Update: I still want to quit and go pet dogs

Original here: https://www.reddit.com/r/devops/s/dXMTzqPbeV

Just wanted to give an update. Because I'm sure everyone out there is waiting on one /s

Basically, I've put my foot down and refocused everything. We've gotten rid of our useless scrum master (had zero knowledge of anything related to the role, I realize that good SM/PM are a great benefit). I've given the directive to the team that we are not an ops organization. Any operations requests, especially over email, are immediately pushed back and given a confluence link on how to engage with the correct teams. I've scheduled 1 hour daily with my manager and a mid/junior to refine our backlog where every item is met with "Does this fit our mission or does this really belong somewhere else?" from me, so our manager explains why this belongs on our team based on his pre-established criteria. Our standups are now 15 minutes or less and our backlog is almost healthy.

I've also put a full stop on all deliverables that aren't servicing our team's mission of reducing toil and providing self-service/automated solutions for teams.

Until now, teams were forced to go to central operations teams to request even the smallest changes to their infrastructure, like a disk/VM resize. Not because of any approval process or review... Just because. That doesn't scale. Because that doesn't scale, and that team isn't even staffed properly, overflow work was coming to us. Over half of our team was busy fulfilling basic requests every day.

This week, I sat with another engineer and said, "This is enough. All the dangerous stuff like IAM and firewall rules we'll lock down to the appropriate teams, but basic infra belongs with the app teams." And in 2 days we knocked it out. We created appropriate roles, I created automated pipelines to provision properly scoped managed identities for necessary tasks with those roles along with their federated credentials, and we tied them to automated pipelines that will automatically know and enforce the MIs being used. We're now ripping apart the TF states to remove any IAM and networking management from those repos and putting them into the management repos. It's not perfect, but it's good enough.

In 2 days of work of yelling over the desk at each other, we eliminated the toil of 5+ FTEs so that those people can focus on the important work.

Next week, I'm handing off those repos to our two highest ticket generating teams with a hard and fast rule that nobody is to fulfill any basic infrastructure requests for them. They will receive training and reference materials but, if they can't change a few variables themselves and run a PR process, they don't belong here.

Overall, things are smoother. I'm just going to keep everyone on task. After next week, the noise should drop down significantly. The intent is to get the team into some form of SDLC process where we evaluate our team's products, make improvements, and take suggestions as feature requests. Our products are pipelines and automations that keep our platform running and make lives easier for app/operations teams. Anyone that decides they want to be a basic ticket fulfiller is getting reassigned to an ops team.

Basically, I'm back to doing things I'm good at. Identifying the waste, designing a solution, gathering the necessary resources, and knocking it out.

I'm still going to quit as soon as the next thing comes along, but I'm slightly less miserable for now.

https://redd.it/1by6akm
@r_devops

Tempest-A cross-platform, cloud-synchronized, privacy and security-first terminal.

# Tempest

A cross-platform, cloud-synchronized, privacy and security-first terminal.

# Download

# Download link:

Office Website: [https://gotempest.app/download](https://gotempest.app/download)
GitHub: https://github.com/MicaApps/Tempest/releases/tag/release

# Official Website:

https://gotempest.app/

# Overview

A cross-platform, cloud-synchronized, privacy and security-first terminal.Supports Windows, macOS, Linux, iOS and Android

# Update: AI Copilot

Tempest AI helps you solve server operation and maintenance problems! You can use it to help you diagnose TCP, write SQL, read logs, etc. 

# SSH

1. Supports SSH2, SFTP and Identity Manager
2. Supports server private key verification from 1Password
3. Server performance monitoring

# Kubernetes

1. Manage Kubernetes Config
2. Manage different clusters simultaneously in different tabs, Kubeconfig is isolated
3. End-to-end encrypted sync across devices

# Local Shell

1. For Windows, additional support for MSYS, WSL (under development) and other environments
2. Will support Serial serial port

# Data Encryption and Cloud Sync

1. Encryption and decryption are performed locally on the user, and the synchronized content is always encrypted (end-to-end encryption). Encrypted keys are only saved 2. locally on the user's computer, use KeyChain or Windows Credential Manager to protect data
2. The encryption and decryption parts will be open sourced on GitHub for review
3. Seamless synchronization across devices is very smooth, welcome to experience it\~

# Share and Collaborate

1. Supports sharing and collaboration, similar to graphite documents. Send the link to your friends to share the terminal
2. Supports multi-window broadcast, that is, instructions entered in one tab can be broadcast to all tabs to configure a large number of servers at the same time
3. Supports multiple vaults, sharing vaults to teams, revoking user permissions, etc.

