Help, new on the area

Hello people! I want to get to know the DevOps area
What should I go FIRST to learn the best? What should I look for?
Many thanks already!

https://redd.it/13ne5vm
@r_devops

Installing stuff on ARM architectures.

Last year, while interning at a company I had to setup a Jetson computer which has a ARM architecture.
I faced a lot of issues with the libraries/packages/software, that would easily install or run on a PC which has Ubuntu. At my internship we had a DevOps Engineer who resolved the issue for me, but lately I have been getting a lot of interview questions on how can I solve that architecture problem.
How do I get stuff to work on multiple architectures?

https://redd.it/13nd6xv
@r_devops

Ubuntu cloud-config / autoinstall - Anyway of making it more modular?

Hi All

I suspect the answer to this will be "no", but is there any native way (or establish 3rd party way) of splitting the "autoinstall" into seperate files, so it can be made more modular? i.e.

* storage.yaml
* ssh.yaml
* late-commands.yaml

The alternative is, just write a bash script that pulls these together, and spits out the merged file.

Thanks

https://redd.it/13ncmrw
@r_devops

How do you rotate 3rd parties API keys?

We are using AWS secret manager to store our API keys which include some 3rd parties.
I want to rotate those automatically, how do you do that in your company?

https://redd.it/13nke0n
@r_devops

Can and should I create a reusable workflow that automatically creates the AWS role and trust policies needed to setup OpenID connect in AWS for CICD?

At work we have a DevOps team that has created a reusable workflow that automatically creates the AWS role and trust policies needed to setup OpenID connect in AWS for CICD.

I'm more fullstack than DevOps, but I'm working on a personal project, and I'm trying to replicate something similar on my own. I get the basic principle how authentication happens, and I can technically follow through this guide to set it up myself. However, I would love to automate this, so that I can easily run it once per repo in a consistent way.

How the work reusable workflow works is that you create a config file containing all permissions needed in the role to be created, and then you execute the GitHub action, A hyperlink is then displayed in the actions terminal that takes you to the the AWS identity federation page for you to sign in and authorize the action to your account (the action is then federated to your user). Then the role and trust policy is created automatically between the AWS account you authenticated to and the GitHub repo that you ran the action from.

My one thought is that I'm not actually able to create this same UX because I don't federate authentication with any external identity provider on my personal AWS account, I rely solely on IAM.

Is it better if I just manually create each role / trust policy?

https://redd.it/13nbnhf
@r_devops

Shifting from Analytics to DevOps

Hello, just wanted to get some advice from all of you. I am currently working in analytics and planning to shift to a DevOps Engineering role. I've read the "Getting into DevOps" page which provided a lot of useful info. I know that this will take a while and I'm looking forward to building the skills needed. I'm actually learning AWS now with plans on taking the AWS Cloud Practitioner certification as a start.

Since my background is in analytics, I don't have any experience in deploying any apps (I'm familiar with git usage though). Is it better if I take the software dev path before going to DevOps or can I go to a DevOps role directly? I know there are several paths that one can take but just wanted to know the most optimal way to start.

Thank you all in advance!

https://redd.it/13npcub
@r_devops

Industrial engineering and Devops

Hello!
I am an industrial engineering student and I was offered the opportuinity to attend a program focused on Devops. I noticed that some concepts of Devops are somewhat related to concepts like Lean and continuous improvement.
Do you think it would be beneficial for me to enroll if I want to pursue a career in industrial engineering?
Thanks in advance!

https://redd.it/13npvs2
@r_devops

Anyone know of an umbrella CLI for multiple cloud providers?

Does anyone know of an umbrella cli tool that allows me to manage machines at different providers? Working with various providers because of my clients. Would be nice if the basics were covered like creating machines, dns settings. Wouldn't mind if it shelled out to the underlying per provider clis when things get more complex.

https://redd.it/13nr8e1
@r_devops

How do you learn the implementation of mTLS? For example you have two flask microservices

How to implement mTLS to understand further?

https://redd.it/13nqfap
@r_devops

TeamCity Build Dependencies

Hello everyone,
I'm working on a project where I need to programmatically trigger a new build in TeamCity and use an existing, specific build as an artifact dependency. I'm currently using the REST API to interact with TeamCity.
From what I understand, TeamCity typically retrieves artifacts based on the artifact dependency settings in the build configuration (e.g., last successful build, last pinned build, build with a specific build number, etc). However, I'm looking to dynamically set a specific build as an artifact dependency when triggering a new build via the API.
Is there a way to do this directly through the REST API? Or is there another workaround to achieve this functionality?

https://redd.it/13nuypk
@r_devops

How is it possible to commit a docker container to an docker image?

