SAN certificate issue while connecting to API Gateway

Greetings Team,

I have an application on AWS EKS and it makes API call to API Gateway [custom domain\] on another AWS Account.

​

while doing so we are getting following SSL Error. any help is appreciated to fix this.

​

SSL: no alternative certificate subject name matches target host name 'xyz.somedomain.com'

* Closing connection 0

* TLSv1.2 (OUT), TLS alert, close notify (256):

curl: (60) SSL: no alternative certificate subject name matches target host name xyz.somedomain.com

​

trails i made to fix:

tested with empty host and remote host using curl. still same issue. [curl -v -H "Host: " xyz.somedomain.com \]

imported chain/cert to cacerts and updated certificates in pods still same issue.

https://redd.it/12qrs17
@r_devops

Running business while working full time DevOps

Do you guys run business on the side while working full time DevOps?

I wonder how many of you do side stuff. I have an ecommerce business making 6-figure revenue a year. Also I just started working as a DevOps, I like it. My previous experience was Digital marketer I hated it. I am tired generate cash for other people, they are never going to tell you thank you.

https://redd.it/12qv397
@r_devops

GCP Folder Structure experiences

This year's goal is to start our GCP footprint to shed some on prem equipment approaching EOL/EOS.

Reading the reference documentation and considering our org layout, I'm probably going to create folders for environments, Prod/Staging/etc.

Should Terraform have its own folder for bootstrapping?

Any feedback on what not to do?

Thanks
A crusty old sysAdmin

https://redd.it/12qx5rn
@r_devops

How do you manage secret manager token on your cluster

If you use secret manager you will probably have encountered the problem that all the secrets can be kept on the secret manager of your choice (1Password Connect, HashiCorp Vault, ...) but one... The token to connect to that service!

How you solve that problem when you like to keep all on a VCS (Flux, ArgoCD, custom whatever deploy script, ...)?

The only solution for the moment I have found is Secret encrypt them through SOPS or Sealed Secret.

Any other idea?

https://redd.it/12r0jq7
@r_devops

Feedback, please: Slack tool to summarize long Slack threads and turn them into documentation pages

Nobody likes creating documentation - and so it often is only written once it's first needed: in a lengthy Slack thread.

​

I've built a little tool that you can tag in a thread and it'll rewrite the thread's content into a nice page in your documentation software of choice (currently only confluence).

​

Have you ever seen something similar? How often do you explain something within Slack that's worth putting into documentation?

​

https://go.kubiya.ai/documentation

https://redd.it/12qzpeu
@r_devops

Testdeck, an open-to-everyone tool that connects with your CI system to provide test case-level insights

Hey, All. Aviator just launched TestDeck in beta and we'd love for you to use it (for free) and tell us what you think.

There's a short video that explains how it works here: https://www.aviator.co/testdeck

We're mostly focused on users here so there's no registering or sales follow-up etc. If you have some time, please give it a look. Thanks!

https://redd.it/12qx4xe
@r_devops

How do you go about learning a new technology?

I'm currently learning a few new technologies for work. Just today I was looking through the Azure python sdk docs and they are terrible. Other times, I've looked through documentation but I find myself forgetting stuff after a couple of days and still not grasping some of the concepts. So just curious as to how people go about learning a new technology:

- do you use a course/docs?
- do you make notes(handwritten or typed)
- how do ensure you remember what you've learnt
- what do you do when you're stuck and googling doesn't answer your question?

https://redd.it/12r813h
@r_devops

DevOps a more secure career than software development? AI replacing dev jobs?

Hi all. I’ve completed a software coding bootcamp a

Is the job of a DevOps engineer more secure than that of a software developer? I’ve been keeping my ears on the news and the tech layoffs and jobs being replaced by AI.

Needless to say AI has made it more difficult for junior devs to land a job. I’m at a point where I could pivot into DevOps which would take around 70 hours of tutorials to get a cert for DevOps.

If you were a junior dev right now would you continue to pursue programming or would you go into DevOps for the job security? Granted there are currently around 9 times more developer jobs than DevOps jobs on LinkedIn.

https://redd.it/12r930o
@r_devops

AWS Account IDs: An Attackers Perspective

https://www.zeuscloud.io/post/aws-account-id-an-attackers-perspective

https://redd.it/12qw2ia
@r_devops

Generating SBOM with Microsoft tool from tar of images

Anyone use Microsofts SBOM tool? If so, do you know how to use it to generate a report from tars of images? I keep getting errors...

https://redd.it/12rd19s
@r_devops

Chance of getting a job without kubernetes and cloud architecting knowledge.

Hi, fellas!


