Improving on the "dev" side of DevOps

Aside from programming more on the job, which of these books are relevant enough to DevOps to be worth picking up? These happen to be the most recommended Software Engineering books:

Clean Code
Head First Design Patterns
Pragmatic Programmer
Refactoring
Designing Data Intensive Applications

 


And regarding DevOps books, I'm having a hard time deciding which ones to read and which to skip?:

Phoenix Project
Devops Handbook
Accelerate
Unicorn project
Google's SRE book and/or workbook

https://redd.it/1449u5k
@r_devops

Using CNAME abstractions to simplify DNS

Is anyone else using CNAME abstractions? I've been employing them to simplify our DNS configuration. Yes, obviously, there is an additional lookup, but with caching and TTLs the overhead is minimal.

For example, instead of doing this, which would require 3 updates to swap the ELB endpoint:

foo.mycompany.com –> myelb.blah.amazonaws.com
bar.mycompany.com –> myelb.blah.amazonaws.com
bas.mycompany.com –> myelb.blah.amazonaws.com

Doing this, where we only update one record:

gw1.mycompany.com –> myelb.blah.amazonaws.com
foo.mycompany.com –> gw1.mycompany.com
bar.mycompany.com –> gw1.mycompany.com
bas.mycompany.com –> gw1.mycompany.com

I wrote a small post on what they are and how I've used them, would welcome any feedback!

https://thebook.devrev.ai/blog/2023-06-11-dns-3/

https://redd.it/144dlck
@r_devops

What port is this pod listening on?

I kubectl exec into a single-container pod and see that nginx is running. I then run "netstat -tulpn" as root and it says that nginx is listening on port 80. Nothing else. Yet when I set my service's targetPort to 80, the site won't load. If I set the service's targetPort to 443, it loads.

Why is that? What am I missing? It seems like nginx is listening only on port 80, per netstat, and yet the service only connects to the pod on port 443. I must be misunderstanding something.

https://redd.it/144fjar
@r_devops

I recently joined a startup, but it wasn't what I expected.

Last year I began browsing for new roles after feeling like I had outgrown my previous company. My background consisted of mostly AWS with a bit of azure, terraform and ansible, with linux VMs. I found a startup nearby that matched what I was looking for in an employer and their job posting seemed to line up with my skillsets (this will come back to bite me later).

I went through a very small interview process and decided to take a risk and accept the offer that was given to me. They were looking for someone to steer the ship from a DevOps perspective, so it felt like a natural progression in my career - exciting!


Fast forward a little bit, I came to the depressing conclusion that they were actually a lot further 'behind' than I was anticipating. Through a mix of various azure contractors and developers who didn't know what they were doing, we now have three Azure environments that are a total mess. Windows VMs running a bunch of legacy applications that required GUIs to operate, various developers and leadership have *full* access on the tenant, undocumented infrastructure that has a fairly complex NSG to allow for these legacy applications to function, because their legacy apps have a GUI requirement, they use RDP to get to the VM, the list goes on.


And so it does. All of their applications are built manually, locally, then uploaded via an FTP. Their VCS is github free, and there has been an ask to 'automate their deployments', but seeing what is required in their build steps, we are putting the cart before the horse.

Then they're wanting to achieve SOC2, but from my experience we would fail so horribly in a SOC2 audit we would need to either punch out the due dates significantly or hire resources to help shore up a gap analysis that I am confident would be substantial.

On top of this, I am being asked for many different things from several people. No one really knows what my own priorities would be, but everyone wants to have a say in what projects are of highest priority.


Anyways I'm not sure what the purpose of this post was to be, maybe just a rant for now. I have seriously considered jumping ship and finding another position out there, but the other part of me wants to just stay here and be stubborn for success in hopes that I can achieve something.

https://redd.it/144epqh
@r_devops

Looking for a study buddy to start from scratch and crack devops roles.

Anyone who is looking to get started or transition into devops roles, let's learn together and crack roles. Would be great if someone who could mentor/guide us.

https://redd.it/144i8dk
@r_devops

Will r/DevOps participate in the blackout?

