A Manifesto for Cloud-Oriented Programming from the creator of the CDK

In this insightful article, Elad Ben-Israel, the mind behind the CDK, shares his love for the cloud, but also his frustrations with the complexity of building cloud applications. The challenges he identifies include:
1. Focus on non-functional mechanics: The need to understand and manage cloud platform mechanics instead of focusing on building valuable features for users.
2. Lack of independence: Developers often need to rely on others to handle parts of the deployment process or to resolve issues, interrupting their work flow.
3. Delayed feedback: The current iteration cycle in cloud development can take minutes or even longer, significantly slowing down the development process and making it harder for developers to stay in their flow state.

## It's not just a rant
Elad is not just ranting about cloud development. He proposes a solution in the form of a programming language for the cloud. This language would treat the entire cloud as its computer. The language compiler will be able to see the complete cloud application, unbound by the limits of individual machines. Such a compiler would be able to handle a significant portion of the application's non-functional aspects, enabling developers to operate at a more abstract level, thus reducing complexity and promoting autonomy. Moreover, it could expedite iteration cycles by allowing to compile applications to quick local simulators during the development process.

## The Winglang Project
Elad reveals that he's in the process of developing such an open-source, “cloud-oriented” language, dubbed Winglang. Wing aims to improve the developer experience of cloud applications by enabling developers to build distributed systems that leverage cloud services as first-class citizens. This is achieved by integrating infrastructure and application code in a secure, unified programming model. Wing programs can be executed locally via a fully-functional simulator or deployed to any cloud provider.

## My Interest in Winglang
I, together with a group of dedicated contributors, joined forces with Elad to develop Winglang.
While still in Alpha and not yet ready for production use, it's already possible to build some real applications.

Check out https://github.com/winglang/wing for more details.

https://redd.it/13u5zrj
@r_devops

Health Check Response Format for HTTP APIs

I’m continuing my journey on getting more familiar with HTTP APIs by reading related RFCs. This time, I read the Health Check Response Format for HTTP APIs on the suggestion of Stefano Fago. In this post, I’d like to summarize my reading.

Note that it’s a draft. Moreover, it has been dormant for nearly two years and, thus, has been automatically expired. However, it’s the closest to a specification on health checks and thus deserves some love.

Read more

https://redd.it/13u5cs2
@r_devops

Supplemental Productivity Software

I'm looking for some additional productivity software in addition to (or lack thereof) options that our company has. Granted, I've confirmed reimbursement, but as a small shop, most of it is "choose your own adventure." Our only two officially used platforms are GitLab and Slack. I think three categories can be broken down and used unless I'm overthinking them,

Wiki/Knowledge Base - GitBooks is what I'm leaning toward right now. Confluence is overkill, and options like Wiki.js and Bookstacks haven't been as seamless as I'd like. xTiles seems like a weird hybrid between all 3.

Workflow/Kanban - Like above, Trello/Jira are overkill; Monday requires three seats. So far, I'm enjoying Linear's free plan the most.

Notetaking - Notion, Craft, and Upnote all seem good, but this category also seems saturated with a ton of options.

Thoughts?

https://redd.it/13u5wkk
@r_devops

Exploring Datadog alternative

Hello everyone!

I work at a small startup and currently use Datadog for monitoring etc. Our stack is Kubernetes cluster on Azure, written in .Net. We also use DD for some SIEM purposes. Have a bunch of monitors, mostly about webservices uptime, error rate and response times. Some monitors around host level monitoring exist as well.

Not very happy with Datadog given their billing, what tools would you suggest we move to, for these purposes? How is Azure Monitor stack for these purposes?

Also, if someone has done this for their work and have time to consult/get it done for us, we can pay as well. Ideally looking for open source stack, but would love help from this group on getting started and initial setup!

https://redd.it/13ubihi
@r_devops

Has any Integrated RASP that can detect custom use cases ?

I am aware that RASP can protect against a host of known attacks inspite of detection signatures not being available. But is there any RASP solution whose rules / policies can be modified to detect application specific attacks that are more towards business logic and not just OWASP attacks ?

Thanks

https://redd.it/13uk983
@r_devops

Do You Know Devops - Crossword

https://www.funfordevs.com/crossword-devops.html


Credits to u/siddharthnibjiya on original post on **observability**...

https://www.reddit.com/r/sre/comments/13u7lhk/crossword_on_observability_any_enthusiasts_here/

https://redd.it/13ur7v0
@r_devops

step by step guide of lab scenario to test nodePort in kubernetes?

https://imgur.com/a/3IrFsgn

I want to achieve this scenario in a lab environment in kubernetes. How can I create one? I tried asking chatgpt but no help from there. I tried googling but no help from there either.

https://redd.it/13uv7jn
@r_devops

Advice needed on continuous integration

I'm part of a 2 people team developing a SaaS application. Our tech stack involves React.js for the web app, React Native for the mobile app, a web extension, and a desktop app with Electron. All these components are part of a monorepo.