# Gallery

https://redd.it/1by8f2m
@r_devops

Best Practices for Identifying and Mitigating Flaky Tests

Best Practices for Identifying and Mitigating Flaky Tests


https://semaphoreci.com/blog/flaky-tests-mitigation

https://redd.it/1by6m0x
@r_devops

RBAC Query- Need to know how to assign a permission to only one user

Hello Guys,
In Azure, I would like to know which permission can be set to storage account so only that user can access it. Even the owner and co-administrator should not be able to access.
Is this possible via built-in roles or do I have to create a custom role?
Please help me out!

https://redd.it/1by6f3x
@r_devops

Has anyone gone all in on CloudWatch Container Insights with Enhanced Observability?

We're in the process of moving to EKS.

Our current observability stack is Prometheus, Grafana, and ELK on elastic.co

Any thoughts for and against on going all in on what AWS offers?

https://redd.it/1byhz45
@r_devops

Getting into devops as a fresher

I wanted to know what are the chances that I can hit it off with devops as a career path straight out of master's in comp sci.
By hitting off I mean be able to find a job eventually (I know the market is bad rn, but with the right learning and knowledge, EVENTUALLY I should be able to find a job(?)) and then grow throughout my career path.
My biggest issue right now, is that I have no professional work experience. I finished my undergrad and immediately went straight for masters. Now, I'm still pursuing a master's degree in comp sci and if I were to start getting into devops today and go on for a year, what are the chances I will stay afloat considering my professional standing. I have read that devops is a role in which you get into once you have experience as a developer or operations person first, hence this question.

Tl;dr
I don't have any work experience (currently in masters comp sci), what are my chances I'll be ok with respect to a job and growth, if I get into it rn from scratch and work on it for a year?

https://redd.it/1byhvr7
@r_devops

Tools for simulating diverse web traffic: recommendations?

Hey everyone, I am a postgrad student doing research in invalid web traffic and click fraud detection. I'm looking for tools to simulate web traffic for testing purposes. Ideally, I need tools that can mimic traffic from various locations using proxies, different browser types, and screen sizes. Any recommendations? Thanks.

https://redd.it/1byku2e
@r_devops

I love my job. Here's why...

With all of the burnout posts and new people looking to join the field I wanted to just take a minute and talk about what I love about my job. Please note this is my experience and I've certainly been places in the last 15 years that I absolutely hate and made me hate everything about tech.

Obviously I'm DevOps, I come from an Ops background. Desktop support, SysAdmin, Cloud Engineer, and a bit of SRE focusing on Observability.

Joined a company close to a year ago that is very relaxed and fun overall to work for. My job of course has me writing pipelines and copious amounts of Terraform and Ansible. I don't have a SWE background and can't write in the language we use, C++, but I can read and understand it largely.

My boss is cool and my deadlines are set by me for the most part. My work load is low for tickets and high in projects and I am given a lot of autonomy to decide what we need when we need it.

Many people say, and I am included in this, that DevOps is not an entry level job. Let me explain something I had to do that took a base understanding of DNS and Networking to show why I agree with this statement. I have two Azure Web Apps in different country's, the WebApps are the same but the difference is the database and storage accounts under them. Well using Frontdoor, I could hop to the other region once in a while causing massive latency when connecting to the DB and storage in the users region they would want to be in.

Now due to data sovereignty laws in the other region, that DB and Storage cannot be combined with the ones I utilize in the opposing region. Due to this I needed to make a private endpoint to a vent and utilize internal DNS, named the same as the public DNS to route traffic from Region As server to region As API 100% of the time. All of this is very basic with a vnet, subnet for the apps, and internal (private) DNS but understanding why this solution can work is paramount here. The basic knowledge of how Private DNS is used first then Public is very big, basic submitting to understand how to control the size of the subnet is also big.

Further I have a central zone that connects to both regions but does not connect to each other, this can be a burden without an intermediate understanding of networking and routing as private DNS, but not networks, use the same names in both regions.

My job allows me to find the best solution and implement them. This is a huge boon to me in learning further, even if it's just leveraging my Ops knowledge to expand what I know a bit more.

Remember if you want to join DevOps that's awesome and you totally should, we do some cool things! You need to come from an Ops or SWE background first. It's not because "I did it", but because basic knowledge is required to truly succeed.

https://redd.it/1bymf15
@r_devops

ProxyPass Apache2 to FlaskApp

Hi,

I want to redirect flow from [https://127.0.0.1/api/hello](https://127.0.0.1/api/hello) to my flask app.

