Abstraction of Cloud Providers

What do you think about the role of cloud providers - are they doing their job well?

Personally, I think that cloud providers should join forces and develop a uniform standard, which would eliminate the extreme lock-in effect of individual providers and enable easy migration to other cloud providers or diversification (the use of multiple cloud providers).

Personally, I haven't been through a migration from one provider to another, but I'm sure it's hell.

Have you guys been able to gain experience with this and perhaps develop best practices? For example, what were the biggest hurdles in migrating because you relied too much on the provider's services? Do you already know of projects that abstract cloud providers?

In a perfect world, migrating to a different cloud provider while using standard features should just be a different biller....

https://redd.it/13o1b8c
@r_devops

Testing with Chef, Different Outcomes

So I am using Chef, and I am converging a cookbook on an AWS instance that is shared. I have the exact same cookbook, using the exact same Chef configs when converging, yet I am getting a different error message from my coworkers(which have a separate error, but at a different place).(where it is not downloading something from a repository, which they are).

What are some potential reasons for this? I cloned the cookbook again to make sure I have the exact same cookbook, on the exact same branch. It is also converging on the exact same AWS instance, so it can't be anything to do with my local computer. Any thoughts?

https://redd.it/13o3ygg
@r_devops

What are some of the unsaid skills that a Devops Engineer should have including his Day to Day activities?

I am trying to enter into the Devops role so I just wanted to know about how things work in the organisation with DevOps Engineer's aspect ?!

https://redd.it/13o16yq
@r_devops

How good is your logging right now?

I recently stumbled across this logging strategies for security incident response post from AWS : https://aws.amazon.com/blogs/security/logging-strategies-for-security-incident-response/ . I'm just curious if anyone actually has logging this detailed set up. If so, are you a big org or a startup ? How did your org get to such a level of maturity and how long would you estimate it took?

https://redd.it/13o0c8n
@r_devops

Conditional Resources and Blocks in Terraform

How do you solve conditional resources when you use Terraform? I have faced many different situations which made me exhausted before.

I summarised all the methods I know and use in this article. I use conditional expression, count, for_each and dynamic blocks where I found them able to solve all my problems.

Terraform — Real Use Cases to Solve 95% of the Conditional Resources or Blocks Creation

Would love to hear from you if you have any other solutions.

https://redd.it/13o8zxd
@r_devops

Managing Data Residency - the demo

I explained the concepts and theory behind Data Residency in a previous post. It’s time to get our hands dirty and implement it in a simple demo.

Read the post

https://redd.it/13o038j
@r_devops

Rate this company's secret management process

theres this senior devops who made this process and I want you guys to rate this


We have a repo that contains all the configmaps and other ENV vars for all the apps in one repo something called configmap managements repo.


Each app has secrets, and we don't store them visibly in git, instead we have something called a gpg per secrets yaml file.


The actual secrets are stored in a VM, and to update the secret, we have to SSH into the VM, and update secret and encrypt the key and push the commit and create a PR with the new .GPG


Something like this


gpg --batch --yes --output blah.secrets.yaml --decrypt blah.secrets.yaml.gpg
gpg --batch --yes --outputblah.secrets.yaml.gpg --encrypt --recipient [email protected] blah.secrets.yaml


What do you guys think about this process?

https://redd.it/13ocfb7
@r_devops

Kubernetes on cloud practice

Is it economically practical to sign up to AWS and spin up ec2s to practice kube? For the folks who have done this can you please share the monthly cost for running small project.

https://redd.it/13odmqx
@r_devops

Format for projects in GitHub?

If I were to do display some Devops related projects (CICD/ IaC / etc.) in GitHub for employers to see, what kind of format and/or look would you be looking for? I am speaking mainly template wise. Have you seen a project portfolio that you liked and would replicate similar template?


Any recommended examples you may be able to show me? Would adopt to whatever is preferred, looks best, readable, etc.