I was reading this blog.

https://techtutorialsite.com/docker-commit-changes-to-containers/

Where the author commited a container into an image. I didn't understand that. Can you help me realize it? How is it possible to commit a container to an image?

I need to learn more about docker container and docker images, so if you've materials barring docs please share.

https://redd.it/13nyyfp
@r_devops

Any tool to "clean" helm chart values?

It's not that complicated, just asking if there's a tool that downloads all of a chart's dependencies and removes any key-value pairs in the parent values.yaml that already exist in the sub charts' values.yaml. I think that could save my team's repository tens of thousands of lines and headache

https://redd.it/13o0r8h
@r_devops

Why isn't azure popular?

My career so far has been spent working with Azure, however people seem to lean predominantly towards GCP and AWS. Personally I think Azure offers tons, but not in a place to actually comment about it vs it's competition

https://redd.it/13o0gz1
@r_devops

Abstraction of Cloud Providers

What do you think about the role of cloud providers - are they doing their job well?

Personally, I think that cloud providers should join forces and develop a uniform standard, which would eliminate the extreme lock-in effect of individual providers and enable easy migration to other cloud providers or diversification (the use of multiple cloud providers).

Personally, I haven't been through a migration from one provider to another, but I'm sure it's hell.

Have you guys been able to gain experience with this and perhaps develop best practices? For example, what were the biggest hurdles in migrating because you relied too much on the provider's services? Do you already know of projects that abstract cloud providers?

In a perfect world, migrating to a different cloud provider while using standard features should just be a different biller....

https://redd.it/13o1b8c
@r_devops

Testing with Chef, Different Outcomes

So I am using Chef, and I am converging a cookbook on an AWS instance that is shared. I have the exact same cookbook, using the exact same Chef configs when converging, yet I am getting a different error message from my coworkers(which have a separate error, but at a different place).(where it is not downloading something from a repository, which they are).

What are some potential reasons for this? I cloned the cookbook again to make sure I have the exact same cookbook, on the exact same branch. It is also converging on the exact same AWS instance, so it can't be anything to do with my local computer. Any thoughts?

https://redd.it/13o3ygg
@r_devops

What are some of the unsaid skills that a Devops Engineer should have including his Day to Day activities?

I am trying to enter into the Devops role so I just wanted to know about how things work in the organisation with DevOps Engineer's aspect ?!

https://redd.it/13o16yq
@r_devops

How good is your logging right now?

I recently stumbled across this logging strategies for security incident response post from AWS : https://aws.amazon.com/blogs/security/logging-strategies-for-security-incident-response/ . I'm just curious if anyone actually has logging this detailed set up. If so, are you a big org or a startup ? How did your org get to such a level of maturity and how long would you estimate it took?

https://redd.it/13o0c8n
@r_devops

Conditional Resources and Blocks in Terraform

How do you solve conditional resources when you use Terraform? I have faced many different situations which made me exhausted before.

I summarised all the methods I know and use in this article. I use conditional expression, count, for_each and dynamic blocks where I found them able to solve all my problems.

Terraform — Real Use Cases to Solve 95% of the Conditional Resources or Blocks Creation

Would love to hear from you if you have any other solutions.

https://redd.it/13o8zxd
@r_devops

Managing Data Residency - the demo

I explained the concepts and theory behind Data Residency in a previous post. It’s time to get our hands dirty and implement it in a simple demo.

Read the post

https://redd.it/13o038j
@r_devops

Rate this company's secret management process

theres this senior devops who made this process and I want you guys to rate this


We have a repo that contains all the configmaps and other ENV vars for all the apps in one repo something called configmap managements repo.


Each app has secrets, and we don't store them visibly in git, instead we have something called a gpg per secrets yaml file.


The actual secrets are stored in a VM, and to update the secret, we have to SSH into the VM, and update secret and encrypt the key and push the commit and create a PR with the new .GPG


Something like this


gpg --batch --yes --output blah.secrets.yaml --decrypt blah.secrets.yaml.gpg
gpg --batch --yes --outputblah.secrets.yaml.gpg --encrypt --recipient [email protected] blah.secrets.yaml


What do you guys think about this process?

https://redd.it/13ocfb7
@r_devops

Kubernetes on cloud practice

Is it economically practical to sign up to AWS and spin up ec2s to practice kube? For the folks who have done this can you please share the monthly cost for running small project.

https://redd.it/13odmqx
@r_devops