adding FIPS in pod securityContext

Is it possible to specify FIPS in a pod's securityContext?

https://redd.it/13ojpb1
@r_devops

what are your thoughts on github portfolios with just screenshots and no code?

The screenshots include explanations in the title but instead of yamls, .tf files, etc, it's just a readme and a bunch of screenshots showing how a project gets built step by step. As a hiring manager, what do you think of that?

https://redd.it/13omwrj
@r_devops

Example Terraform codebase for beginners

Hello everyone. I see posts on here pretty often about learning Terraform. Unfortunately, because of the nature of the resources being managed, most companies are not not going to want to share what they have written publicly. This makes it harder for new users to visualize what the final product of a Terraform codebase might look like.

I've been using terraform for the better part of 7ish years now and have seen some good code and some really unbelievably crap code. I thought it would be helpful to publish a semi real world-ish example of what you would ultimately be working towards at least at the level of code structure and concepts, not necessarily the resources themselves being created.

Here is a repo showing how to systematize permissions to users in your organization across different service providers. In general, you're going to want to use an identity provider and SSO as much as possible so it is not really recommended to use this code exactly as is in production. Users are just a more easily understandable resource for jr engineers than, for example, EKS clusters so this is the route that I took.

The teams/ directory is where most of the day to day work will happen while the actual permissions changes will happen in the respective environments or modules, wherever appropriate.

I've tried to document as much as possible through READMEs and inline comments but if you have questions, please let me know.

Have fun!

https://github.com/n-029894/terraform-user-management

https://redd.it/13omo0n
@r_devops

I want to practice making dockerfiles.

How do I start? I've now learnt the basics of docker and dockerfiles. I want to be able to write dockerfile for any application that I want. maybe that's ambitious, but please try to understand what I mean.

https://redd.it/13on73b
@r_devops

Struggling to understand the difference between Cloud Engineer, DevOps Engineer, Platform Engineer and Site Reliability Engineer, as well as which I should be applying for

I’m around 3 years into my career and have always worked at the same place (public sector, huge organisation - department of 70 DevOps engineers and 7 teams).

My title has always been Cloud Infrastructure Engineer, but inside the department we all refer to ourselves as DevOps Engineers, while my specific team refer to ourselves as DevSecOps Engineers as we largely take care of the security aspect of our platform.

Due to being underpaid and just generally getting bored and in need of a change, I’ve began to search for jobs, but started to find that there are LOTS of titles, all of which the descriptions fit the exact stuff I do at work, so I’m not sure which I should be applying to.

I’ve started to search via keywords (DevOps, Aws etc) instead of job titles as I don’t want to miss anything.

I recently applied to a job labelled as DevOps engineer & had the first stage interview, which I then found the exact role is Site Reliability Engineer, which kinda surprised me - but again, the description and requirements are very similar to what I already do as a Cloud Infrastructure Engineer.

Does anyone have any advice or tips on how I should take this further and what I should do on the future when searching for jobs.

https://redd.it/13oqhc0
@r_devops

QUestion for anyone familiar with Circle CI

I want to run some terraform using CircleCI. This should run a plan on both main and any other branch and should just run the apply on main.

I have what I think is working config, however the workflow appears as "no workflow" now in CircleCI console.

​

The config

```

version: 2

jobs:
plan:
working_directory: /tmp/project
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- checkout
- run:
name: terraform init & plan
command: |
ls -la
cd Docker_project_terraform
terraform init -input=false
terraform plan
- persist_to_workspace:
root: .
paths:
- .

apply:
docker:
- image: docker.mirror.hashicorp.services/hashicorp/terraform:light
steps:
- attach_workspace:
at: .
- run:
name: terraform
command: |
cd Docker_project_terraform
terraform apply -auto-approve
- persist_to_workspace:
root: .
paths:
- .

workflows:
version: 2
plan_approve_apply:
jobs:
- plan:
filters:
branches:
only:
- $CIRCLE_BRANCH
- apply:
filters:
branches:
only:
- main

```

If I replace $CIRCLE_BRANCH with say a branch name (test_branch) the workflow appears and runs on test_branch.
Cheers

https://redd.it/13orj5z
@r_devops

Platform engineering: the perfect solution for companies that can't afford a dedicated DevOps team, but still want to feel cool and trendy.

