Managing Data Residency - the demo

I explained the concepts and theory behind Data Residency in a previous post. It’s time to get our hands dirty and implement it in a simple demo.

Read the post

https://redd.it/13o038j
@r_devops

Rate this company's secret management process

theres this senior devops who made this process and I want you guys to rate this


We have a repo that contains all the configmaps and other ENV vars for all the apps in one repo something called configmap managements repo.


Each app has secrets, and we don't store them visibly in git, instead we have something called a gpg per secrets yaml file.


The actual secrets are stored in a VM, and to update the secret, we have to SSH into the VM, and update secret and encrypt the key and push the commit and create a PR with the new .GPG


Something like this


gpg --batch --yes --output blah.secrets.yaml --decrypt blah.secrets.yaml.gpg
gpg --batch --yes --outputblah.secrets.yaml.gpg --encrypt --recipient [email protected] blah.secrets.yaml


What do you guys think about this process?

https://redd.it/13ocfb7
@r_devops

Kubernetes on cloud practice

Is it economically practical to sign up to AWS and spin up ec2s to practice kube? For the folks who have done this can you please share the monthly cost for running small project.

https://redd.it/13odmqx
@r_devops

Format for projects in GitHub?

If I were to do display some Devops related projects (CICD/ IaC / etc.) in GitHub for employers to see, what kind of format and/or look would you be looking for? I am speaking mainly template wise. Have you seen a project portfolio that you liked and would replicate similar template?


Any recommended examples you may be able to show me? Would adopt to whatever is preferred, looks best, readable, etc.

Let me know, thanks!

https://redd.it/13oev7a
@r_devops

Optimizing ArgoCD deployments for multiple services

Current our team has been just connecting our gitlab repo to Argo and updating the targetRevision to a tag or a branch (one for dev, another for prod).

We are handling a new helm repo that has a bunch of microservices and this strategy seems not so great. Like if one service has a release, we would start work, get it out, then the next day we have another one. Tagging gets annoying because we have to create a new tag, update the argocd to a new tag. That's gets annoying and out of control real fast for small repeated changes. And using branches gets really bad due to MR conflicts.

Trying to find a better way to do deployments with 1 helm repo with multiple microservices for my team for the long run.

Using GitLab, helm (separate helm charts for the ArgoCD and the actual applications)

https://redd.it/13oehim
@r_devops

What should a DevOps engineer at least learn to get a job in 3 months as a fresher?

I'm fresher currently studying computer science and interested in DevOps.

I know the basics of Linux, docker, and Jenkins. I want to learn more.

What should I learn or give me a roadmap to get a DevOps job as a fresher?


edit: I'm currently learning from DevOps bootcamp by Techworld with Nana. If anyone knows this then can you please give feedback about whether is it worth to follow or not?

https://redd.it/13nwq5i
@r_devops

How to maintain/migrate DynamoDB tables over time with zero-downtime?

I have a serverless microservice application which relies entirely on DynamoDB for its data storage needs. Over the lifecycle of this microservice occasionally we will need to perform minor surgery on the data tables in the form of adding a new index, modifying the primary index, and in some rarer cases completely restructuring the tables in such a way that the current one needs to be replaced entirely.

With a normal SQL database I’m familiar and comfortable with various strategies to be able to perform such changes with zero downtime. But I’m not familiar what people do with NoSQL engines, in our case specifically DynamoDB.

I’m looking to you my fellow veterans with experience making and managing microservices backed by dynamodb with zero (or very little) downtime. What are some tricks, methods, nuances, and patterns we should follow or know about?

https://redd.it/13ohv11
@r_devops

GitHub Copilot X vs GPT-4 for DevOps work

I finally got my hands on the new Copilot X Chat feature, which is supposed to be powered by GPT-4. I use both Copilot and ChatGPT+ for my work since a while, and I was curious to compare new Copilot X with ChatGPT, by doing a small real task in parallel with both. From my experience, Copilot X is like 10-15% worse than GPT-4, but developer experience is nice. I recorded a relatively lengthy video with this comparison:

​

https://youtu.be/S4OhjYH2lEs

https://redd.it/13ojtm7
@r_devops

Do you use Ephemeral Environments?

