How are you preparing for AI?

I don't mean are you using GitHub copilot or even doing ML pipelines at work. I mean how are you preparing for AI to automate most of what you already do today?

9 months ago I would have said AI is useful but DevOps systems are so disparate that it would be a titanic task to automate what we do.

But give the massive advancements in the last year, way more capable models, I honestly don't think our job will exist in five years. AI can code, it can automate, it can improve itself.

What ship should we jump to next? I think it will be worse for developers but bad for us too.

https://redd.it/1buv8c7
@r_devops

Seeking Advice: Transitioning to DevOps - Worth the Commitment?

Hey everyone,

I've been presented with an opportunity. A scholarship where I wouldn't have to pay for anything to transition into a full-fledged DevOps role. However, it requires a commitment of two years at their workplace. I'm torn about whether it's worth pursuing. I'm essentially starting from scratch. I currently work as a full-time English teacher, but I've always had a passion for computers, gaming, and technology. Despite this, I've never pursued it professionally. Now, at the age of 32 and still single, I've decided to switch careers to either QA or DevOps.

QA seems a bit mundane, and there's the added expense of courses. On the other hand, DevOps doesn't require any upfront payment, but I'd have to commit intensely for five months straight, five days a week.

The catch is, if I take this scholarship, I'll have to quit my current job. Besides, I only have one try at the final test, otherwise, I'll have to wait for another year to apply again, which is a significant risk.

So, I'm reaching out for your input. Do you think it's worth taking the leap, or is it better to pass on this opportunity? I'd greatly appreciate your insights, especially from those who already have experience in the DevOps field. Thanks in advance for your advice!

https://redd.it/1buuu61
@r_devops

Salary Questions for someone who feels like they are drowning in responsibilities. Am I unrealistic?

Hey all,

I'm trying my hardest to make this not sound like a venting post because I really do want insight.

Switching jobs is not an option as it will impact another project I have outside of work hours. If that's the only option here, then this is all completely on me, and I understand that.

With that out of the way, I feel like at a state job in the Midwest, I am being underpaid.

$103k a year, my responsibilities that my boss says are my responsibility are:

-WebSphere/Tomcat patching

-General server patching

-WebSphere/Tomcat app deployments (no they're not automated, they expect we do them via the gui's and manually uploading jar files)

-My boss is also throwing me to take over some of the responsibilities of a worker who's leaving, and this includes MQ work


My other responsibilities that I've stood up and know I need to maintain for the health of the organization:

-docker environment that hosts Ansible/AWX containers

-documentatiom repo

-Gitlab administration (boss asked me if we really need Gitlab)

-Grafana, Prometheus deployment, configuration, and patching

-all the playbooks in git are ones I created and maintain



I think it slowly has crept up on me how much I'm holding up and I think throwing MQ in there has been what is making me want to ask others for insight on this. Is $103k too little at a state job? Am I expecting too much?


Thanks in advance all

https://redd.it/1bux1xd
@r_devops

Entering the field?

hello there!

I'm newly released from the army and as part of my release I got a DevOps course which mostly focused on Azure and Terraform.

unfortunately I am completely new to the IT field and even while in the course had difficulty understanding some stuff, especially around networking and dockers/ containers.

So assuming I jumped the gun and got skipped a few steps, what should I do? what am I missing?

also, am having trouble finding a job because of the lack of experience, any entre level jobs I should get into and work into the DevOps role from there?

​

thanks yall!
Cheers!

https://redd.it/1buxx9t
@r_devops

This hands-on project is designed for anyone who is interested in getting into DevOps.

Source code:

* [https://github.com/tntk-io/tntk-infra](https://github.com/tntk-io/tntk-infra)
* [https://github.com/tntk-io/tntk-ci](https://github.com/tntk-io/tntk-ci)
* [https://github.com/tntk-io/tntk-cd](https://github.com/tntk-io/tntk-cd)

Video instructions:

* [https://www.udemy.com/course/real-world-devops-project-gitops-methodology/](https://www.udemy.com/course/real-world-devops-project-gitops-methodology/)
* Apply "TENTEKDEVOPS2024" for discounts.

Enjoy!


PS: We've previously posted this but received requests for video instructions. Therefore, we're posting again to inform you that we've uploaded video instructions containing approximately 8 hours of material explaining the project's essentials.

https://redd.it/1bv0zdx
@r_devops

How does CI/CD or TBD handle features that take more than a couple of days?

Sometimes you can't breakdown features into smaller ones or you are assigned a feature that will need half a Sprint or even an entire Sprint. If you follow CI/CD guidelines, you should merge at least once a day.
I've read that a potential solution to this is to merge incomplete feature code that doesn't break prod or hide it behind a flag.
However, I'm reading these options as workaround, which means that CI/CD Features are usually shorter than two days.
How is this possible?

https://redd.it/1bv2ieu
@r_devops

Best practices of authentication to Vault

Hello,

What could be considered the most secure way of authenticating in HashiCorp Vault by an application running in a Kubernetes cluster?