Hey DevOps community,
Are you tired of hearing about DevOps being dead? Well, fear not, because platform engineering is here to save the day! Just kidding.

Here we explore the rise of platform engineering and how it differs from DevOps. We also dive into the importance of self-service capabilities and how platform engineering can enhance the effectiveness of DevOps. Plus, we touch on the crucial topic of DevSecOps and how it fits into this new paradigm.

enjoy the read!

https://blog.gitguardian.com/platform-engineering-and-security-a-very-short-introduction/

https://redd.it/13ov6vz
@r_devops

Anyone else find DevOps LESS stressful than other career paths?

Basically title.

For me, I was a SWE before. My job was to deliver features every 2 weeks through sprints. Daily standups, several meetings with clients, constant demos, A LOT of stress to deliver on time.

As a SWE in the devops / infrastructure space, I feel like it's way less stressful. No sprints, no clients (except for other SWEs that we build the platform for), no stress on delivery times and no stand-ups.

How has your personal experience been ?

https://redd.it/13owbb1
@r_devops

Does your company do employment verification for new hires and if so how ?

The title pretty much sums it up, I have been hearing that a lot of people fabricate previous work experience (although they have the skills for the job) and still get hired, do companies generally not do employment verification and if so how are people bypassing it ?

https://redd.it/13oy1fu
@r_devops

What are some high-level DevOps skills?

Yes, we can all go to AWS and click on some DevOps tools, but what else is there?

What is the stuff that makes you a domain expert?

https://redd.it/13owgfh
@r_devops

Introducing NCP (NFS Copy): Effortless File Transfer for NFS Servers

Hey everyone!

I wanted to share a file transfer utility that I've created called NCP (NFS Copy).

Use Case: "Mainly, ncp can be utilized in CI/CD pipelines. It serves the purpose of downloading modules, folders, or other necessary components from a network share during the build process, or alternatively, uploading the build artifacts to a remote NFS server. Moreover, it can also find application in backup scripts, enabling the uploading of backups to NFS servers."

Here are a few features:

* File transfer to and from an NFS server without mounting.
* Multi-architecture binaries available for easy installation.
* Option to specify UID and GID for remote write operations.
* Real-time upload and download speed display.
* Shows elapsed time and total file size during transfer

You can check out NCP on GitHub: [NCP on GitHub](https://github.com/kha7iq/ncp)


[Documentation Website](https://ncp.lmno.pk)

Give it a try, and let me know what you think!

https://redd.it/13oqeo0
@r_devops

Chef and SSL

I have a private key that I use to communicate with our company Chef infra server using Knife.


I also remember during the setup, we used OpenSSL on our work computers to generate a certificate using the same private key, which we placed in a trusted_certs folder.

I am probably completely misunderstanding how certificates work, but shouldn't it be the chef server that creates the certificate? What does creating a certificate on our local computers do?

So we use our private key to authenticate with the Chef Server(which has the public key). Where does the SSL cert, that used the same private key, fit into all of this?

https://redd.it/13p3gu2
@r_devops

TIL: Using analogies to understand cloud computing concepts

"When I talk about "Virtualization", I use an apartment building analogy:

🏢 The building (physical server) contains multiple apartment units (virtual servers), each occupied by different tenants (applications) that share common resources, such as water and electricity (storage, CPU, memory).

​

🚘 If I'm talking about Infrastructure as a service (IaaS), I use a car rental service analogy: You rent the vehicle (virtual machines) for a certain period of time and only pay for what you use. You can choose different vehicle sizes and models (compute, storage, and networking resources) based on your needs."

​

There are some more in the video: https://www.youtube.com/watch?v=SeevmPEvPf8&t=155s

https://redd.it/13oq2ta
@r_devops

Is there any way to directly inject the secrets to the repo running in a vm or into the docker ?

I want to create a selfservice model for the devs so that they can manage the environmental secrets themselves . I know there are tools like vault but I dont think they we will applicable on vms or am i wrong about this ?

https://redd.it/13ouqp3
@r_devops

Cloud Computing

Hi!

I'm looking for resources/Certifications to get myself ready for a job in cloud computing. I have asked my professors and school for help, but no one has replied to me. I will be graduating next year, and I feel I should started getting ready now for interviews.

Any advice would be greatly appreciated.

https://redd.it/13p7kao
@r_devops

How to prepare for an interview with “AWS scenario questions”?

