Why use Lerna over NPM / Yarn Workspaces?

As the title says. Is Lerna still the goto tool for monorepos or have Yarn and NPM caught up and made it unnecessary?

https://redd.it/13dn235
@r_devops

Policy-as-code is recommended for managing cloud and SaaS services

Policy-as-code is a software development model that uses code to automate the enforcement of enterprise policies and standards. In this model, enterprise policies and standards are written in the form of program code, so they can be automatically executed when deploying and managing software systems. PAC can be associated with many security and compliance issues in areas such as access control, data privacy, and security configuration.

The advantages of PAC include:

1. Automated execution: PAC writes policies and standards as program code, making them automatically executed, reducing the reliance on manual processes.
2. Consistency: PAC ensures that enterprise policies and standards are consistently executed in all systems, reducing the potential errors that may occur in manual processes.
3. Scalability: PAC allows enterprises to easily add, delete, or modify policies and standards as needed.
4. Reproducibility: PAC ensures that each execution is consistent, reducing potential changes that may occur in manual processes.

The disadvantages of PAC include:

1. Learning curve: PAC requires team members to have programming skills, which may require a learning curve.
2. Maintenance costs: PAC needs to be constantly updated and maintained to ensure that policies and standards are consistent with changing enterprise needs.
3. May introduce new risks: If policies and standards are poorly written, PAC may introduce new risks.

Now let's take a look at some popular PAC products:

Pulumi Policy as Code: Pulumi Policy as Code is an open-source PAC tool that can integrate with multi-cloud environments such as AWS, Azure, and GCP to help users automatically enforce security and compliance policies.

Terraform: Terraform is an open-source infrastructure as code tool that can automate management of various cloud platforms and services such as AWS, GCP, and Azure. By writing code, Terraform can automate the implementation of security and compliance policies.

HashiCorp Sentinel: Sentinel is a PAC tool developed by HashiCorp that can be used in tools such as Terraform, Vault, and Nomad. Sentinel supports writing rules in programming languages such as HCL to automate the enforcement of security and compliance policies.

Selefra: Selefra is an open-source Policy as Code tool that can use natural language to write rules for security compliance checks, cost configuration checks, and architecture rationality checks on current cloud services.

AWS Config Rules: AWS Config Rules is a service provided by Amazon Web Services (AWS) that allows users to write custom rules to check the compliance of AWS resources. By integrating with AWS Config, users can automatically enforce security and compliance policies without needing to write their own policy engine.

Overall, PAC is an effective method for automating the implementation of security and compliance policies, helping enterprises reduce their reliance on manual processes and improve consistency and scalability. However, using PAC also requires consideration of some disadvantages, such as the learning curve, maintenance costs, and potential introduction of new risks. Enterprises should choose the appropriate product based on their needs and actual situation when selecting PAC tools.

https://redd.it/13dkdc0
@r_devops

can someone point me to a Jenkins CI/CD pipeline project for absolute beginners?

could someone point me to a Jenkins project where I would be able to create a ci/cd pipeline for a simple app? I'm a beginner and am trying to get some real world experience for my first Cloud role. I just need a project that is easy to follow with clear instructions to the point where I understand why I'm doing what Im doing as I like to write blogs to show what im doing and the steps I took so I can show employers. Thank you!

https://redd.it/13dpevg
@r_devops

Hey Reddit fam, do any of y'all know any freelance devops who charge for value rather than time? Tired of feeling like my wallet's on a countdown every time I need some work done. Let me know your thoughts!

Hey guys! So I work for a software dev agency and we not only develop solutions but also set up and manage client servers. As we've grown, our clients have been requesting more complex systems which got me thinking - should we be charging by value instead of by time? I feel like devops is better suited for this approach. For instance, setting up a server only takes me a few minutes with the scripts I have.

Do any of you charge fixed fees for these types of services? I'm based in the US and would love to hear some pricing ideas! Thanks in advance!

https://redd.it/13drujj
@r_devops

Yet another GitHub Outage..

