How to automate security patching for OSS docker image?

I work for a large organization, and we are working on deploying open source infrastructure in production. The infrastructure relies on 2 docker images for a UI and a metadata service endpoint. Obviously, our organization is very strict on security so we have a security hardening process that we have to abide by.

Currently, we are trying to minimize operational maintenance, and part of that is having to manually construct a hardened image based off of the original OSS image. That includes changing the base images to custom hardened ones that are internally provided, using the latest source code, using a different nginx conf file, using an interal npm registry, etc. The are lots of little fragmented changes that I do to manually adapt the original docker files, and it would make automation not so straight-forward.  Curious about what patterns and technologies others are using to automate patching for open source images.

https://redd.it/11xnpr3
@r_devops

"Off the record" hangout on Friday: How cruise reduced CI time on giant monorepo

This month the Aviator.co team will be joined by a group of senior engineers on Cruise's UCI team (unified CI team). They'll explain how they managed to reduce CI time on their giant monorepo. They've done some interesting work with intelligently managing runs, auto-quarantining bad tests, etc. Come hang out. No recordings or sales follow-ups. Just a hangout, as usual.

https://getcruise.com/

Sign up here:
https://dx.community

https://redd.it/11xhx2e
@r_devops

Should I leave my junior devops (small company) for a junior SRE role at a fortune 100. But my current role is full time at-will and the other one is a 1 year contract to hire.

Salary difference is 10k more than my current role. And the other one is hybrid but once a month with 20-30 min commute. Please advise!

More context:

I recently obtained my AWS SAA which led me to the f100 offer. And the team is production facing with alternating on-calls that primarily use AWS but some other cloud services. My current place is very legacy with intentions of using more modern stack but not yet executed.

My concern is do the risks overweigh the rewards? About 1.5 yoe, counting internship. Please share your experiences.


Edited to add context.

https://redd.it/11xrd7l
@r_devops

Continuous cloud run deployment problem

Hey everyone, I'm trying to run a continuous deployment from bitbucket with google's Cloud Run and I have a weird issue where my settings don't look like those I find online, or match the Google's docs. Was the feature removed or do I lack privileges? Help would be appreciated.

https://redd.it/11xxymp
@r_devops

Long term Prometheus metric storage

Curious what everyone is using for long term storage of their prometheus metrics. We currently store metrics on disk locally and have also tried Longhorn which has proven to be more trouble that its worth.

Looking to store 30-90 days of metrics and curious what people have worked with in the past for long term metric storage

https://redd.it/11xrcj0
@r_devops

Tips needed: Adopting DevOps for a support team

Hello. We are in the midst of a transformation in our organization, and we are considering the adoption of Agile and DevOps. In line with this, for our team, I've been considering training our group wither via EXIN's DevOps Fundamentals or Devops Institute's DevOps Foundations. Which is better for a team to get acquainted to DevOps? Your advice is going to be very helpful. Thanks!

https://redd.it/11xn0hh
@r_devops

Salary accurate?

I have been working in devops for about 1.5 years now since I graduated from school. I graduated with a bs in cs and landed this job through connectionsi am currently making between $60k and $70k.

Is this reasonable for someone who had no internship experience? Or am I being low balled?

https://redd.it/11y3ctr
@r_devops

How to enable sonarqube code coverage checking using .net framework

Hello Team,

Anyone here have tried to add code coverage checking on their sonar scan for .net? Could you please give me an example on how to do it and what are the requirements for us to do that?

​

Note: I'm using .net framework as a build tool

Thank you team! Have a good day!

https://redd.it/11y46ri
@r_devops

📣 Understand Probes In Kubernetes - Liveness Probe, Readiness Probe, Startup Probe 📣

This is my 4th video on the Kubernetes series. In today’s video, I will share how to use different probes to check the container health and take actions accordingly.

I will be talking about three probes - Liveness Probe, Readiness Probe and Startup Probe. Finally I will provide one example where I will combine these probes to get most benefit out of these.

📌 Video: https://youtu.be/gahdtHYHbjI

https://redd.it/11xityb
@r_devops

EC2 Instance families interview question

I was asked about the difference between all the EC2 instance families. Are we expected to memorize that? What would you have answered?

https://redd.it/11y7y5v
@r_devops

Parseable - an open source log observability platform

Hello DevOps community, we've been working on https://github.com/parseablehq/parseable for a while now. Would love to get any feedback, questions etc.

​

Major driver for us to build Parseable, is the acute absence of a developer friendly, simple product to just ingest logs and integrate with current tools in the ecosystem. Parseable is

1. Written in Rust for memory efficiency and performance.
2. Uses Apache Arrow and Parquet for data management.
3. Based on indexing free design for fast ingestion (up to 100K events / sec / node).
4. Uses object storage (like S3) as primary storage system for cost effective storage.

