Best way to ship code to multiple edge devices on intranet?

We currently use ansible by sending code to one device and then shipping it to other devices in a more slicker manner.

I just wanted to know if anyone from the community has a better solution, would tools like Jenkins make sense or the process any better? Feel free to provide your thoughts

https://redd.it/138e987
@r_devops

Using GPT to Analyze Cloud Security Issues for GCP

As a cloud user, you know how important it is to ensure your cloud environment is secure. With the vast number of cloud security issues that can arise, it's challenging to keep up with the manual analysis and resolution process. That's why I'm excited to share with you my experience using Selefra, a Policy-as-code product that incorporates GPT functionality to help users perform cloud security analysis, cost analysis, and architecture analysis efficiently on Google Cloud Platform (GCP).

Selefra's GPT feature allowed me to analyze my GCP products for security issues in a way that was similar to ChatGPT. By simply executing a command and providing my inquiry, Selefra's GPT functionality provided me with quick analysis and results, making it easier to identify potential security issues and vulnerabilities in my cloud environment.

The installation and configuration of Selefra were straightforward, and I was able to start using the product within minutes. Additionally, Selefra's documentation was clear and easy to follow, making it simple for me to understand how to use the product effectively.

Overall, I highly recommend Selefra to any cloud user looking to enhance their cloud security analysis and resolution process. You can find more information about Selefra on their:

Website: **https://www.selefra.io/**

GitHub: **https://github.com/selefra/selefra**

Twitter: **https://twitter.com/SelefraCorp**

Give Selefra a try and experience a faster, more efficient cloud security analysis process today!

https://redd.it/138fhwl
@r_devops

Providing Temp Elevated Access via CICD Pipeline

We are using both AWS and GCP. Under exceptional circumstance we must provide engineers elevated permissions to production data. We currently do this manually, with an SEM manually performing the changes but sometimes forgetting to revoke later.

I know there are tools for more 'on-prem' solutions available, but before investigating further, I wanted to know what other people in the community are using. We are happy to tailor a CICD pipeline if this is the best solution whilst we move towards an off-the-shelf tool.

What do you use, what do you wish you were using?

https://redd.it/138jl21
@r_devops

Containerless developer environments? devenv.sh

Hey all

We've been developing a tool to make development environments easy without containers, while allowing to deploy the same environment using a container to production.

Containers create a lot of cognitive overhead when it comes to operating a developer environment, but on macOS they also cause a huge performance penalty due to all the layers of virtualization.

I wonder if that resonates well with the rest of developers that it's something that has been missing in the past?

See https://devenv.sh/

https://redd.it/138jg0d
@r_devops

Backstage vs Custom

I am part of a company where it makes sense to have an IDP for our operations because of the sheer growth we are experiencing. So we just got to the big question. Should we extend backstage or make one from scratch?
For backstage we will need to extend it to a high degree because the current plugin ecosystem seems to lack the things we are looking for.

What is your take on this?
Which option did you choose and how is it going for you?
What things would you have done differently if you were to start over?

https://redd.it/138rrvo
@r_devops

An idea about instant infrastructure provisioning tool

So this morning I read some article about a wireguard/vpn provider that can help setup network for specific tech, why not extend the idea to something more broad

so I thinking of something like this:

$ 1nstant project:create project1
using project1

$ 1nstant provider:setup gcp/aws/azure/etc
click link to authenticate to xxx: ...
saved project1/providers-xxx.tf

$ 1nstant provider:use netmaker/tailscale/nebula/zerotier/packetfabric/etc
click link to authenticate to xxx: ...
saved project1/providers-xxx.tf

$ 1nstant network:create net1 bw:1G name:bla gcp:subnet:xxx aws:subnet:xxx
created network on gcp, private subnet: ...
created network on aws, private subnet: ...
both connected via xxx
est. price: xx/month
saved project1/network-net1-xxx-to-xxx-via-xxx.tf

$ 1nstant vm:create vm1 cpu:32 ram:128 region:aws@us-east1 ssd:500 os:ubuntuserver:2204 network:net1
est. price: xxx/month
saved project1/vms-vm1.tf

$ 1nstant vm:create vm2 cpu:32 ram:128 region:gcp@asia-northeast1 ssd:500 os:ubuntuserver:2204 network:net1
price: xxx/month
saved project1/vms-vm2.tf

$ 1nstant vm:ssh vm1
ubuntu@vm1$ ping vm2
64 bytes from vm1.project1 (x.x.x.x): icmp_seq=1 ttl=107 time=43.1 ms
^C
^D