So i did this :

<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html

<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>

<Location "/api">
ProxyPass https://127.0.0.1:5000/api
ProxyPassReverse https://127.0.0.1:5000/api
</Location>
</VirtualHost>

Then i reloaded apache2.service

Next i created my flaskapp :

from flask import Flask

app = Flask(__name__)

u/app.route('/api/<path:value>', methods=['GET'])
def api_request(value):
return f"Value is : {value}"

if __name__ == '__main__':
app.run(host='127.0.0.1', port=5000)

Then i run it.

When i do :

`curl` [`https://127.0.0.1/api/hello`](https://127.0.0.1/api/hello) -> it doesn't works

`curl` [`https://127.0.0.1:5000/api/hello`](https://127.0.0.1:5000/api/hello) -> it works !

So my flask app works, but my apache2 seems to be misconfigured not ? I feel stupid it seem really easy and i blocked on this ..

Thanks

https://redd.it/1byrpm6
@r_devops

What does "documentation" even mean in the Scrum landscape of 2024?

I'm developing Python APIs as part of a DevOps team (we develop Python APIs, deploy them, and mostly manage the underlying infra, though there are some external dependencies). I want to document it for future colleagues, so they will have a smoother learning experience regarding the codebase and infrastructure of the current landscape.

But what "documentation" nowadays even mean? I wanted to hear from you folks.

I was thinking about having separate diagrams:

1. One explaining the infra (servers, containers, DBs etc)
2. A sequence diagram, indicating what APIs from what services talk to what
3. Maybe some sort of diagram explaining the solution from a functional PoV?

Need some advice on what documents/diagrams will actually bring value to future maintainers of the solution. Thanks!

https://redd.it/1byrx21
@r_devops

Confused on Ansible vs Github Actions... do I need both?

Hello,

I have a small application (java string boot), that will run on a docker container within an AWS EC2...

How do I "push" the code in production? once I have "docket run", how to I push it to the EC2?

Should I do it with Ansible, or with GitHub Actions? what would you do?

I am really confused...

&#x200B;

https://redd.it/1byrzrp
@r_devops

Managing many micro services - argocd?

Hey, I’m currently rebuilding the deployment part of my companies infrastructure and I want advice/counsel.

My company has 50+ micro services, some of them grouped as 1 macro service. We use Kubernetes for hosting. We also have 4 environments including Prod.

I did some research and found out that argocd is the way to go in terms of a cd pipeline. During this research I saw that the most common ways of packaging an app is via helm or kustomize.

What is the best way to package configurations for these micro services and also across environments. Would it be recommended to have 50+ helm charts? I would appreciate your insight. I’m open for any other suggestions.

https://redd.it/1bysdyc
@r_devops

Rejected from DevOps role for Most Bizarre Reason

Don't know where to start,

I had a bizarre interview at a local cloud consulting company here in Nepal, and they rejected me after three technical rounds, saying I don't have enough followers on GitHub. YES, that's right, no star count, no contribution count; they didn't even bother about my projects, just FOLLOWERS. And I had 0 followers because I never took it that seriously.

I thought it was a joke at the beginning, but after all, I feel guilty for not taking GitHub seriously. I am working as an L2 engineer and studied different AWS services as much as I can to land a DevOps role. Even the technical rounds also went quite well, I would say, in this bizarre company.

For the last 3 days, I've customized my profile to make it look great, but I don't know how I'm supposed to get followers. Help me out, my fellow fighters. I need followers smh

https://github.com/sujoff

https://redd.it/1byvdyg
@r_devops

Kubernetes As A Platform Vs Kubernetes as an API.

This AWS article lives rent free in my head because of how relevant it is to my day-to-day. I wonder if it could spur some discussion here.

Kubernetes As A Platform Vs Kubernetes as an API.

In my cluster we're at the level where "Kubernetes is my control plane and (some of) my data plane". We have controllers that serve Queue, Subscription, and Topic kinds which behind the scenes configures and reconciles our SQS and SNS. Acting as the Data Plane for our AWS. We also use SecurityRole, SecurityPolicy, and SecurityPolicyAttachment kinds to handle application permissions and configure IAM. We're working with our custom controller code to replace it with ACK types behind the scene to simplify our controller code, I even started(admittedly stalled because it was on my own time) to contribute features for their Organisations controller with some mad vision of managing accounts through our data plane. Allowing us to move entire EKS Clusters under some conception of Environments. There's a lot of speculation about how far we could go with this, I'd appreciate some discussion around the idea.

One thing we don't provide is an API outside of Kubernetes Kinds to manipulate the data plane with, currently its helm charts deploying our custom kinds. Is having Web Applications manipulating Kubernetes a good idea in itself? It kind of gives me the chills but I can't place why it's a bad idea in and of itself.

