Chef and SSL

I have a private key that I use to communicate with our company Chef infra server using Knife.


I also remember during the setup, we used OpenSSL on our work computers to generate a certificate using the same private key, which we placed in a trusted_certs folder.

I am probably completely misunderstanding how certificates work, but shouldn't it be the chef server that creates the certificate? What does creating a certificate on our local computers do?

So we use our private key to authenticate with the Chef Server(which has the public key). Where does the SSL cert, that used the same private key, fit into all of this?

https://redd.it/13p3gu2
@r_devops

TIL: Using analogies to understand cloud computing concepts

"When I talk about "Virtualization", I use an apartment building analogy:

🏢 The building (physical server) contains multiple apartment units (virtual servers), each occupied by different tenants (applications) that share common resources, such as water and electricity (storage, CPU, memory).

​

🚘 If I'm talking about Infrastructure as a service (IaaS), I use a car rental service analogy: You rent the vehicle (virtual machines) for a certain period of time and only pay for what you use. You can choose different vehicle sizes and models (compute, storage, and networking resources) based on your needs."

​

There are some more in the video: https://www.youtube.com/watch?v=SeevmPEvPf8&t=155s

https://redd.it/13oq2ta
@r_devops

Is there any way to directly inject the secrets to the repo running in a vm or into the docker ?

I want to create a selfservice model for the devs so that they can manage the environmental secrets themselves . I know there are tools like vault but I dont think they we will applicable on vms or am i wrong about this ?

https://redd.it/13ouqp3
@r_devops

Cloud Computing

Hi!

I'm looking for resources/Certifications to get myself ready for a job in cloud computing. I have asked my professors and school for help, but no one has replied to me. I will be graduating next year, and I feel I should started getting ready now for interviews.

Any advice would be greatly appreciated.

https://redd.it/13p7kao
@r_devops

How to prepare for an interview with “AWS scenario questions”?

I have an interview for an SRE role tomorrow, I had the initial informal interview with them last week and it went quite well.

I got asked about prev experience and what I want to do next, as well as finding out about the company themselves.

Next up I have the second and final interview. Luckily I was told by the Head during the first interview that he’s not gonna make me do whiteboard tasks or make me code in front of them as he hates doing stuff like that, so why should he make me/us do it.

This was a relief, but the recruiter recently told me to expect some AWS scenario questions and some technical questions, but I don’t know what this means.

For context I’ve only worked one place so far in my 3 year career, I have applied for promotions and interviews tend to go as such:

- 60m technical exercise where I pair with a senior engineer and attempt a task like creating an sqs queue with boto3 and putting items through it, or making a lambda with terraform and trying to get it to respond to requests (we are told these technical tasks are not to see how “well” we can complete the task, but instead to see how we work and pair)
- 30m Q&A with questions asking for stuff such as benefit of DevOps, cloud computing, agile. Questions on working as a team, mentoring (basically behavioural based questions)

The above interview format is the only thing I’m used to as I’ve only ever worked in the same place, and now I’m looking for other jobs I’m not sure what exactly to expect.

I’m worried these aws scenario questions will be stuff like “here is X scenario, how would you build aws infrastructure to solve this” or “here is some aws infra, what is wrong with it and what would you change” which would instantly put me on the spot as usually with that sorta thing I’d be used to going off and googling to see what solutions and options there are.

Any advice? Thank you

https://redd.it/13oughj
@r_devops

Companies hire freshers as a DevOps Engineer role ?

I want to join as a DevOps Engineer role in IT field. Companies hire freshers or need some experience in any field then they hire ?

https://redd.it/13paj1n
@r_devops

How would you tackle dynamic code plugins

Hey there, first post here!
I’m currently tasked with a project to get an older application deployed via containers and Kubernetes. Full disclosure, I realize none of this is ideal.

So to put it simply, we have a PHP application that has a modular plugin directory where modules can be added and enabled for certain accounts instances of the application. The main application is now running in kubernetes however it’s modules are being tackled as a different beast. In total I’d say there are about 80 plugins total.

Here are some of key details and requirements

- dynamic updates of modules without needing to update the main app deployment/pods.
- ability to map the plugins to certain versions of the main app.

The plugins are developed separately in for repos with predictable name prefixes.


I’m currently debating the best approach for this with the following ideas.

1. Create a plugin manager app and deployment that grabs all plugins with matching prefix and downloads them to a pv backed by nfs and keeps them in-sync via release tags and the mounting the pv to the main app.
2. Build a container with all plugins and using it as a sidecar to populate the plugins directory.
3. Populating NFS via vía ci/cd by first deploying to object storage and running a sync of object to nfs. This would then be mounted to each pod as an nfs volume directly.
4. using an unit container to deploy the modules to the correct location.

If you were architecting this, how would you do so?

https://redd.it/13pblgd
@r_devops

Looking for hassle-free installation of Cilium on Kubernetes?

