How much of your learning and experience is self (personal AWS account) vs on the job?

I have been working in a cloud engineer position for about a year. On the job learning has been really slow, I am the only person in my team in the US (rest are in Europe or India). I am working on Acloudguru and Acantril AWS video courses to learn. But so far it feels like learning to drive by watching videos.

How much learning should be on the job, as in with actual projects and engagement with other team members, versus self learning? Atleast the good thing about AWS is that you can in theory do complicated setups in your own AWS account. Provided you have enough money to cover the cost of running the infrastructure.

https://redd.it/13mh5fd
@r_devops

Hi can anyone please help me ?. My Postgres docker container is not running


When I do sudo docker-compose logs it just outputs “Attaching to pg”(pg is the name I gave to Postgres container)

Here is my docker compose file : https://pastebin.com/as3FFHm2

Here is my sql file : https://pastebin.com/J5qdsC85

https://redd.it/13mixob
@r_devops

Secretless Self-Hosted Github Actions Runners for Azure...possible?

Recently got into a debate with a co-worker regarding this concept.

I raised that for most applications in the Azure space since runners are event-driven, you could leverage a managed identity on the VM or Containerized runner, and not need to use secrets at all for most general workloads.

Examples of general workload would be:

\- Deploying Infrastructure via ARM

\- Working with Az CLI

\- Executing Az Powershell scripts

\- Working with Graph

This was met with a lot more resistance than I thought. Am I off base here? Is this really harder than I think it is?

I really see no reason why you can just grab a token based on the MI, then use that token to action against anything you need so long as you give the MI the correct permissions/access.

https://redd.it/13mj5w3
@r_devops

Just took the google professional DevOps engineer certification. The exam questions have completely changed. Please help?

The questions were completely different except maybe 5-6 from April 28 when I last took the exam. Does anyone know where I need to look to find actual updated exam questions and content? Any help would be so appreciated

https://redd.it/13mif3k
@r_devops

Terraform and ansible or only ansible?

Not sure what tools to use. We create VMware templates with packer. Then to create VMs from templates should we use ansible or terraform?

https://redd.it/13mm6cx
@r_devops

Contract Testing on Kubernetes with Microcks

Contract Testing on Kubernetes with Microcks: https://piotrminkowski.com/2023/05/20/contract-testing-on-kubernetes-with-microcks/

https://redd.it/13mlx9j
@r_devops

Unable to install Nginx from Ansible

How can I install Nginx through Ansible through this repo , I am unable to get latest version from this repo

https://redd.it/13mlgpg
@r_devops

Bootcamp

Hey guys any free bootcamps,courses with different topics like kubernetes,agile,etc.Im totaly new in devops,but not new in programming,python and JavaScript

https://redd.it/13lr6s3
@r_devops

How do you WORK WITH testing teams?

We have developers working on Jira tickets. Approx 5 developers and 3 testers. Here's our current flow: Developers create a pull request that addresses a Jira ticket from a feature branch to a main branch. (Jira goes to "In review). Automated testing is run against the branch. Another developer reviews and then approves, and the branch is merged to main. Automated testing is run against the main branch and a developer approves deployment to a "dev" environment. (Jira goes to "In Test")

A tester does some manual/semi-automated testing against the dev environment (updating automated tests if required). If tests pass then "main" branch is approved to be deployed to a staging environment. (Jira goes to "In Staging") Then more verification happens and if that passes main is deployed to a production environment. (Jira ticket goes to "In Prod")

The problem I've seen is that it takes a long time for a ticket to go from initial development to production. And it's unclear i) who is responsible for a ticket and ii) when a ticket is really done. We have many situations where when there's a failure found by a testing team we can't pinpoint the ticket/branch that caused the failure, so all are blamed. Similarly we have situations where developers are held back from merging PRs because "dev is broken" or "we're still doing testing".

My instinct is to declare a ticket done when it is merged and auto-deployed to the dev environment. This decouples responsibility/ownership. Any findings from testers are caught and raised as new tickets. Is this a sensible approach? How do you work with testing teams?

(Not sure if this is the right sub, but seems like the closest I could find)

https://redd.it/13mxhqh
@r_devops

Fairly new to devops, I'm looking for feedback and ways to improve our cicd pipeline

Hello everyone, I hope you're having a good day.


As the title states, I'm seeking feedback for our (startup) CI/CD pipeline and deployment process.


Currently, we have four different services running as dockerized containers:

\- Next.js frontend (React frontend + API)
\- Node.js backend (connects to external services, writes to the database)
\- InfluxDB
\- Nginx


We utilize Docker Compose to run these services in development. For deployment, we push the code to GitLab, where a GitLab CI action is triggered. This action builds all the images based on a build-docker-compose file and pushes them to Docker Hub. Finally, we connect to a remote VM where we:
\- Copy a run.sh file to the VM using SCP
\- Copy a production-docker-compose file to the VM (which currently contains the environment variables) using SCP
\- SSH into the VM and execute the run.sh file, which stops the services, pulls the latest images, and starts them up again
Currently, this process works well for us since we don't rely on external services or frameworks. This keeps the complexity low, which is beneficial for our developers who don't have a software engineering background. We have discussed the possibility of migrating to Kubernetes, but at the moment, I don't see the need for it. While Kubernetes offers advantages, its complexity would introduce additional costs for us without significant benefits.
Please feel free to provide feedback or comments on how we can enhance our DevOps processes.
Thank you!

https://redd.it/13mvttz
@r_devops

Does there exist a tool like docker compose that runs containers serially?