$ 1nstant billing:estimate
xxx/month to gcp link: ...
xxx/month to aws link: ...
xxx/month to xxx link: ...

the rest (creating user, setup DNS/LB, deploying service, etc) can be passed to your own favorite CM tool (terraform/ansible/saltstack/puppet/chef/pulumi/etc)

traceback: https://news.ycombinator.com/item?id=35832047

https://redd.it/138va44
@r_devops

crack course plzz

Techworld it beginners course

https://redd.it/138uyk3
@r_devops

gitlab updates

Hi everyone. Just wanted to know what are your thoughts on the monthly updates from gitlab. We have an on prem deployment.
We first test the update on a qa box and then push it to prod if everything is fine.
Since last six months it is becoming a pain to do the updates because gitlab keeps releasing out of band critical security updates. I think in Feb they release around 3 back to back security fixes, all were med/high priority.
Comments and feedback most welcome.

https://redd.it/1393kem
@r_devops

Help picking a book for a potential intern.

I have about 1 week to prepare my resume so I can send it for an internship opportunity.

I currently have these books that I am willing to read in that time frame:

Let's Go
https://lets-go.alexedwards.net/

And Devops for The Desperate
https://www.amazon.com/DevOps-Desperate-Hands-Survival-Guide/dp/1718502486

Do you have any other book recommendation that will give me an edge and are the previous books enough for an intern?

https://redd.it/13935cp
@r_devops

How do you connect to the pgpool from bitnami/postgres-ha with Sequelize?

const sequelize = new Sequelize({
dialect: 'postgres', host: process.env.DB_HOST || 'my-test-release-postgresql-ha-pgpool', database: process.env.DB_NAME || 'my-db', username: process.env.DB_USER || 'postgres', password: process.env.DB_PASSWORD || 'postgres123', });

I thought you could connect to the replicas through the pg-pool clusterIP component, but I can't.

​

Error: SequelizeConnectionRefusedError: connect ECONNREFUSED 10.104.162.233:5432
(node:18) UnhandledPromiseRejectionWarning: SequelizeConnectionRefusedError: connect ECONNREFUSED 10.104.162.233:5432
at Client._connectionCallback (/app/node_modules/sequelize/lib/dialects/postgres/connection-manager.js:131:24)
at Client._handleErrorWhileConnecting (/app/node_modules/pg/lib/client.js:318:19)
at Client._handleErrorEvent (/app/node_modules/pg/lib/client.js:328:19)
at Connection.emit (events.js:400:28)
at Socket.reportStreamError (/app/node_modules/pg/lib/connection.js:57:12)
at Socket.emit (events.js:400:28)
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:82:21)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:18) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:18) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

​

I also set the global username and password, but I am not sure if this is the correct way to do things.

helm install --set global.postgresql.auth.postgresPassword="password",global.postgresql.auth.username="postgres" release oci://registry-1.docker.io/bitnamicharts/postgresql-ha

https://redd.it/1397dak
@r_devops

Does this seem like an efficient route for me to get into DevOps?

I currently have experience as a Software Engineer around 3 years.

I currently work remotely as a Software Engineer.

I have a CS degree that I recently finished.

I have one AWS cert which is the cloud practitioner.

My plan is to get another AWS Cert Solutions Architect Associate.

Finish this course which a resume challenge: https://cloudresumechallenge.dev/docs/the-challenge/aws/

Then put all this up on my Linkedin and Personal website with the intention of landing a remote job in DevOps.

Curious on other opinions

https://redd.it/13992xz
@r_devops

Datadog Metrics for Terminated Kubernetes Pods+Nodes

I've recently implemented an EKS cluster for Jenkins agents using the kubernetes plugin. The plugin creates ephemeral pods that run a given Jenkins pipeline/job and then terminates the pod. I've also implemented an autoscaler group to add nodes when needed.

I've recently installed Datadog on the cluster and it's working but it appears that once a pod terminates or the cluster scales down (therefore terminating nodes) the data for the given node or pod disappears in Datadog. I would like to see this historical data so that I can fine-tune our requests/limits for pods. I would also like to choose the best instance type to use for our cluster by looking at historical data for nodes.

I've googled this topic for a day and haven't found anything that touches this subject. Is this possible? I'm surprised I haven't found others on the Internet that have run into this issue, so that also begs the question: Am I going about this the wrong way?

https://redd.it/1396yn7
@r_devops

Preferred way of handling/exposing gRPC backends on K8S?