Check out our latest blog post for quick tips and configurations that will make your life easier. From IPAM configuration to LoadBalancer and Tunnel modes, we've got you covered!

https://medium.com/p/17a870fdc4f2

\#Cilium
\#Kubernetes
\#networking

https://redd.it/13pbxmz
@r_devops

How do you handle API documentation and change logs?

I’ve just gotten the go ahead to build out our companies first set of pipelines for our web applications. Unfortunately, I’m a bit unsure how API documentation and change logs should be handled/automated. One of the main goals with these new pipelines is to standardize and automate various parts of our development process so I’m essentially working from a clean slate.

Any advice or suggestions would be greatly appreciated.

General tips and things to look out for when building out CICD would also be much appreciated.

Thanks in advance!

https://redd.it/13pdlvn
@r_devops

Good Read: Guide to making on-call and managing incidents Zen!

Hahaha some one created this for our community. Kudos to this guy:P


"Inspired by Tim Peters’ The Zen of Python"


Order is better than disorder.
Positive is better than negative.
Straight is better than vague
Communicating now is better than communicating later.
An incident should never go unacknowledged.
Unless explicitly supressed.
An incident has one and only one commander.
Context counts.
So does documentation.


Read full version here:

https://www.zenduty.com/blog/the-zen-of-on-call/

https://redd.it/13pg6q7
@r_devops

Multi Stage Dockerfile Examples In Node.Js?

I searched but could not find any tutorials for it. Can you please share them?

https://redd.it/13pe38m
@r_devops

Struggling to understand difference between build merge pr deploy release

I see these terms thrown around and try my best to understand them. What are these steps and in what sequence they occur ? Where can I read more about them ? Thank you.

https://redd.it/13pdi6y
@r_devops

Ok, this is dumb but... Anyone tried to back up and restore a VM with active containers on it?

Do the containers... handle it well? Assuming it's a snapshot backup of the whole OS

https://redd.it/13osegr
@r_devops

How to use multus CNI and load-balancing

A good blog about this topic : https://cloudybytes.medium.com/k8s-bringing-load-balancing-to-multus-workloads-with-loxilb-a0746f270abe

https://redd.it/13on9rn
@r_devops

Overview of DevSecOps Tools to Secure your Applications in 2023

By integrating security into the entire software development process, DevSecOps tools identify its applications’ vulnerabilities and improve overall application security. Find the coplete list of DevSecOps tools here.

https://redd.it/13plqgd
@r_devops

The Tezos Art x Web3 Hackathon Will Be Held At The Paris Ubisoft Headquarters

During the 3-day event, participants will create evolving / interactive Web3 on-chain artworks.

In the hackathon 6 teams will compete, these 6 teams will be formed around 6 top international digital artists.

You can read the article in full below : ⬇️

https://xtz.news/adoption/the-tezos-art-x-web3-hackathon-will-be-held-at-the-paris-ubisoft-headquarters/

https://redd.it/13pladb
@r_devops

Any exciting projects/tools

fed up with all AI, terraform noise. what are you excited about ?

https://redd.it/13pnsa7
@r_devops

When do you promote from Dev->QA->Stage->Prod?

As per title. I'm curious what's the criteria at your company, when do you move from an environment to the other? Also, how do you automate this, or does it require manual intervention?

Curious to see how other team and companies' practices.

https://redd.it/13ppz4i
@r_devops

How to add non modular jar in module project ?

stackoverflow-source

I tried import junit.awtui in my module project main class

Error report : The package junit.awtui is not accessible

Problem is junit jar hasn't module-info.class, so its packages are not accessible
How can I resolve the problem ?

https://redd.it/13prgrs
@r_devops

DevPod Demo - Walkthrough of the UI and CLI tips (Open Source alternative to Codespaces)

Here's a demo with one of the DevPod creators. We walk through how to create workspaces, how providers work, how the CLI can be used instead of the UI, and other topics we haven't covered previously in videos.

If you have questions, or want to see content around some of the topics we briefly touched on, let us know!

https://youtube.com/live/Bu-aGpzwMUw

https://github.com/loft-sh/devpod

https://redd.it/13psb7z
@r_devops

Jenkins credentials

So, I was very excited about creating my first pipeline from scratch! Using Terraform to write my code and a GitHub repo, then now it comes to automating with Jenkins and I keep getting this error message



Error: configuring Terraform AWS Provider: failed to get shared config profile, default with provider["registry.terraform.io/hashicorp/aws"\], on providers.tf line 9, in provider "aws": 9: provider "aws" { Build step 'Execute shell' marked build as failure Finished: FAILURE



The code runs with no errors from the Cloud9 instance but for some reason, Jenkins cannot access the shared credentials file. Help, please

https://redd.it/13pux6j
@r_devops