Who is responsible for ensuring the quality checks for SAST in the CI/CD pipeline?

We are setting up a process to incorporate a SAST tool in our CI/CD pipeline, and are deciding which team would be responsible for implementing the SAST quality checks in the CI/CD pipeline.


View Poll

https://redd.it/13sb919
@r_devops

58% of enterprise developers have had to tackle at least one API exploit in the past year alone.

This is just one of the insights we were able to generate with the invaluable contribution of the global developer community. You can help us too!

https://survey.developernation.net/name/cbts3/branch/main?utm_medium=some&utm_source=reddit&utm_campaign=r/devops

https://redd.it/13sg7st
@r_devops

Good online DevOps courses?

Hey! I am a web developer Who recently acquired some interest in the DevOps field and wanted to get more into it as a skill to add or even a possible career path switch.

So, I was curious about good online courses (I learn way better with that kind of structure), as there is an overwhelming amount of them. Bonus points if it is for already developers or of it includes certifications.

Thanks in advance!

Edit: forgot to add that it is a great addition if the course includes projects instead of being just theoretical.

https://redd.it/13shont
@r_devops

A Guide to Creating Kubernetes Operators with Go

Dive into the world of Kubernetes Operators with our latest guide! Learn how to leverage Golang to create powerful Kubernetes Operators. Streamline and automate your Kubernetes clusters like never before. Don't miss out! #Kubernetes #Golang #containers #operatorSDK #operator

https://www.faizanbashir.me/guide-to-create-kubernetes-operator-with-golang

https://redd.it/13sgmzt
@r_devops

OpenTelemetry for Open Source Telemetry?

We have an open core product and are using a homegrown service for telemetry. The only thing we're tracking is how many instances of our application is running; we make a POST to an endpoint with a UUID and a timestamp, that's it.

We're adding OpenTelemetry to our application for tracing.

Would it be a good idea to transition from our homegrown telemetry to OpenTelemetry for open core? We wouldn't want to use traces for our open-core version, just metrics.

What do you think?

https://redd.it/13sfinw
@r_devops

Secure Software Delivery

OpsMx ISD is the industry’s first CI/CD solution designed for software supply chain security and DevOps security posture management.

With OpsMx, enterprises can prevent potential security issues, discover and resolve vulnerabilities in their environment, and demonstrate secure software delivery and deployment.

Read more Secure Software Delivery

https://redd.it/13sgs9n
@r_devops

Hey there, fellow DevOps enthusiasts! I wanted to share an informative and insightful blog post that delves into the world of DevOps automation, focusing specifically on the comparison between Ansible and Red Hat Tower/AWX. Checkout this blog post.

https://medium.com/devops-dev/ansible-tower-vs-ansible-under-the-hood-cbd7bd891101

https://redd.it/13smbtd
@r_devops

Tool to build Docker images

Which tool do you use to build Docker images in pipelines and/or in Kubernetes?

We've been using Kaniko and it actually works great. I was just wondering what other options are there.

https://redd.it/13soa6e
@r_devops

Who is responsible for monitoring the quality gate for Code Health (ex detecting complex code, duplicate code etc) in your company?

We are setting up a process to incorporate a Code Health tool (ex detect linting issues, code complexity etc) in our CI/CD pipeline, and are deciding which team would be responsible for monitoring the CI/CD checks related to the SAST (Static Application Security Testing tools) checks on PR merges and merge to master.

Hence, wanted to understand how it is done in other companies.

View Poll

https://redd.it/13rkp9s
@r_devops

great, now i'll be thinking about this all weekend

I've been feeling like there's a fundamental disconnect at my job about what ops/platform engineering and architecture actually entails, and it comes out in weird ways. So I'm trying to work through this idea/analogy/rant to hopefully get some connection.

Users

Our users want boxes - lots of boxes, boxes of different sizes, boxes that can be strapped together and stacked on another box, boxes in boxes in boxes. We also want boxes - boxes to hold our box orders, boxes to hold box parts, boxes and boxes and boxes.