Honestly, these things seem to be happening almost weekly, and usually while I'm working on writing actions. What is going on there.. https://www.githubstatus.com/incidents/pr3498h3qkfy

https://redd.it/13dr7el
@r_devops

Documentation/Help for your platform

I've been looking for a good documentation platform for my SaaS product. I came across Docy theme for WordPress BookStack and ReType. Are there other tried, tested options you all work with today? Please share, thanks so much!

https://redd.it/13dvfzb
@r_devops

OneUptime: Open Source StatusPage.io alternative that you can self-host.

I'm Simon, I'm the OSS contributor to OneUptime (https://github.com/oneuptime/oneuptime) . It's an open-source alternative to StausPage.io. We're working on adding APM functionalities to it to make it closer to an open-source alternative to data dog. It's 100% free and you can self-host it on your VM / server.
Let me know what you think! Happy to hear early feedback and make the tool better.

https://redd.it/13dzh5n
@r_devops

GitHub actions top alternatives

Due to the current state of GitHub I’m considering moving away from actions.

These are my top alternatives please share yours:


1. circleCI
2. GitLab
3. Travis CI

https://redd.it/13dvu0n
@r_devops

Mixing infrastructure provisioning and configuration

I am trying to build a SaaS service where for every tenant I need to spin up some infrastructure and configure it, and would appreciate some help on how to chain those things. I would like the trigger for a new tenant spin up to be as simple as a new line in a file in a git repo if possible.

To keep things simple, let’s say that my tenant infra is an RDA instance and an ASG+EC2 running a Java app. I want to configure my app to use a non-master DB user for least privilege and create the schema.

My first thought was to do this all in terraform (I am already using spacelift for some other infra things) but the creation of the applicational user and tables in the DB doesn’t feel right in terraform, so I am now having trouble designing the best way to chain these things (RDS+db setup+EC2) so that ideally the “new tenant” trigger is still super simple.

Splitting EC2 into an infra step and a “deployment” step I guess could help, but with an ASG there doesn’t seem to be room for a deployment phase “later” since the launch template is defined when the ASG is set up.

I am quite new to this space, feel free to completely destroy my assumptions:)

https://redd.it/13e3nm1
@r_devops

GitHub vs Gitlab

My team moved away from GitHub back before GitHub Actions was a thing after seeing GitlabCI in action.

I am pretty happy with Gitlab, and after Microsoft bought GitHub, I haven't really kept up with it to see if it has gained/kept feature parity with Gitlab.

With all the outages going on at GitHub, I began to wonder: why are DevOps people still using it? Is it some killer feature I am out of the loop on, or is it mainly organizational inertia driving the decision to stay on it?

https://redd.it/13e4eoj
@r_devops

What are the best tracing tools for microservices?

This article covers some of the best options - curious to know if anything is missing from this list.

https://redd.it/13e404b
@r_devops

AWS WAF and SQLiMatchStatement

I'm working on some WAF rules that should be blocking SQL injection attempts, but for some reason they don't work with form input data (application/x-www-form-urlencoded). We're using the match type "Contains SQL injection attacks" vs writing our own.

The website uses a basic html form to post data to an endpoint behind the WAF. The form takes basic data (first name, last name, address, etc) with ~8 fields total.

If I input SQL injection in any of the first 3 fields (ex: SELECT * FROM INFORMATION_SCHEMA;--) the WAF correctly returns a 404.

If I enter the injection string in any of the other fields, the WAF ignores it and returns a 200 status.

Ex:

200: curl 'https://local.test' --data-raw 'A=1;B=2;C=SELECT * FROM INFORMATION_SCHEMA;--'

404: curl 'https://local.test' --data-raw 'A=1;B=2;C=3;D=SELECT * FROM INFORMATION_SCHEMA;--'

I can't find any documentation on how the match type works beyond a very basic overview. I suspect this is to prevent people from trying to circumvent it. But it makes no sense to me why only the first 3 fields of the form input are checked.

Has anyone encountered this before? Is there some trick to checking form data for SQLi, or at least better documentation on what is being blocked?

https://redd.it/13dxx6p
@r_devops

Should I continue in DevOps?

So, I'm about to finish a two-year apprenticeship in a large company. I've been working as a DevOps there, and I'm wondering if I should continue in this field. For context, I'm over 30 years old, and I made a late career change. I only started working in the IT industry about three years ago, roughly, and it has always been through apprenticeships. I have primarily a networking and systems-oriented background.

