anynoe have any clue what i'm doing wrong in this scenario, or potentially have tried something like this which wouldn't mind sharing it with me?

Configuration DC1 
{
param

$domainCred = Get-AutomationPSCredential -Name "DomainAdmin"
$DomainName = Get-AutomationVariable -Name "DomainName"
$DomainDN = Get-AutomationVariable -Name "DomainDN"
$SACred = Get-AutomationPSCredential -Name "ServiceAccountCreds"
$destination = 'C:\Windows\DSC\'
$url = 'SasUrl'

    Get-DscResource

    Node "Localhost"
    {   
        Script ScriptExample
        {
                GetScript            =  { return @{result = 'result'} }
                TestScript           = { return $false }
                SetScript            = { Invoke-WebRequest -Uri $url -Outfile $destination }
        }                  
    }
}

SasUrl paramater is a SAS Key, which i've removed for the secuirty aspect.

https://redd.it/11xf3kq
@r_devops

Is there a way to retrieve an output value from one workflow to another in Github Actions?

At the end of my "build.yml" workflow I am trying to export the github run number, so it can be used in the "deploy.yml" workflow.

build.yml workflow:

- name: Upload artifact # uploads artifact as zip to temp runner
uses: actions/upload-artifact@v2
with:
name: RC-${{ github.runnumber }}
path: ${{ env.RUNNERTEMP }}\WebAppContent*
outputs:
runnumber: ${{ github.runnumber }}

I'm just wondering the best way I can reference this output, so when I deploy using the "deploy.yml" workflow, I can use the run_number as a value to notify our slack channel on which run has been built and is being deployed. Does anyone have any good ideas about how to export github variables/values between different workflows (both are within the same repository).

Thanks!

https://redd.it/11xfbqe
@r_devops