I have an interview for an SRE role tomorrow, I had the initial informal interview with them last week and it went quite well.

I got asked about prev experience and what I want to do next, as well as finding out about the company themselves.

Next up I have the second and final interview. Luckily I was told by the Head during the first interview that he’s not gonna make me do whiteboard tasks or make me code in front of them as he hates doing stuff like that, so why should he make me/us do it.

This was a relief, but the recruiter recently told me to expect some AWS scenario questions and some technical questions, but I don’t know what this means.

For context I’ve only worked one place so far in my 3 year career, I have applied for promotions and interviews tend to go as such:

- 60m technical exercise where I pair with a senior engineer and attempt a task like creating an sqs queue with boto3 and putting items through it, or making a lambda with terraform and trying to get it to respond to requests (we are told these technical tasks are not to see how “well” we can complete the task, but instead to see how we work and pair)
- 30m Q&A with questions asking for stuff such as benefit of DevOps, cloud computing, agile. Questions on working as a team, mentoring (basically behavioural based questions)

The above interview format is the only thing I’m used to as I’ve only ever worked in the same place, and now I’m looking for other jobs I’m not sure what exactly to expect.

I’m worried these aws scenario questions will be stuff like “here is X scenario, how would you build aws infrastructure to solve this” or “here is some aws infra, what is wrong with it and what would you change” which would instantly put me on the spot as usually with that sorta thing I’d be used to going off and googling to see what solutions and options there are.

Any advice? Thank you

https://redd.it/13oughj
@r_devops

Companies hire freshers as a DevOps Engineer role ?

I want to join as a DevOps Engineer role in IT field. Companies hire freshers or need some experience in any field then they hire ?

https://redd.it/13paj1n
@r_devops

How would you tackle dynamic code plugins

Hey there, first post here!
I’m currently tasked with a project to get an older application deployed via containers and Kubernetes. Full disclosure, I realize none of this is ideal.

So to put it simply, we have a PHP application that has a modular plugin directory where modules can be added and enabled for certain accounts instances of the application. The main application is now running in kubernetes however it’s modules are being tackled as a different beast. In total I’d say there are about 80 plugins total.

Here are some of key details and requirements

- dynamic updates of modules without needing to update the main app deployment/pods.
- ability to map the plugins to certain versions of the main app.

The plugins are developed separately in for repos with predictable name prefixes.


I’m currently debating the best approach for this with the following ideas.

1. Create a plugin manager app and deployment that grabs all plugins with matching prefix and downloads them to a pv backed by nfs and keeps them in-sync via release tags and the mounting the pv to the main app.
2. Build a container with all plugins and using it as a sidecar to populate the plugins directory.
3. Populating NFS via vía ci/cd by first deploying to object storage and running a sync of object to nfs. This would then be mounted to each pod as an nfs volume directly.
4. using an unit container to deploy the modules to the correct location.

If you were architecting this, how would you do so?

https://redd.it/13pblgd
@r_devops

Looking for hassle-free installation of Cilium on Kubernetes?

Check out our latest blog post for quick tips and configurations that will make your life easier. From IPAM configuration to LoadBalancer and Tunnel modes, we've got you covered!

https://medium.com/p/17a870fdc4f2

\#Cilium
\#Kubernetes
\#networking

https://redd.it/13pbxmz
@r_devops

How do you handle API documentation and change logs?

I’ve just gotten the go ahead to build out our companies first set of pipelines for our web applications. Unfortunately, I’m a bit unsure how API documentation and change logs should be handled/automated. One of the main goals with these new pipelines is to standardize and automate various parts of our development process so I’m essentially working from a clean slate.

Any advice or suggestions would be greatly appreciated.

General tips and things to look out for when building out CICD would also be much appreciated.

Thanks in advance!

https://redd.it/13pdlvn
@r_devops

Good Read: Guide to making on-call and managing incidents Zen!

Hahaha some one created this for our community. Kudos to this guy:P


"Inspired by Tim Peters’ The Zen of Python"


Order is better than disorder.
Positive is better than negative.
Straight is better than vague
Communicating now is better than communicating later.
An incident should never go unacknowledged.
Unless explicitly supressed.
An incident has one and only one commander.
Context counts.
So does documentation.


Read full version here:

https://www.zenduty.com/blog/the-zen-of-on-call/

https://redd.it/13pg6q7
@r_devops