Engineering

To make and assemble those boxes, we start making box building machines. And we make some strap making machines. And we make some assembler machines that can pop the straps around a few boxes and place them squarely on top of the big box that just got built. And we make a box builder builder that makes a box with a box builder, a strap maker, and an assembler inside to ship to the Sydney office to start making upside down boxes.

Architecture

All through this box building, we want to make sure the boxes that come out are the right size, are connected correctly and in a safe/durable way, and when they catch fire the suppression system (which is in another box) places an order for a replacement box.

And when we build a box builder, we want to be sure we're not wasting time reinventing a builder that Maggie down the hall built last week, and that all request measurements get translated from feet, furlongs, and cubits to meters before we cut, and when someone asks for a new kind of box we can have a part list for the box builder breaking down what we can pull from stock and what we need to invent, and if a new box builder makes boxes that need ropes instead of straps we can figure out where in the box builder builder box we can put a new rope builder and rope-aware assembler.

\---

It is very easy to spend all your time building boxes, connecting them, poking them to see why they broke. In fact, in order to build box builders, you need to be pretty clear on how to build a good box - how to build a few different kinds of good boxes - how to take someone else's box order and build the box they expect.

But until you build a box builder that builds a box on demand, you're a platform user, not an engineer.

I've built dozens of box builders. I've written guidance and requirement docs. I've advised on automation strategies, centralized configurations, distributed configurations, test harnesses, background and trainings and advice on hooks into every facet of our environment. And I'm still the only one building box builders. And management ask "but where's the box?" or declare confidently "the next architectural improvement we're looking for is ... box builder 714!"

Is this just bitter pre-3-day-weekend spite? Anyone else feel me?

https://redd.it/13sr3l7
@r_devops

CI/CD pipeline set up!

I’m new to DevOps and it’s been year started out with a startup. I’m the only DevOps person there.
We have 14 developers and each have their own sever of their own branch and application. So, every commit to their repo on a different branch should be a deployment.
I have set up jenkins that builds an image with a tag. The build is triggered and deployed by selecting choice parameters with their own environment variable on Kubernetes environment.
I have task to auto deploy based on user commit in a variable feature branch on a sever that is assigned to them.
I’m seeking approach for the above requirement with Jenkins or with any other tool recommendations.

https://redd.it/13sv9sf
@r_devops

Every job I’ve taken seems to follow a pattern

Year 1: Join the team and start solving the typical DevOps problems: CICD, infra-as-code, improve devex.

Year 2: things are a bit more baked, maybe you’re fixing kinks here and there, working with developers to get them used to all the stuff you’ve built.

Year 3-???: things are pretty much on cruise control. You might get reached out to a few times a week about something that’s not working, but the majority of your day is spent scrolling Reddit. Lose motivation, start feeling guilty because you’re not pulling as much weight as the devs. Skills start atrophying and you consider jumping ship, but you don’t want to leave the team hanging.

This seems to be the case in the last few companies I’ve worked for. Wondering if other people have had the same experience.

https://redd.it/13svlci
@r_devops

What's your incident response flow?

Curious how everyone does this? At a FAANG I worked at there's an entire suite of internal tools that handle this from chat integration, incident management birds eye view and it's relatively smooth.

Now that I'm at a smaller company, seems like there's no uniform way to do this. Some teams open up a Jira ticket to track things, while others straight up don't do anything. For my team in particular in boils down to pretty much pagerduty + ping the team chat and hope for the best, which really isn't ideal.

https://redd.it/13suum0
@r_devops

What editor/IDE and plugins/extensions do you use?