Let me know, thanks!

https://redd.it/13oev7a
@r_devops

Optimizing ArgoCD deployments for multiple services

Current our team has been just connecting our gitlab repo to Argo and updating the targetRevision to a tag or a branch (one for dev, another for prod).

We are handling a new helm repo that has a bunch of microservices and this strategy seems not so great. Like if one service has a release, we would start work, get it out, then the next day we have another one. Tagging gets annoying because we have to create a new tag, update the argocd to a new tag. That's gets annoying and out of control real fast for small repeated changes. And using branches gets really bad due to MR conflicts.

Trying to find a better way to do deployments with 1 helm repo with multiple microservices for my team for the long run.

Using GitLab, helm (separate helm charts for the ArgoCD and the actual applications)

https://redd.it/13oehim
@r_devops

What should a DevOps engineer at least learn to get a job in 3 months as a fresher?

I'm fresher currently studying computer science and interested in DevOps.

I know the basics of Linux, docker, and Jenkins. I want to learn more.

What should I learn or give me a roadmap to get a DevOps job as a fresher?


edit: I'm currently learning from DevOps bootcamp by Techworld with Nana. If anyone knows this then can you please give feedback about whether is it worth to follow or not?

https://redd.it/13nwq5i
@r_devops

How to maintain/migrate DynamoDB tables over time with zero-downtime?

I have a serverless microservice application which relies entirely on DynamoDB for its data storage needs. Over the lifecycle of this microservice occasionally we will need to perform minor surgery on the data tables in the form of adding a new index, modifying the primary index, and in some rarer cases completely restructuring the tables in such a way that the current one needs to be replaced entirely.

With a normal SQL database I’m familiar and comfortable with various strategies to be able to perform such changes with zero downtime. But I’m not familiar what people do with NoSQL engines, in our case specifically DynamoDB.

I’m looking to you my fellow veterans with experience making and managing microservices backed by dynamodb with zero (or very little) downtime. What are some tricks, methods, nuances, and patterns we should follow or know about?

https://redd.it/13ohv11
@r_devops

GitHub Copilot X vs GPT-4 for DevOps work

I finally got my hands on the new Copilot X Chat feature, which is supposed to be powered by GPT-4. I use both Copilot and ChatGPT+ for my work since a while, and I was curious to compare new Copilot X with ChatGPT, by doing a small real task in parallel with both. From my experience, Copilot X is like 10-15% worse than GPT-4, but developer experience is nice. I recorded a relatively lengthy video with this comparison:

​

https://youtu.be/S4OhjYH2lEs

https://redd.it/13ojtm7
@r_devops

Do you use Ephemeral Environments?

Hi 👋🏼, I am an ex-SRE and co-founder of Qovery - a product that helps DevOps engineers to build their own Self-Service Infrastructure platform. One of the most used features from Engineering and DevOps teams is "Ephemeral Environments". Since it's an emerging concept - I wanted to know if you have already built your Ephemeral Environments system. What it looks like/What services do you use? (Kubernetes, ArgoCD, Others?) Do your Engineering teams have adopted it? Are you satisfied of the adoption?

https://redd.it/13okqqh
@r_devops

adding FIPS in pod securityContext

Is it possible to specify FIPS in a pod's securityContext?

https://redd.it/13ojpb1
@r_devops

what are your thoughts on github portfolios with just screenshots and no code?

The screenshots include explanations in the title but instead of yamls, .tf files, etc, it's just a readme and a bunch of screenshots showing how a project gets built step by step. As a hiring manager, what do you think of that?

https://redd.it/13omwrj
@r_devops

Example Terraform codebase for beginners

Hello everyone. I see posts on here pretty often about learning Terraform. Unfortunately, because of the nature of the resources being managed, most companies are not not going to want to share what they have written publicly. This makes it harder for new users to visualize what the final product of a Terraform codebase might look like.