We're currently in the process of setting up our CI/CD pipeline with GitHub Actions and are planning to use a trunk-based branching strategy with release branches for releases. We are also aiming to strike a balance between maintaining high quality software and keeping costs low, as we are a bootstrapped company. Therefore, we're trying to decide on an effective testing strategy that involves both local testing and automated testing with GitHub Actions.

We're contemplating on which types of tests (unit, integration, E2E, performance, visual regression) to run in which environment (local or GitHub Actions). Here are some considerations we've been thinking about:

Unit Tests: Given their speed and low cost, we're thinking about running these both locally before committing and on every PR with GitHub Actions.
Integration Tests: We're considering running a subset of these on every PR and the full suite on a schedule or when merging to the main branch.
E2E Tests: We're considering running a minimal set of these on every PR and a more comprehensive set on a schedule or when merging to the main branch due to the costs and time they take.

We would love to hear your insights and experiences on this. How have you decided which tests to run locally vs. in the cloud? How do you manage the balance between cost and quality in your testing strategy? Any advice or resources you could share would be greatly appreciated.

https://redd.it/13uxr6d
@r_devops

Interacting with Kubernetes Deployments and Services using Python SDK

Discover the power of Kubernetes combined with Python! Our newest guide delves into using the Python SDK for interacting with Kubernetes deployments and services. Harness the versatility of Python and the robustness of Kubernetes in one place. Check it out now! #Kubernetes #PythonSDK #Python #containers

https://www.faizanbashir.me/interacting-with-kubernetes-deployments-and-services-using-python-sdk

https://redd.it/13uz01n
@r_devops

My secret tricks on getting things done fast

Hello, I made a video about my strategy of how I get things done fast in day to day work

https://www.youtube.com/watch?v=YAOq5-w3YXw

https://redd.it/13v2hbx
@r_devops

GitHub Actions equivalent of Azure Devops pipeline resources?

Azure DevOps yaml syntax allow us to define resources for pipeline -> https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=schema

For example, I might have separate pipelines for CI and CD. I would like to be able to select specific CI pipeline artifact when dispatching CD pipeline. With Azure DevOps I have achieve this by:

resources:
  pipelines:
  - pipeline: ci
    source: App-CI

trigger:
- none

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    echo $(resources.pipeline.ci.pipelineID)
    echo $(resources.pipeline.ci.runName)
    echo $(resources.pipeline.ci.runID)
    echo $(resources.pipeline.ci.runURI)
    echo $(resources.pipeline.ci.sourceBranch)
    echo $(resources.pipeline.ci.sourceCommit)
    echo $(resources.pipeline.ci.sourceProvider)
    echo $(resources.pipeline.ci.requestedFor)
    echo $(resources.pipeline.ci.requestedForID)

So in my CD pipeline I am specifying it uses CI pipeline as resource. Now, when dispatching CD pipeline through UI, I am able to select specific CI run (which produces artifact).

Is there any equivalent for GitHub Actions? I would like to have separate CI & CD workflows and when dispatching CD workflow I would like to be able to select specific CI run to use for CD workflow.

https://redd.it/13v2fl8
@r_devops

GitHub ActionRelease: Add DAST and OSINT to your security pipelines

Howdy!

I'm excited to share with you my latest contributions to the GitHub community: a collection of free GitHub Actions designed to streamline and enhance security practices utilizing DAST and OSINT tooling that is widely used - sqlmap, bbot and nikto. There were no GH Actions that I could find, so I made them for my use case, but figured everyone can benefit from those awesome tools.

# Action - 🗺️ - sqlmap

The famous sqmap - perform automated (or semi-automated) penetration testing on your releases:

https://github.com/marketplace/actions/thereisnotime-action-sqlmap

# Action - 🤖 - bbot

One of the newer OSINT automation tools on the block, I personally love it so here it is:

https://github.com/marketplace/actions/thereisnotime-action-bbot

# Action - 🎯 - nikto

A stable and tested tool that can easily scan a ton of endpoints for security issues:

https://github.com/marketplace/actions/thereisnotime-action-nikto

WIP: Currently I am working on a nice workaround to generate outputs from the actions and not directly from the tools (but you can still use the tool outputs in your job steps) and after that I will add more examples (the way I use it for regular security compliance reports etc.).

Because those amazing tools have a ton of parameters, one of my main goals was to provide an easy option to provide custom arguments instead of wrapping each one and also re-use as much as possible from the official or at least most supported Dockerfiles where available.

Feel free to try them out, provide feedback, or even contribute to their development. The actions are under active development but they are working. Your input is valuable in making these actions even more robust and effective.

If you find them useful, please leave a ⭐ in GitHub.

https://redd.it/13v3ega
@r_devops

Seeking advice for joining a DevOps team for the first time

I'm starting an internship in a couple weeks as a software engineer on the companies DevOps team and I haven't been given a lot of information on the tech stack other than them saying to learn groovy (I'm already pretty experienced in java, so syntax shouldn't be problematic to learn). I understand that groovy is used to write scripts in Jenkins for CI/CD pipelines, but I'm not sure if that's exactly what I'll be doing. Does anyone have any advice of things to be aware of / things I should give extra attention to when learning groovy in the context of this role?

https://redd.it/13v538h
@r_devops

Angular universal with docker giving bad gateway

I am trying to dockerizing a angular universal app using nginx, and it's giving me really hard time.
It keeps saying 502 bad gateway and I am unable to wrap my head around it.