As the title states, will r/DevOps participate in the blackout starting Monday?

https://redd.it/144j2vt
@r_devops

cAdvisor Vs Prometheus

Anyone have experience using cAdvisor, or does Prometheus meet most of your container profiling needs?

Curious as to why one would use cAdvisor over Prometheus, or vice versa.

Trying to pick a tool best for finding memory leaks, etc

https://redd.it/144j7rg
@r_devops

Looking for best pratices / advice on incorporating build information into my Docker images

### Context

I would like to know, when a container is running, which version of the application is running.

We are going to assume the application accepts optional "build information" environment variables that it simply gives back when asked.

"version" can refer to a lot of things:
- Application version in the pom.xml or package.json
- git commit hash / digest
- git tag
- Docker image hash / digest

Unless someone has a really good article explaining why I should ABSOLUTELY synchronize all of these versions, and how to do it realiably and efficiently, I won't attempt to do so. Seems like a massive headache more than anything else.

And I will also probably add the Jenkins build number to the mix for good measure.

---

### My approach

So my first approach would be to just define these as Dockerfile arguments, and then define them as environment variables, maybe write them into a file but that seems cumbersome for not that much gains.

BUT

The one thing I do not have at Docker build-time is the Docker image hash, obviously, and I have not been able to find a way to get that information from a running container without:
- manually providing it at runtime (meh)
or
- accessing the docker daemon, which is asking way too much for how little information I need.

Basically what this dude wants.

---

Any input is welcome. On the whole concept, my approach, or the Docker image hash issue.

Thank you.

https://redd.it/144dlcg
@r_devops

Questions about installing DataDog on a Docker Container

I'm trying to install the datadog agent on a docker container. I followed 2 methods.

METHOD 1

I followed these instructions (everything above the autodiscovery section) to create a folder with a docker-compose.yml file and then build and run it, as specified in the link.

METHOD 2

Following the datadog offical documentation, I ran this command:

docker run -d --cgroupns host --pid host --name dd-agent -v /var/run/docker.sock:/var/run/docker.sock:ro -v /proc/:/host/proc/:ro -v /sys/fs/cgroup/:/host/sys/fs/cgroup:ro -e DD_API_KEY=<DATADOG_API_KEY> `gcr.io/datadoghq/agent:7`

Both these methods did created containers for me that are up and running. On the https://us5.datadoghq.com/help/quick\_start page I can see "1 host running" and on clicking, i can see both my containers as well.I am just starting out with datadog and I have a lot of doubts:

1. why can I see only 1 host running? If I've installed datadog agent on 2 containers, doesn't that mean I have 2 hosts?
2. In many tutorials, datadog is installed directly onto the host machine (e.g. windows) which creates a folder for DataDog that contains datadog.yml/conf.d/Dockerfile files. But since I've used docker, I can't find these files for me on my local machine, and I don't know how to access them in the containers. (IF they are present in the containers). Do I have to make these files and directories myself? If yes, then where? in the same folder as my docker-compose.yml file that I made in METHOD 1?
3. In METHOD 2, even the docker-compose.yml file is not present since I only ran one command that pulled the docker agent image and ran the container. In this case too, how do I access these files? Do I make them myself?
4. Is the datadog agent manager only available for Windows users?

https://redd.it/144de5g
@r_devops

Does your organization offer internships in devops? If not why?

Hello People,

Wanted to check are there any legit internship options available for students looking for a career in Devops? If not then why do you think that is?

https://redd.it/144c9st
@r_devops

Internal infra cli tools made in Golang: why?

Nothing against go but I’m just curious about it. I read somewhere a lot of the major infra tools support go templates so there is at least a nudge to go with go when doing internal tooling.

I also read some of these types of devs contribute to major infra projects made in go (Docker/K8s) or sometimes need to browse source code to look for answers.

Is that all there is to it? What’s your take?

We have a pretty much abandoned internal infra tool that is made in go and has 0 documentation. I personally can invest time into learning the language but I can’t speak for everyone else. For the sake of shipping a binary and allowing other devs to contribute, I am thinking of making something in Deno (We do TS everywhere). Is picking Deno unreasonable here?

https://redd.it/1449syf
@r_devops

From Heroku to Where? Exclude: Kubernetes

We have a platform deployed in heroku, it is composed of different services, which are unfortunately tightly coupled, but before we go into pure microservices principles and redesign, if we want to move away from Heroku to some other Cloud platform, which services do you recommend to use for deploying this platform and why, other than Kubernetes, rule that out.

https://redd.it/1449iws
@r_devops

Can someone please help me with this interview question.- what are your day to day activities as a devops engineer?