Hi 👋🏼, I am an ex-SRE and co-founder of Qovery - a product that helps DevOps engineers to build their own Self-Service Infrastructure platform. One of the most used features from Engineering and DevOps teams is "Ephemeral Environments". Since it's an emerging concept - I wanted to know if you have already built your Ephemeral Environments system. What it looks like/What services do you use? (Kubernetes, ArgoCD, Others?) Do your Engineering teams have adopted it? Are you satisfied of the adoption?

https://redd.it/13okqqh
@r_devops

adding FIPS in pod securityContext

Is it possible to specify FIPS in a pod's securityContext?

https://redd.it/13ojpb1
@r_devops

what are your thoughts on github portfolios with just screenshots and no code?

The screenshots include explanations in the title but instead of yamls, .tf files, etc, it's just a readme and a bunch of screenshots showing how a project gets built step by step. As a hiring manager, what do you think of that?

https://redd.it/13omwrj
@r_devops

Example Terraform codebase for beginners

Hello everyone. I see posts on here pretty often about learning Terraform. Unfortunately, because of the nature of the resources being managed, most companies are not not going to want to share what they have written publicly. This makes it harder for new users to visualize what the final product of a Terraform codebase might look like.

I've been using terraform for the better part of 7ish years now and have seen some good code and some really unbelievably crap code. I thought it would be helpful to publish a semi real world-ish example of what you would ultimately be working towards at least at the level of code structure and concepts, not necessarily the resources themselves being created.

Here is a repo showing how to systematize permissions to users in your organization across different service providers. In general, you're going to want to use an identity provider and SSO as much as possible so it is not really recommended to use this code exactly as is in production. Users are just a more easily understandable resource for jr engineers than, for example, EKS clusters so this is the route that I took.

The teams/ directory is where most of the day to day work will happen while the actual permissions changes will happen in the respective environments or modules, wherever appropriate.

I've tried to document as much as possible through READMEs and inline comments but if you have questions, please let me know.

Have fun!

https://github.com/n-029894/terraform-user-management

https://redd.it/13omo0n
@r_devops

I want to practice making dockerfiles.

How do I start? I've now learnt the basics of docker and dockerfiles. I want to be able to write dockerfile for any application that I want. maybe that's ambitious, but please try to understand what I mean.

https://redd.it/13on73b
@r_devops

Struggling to understand the difference between Cloud Engineer, DevOps Engineer, Platform Engineer and Site Reliability Engineer, as well as which I should be applying for

I’m around 3 years into my career and have always worked at the same place (public sector, huge organisation - department of 70 DevOps engineers and 7 teams).

My title has always been Cloud Infrastructure Engineer, but inside the department we all refer to ourselves as DevOps Engineers, while my specific team refer to ourselves as DevSecOps Engineers as we largely take care of the security aspect of our platform.

Due to being underpaid and just generally getting bored and in need of a change, I’ve began to search for jobs, but started to find that there are LOTS of titles, all of which the descriptions fit the exact stuff I do at work, so I’m not sure which I should be applying to.

I’ve started to search via keywords (DevOps, Aws etc) instead of job titles as I don’t want to miss anything.

I recently applied to a job labelled as DevOps engineer & had the first stage interview, which I then found the exact role is Site Reliability Engineer, which kinda surprised me - but again, the description and requirements are very similar to what I already do as a Cloud Infrastructure Engineer.

Does anyone have any advice or tips on how I should take this further and what I should do on the future when searching for jobs.

https://redd.it/13oqhc0
@r_devops

QUestion for anyone familiar with Circle CI

I want to run some terraform using CircleCI. This should run a plan on both main and any other branch and should just run the apply on main.

I have what I think is working config, however the workflow appears as "no workflow" now in CircleCI console.