​

Log dashboard in Grafana (powered by Parseable data source): https://demo.parseable.io:3000/d/ojonXSp4z/parseable-demo-data?orgId=1&refresh=1m

Get Started: https://www.parseable.io/docs/

https://redd.it/11y9hpp
@r_devops

Professional over thinker doing a job interview

Hello, so recently i applied to a DevOps engineer position as a joke with friends. I actually have a decent background on both for someone who hasn't been highered yet. I got this test, where i have to make an automated currency converter that uses an intermediary currency, so if the user selects USD to EUR, i have to do something like this USD -> MXN -> EUR. Every decimal point after the second decimal point is "mine" to keep. But i also have to find which intermediary is the best for the customer and which is the best for me.

I finished the projects in around 3 hours, with bug fixing taking about 45minutes and searching for a good API took about 30minutes. So in total i spent time codin was around 1.75h? It's around 60 lines. A friend said he wouldn't use any imports except the requests import, to show skill. Currently I'm importing math (only for trunc() function) and pandas and IPython.display to create the table and display it in the console, since for somereason pandas style function didn't work.

Is it better for me to not use imports to do it, or is it better?

To people asking why I'm doing the test, its because I'm bored at home and like a little challenge.

https://imgur.com/a/mpP367o heres a view of the code. I haven't taken the time to make it look better yet, since i decided to hit the hay once i got it working properly.

https://redd.it/11y8erp
@r_devops

The DevOps Conference happening now - and it's free

People who want to listen to speeches and go to conferences, see www.thedevopsconference.com. Registration is required but it's free to join. Live program for two days.

If you think this counts as vendor spam (rule #4), please let me know and I'll remove the post.

https://redd.it/11ybf0z
@r_devops

Need help with career decision!

Currently I'm working as a junior cloud engineer (Azure) with 9 months of cloud experience and a overall professional working experience of 2+ years.
The reason I'm looking for a switch is, my company decided to shutdown the cloud dept as it was a startup. Currently serving my notice period.
I have worked on couple of projects and have to knowledge of Azure DevOps, ansible and gitlab.

Should I look for a switch in DevOps or look for a similar job opportunity?

Please share your view.

https://redd.it/11ycstv
@r_devops

Digger - an open-source Terraform Cloud Alternative (Now in Golang)

Digger is a Github Action that runs Terraform plan and apply with PR-level locks. The idea is that terraform jobs run natively in your Github Actions - no need to share sensitive data with another CI system. There's no need to deploy and maintain a backend service either. We migrated from Python to Golang yesterday. None of the team had experience with golang, but we managed to migrate in a week. Here's why we did it:

* Faster runtimes (upto 30x faster)
* Can be compiled into single binary, advantages for Github actions is that we don’t need to wrap action into Dockerfile.
* Easy to compile binary to multiple platforms, it helps us run from same codebase.
* Interface based development , more guarantees about the code correctness by the compiler when compared to using Python.
* Golang is more popular in the DevOps and infrastructure community, we can find several libraries and reuse them in our code.

Here is the link to the repo - [https://github.com/diggerhq/digger](https://github.com/diggerhq/digger).

Seeking feedback from the community on how our code quality is. Please be as critical as possible! :)

https://redd.it/11ye153
@r_devops

Any tool to automatically containerize Jenkins jobs for future use in other tools?

So, I've heard about Dagger.io, but it's not gonna work out for me. The thing is, I've got a heck load of old and established jobs on Jenkins. Now, what I'm wondering is if there's some awesome tool or trick out there that'll let me put those jobs/stages into containers, so I can run them on a different platform without any hiccups?

https://redd.it/11ye9l3
@r_devops

DO, tf Assign already existing firewall to a new droplets

Hi all,

I want when create a new droplet using terraform (on DigitalOcean) to assign the droplet to a firewall but struggling to understand where my issue is.

​

Thanks.

https://redd.it/11yhobg
@r_devops

Buy vs. build - any tips or frameworks to prepare the decision for mgmt?

There are a few concepts out there, but nothing seems widely accepted. How did you go about this? What's the most important pitfall to avoid?
https://www.talon.one/lp/build-or-buy
https://www.windwardstudios.com/white-papers/build-buy-software-development
https://www.chameleon.io/blog/build-vs-buy
https://divbyzero.com/blog/build-vs-buy/

https://redd.it/11yft6b
@r_devops

DevOps vs Platform Engineering

Me trying to explain the difference between DevOps and Platform Engineering in 3 Minutes.

Enjoy

https://youtu.be/JAblex0uS4k

https://redd.it/11xsbae
@r_devops

Any good online text editors?

I'm getting so lazy I don't even want to have to open an application for basic text editing :) Something that loads up from a link without logging in and has basic find and replace, maybe line join and even regex find and replace.

I have been using https://onlinenotepad.org/ but I wondered if there was something that offers slightly more functionality and doesn't look like it was made in 2003.

​

https://redd.it/11xoa7w
@r_devops

Elite vs. Low Performing DevOps Teams: How good is your DevOps team?

How good is your DevOps team? You can find out where you stand on the software delivery performance scale - elite, low performing, or somewhere in between. Vote below, and let's see where we all stand. Let's together have an open discussion about the #DORA Metrics. Let's see if these metrics actually empower and enable our DevOps teams or are these metrics just BS, easily manipulatable KPI's for micromanaging teams or is this just good old marketing tricks.

Here's the \#google #DORA Report!

View Poll

https://redd.it/11xnep6
@r_devops