But in my current job, even after almost two years, I still need help with certain topics. The infrastructure is very complex, and I still make mistakes or don't know where to turn to (we're talking about a company with over 1000 employees). Even after one year of apprenticeship, some of my colleagues (not all of them) complained about my lack of autonomy.

However, I do have autonomy, I understand the tools being used, even though I occasionally make coding mistakes which are becoming rarer. Where I have questions is primarily about how a specific service works, and since I don't have much knowledge in development, I also have some inquiries at that level.

In comparison, another employee who was an apprentice before me for six months and has been hired since is doing much better. However, he has a development background and many years of experience in that field. But he is constantly used as an example compared to me, to tell me that I'm not progressing fast enough.

I enjoy DevOps, and I really like creating infrastructure as code, but I'm wondering if I should continue in this path considering the feedback I've been receiving. To be honest, I mostly feel that some of my colleagues are being unfair, and that it's normal for an apprentice to have questions and need guidance on certain topics, even after almost 2 years. Some other colleagues have confirmed this viewpoint.

But perhaps after 2 years, all apprentices in the world already have complete autonomy. If that's the case, then maybe this sector is not where I belong. What do you think?


( I apologize if there are any language errors, English is not my native language.)

https://redd.it/13dig37
@r_devops

Branching Strategy for multiple APIGW endpoints split in different resources

Hi Everyone, I'm looking for a good way of Branching strategy in order to maintain the liason between APIGW split in different resources containing several endpoints. We are using CodePipeline to orchestatte the CodeCommit repos, CodBuild and CodeFormation. The solution involves APiGW, Lambdas pointing to a specific ECR images. I'd appreciate any recommendations for the Branching strategy. Thanks. Kind regards

https://redd.it/13eaz54
@r_devops

Suggestions for improvements to the environment

Hey people!

I currently work in a government agency and am solely responsible for the DevSecOps area in an environment that is migrating from monolithic applications to microservices.

We have two Kubernetes clusters, one for production and one for development. Both are single node.

I'm wanting to migrate each of them to at least have a control plane and two workers.

Allied to this, I also have to define the monitoring tools. I thought about using ELK stack.

Also wanted to use a management tool. We have RHEL licenses but not Openshift, so I'm considering using Rancher.

​

I would like your opinion on cluster architecture and management tools.

https://redd.it/13d1eg6
@r_devops

What DevOps tool you wish that existed? I'll create it for free!

I'm not kidding. I have enough DevOps and programming experience, in addition to time and will.

I have recently tried to create a cross-platform cloud management tool accepting any feature requests but it didn't gain any traction even after open-sourcing it and making it as easy as possible to build and understand.

So I'm thinking now: maybe that is not the tool that everybody needs! Maybe they need something like a Kafka manager (with features that current ones don't have), a real-time messages editor/monitor, a tracing tool, a deployment tool, etc...

And you might ask: why am I doing that? Well, I'm a senior dev and I just don't like the way my career is growing. It is growing at the "normal" pace, but I'm trying to find a way into entrepreneurship. So my plan for this app to be free + open-source for the first two years and then I'll start adding enterprise features for paid customers complete with source-code, while still maintaining the free version (I promise!). So let the ideas come!

https://redd.it/13ed4ie
@r_devops

Has anyone switched to a product team from devops? What were your reasons and how are you liking it?

I'm curious if any others have come from building products as a SWE to DevOps, and then gone back. What did you like about each role? What didn't you like?

​

For me it feels like product work is much more flexible with the implementation details, and creating/scaling infra or setting up monitoring and alerts is very rigid, there's not much room for creativity, however, there are moments of pure automation joy when everything works and needs little maintenance.

https://redd.it/13eesqi
@r_devops

How do you deploy multiple preview environments across multiple repos and branches?

Hi. Currently working on creating a better way of managing our preview environments.

Our current setup is having 10 preview environments which can be set to a branch on demand, using a web-ui (Forge). However, as this is kinda unscalable and not dev-friendly, I am working on a way to automate this using Github branches and automatic deployment to AWS.