So, I have been working in IT Operations for about 4 years: Application support, Infra engineer, DevOps positions. Recently I left my job because company forgot (literally) to pay me couple of times and they thought that was sort of a norm.
And instantly faced the reality of 2023 IT job market. Watched for a new job about 2 months. Pasted OpenToWork badge on a Linkedin and not a single recruiter messaged me. Which is funny, because when i was a green junior, just after creating a profile I got an avalanche of interview invitations.
Sent probably 50+ letters. Of that I got about 4 or 5 interviews, not even technical, just regular team lead tête-à-tête. All interviewers desired me to have cloud architect skills and Kubernetes experience. Unfortunately, literally none of my jobs rolled Kubernetes pods in production, so i have no prod experience of such. Neither had i architect anything in cloud. Though, i know my way around AWS: finished Andrew Cantrill’s courses of curiosity and managed in prod S3, DataSync and CloudWatch. And, of course, I am proficient with regular docker containers and some Nomad.


On your opinion, do I even stand a real chance to find a new devops job in today’s market without production experience of Kubernetes and architecting infra in cloud?


Because if not, I really have no reason to keep beating a dead horse, I guess. Which ("horse") I don’t even like anymore besides a CI/CD and internal software creation parts. And I could try my luck with equally small chances of getting a Junior developer job and do what i really enjoy. Or just retire and start growing beets.

https://redd.it/12ri45h
@r_devops

Junior DevOps Job - no docker, no k8s. Good/ bad?

Hey Y'all,

​

A company is interested in gettng me as junior DevOps. I would love to start in DevOps so I am excited, but on the other hand they dont use docker, k8s and any monitoring like grafana or similar.

​

The job would be basically making deployment scripts for their dedicated server with Xen. And taking care of these VMs, updating the bare metal and taking care of incidents.

They are also not really into getting anything on the server that is not necessary which seems from the talks include any monitoring like grafana.

​

My question is: Should i persue it as I want to start as DevOps or will this be a dead end as they dont use any DevOps tech that would get me experience for future and possible other DevOps jobs later down the road ?

https://redd.it/12ric1h
@r_devops

How much write up / documentation do you do for dev ops ci/cd and deployments ?

I was handed an instruction 4 weeks ago for doing serverless development. Every part code, db, queue, etc has to be serverless. I took a look at the EA architecture repo and there is a list of docs. C4 diags, Deployment, dependency diagram , sequence diagram, functional and non functional requirements. pipeline descriptions, branching strategy, SBOM, packages and library lists, capacity plan, cost plan, data dictionaries.cloud pattern design patterns. Key Architectureal decisions and a step by step guide.
So I've done it all everything from tf resources to nuget packages, vs code extensions to jenkinsfile stages and everything in between.
I'll admit that there was a touch of malicious compliance in doing it.

https://redd.it/12rjspf
@r_devops

Aperture GA -- Open-Source Tool for Intelligent Load Management

https://docs.fluxninja.com/blog/fluxninja-aperture-ga-oss-intelligent-load-management

https://redd.it/12rl7jd
@r_devops

Dynamically creating cloud resources and managing them. Is Terraform the answer? CDKTF?

I'm trying to build a system where I dynamically create and manage cloud resources.

It takes a certain set of dynamic variables where the "base" is standard.
So say a user requests a new VM with some things already configured, but some things are up to the user.

My first thought was just using terraform files to handle the cloud resources. But I'm unsure if this is the way to go with dynamic variables? What would the workflow look like?

Maybe something like CDKTF the way to go to solve something like this?


Right now I'm imagining a workflow that looks like the following:

input variables from external source
create a new set of terraform files (this just seems better to be saved as an object no?)
somehow plug variables into the terraform variables file
apply terraform 
new resources created
take output from resource creation and save it in a db for further monitoring and handling

All of this would probably be hosted in a github repo where the terraform apply commands are run by a managed identity/IAM role using github actions as to minimize the amount of manual labour.


I feel like I'm missing something here though. Or is this a good way to handle a workflow like this?

Should I look into using CDKTF instead? It seems like it's better suited for cases like this where you dynamically create and manage cloud resources?


How have you guys solved similar problems and situations?

https://redd.it/12rmi7x
@r_devops

Is Using Pulumi or TerraForm overkill for starting out with ephemeral environments?

We have the classic DEV -> STAGING/QA/TEST -> PROD setup. At the moment we are getting bottlenecks where small code changes are waiting for bigger features to pass testing before it all of it can go to prod.