Working on a PoC (proof of concept) project that utilizes K8S and a framework written in Go that spins up a service that has HTTP and gRPC back ends. (One service object for each type of connection)

As this is not the final productionized version, I could cut some corners and simply point the Auth0 and ingress to a singular port on the gRPC endpoint (headless service manifest) but according to my limited understanding of gRPC, this wouldn't scale well as it would only end up pointing to one pod's IP address. And I would probably have to create/expose more endpoints through load balancers/DNS records to more pods to enable this gRPC workflow for greater scale. And the power of gRPC is keeping long living connections open and multiplexing requests through those connections, rather than having parallel connections like HTTP.

But after more research, it seems the way to work around this is to implement a service mesh such as Linkerd or Istio (and the ten million other service mesh services out there).

I guess this was a very long winded way to give context and to ask the community at large this question:

On kubernetes, what is your preferred method to load balance and expose gRPC services (whether it be through service mesh deployments or headless services, port forwarding)? Hopefully methods that integrate well with Auth0 and AWS load balancer controllers.

EDIT: should clarify the only reason I'm thinking of cutting corners on this PoC is that there's a deadline to demo this to clients of the company in about a month's time.

https://redd.it/139appz
@r_devops

where can i get to know tech stacks of big companies other than stackshare(which seems to be incomplete often)

like in netflix's techstack spring boot is not mentioned etc.highscalability . com blogs seem to be quite old and not updated.

https://redd.it/1397act
@r_devops

Laptop suggestion

Hi,

I wanted to know your suggestion for which laptop to go for. I haven’t worked with a Mac before and have been currently using a Windows system.

I will be mainly working on Cloud/DevOps tools like Docker, Terraform, Ansible, Azure CLI, Jenkins, Kubectl and others.

I’m not familiar with the M2/M2 Pro chipset or whether it offers any advantage over a windows laptop when it comes to work stuff.

So should I go for a Mac or look for a windows laptop (and which one) ?

Thanks

https://redd.it/139fftn
@r_devops

Thoughts on "Scaling up the Prime Video audio/video monitoring service and reducing costs by 90%"

Wrote down some thoughts on the recent article by the prime video team.

https://www.infrastructureposts.com/p/e7-thoughts-on-scaling-up-the-prime

https://redd.it/139hib7
@r_devops

Looking for projects ideas for experienced devops engineers

I've been working in the same place for 4+ years and have 8 years of experience in general.

Im looking to do some side projects to broader my experience with other technologoes and make things more interesting.

Ideally i would like to hear a project idea that maybe you had fun completing or taking part in.

Maybe your dream project that includes full system spec and tool list but you never had time to do?

I only ever worked with bitbucket so a project involving github / gitlab could be cool.

Don't be afraid to throw in some interesting cloud services or open source tools.

Technologies should be relevant to 2023 - no Jenkins please 😶‍🌫️

https://redd.it/139pynp
@r_devops

Where do you go for your dev related news? i'm looking for magazine's interpage's or newsoutlets.

title

https://redd.it/139q1fn
@r_devops

How do you write documentation that developers without experience are able to follow and understand ?

This seem like my nemesis. I cannot put myself in the shoes of someone who has a hard time googling for „What is Helm” or „aws lambda in python”..

I just cant. Its fundamentally written in my DNA that if I dont know something -> I learn, search and understand.

But it seems most recent developers are NOT LIKE THAT.

Im supposed to create an introduction documentation to any tech we use. Something like „From ZERO to HERO”..

I just cant do it, most things are so obvious to me, I always forget to put them in documentation.

Worst part is that I know that even, if I write an amazing doc piece -> ppl dont read it and still complain they dont understand and want to be spoon fed or hand holded.

I cannot be the only one with this issue. How other platform teams are handing this ? How do you nit lose your mind with those new devs ?

https://redd.it/139ryg1
@r_devops

Thoughts on this??

Link: https://youtu.be/dV3wAe8HV7Q

https://redd.it/139vx3b
@r_devops

Trunk based dev to deployment

At the company I work at, for an internal tool, we recently switched our git strategy from using long lived branches for our 4 environments DEV, QA, UAT & PROD to using a single branch called mainline.

The current CI/CD setup just deploys from the respective branches whenever there is a merge on their branch. Having moved to trunk based development model, I was looking around for solutions to setup our CI/CD to allow devs to tests their code in lower environments before promoting to higher envs for QA or UAT testing.

What possible ways can this be done without having the need to trigger the CI/CD pipeline for each environment manually and also guarantee that devs or QAs have confirmed that the code works as expected.

https://redd.it/139xotd
@r_devops