I go back and forth between nvim and vscode. Curious to see what others use.

https://redd.it/13sw0m0
@r_devops

Going from devops to an openshift support role

I have been in devops for a few years now, did my CKA 2 years back but never worker with k8s as much as I wanted to. I've been enjoying the challenges in the devops field, public cloud, cicd... But at the moment, as I'm looking for a new role, I got this offer from redhat. Normally I'd be stoked to get an offer from a big tech name like this, but this is not a devopsy role. It's a technical customer support role for openshift. Supposedly I'd be involved in solving our customer's openshift problems, learn a ton of k8s, but I'm scared I'd loose my touch with devops, public cloud, solutions architecture challenges, all that.
Now I don't care about titles too much, so going from a 'senior devops engineer' to some customer support title doesn't bother me, as long as it moves me forward in my technical skillset and career.

I wanted to ask dear devops folks here, would you make a change like this? If yes/no, why?

For the record, let's say that the pay is ok and I'd probably get the same pay elsewhere in the devops field.

https://redd.it/13szeft
@r_devops

Anyone has experience building IDP for dev team to spin up infrastructure?

I am going to build an Internal developer platform for devs to build infra. The proposed solution includes UI interface, API trigger and AWS code build for deploying. Any thoughts?

https://redd.it/13t0xf4
@r_devops

struggling to sync teams when one uses Jira, other uses Gitlab. is this normal in the industry? am i missing something that ensures a seamless integration between Jira and Gitlab?

context

mgmt team prefers using Jira boards because of its "all in one" with Confluence
dev team prefers Gitlab because of Issues tight integration w/ merge requests workflow

i'm just a reg software developer but i've noticed that the huge gap between the tools that mgmt and dev uses prevents us from effectively communicating what we are doing.

i work in a 200 person shop and it's insane how if a dev team is forced to use Jira and cater to the manager, the dev team basically stops communicating Gitlab's Issues/MR system.

if the dev team sticks to using Gitlab's Issues/MR, the managers being more used to Jira aren't as effective on Gitlab's platform. Not only that but some managers deal with multiple teams and prefer to stick to Jira, but there's always a few of them that's like "ugh my other team uses Gitlab" and they basically become desynced.

i'm using a mix of unito, Jira and Gitlab's own cross intergrations to sync comments (in a half assed way because images don't crosslink well in comments) and labels (which require a lot automation wiring on jira).

it might be good now but i know all it would take is a change on either Jira or Gitlab and bam all these manual automations from Jira/Unito become useless.

am i missing? is this a persistent hell? are all large enterprises essentially working this way?

https://redd.it/13t1b40
@r_devops

Can Anyone Explain Me Docker Port Mapping Concept?

https://imgur.com/a/ccB3dsS

What does -p 5000:80 means? What port is being mapped to which port(based on the above figure)?

I think the port of windows 10 is being mapped to container assuming I'm running docker on centos vm. But feel free to correct if I'm wrong.

https://redd.it/13t2x5g
@r_devops

how to containerize a multi-container application using docker-compose?

I tried reading https://github.com/Lucifergene/Docker-Mern

But I'm confused. Should I continue to Kubernetes? My main confusion is YAML files. Is there a course to learn about YAML files in detail with example? I'm node js developer.

https://redd.it/13t0lm9
@r_devops

Cross Training?

Just curious if anyone has good experience cross training others, specifically application programmers in devops tasks. For example, with the small team I am on, everyone mostly relies on the one guy who knows Kubernetes if, say, we have some pods failing.

What strategies do you employ to try to motivate others to learn how to do the devops work without just saying “figure it out”?

https://redd.it/13sugt1
@r_devops

How much of the AWS cert content is actually relevant to DevOps?

I refuse to believe that knowing how a 'CMK is used to encrypt a DEK and then stored in a KMS' is something particularly worth learning in the context of DevOps. Seriously, what's the point of knowing these things just for a certification if I'll never use them?

What exactly are we supposed to learn about in the cloud space for DevOps/SRE roles? There are so many acronyms and unrelated concepts, it feels overwhelming and my head might explode. Are there things I can just focus on instead of actually going and obtaining an AWS cert?

https://redd.it/13t55fr
@r_devops