I am trying to switch from testing to devops and apply for an experienced position say 2-3 years. The first question I get in jnerviews is - What are your day to day activities as a devops engineer?
Since I have not worked in devops, I am never able to give a convincing answer. Can someone who works as a devops engineer please help me to understand their work on a daily basis.
Tools I am aware of:
GitHub, Jenkins, docker, ansible, jira and python ,cloud AWS.

https://redd.it/14189uw
@r_devops

Where to look for a job with relocation?

Hi guys. It's the first time when I'm trying to find such kind of job, and I'm entirely unaware of where to start. If you have such experience - maybe you can share it? Maybe there is something like agencies who can handle this?
Small background about me, 20+ years in IT, currently in Ukraine, and looking for a job in the EU, UK, or US.

https://redd.it/144wajc
@r_devops

Best Options for running python script every 30 seconds

I'm helping a friend set up some infrastructure stuff for a side hustle he has and im kinda lost with some of the dev ops stuff.


My current set up is the script starts up via a corn job and just runs 8 hours straight in a while loop. Would it make more sense to move it to Azure Functions? If so how does scheduling something like that work to the best of my knowledge you can only run once every minute.


I need this to be stable. Also does anyone have any good tutorials on ci/cd for deploying python scripts to virtual machines. Every tutorial I find is for deploying flask/django apps.


All feedback is welcome I'm new to this side of programming especially the ci/cd stuff.

https://redd.it/144v9mp
@r_devops

Is AWS Directory Service the only way to get an RDS instance join a domain?

We have a requirement for the RDS to be enabled with Windows AD authentication. I couldn't find any other way to achieve this except for using AWS Directory Service which hasn't been setup in our account.

Are there any other alternatives?

https://redd.it/144xr17
@r_devops

Interview Questions

Hi,
I have an interview coming in the next week for a Devops Engineer.

What are things i should be prepared in ?

Any pointers that i need to know of ?

Thanks for your help in advance.

https://redd.it/144xqix
@r_devops

Join the Discussion and Cast Your Vote in our Poll...

What strategies do you employ to reduce logging costs in your cloud environment?

View Poll

https://redd.it/14181ra
@r_devops

DevOps startup around Observability

Hey chads,

I need your honest take on this, we're hustling hard as freelancers, and we're about to level up our game.. we're gonna offer these pre-packaged observability solutions to companies, but here's the kicker, we'll customize it to fit their exact needs, all for a reasonable fee.
The stack is:
Grafana,
Loki
Prometheus/Thanos
Jaeger
Open Telemetry Collector (Traces, Metrics, Logs)
\+ We configure cloud metrics for grafana.. (Cloudwatch, Azure monitor, etc.)

Once deploy the stack we support that, meaning we guarantee timely updates of charts and that every component is up to date and just works.


Do you think there is a market for this?

https://redd.it/1452bfe
@r_devops

Any open sourced status page manager? Cachet alternative

I have been exploring some open source status page, and was intrigued by cachet with features but since it not maintained i am reluctant to implement it and looking for alternatives . Any recommendations?

https://redd.it/14539ii
@r_devops

CICD Test Stage Question

So our CICD Pipelines for each product have A build plan, which is linked to a deployment project that deploys to \~5-6 envs, dev, test, uat, prod, etc).

We kick off a run in the lower env, by running the "commit and acceptance stages" in the build plan, which triggers a deployment to the dev env and test env. After the tasks in the Test deployment env are complete, it then triggers a Test stage in our build plan(withs typically runs the smoke tests).

My question is, what is normally the distinction between what is happening in the Test environmnet where artifacts to deployed to the Test environment, vs what's going in the test stage of its respective build plan(with the smoke tests)? In other words, why does it come back to the build plan test stage after deploying to a test environment elsewhere?

https://redd.it/1454xz2
@r_devops