I would like to start moving towards ephemeral environments where we could test different features/fixes/changes in isolation. E.g Pushing a specific tag/branch would kick of a process that ends up with an email saying: "You can start testing at this unique URL: https://somerandomID.ephemeral.testing.com"

We already have dedicated infrastructure for staging (CloudSQL instance, Redis instance, Kubernetes node etc) and the problem I am facing is I DONT WANT TO CREATE MORE INFRASTRUCTURE. I want to use the existing instances. E.g All ephemeral databases sit on the same DB instance with a specific naming convention (E.g somerandomID_epehmeral).

Once we are done with the environment we will simply clean up after ourselves by deleting the DBs, K8S namespace etc.

Question: Is using a tool like Terraform or Pulumi overkill? We want to in the future migrate to spinning up infrastructure, but for now its not viable. Has anyone faced the same situation? Should I just stick to some bash/JS scripts to do this for me?

Thanks!

https://redd.it/12rntw5
@r_devops

Thoughts on windmill.dev?

I've been looking for a "Jenkins replacement" for a very long time now. Something that also supports building a UI for specific internal processes. I came across windmill.dev and I have to say I'm surprisingly impressed. Not only self hosing it is completely open sourced, It feels like a combination of Jenkins and Retool but with a modern twist. I also find it super interesting that the UI is the source of truth and the GitOps is just the backup (pulling as opposed to pushing, although you can do otherwise but that's hard because you need to edit JSON files that the UI generates), although it's a new working methodology I'm not used to.

I have to say the UX is a bit messy but it's still an improvement from Jenkins.

Anybody used it? Are the any caveats I should know about before converting my Jenkins pipeline to Windmill flows and apps?

https://redd.it/12rp0th
@r_devops

Is there a way to track who's messing with Pods/Namespaces

Our setup is still old school Kubernetes where everyone can access most of the Kubernetes Resources (Namespaces, pods). So people keep on deleting the pods or modifying them straight from the cli rather than the pipeline (we are fixing this and its a long way ahead on us).

Currently we syslog the logs to ELK and I can't see the info on who's messing with these pods manually in Kibana logs.

I did some research and found out that Kubernetes even don't keep track of this level of info. So how can I solve this issue on tracking who's messing with my env's and kick their a** :-)

https://redd.it/12rqzds
@r_devops

Junior DevOps Engineer here

Hello fellow DevOps engineers :)

somewhat 6 months ago my employer asked me to be part of the DevOps team for our company, which, in its way was entirly newly set up for me and my colleague (Head of Infrastructure and M365 Admin for the hole company). Bevor that i have never got in touch with ansible, docker or anything else, only knew a little bit about linux, and have been working in Customer Support for a Windows Server environment

6 month later i am 80% familiar with out hole infrastructur and I feel somewhat confident working with monitoring through zabbix docker, docker-compose, terraform and ansible. next one is going to be k8s and/or nomad.

Now to my consideration. I (still) feel extremly slow working in comparison to my colleague who has been in IT for about 10 years and setup himself k8s cluster for fun.


I am somewhat anxious and unsecure about my skills, but I really dont now if this is justified.

(Working in Germany btw)

https://redd.it/12rv2wj
@r_devops

IAMbic, A multi-account identity-centric IaC

Hi there, I'm one of the founding engineers at Noq and am responsible for a lot of IAMbic's architecture and implementation.

We created IAMbic to make it easy to unify all cloud identities, going beyond access to manage complex cloud permissions, tracking access all the way from users to cloud resources, and presenting everything in a human-readable, as-code, in an open-source format.

IAMbic supports bidirectional syncing and round-trip capabilities in a GitOps workflow, and includes the following key features:

* **Universal Cloud Identity**: Integrate identities from AWS IAM and Identity Center, Okta, Azure AD, and Google Workspace with more to come.
* **Dynamic AWS Permissions**: Multi-account roles with different permissions and access rules on different accounts.
* **Temporary Access**: Declaratively define and automate expiration dates for cloud access, fine-grained permissions, and identities.
* **Drift prevention**: Prevent out-of-band changes to IAM resources you want to be exclusively managed via IAMbic, like cookie-cutter roles or sensitive identity provider groups.
* **Change History**: Keeps a full audit trail of IAM changes in Git, regardless of whether these changes happened through IAMbic

We’re just getting started on our journey to change the way cloud IAM is managed. We’re huge fans of open source and eager to grow together through your feedback and contributions. Try out IAMbic by following the [Getting Started guide](https://docs.iambic.org/getting_started/). We’d love to chat and hear about your experiences in our [Slack community](https://communityinviter.com/apps/noqcommunity/noq).

https://redd.it/12ryryt
@r_devops

I created a simple project that allows you find some good resources around devops tooling

Hey Everyone ,

I created a simple application that helps you find some good resources around devops tooling , please have a look and give me some feedback
https://devopsupgrade.com/

https://redd.it/12s399u
@r_devops