Looking for a platform agnostic ci tool that uses containers for each step. Similar to Argo workflows but not as complex or featured. If docker compose could run containers serially it would be perfect for what I’m looking for. Use case is the developer would be able to run the same workflows on their local machine as the pipeline regardless of which ci platform is used officially (we use multiple).

I started working on building a tool but wanted to check first in case it already exists.

https://redd.it/13n1nbd
@r_devops

How's DevOps market right now?

I see most of the companies are pulling away the consulting roles out there. How do you feel the heat right now in contracting world for DevOps out there?

https://redd.it/13n005y
@r_devops

What are some harsh truths that r/devops needs to hear?

Title.

https://redd.it/13n6pmp
@r_devops

How to encrypt traffic from NginX server to upstream servers?

Hi, I have a two EC2 instances. One is a public instance which is a NginX API gateway. Other instance is a private one which I use to run my microservices using Docker compose.

Currently I configured Let's encrypt SSL certificate in the NginX API gateway. So from end users to API gateway traffic is encrypted. But from API gateway to Private EC2 instance traffic is not encrypted. How can I encrypt that internal traffic. I couldn't able to find a proper document or tutorial on that. Can anyone help me?

https://redd.it/13n8gmm
@r_devops

I don't see any volumes when i do "sudo docker volume ls" . even tho in my docker compose file i have mention volumes and the postgres container runs perfectly and i can see data in specified path. I also have few questions if you guys can answer it. it will be of great help

Here is my docker-compose file : https://pastebin.com/wxHZD8nn
Here is my init.sql file: https://pastebin.com/PsfA9iGW
As far as i know docker volume has two types bind mount and named volumes
below are my understanding of both kindly correct me if i am wrong
1) Bind mounts are entire path ex: /home/test/data:/var/lib/postgresql/data
2) Named volumes are name of folder which is created inside /var/lib/docker/volume/{folder name}
ex: test:/var/lib/postgresql/data
A test folder will be created inside /var/lib/docker/volume
Please correct me if i am wrong
also can you guys please tell me
1) How can i write bind mounts or named volumes in docker compose file ?
2) what is the correct way ?
I would like to know how to add different types of volume in detail because i though only named volumes are written with top level volume but i also saw bind mounts too . so i am kinda confused now
Please help me clear my doubts

https://redd.it/13mzo0z
@r_devops

What's the point of defining the URL of an environment in GitHub Actions?

jobs:
myjob:
runs-on: ubuntu-latest
environment:
name: test
url: ${{ steps.test.outputs.url }}
steps:
- name: Test
id: test
run: echo "url=https://reddit.com" >> $GITHUBOUTPUT

If in order to run the Test step, the environment should have already been chosen, what's the point of setting the URL this way?

Have seen many examples doing this in one way or another. For example, https://github.com/actions/starter-workflows/blob/main/deployments/azure-webapps-python.yml.

https://redd.it/13nbdxg
@r_devops

What interview questions trip or expose most or a significant number of candidates

If you’re an employer or have been on the question asking side of interviews, what questions trip a lot of candidates or questions that you throw out there expecting a high chance of failure or the candidate to have to think a decent bit about the answer and if you’re a candidate what kind of questions like these have you seen

https://redd.it/13ncs07
@r_devops

Help, new on the area

Hello people! I want to get to know the DevOps area
What should I go FIRST to learn the best? What should I look for?
Many thanks already!

https://redd.it/13ne5vm
@r_devops

Installing stuff on ARM architectures.

Last year, while interning at a company I had to setup a Jetson computer which has a ARM architecture.
I faced a lot of issues with the libraries/packages/software, that would easily install or run on a PC which has Ubuntu. At my internship we had a DevOps Engineer who resolved the issue for me, but lately I have been getting a lot of interview questions on how can I solve that architecture problem.
How do I get stuff to work on multiple architectures?

https://redd.it/13nd6xv
@r_devops

Ubuntu cloud-config / autoinstall - Anyway of making it more modular?

Hi All

I suspect the answer to this will be "no", but is there any native way (or establish 3rd party way) of splitting the "autoinstall" into seperate files, so it can be made more modular? i.e.

* storage.yaml
* ssh.yaml
* late-commands.yaml

The alternative is, just write a bash script that pulls these together, and spits out the merged file.

Thanks

https://redd.it/13ncmrw
@r_devops

How do you rotate 3rd parties API keys?

We are using AWS secret manager to store our API keys which include some 3rd parties.
I want to rotate those automatically, how do you do that in your company?

https://redd.it/13nke0n
@r_devops