I've been using terraform for the better part of 7ish years now and have seen some good code and some really unbelievably crap code. I thought it would be helpful to publish a semi real world-ish example of what you would ultimately be working towards at least at the level of code structure and concepts, not necessarily the resources themselves being created.

Here is a repo showing how to systematize permissions to users in your organization across different service providers. In general, you're going to want to use an identity provider and SSO as much as possible so it is not really recommended to use this code exactly as is in production. Users are just a more easily understandable resource for jr engineers than, for example, EKS clusters so this is the route that I took.

The teams/ directory is where most of the day to day work will happen while the actual permissions changes will happen in the respective environments or modules, wherever appropriate.

I've tried to document as much as possible through READMEs and inline comments but if you have questions, please let me know.

Have fun!

https://github.com/n-029894/terraform-user-management

https://redd.it/13omo0n
@r_devops

I want to practice making dockerfiles.

How do I start? I've now learnt the basics of docker and dockerfiles. I want to be able to write dockerfile for any application that I want. maybe that's ambitious, but please try to understand what I mean.

https://redd.it/13on73b
@r_devops

Struggling to understand the difference between Cloud Engineer, DevOps Engineer, Platform Engineer and Site Reliability Engineer, as well as which I should be applying for

I’m around 3 years into my career and have always worked at the same place (public sector, huge organisation - department of 70 DevOps engineers and 7 teams).

My title has always been Cloud Infrastructure Engineer, but inside the department we all refer to ourselves as DevOps Engineers, while my specific team refer to ourselves as DevSecOps Engineers as we largely take care of the security aspect of our platform.

Due to being underpaid and just generally getting bored and in need of a change, I’ve began to search for jobs, but started to find that there are LOTS of titles, all of which the descriptions fit the exact stuff I do at work, so I’m not sure which I should be applying to.

I’ve started to search via keywords (DevOps, Aws etc) instead of job titles as I don’t want to miss anything.

I recently applied to a job labelled as DevOps engineer & had the first stage interview, which I then found the exact role is Site Reliability Engineer, which kinda surprised me - but again, the description and requirements are very similar to what I already do as a Cloud Infrastructure Engineer.

Does anyone have any advice or tips on how I should take this further and what I should do on the future when searching for jobs.

https://redd.it/13oqhc0
@r_devops

QUestion for anyone familiar with Circle CI

I want to run some terraform using CircleCI. This should run a plan on both main and any other branch and should just run the apply on main.

I have what I think is working config, however the workflow appears as "no workflow" now in CircleCI console.

​

The config

```

version: 2

jobs:
plan:
working_directory: /tmp/project
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- checkout
- run:
name: terraform init & plan
command: |
ls -la
cd Docker_project_terraform
terraform init -input=false
terraform plan
- persist_to_workspace:
root: .
paths:
- .

apply:
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- attach_workspace:
at: .
- run:
name: terraform
command: |
cd Docker_project_terraform
terraform apply -auto-approve
- persist_to_workspace:
root: .
paths:
- .

workflows:
version: 2
plan_approve_apply:
jobs:
- plan:
filters:
branches:
only:
- $CIRCLE_BRANCH
- apply:
filters:
branches:
only:
- main

```

If I replace $CIRCLE_BRANCH with say a branch name (test_branch) the workflow appears and runs on test_branch.
Cheers

https://redd.it/13orj5z
@r_devops

Platform engineering: the perfect solution for companies that can't afford a dedicated DevOps team, but still want to feel cool and trendy.

Hey DevOps community,
Are you tired of hearing about DevOps being dead? Well, fear not, because platform engineering is here to save the day! Just kidding.

Here we explore the rise of platform engineering and how it differs from DevOps. We also dive into the importance of self-service capabilities and how platform engineering can enhance the effectiveness of DevOps. Plus, we touch on the crucial topic of DevSecOps and how it fits into this new paradigm.

enjoy the read!

https://blog.gitguardian.com/platform-engineering-and-security-a-very-short-introduction/

https://redd.it/13ov6vz
@r_devops