Plenty to be getting on with as well as trying to change the tyres while the car is rolling.

https://redd.it/1byvagf
@r_devops

Feeling indifferent- switching role?

2 weeks back from a 2 week vacation - felt like I have forgotten everything. 1st week, was slow on remembering how to do things, wasn’t feeling great.

Start of week 2 back now - I can say, I feel indifferent, the pay provides a roof over our heads but I can’t say I’m happy - maybe this isn’t the role or job for me ?

Has anyone successfully swapped from devops to a less tech oriented role or something else completely. I just don’t feel the motivation or the urge to look at technical things. It feels like a damn drag, and the icing on the cake is that I’m somewhat junior/mid level. I dont know what I’m seeking but I’m just putting it out there. Haven’t touched anything tech related in my vacation and was totally ok with it.

https://redd.it/1byz8ip
@r_devops

Devops adoption guide needed for an org now adopting

I have just accepted a role at a major traditional institution that has no DevOps practices at all. They don’t even version. I’ve been tasked to lead the org into fully adopting all the best starting from basic GitOps through IaC, CI/CD, QA, etc. Basically my role is to modernize the dev processes entirely. Any materials you can recommend especially on roadmaps or strategies to use. Any advice you can offer me on this journey will be highly appreciated

https://redd.it/1byzwbi
@r_devops

Anyone with experience using Iron Bank base images?

Starting work on a new contract (US Federal IT) and the customer has a requirement to utilize DoDs Iron Bank (https://p1.dso.mil/services/iron-bank) repository for all base images. I've been able to successfully connect to their platform with my CAC Smart Card. But I wanted to get any gotchas or lessons learned that other folks have encountered with their service.

* If using the base image, do all of your team members have a CAC? If not, what did you do to enable access to the image for other members of the team?
* What was implementation like when using a CICD platform to build new images, using either GitHub Actions or Azure DevOps?
* What other nuggets of wisdom that could be passed along?

https://redd.it/1bz0zjy
@r_devops

"Release Engineer" but posting seems very DevOps?

Hello,

Coming from a DevOps/SRE background, seeing more positions that are advertised under "release engineering".

The job descriptions seem to like up with typical DevOps/SRE responsibilities and requirements, with some SDET type bullet points.

Is anyone a release engineer by title? How does it compare to being a typical Ops/SRE?

https://redd.it/1bz1rxf
@r_devops

Seeking ideas for conducting reliability based event(Gameday) at work

Hey Folks,

We are brainstorming on an idea to conduct a reliability oriented event at work, similar to Hackathon, CTF conducted by other teams. The theme is to focus mainly on the SRE/infra oriented best practices (availability, reliability, monitoring).

The initial sketch that came to our mind is to follow the leetcode approach.
- Provide a generic problem statement
- Define the constraints
- Users provide answers
- Evaluate the answers and score based on the best practices

Here the evaluation to be done on whether the app is designed to be highly available, scalable(HA), health checks/probes configured, key metrics populated/captured, alerting defined, cost effective, etc.,
This is an initial thought process, but finding it difficult to extend it as concrete one.

Have you ever done/attended any such events so far? Please share your thoughts and inputs on how do we conduct such an event.

https://redd.it/1bz59zc
@r_devops

Am I in over my head?

Hi, all! Looking for honest advice here. I’ve been in technical/application support for quite sometime. Held several senior positions too. Never went too deep in the dev or ops space since deep issues we couldn’t figure out typically went to RnD.

I’ve recently accepted a position in the DevOps space and been here for a bit. Sometimes I feel completely over my head! Or most days, really. First time in this space and using many of these technologies(kubernetes, TF, containerization, docker, helm, api stuff etc. I often feel like I’m the weakest link and everyone knows it. Even asking a question is difficult at times because I wanna look like I deserve to be here! And also don’t want to look stupid for asking certain things that may be “101” stuff in this space. I’m also not sure if it’s just imposter syndrome ringing loudly.

Should I stick it out? Or should I free up some space for a more experienced person?

If you would suggest sticking it out, how would you recommend I best ramp up on things? Any books, YouTube vids would be perfect. Thx in advance guys!

https://redd.it/1bz5rpy
@r_devops

How do you keep a history of tasks?

We have Sysadmin, DevOps, SRE, Data Engineer, Developers,... teams and we want to make a history of what team changed something in Azure,AWS, DB, ...

Not sure if you have the same issue. We have Jira but is hard to keep the dates, or you need to check multiple jira to find it.

i am asking if one tool like this exists, or just use one calendar.

https://redd.it/1bz696w
@r_devops