The AppRole method is nice, but implementing AppRole implies that the secret_id must be passed to the application. This means that the secret_id must be saved somewhere in the Deployment's configuration or in a Secret as plain text, which doesn't seem secure because someone could steal it.

The Kubernetes method seems to be a bit better, but it implies that the application should take the ServiceAccount's token (e.g., from /var/run/secrets/kubernetes.io/serviceaccount/token), which doesn't seem to be secure as well. Someone could break into the application's container by exploiting the application's vulnerability, read this token, and authenticate in Vault with this token just the same way the application does.

I consider the JWT method a bit more secure. In this case, we could make the application generate its own RSA key, then sign a JWT token with this key and process the requests from Vault when Vault knocks back for JWKS. In this case the application keeps its private key in memory only and doesn't store the private key anywhere (here's my very simple example of implementation: https://gitlab.tucha.ua/khmarochos/vault-client-demo/). But, frankly speaking, I would like to find a simpler (yet still secure) solution.

Would you be willing to share any ideas on that topic? What approach could be considered simpler and more secure?

Thank you.

https://redd.it/1bv4pdc
@r_devops

Good resources for implementing Opentelemetry?

I am looking to implement otl but its just roadblock after roadblock of obtuse configurations and completely inability for me to make one thing talk to another.

I am wondering if there are good resources for setting stuff up besides the documentations and examples, which I've gone through and doesn't have map 1 to 1 for what I am trying to do.



https://redd.it/1bv5d6f
@r_devops

I want to reach the next level

I am an L2 linux system administrator and a part of ops team which works on a monolithic fintech project. The project is powered by Ericsson's Wallet plateform and has MSA arch. Meanwhile our company developed the frontend apps and business logic deployed on client's data center.
We don't have access to Ericsson's infra obviosuly but its a complex project and I have learnt allot about SDLC and operations.
I am highly underpaid and want to move ahead in my career.

I am unable to switch to a devops role as I have been turned down in a couple of interviews. I have been learning about docker and little bit of kubernetes. I am good with bash scripting and networking ( because I switched from a networking role).

Eversince I have studied a bit about AWS, its on my nerves. I just made my free tier account today on AWS and spun up an apache webserver on the first day.

I am confused that either its good for me to keep praticing cloud straight away or should I get full command over devops tools off the cloud.

I was always interested in infrastructure provisioning, networking and OS and now I feel like cloud has everything to offer.

Kindly guide me if its a good approach to learn cloud at this point in career. For now I can't even opt for certification exams because of finances but I have my hands on some good material on cloud and Devops.




https://redd.it/1bv96oa
@r_devops

What are ArgoCD & FluxCD used for?

Hey,


What are ArgoCD & FluxCD used for, I understand they are for continuous deployment, but what is the issue with just using a CI/CD tool such as GitHub Actions?


From what I understand, they are mainly for k8s? So I would use them for my yaml files, can I not just use GitHub Action for this?


Best,


No_Weakness

https://redd.it/1bv9697
@r_devops

What are some of the latest tools in this space that you absolutely love?

Disclaimer: I'm the founder of Facets.cloud and I am looking for help to see which tools we haven't yet integrated with.

Can you share a list of Ops tools that you use daily? We can skip the basics.

https://redd.it/1bvdjfb
@r_devops

Tools that simulate the cloud (?)

Hi. Just wanted to know if there are any tools that simulate the cloud (like AWS) without actually giving you the hardware resources.

I want to learn AWS and TF by doing it but I do not have the budget to bear AWS' exorbitant fees. I have already utilised my free year of AWS services.

https://redd.it/1bvh2wr
@r_devops

Career Advice Needed

Hello There! I am currently a software engineer(BE) working for a startup in UAE- Dubai. And Im thinking about starting my journey in Openstack. But first I want you to know why Im thinking about taking this decision and tell me if those are valid reasons.
1- Prior to being a SDE I was into technical support and application management, I had to work with servers, networks, databases and everything a support engineer is involved into (old school stuff) and I really liked the experience. therefore, starting to learn Openstack would not be an issue since I have previous required experiences (combined with SDE experience).
2- SDE and infrastructure are very well interconnected and having a strong knowledge in managing infrastructure would be a great skill to acquire. So Learning Openstack will increase my employment chances (A developer who is also a cloud engineer). but note sure about this point?
3- web service development is not something that really excites me anymore, and I would like to take my coding skills into the cloud (infrastructure as code, scripting) plus I really miss living inside the server and data centers to setup stuff.
4- I have a feeling (just a feeling) that there will be a time where some companies will dump the cloud and begin to build their own cloud. So it is nice to position myself for that moment (honestly where do you think things are going??)
5- I like Openstack, I like what is stands for and I love opensource
6- I'm putting a plan(teaching myself) to start contributing to the project itself.
Your thoughts are welcomed , appreciate the advice.

https://redd.it/1bvhr6m
@r_devops

All cloud audit logs in one place.