So, when someone creates a PR on frontend, I will deploy everything needed to AWS (like an S3 bucket). However, I also want it to "connect" to its own, isolated, API (say, an EC2 instance). This seems simple, but we ALSO want to be able to select on which branch that API is checked out, as our devs' workflow is often that they work on api and frontend simultaneously, so we can't just make their frontend PR-deployment connect to api-master.

Does this make sense?

I basically have every building block already done, except for this part - the "workflow" part as we call it.

Would love some insight into this! If you need more info on specifics in order to give a meaningful answer, please let me know!

https://redd.it/13efp40
@r_devops

I had to do mandatory military service which wasted a year of my life (had no access to a smartphone or internet). Have a career fair coming up but I don't even know what kind of jobs to apply for.

######My resume

----
After I graduated from university, I did 13 months of military service, training police officials with my IT skills. No phone or internet access and only a week of vacation monthly. Tried to study but limited access made it unfeasible, so I postponed it till I was done with my service.

Now, I'm currently following the "devops roadmap" that recommends foundational knowledge in Python, Linux, Networking, AWS, and IaaC. I have a solid grasp in python and linux (studied for the RHCSA), and I'm now prepping for the AWS SAA cert while grinding leetcode.


Questions:

1. What kind of jobs do I even apply for? I don't think I'm ready for a developer position. And yet, I don't have the necessary experience for a system administration one either.


2. Should I continue learning the rest of the roadmap?

https://redd.it/13egfeu
@r_devops

DevOps to ‘DevOps’

Yo Dev-Ops cats.


I hope some of you can hear me out and maybe relate to me a little. And if possible offer some advice, or encouragement.

When I got into the industry I started as a software developer. I was doing C#, a little javascript, and a little Java. I was new and young and it was awesome. I could write run-on sentences for days describing how happy it made me. It’s like a toddler describing Christmas to an alien.

Eventually I started learning the Ops side of the project I was on. That was exciting. It was new technology, it was meaningful to my project. I could see a direct impact of what the Ops had on the Dev work. And why they would go hand in hand, praise the DevOps!

Here’s where the storm clouds roll in. Once I learned these Ops skills, like CI/CD, Docker, Docker-Compose, other sys admin things, I was sort of pulled. The company said “this is great! We have a guy who understands this new (ish) technology and can reliably use it for a project!” So they set me loose. I was now doing Ops for every project it felt like. I thought wow this is interesting. But boy did I burn out fast. I didn’t realize that I lost all of my passion and drive because I was missing real DevOps. Not ‘devops’.

I was missing having a meaningful relationship with the project that I was working on. I missed doing Ops for something I was working on. Not Ops for someone else’s problem. This model of taking real budding DevOps programmers and making them ‘devops’ or really just ops guys can’t be something only I went through.

I just don’t know what to do. I feel like I had so much momentum as a developer(and originally more of true DevOps programmer). But I feel like a baby who had his lollipop taken away. Personally I’m tired of feeling bad for myself. I’m going to find a way to break back into a real DevOps role. But I’d appreciate any thoughts, advice, relating to’s, or even ‘this is the wrong place for this bud’.

As for the title I describe this as being a DevOps guy put into a ‘devops’ role looking to return to the DevOps guy. Like Star Wars:

Star Wars 4: A New DevOps

Star Wars 5: Empire ‘devops’ <- I’m here

Star Wars 6: Return of the Dev-Ops



Help a DevOps guy out.

P.S. on mobile, sorry for format issues. Plz comment and I can fix in the morning. Been up all night with an existential crisis (this is it this is the existential crisis).

Edit 1-3: formatting

https://redd.it/13ei26p
@r_devops

Digest #102: Are Terraform’s days numbered? - Same argument that language X may die b/c of new language Y

Its not apples to apples. But these headlines are stupid for a devops bulletin, misleading to some that may not have a grasp on what it means for them, if they are just getting used to TF.

Just b/c Prime goes Monolith, after rapid development and exhausting, enough, mitigation of performance to realize, that its time.

TF doesn't only deploy/use micro services, lambda, step functions and containers.

</rant> I guess. You see this so often on subs like r/AskProgramming

https://redd.it/13d71dy
@r_devops