Here is my docker file

​

FROM node:14-alpine AS builder
WORKDIR /app
COPY . .
RUN npm i && npm run build:ssr
FROM nginx:alpine
WORKDIR /usr/share/nginx/html
RUN rm -rf ./
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY --from=builder /app/dist/front-end-kevi .
ENTRYPOINT ["nginx", "-g", "daemon off;"]


In my server.ts file, I am starting the app on port 4000.So I am starting the docker image using this command


>
docker run -d -p 4000:80 kevin


for the reference, here is my nginx conf file.

​

server {
listen 80;
server_name localhost;

root /usr/share/nginx/html;
index index.html index.htm;

location ~ \.(eot|ttf|woff|woff2)$ {
addheader Access-Control-Allow-Origin *;
}

location / {
proxypass https://localhost:4000;
tryfiles $uri $uri/ =404;
}

location /OrderMationApi/api/v3/ {
proxypass https://102.133.225.222;
}
}

and I am getting this error in error logs

​

>
7#7: *1 connect() failed (111: Connection refused) while connecting
to upstream, client: 172.17.0.1, server: localhost, request: "GET /
HTTP/1.1", upstream: "https://127.0.0.1:4000/", host: "localhost:4000"


​

Any idea where I am doing wrong?
Any help is highly appreciated.
Thanks in advance.

https://redd.it/13uyyfj
@r_devops

Cloud providers - VPC

I am architecting a cloud based solution where proxmox will be the main hypervisor and VMs LXC etc will be hosted. I will have people from all over the world connecting via VPN to mostly windows machines and I am looking for a reliable provider that has different regions.

OVH does the trick as it has got data centers in all regions and it is definitely a candidate. I like to keep my infrastructure tidy and manageable but in other hand, having all the eggs in one basket has never been best practice.

What is your opinion here? Let’s say I’m to build 3 proxmox builds in different geographical regions, all in OVH or spread them out?

https://redd.it/13ux67u
@r_devops

Seeking Best Practices for Local Development in a Microservices Environment

I am currently working on a personal learning endeavor by standing up a Kubernetes-based microservices architecture with Docker containers. I can already anticipate facing challenges enabling effective local development while ensuring that production environments are not endangered. In my career, we almost always blur the lines between healthy local development, shared test clusters, and pushing the boundaries of working within production...

Some paint points I'm encountering already:

1. Setting up local environments: What's the best way to run and debug a specific microservice locally? We've looked into Minikube and Docker Compose, but are there other options we should consider? Is this even tenable at a certain size?

2. Managing dependencies: With so many interdependent microservices, how do we stub or mock these services locally for development purposes?

3. Configuration management: How do you manage shared configuration and secrets in a way that is secure but also accessible for developers?

Any suggestions on tools, best practices, or resources (books, blogs, courses) are highly welcome. Thanks in advance for your help!

https://redd.it/13vg0sm
@r_devops

Looking for DevSecOps Practical Guides or Tutorials

So I'm currently into DevOps and would love to move into DevSecOps. There are plenty of blogs on internet but all the talk about the methodology and theory part of DevSecOps not the practical part. I only got one link which showed how to implement Security in CI CD Pipeline using Jenkins and SonarQube with Some SCA tool. Any link regarding the DevSecOps practice will be really helpful.

Thanks 🙏🏻

https://redd.it/13vi12w
@r_devops

Felon looking to get into software dev

Looking for guidance and advice on entering the software development community with a felony. What certs should I aim to test for to likely land an entry level job, what jobs are in highest demand in 2023 and how much will my felony record (one felony, drug related and 5 years old) impact my ability to get a job in this industry. Thanks

https://redd.it/13vmnk0
@r_devops

Work from Home requirements

Hi. Not sure if this is the correct place to ask this question but after getting no response from other subs thought I would ask here. I’m curious to learn if being in a hotel would disqualify my ability to secure a role WFH. I have been considering getting a travel modem as well as signing up for a firewall/vpn service; not sure if this adequately secured my privacy in general much less to be able to be employed as a WFH executive. Any insight or direction would be most appreciated.

https://redd.it/13vohu4
@r_devops

sonarqube 9.9 LTS error

Hi Team , we are testing sonar 9.9 LTS and encountered this error message in jenkins console, even i trying to pass java home to 11 still same issue , also on jenkins console output if i echo java -version it says **openjdk version "11.0.16" 2022-07-19**

mvn sonar:sonar -Dsonar.qualitygate.wait=true -Dsonar.host.url=https://xx.xx.xx.xx:9000 -Dsonar.java.jdkHome=/data/jenkins_home/tools/jdk-11

**failed: An API incompatibility was encountered while executing org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar: java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0**

https://redd.it/13vqbey
@r_devops

Understanding Metrics, Events, Logs and Traces - Key Pillars of Observability

https://last9.io/blog/understanding-metrics-events-logs-traces-key-pillars-of-observability/

https://redd.it/13vsn8n
@r_devops