We are multi cloud company. We rely on AWS | GCP| Azure. Is there a away or tool which would help in aggregating all the cloud audit logs from all cloud in place(store). So, that we can setup alerts, query logs as and when needed.


https://redd.it/1bvhq3j
@r_devops

Can trunk based development work in this case?

Given a large monolith java code base, developed since the early 2000s. A testsuite with 6k Unittests that run \~10mins, and a few thousand JUnit-based integration tests (end2end tests with XML ingestion from queues to either XML sending through queues and or updating a large database underneath) that run \~2h. There is another massive test suite of E2E frontend tests that runs over night (and on lots of machines in parallel, else it would not get done in that timeframe).


There are currently \~30-40 developers actively working on the application.
VCS is git (since only a few years. Before it was SVN)


It can and does happen, that the main development branch gets broken by check ins. The chances of compile clean check ins are quite high. Chances for broken Unit tests are still low (this hurdle 98% of all check ins take). But broken integration tests are common, as you can only guess which ones will be effected by a check in and you can only run so much locally. Finding the culprit later on is hard, as the turnaround time between CI runs is \~2h and there can be many check ins in the meantime.


Currently my thinking is, to separate changes into branches that are individually verified before you merge them back into the main branch. But I always read that trunk based development is the state of the art way forward and I wonder if this is even possible with a system like the one I have here as the feedback cycle for validating a check in is to slow.

https://redd.it/1bvjbe4
@r_devops

Kubernetes and containers security simulator

Has anyone seen or tried the Kubernetes security simulator created in ControlPlane? It’s an Open Source project (GitHub) providing ready-to-use tooling to deploy a bunch of K8s-based security scenarios in AWS. For now, it has 9 of them created for the CNCF, with different difficulty levels. (And I guess we can expect more coming later.) Really cool to have some fun (at least) or even use for educational purposes.

Recently, we tried it and enjoyed it a lot. Here is an overall impression and full guidance from my teammate through the Seven Seas scenario (it’s an easy one).

Another similar project I recently spotted is the Kubernetes LAN Party by Wiz. Haven’t tried it yet, but any feedback is welcome.

https://redd.it/1bvkasi
@r_devops

I sold my startup because of bugs: I wish I had this serverless repository

I ran a startup for almost 2 years, first with a simple approach of Cron, Queue, Workers.
Then I moved to AWS - EventBridge, SQS, and Lambdas (Vendor Locking)
I wrote an article about the main problem that caused me to close it in the end:
https://nevo.hashnode.dev/i-sold-my-startup-because-of-bugs-i-wish-i-had-this-serverless-repository

https://redd.it/1bvlq2h
@r_devops

breakglass account setup for cloud access? (AWS, GCP or Azure)


Does anyone have an example of a breakglass account setup for cloud access? (AWS, GCP or Azure)

I am looking at what people are implementing with regard to privilege account management (PAM).

The problem is what do you do during an incident or maintenance to temporarily increase permission of a developer in a secure, traceable and auditable way?

https://redd.it/1bvmdto
@r_devops

How do I access a ci value to a golang variable using werf?

To preface I'm not proficient at all in devops and what I need to do is to log the commit hash after a succesful build. Project has a werf.yaml file in which there's this piece of configs:

shell:
beforeInstall:
\- useradd -M -s /bin/bash app
setup:
\- cd /usr/src/app/api
\- go mod tidy -compat=1.17
\- CGO_ENABLED=0 GOOS=linux go install -a -ldflags "-X 'main.buildVersion=${CI_COMMIT_SHA}


the go install -ldflags works fine with a fixed value (e.g. it sets buildVersion to "1.0.0" with main.buildVersion="1.0.0") but I cant figure out how to access the CI_COMMIT_SHA gitlab variable.
How can I achieve that? Or what kind of documentation I should dig into?
Sorry in advance for poor description as I said I'm not the best at devops or technical stuff in general.

https://redd.it/1bvobgm
@r_devops

Preproduction postgres database best practices

Hi,

I am in a small team of development. In order to test new releases before going production we need to link our preproduction server to a preproduction database with fresh data (we fill prod db with frequent cron jobs requesting third party services).

The easiest solution I have found yet is to clone my postgres db when I need to test but I find it quite tedious. Are there better ways of doing this and what are the best practices in general regarding preproduction databases ?

Thanks :)

https://redd.it/1bvonu7
@r_devops

Image process server benchmark

The reproducible showdown between Thumbor, imagor, and imgproxy.

https://redd.it/1bvqpfh
@r_devops