​

The config

```

version: 2

jobs:
plan:
working_directory: /tmp/project
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- checkout
- run:
name: terraform init & plan
command: |
ls -la
cd Docker_project_terraform
terraform init -input=false
terraform plan
- persist_to_workspace:
root: .
paths:
- .

apply:
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- attach_workspace:
at: .
- run:
name: terraform
command: |
cd Docker_project_terraform
terraform apply -auto-approve
- persist_to_workspace:
root: .
paths:
- .

workflows:
version: 2
plan_approve_apply:
jobs:
- plan:
filters:
branches:
only:
- $CIRCLE_BRANCH
- apply:
filters:
branches:
only:
- main

```

If I replace $CIRCLE_BRANCH with say a branch name (test_branch) the workflow appears and runs on test_branch.
Cheers

https://redd.it/13orj5z
@r_devops

Platform engineering: the perfect solution for companies that can't afford a dedicated DevOps team, but still want to feel cool and trendy.

Hey DevOps community,
Are you tired of hearing about DevOps being dead? Well, fear not, because platform engineering is here to save the day! Just kidding.

Here we explore the rise of platform engineering and how it differs from DevOps. We also dive into the importance of self-service capabilities and how platform engineering can enhance the effectiveness of DevOps. Plus, we touch on the crucial topic of DevSecOps and how it fits into this new paradigm.

enjoy the read!

https://blog.gitguardian.com/platform-engineering-and-security-a-very-short-introduction/

https://redd.it/13ov6vz
@r_devops

Anyone else find DevOps LESS stressful than other career paths?

Basically title.

For me, I was a SWE before. My job was to deliver features every 2 weeks through sprints. Daily standups, several meetings with clients, constant demos, A LOT of stress to deliver on time.

As a SWE in the devops / infrastructure space, I feel like it's way less stressful. No sprints, no clients (except for other SWEs that we build the platform for), no stress on delivery times and no stand-ups.

How has your personal experience been ?

https://redd.it/13owbb1
@r_devops

Does your company do employment verification for new hires and if so how ?

The title pretty much sums it up, I have been hearing that a lot of people fabricate previous work experience (although they have the skills for the job) and still get hired, do companies generally not do employment verification and if so how are people bypassing it ?

https://redd.it/13oy1fu
@r_devops

What are some high-level DevOps skills?

Yes, we can all go to AWS and click on some DevOps tools, but what else is there?

What is the stuff that makes you a domain expert?

https://redd.it/13owgfh
@r_devops

Introducing NCP (NFS Copy): Effortless File Transfer for NFS Servers

Hey everyone!

I wanted to share a file transfer utility that I've created called NCP (NFS Copy).

Use Case: "Mainly, ncp can be utilized in CI/CD pipelines. It serves the purpose of downloading modules, folders, or other necessary components from a network share during the build process, or alternatively, uploading the build artifacts to a remote NFS server. Moreover, it can also find application in backup scripts, enabling the uploading of backups to NFS servers."

Here are a few features:

* File transfer to and from an NFS server without mounting.
* Multi-architecture binaries available for easy installation.
* Option to specify UID and GID for remote write operations.
* Real-time upload and download speed display.
* Shows elapsed time and total file size during transfer

You can check out NCP on GitHub: [NCP on GitHub](https://github.com/kha7iq/ncp)


[Documentation Website](https://ncp.lmno.pk)

Give it a try, and let me know what you think!

https://redd.it/13oqeo0
@r_devops

Chef and SSL

I have a private key that I use to communicate with our company Chef infra server using Knife.


I also remember during the setup, we used OpenSSL on our work computers to generate a certificate using the same private key, which we placed in a trusted_certs folder.

I am probably completely misunderstanding how certificates work, but shouldn't it be the chef server that creates the certificate? What does creating a certificate on our local computers do?

So we use our private key to authenticate with the Chef Server(which has the public key). Where does the SSL cert, that used the same private key, fit into all of this?

https://redd.it/13p3gu2
@r_devops