Https via docker for microservice in Asp.net

Hey everyone,
I'm facing a bit of a snag and could use some guidance. So, I'm working on dockerizing a microservice for our identity service using ASP.NET Web API. Locally, it runs smoothly, but when I try to run it via a Docker container, it just doesn't cooperate. Turns out, it needs to run via HTTPS within Docker too.
Now, I'm looking to set this up for our development environment, along with a pipeline setup. I've done some digging and found a few potential solutions, like attaching an SSL certificate directly or using Docker Compose. But honestly, I'm not sure which approach would be the best fit for our scenario.
If any of you have experience with this or could offer some advice, I'd really appreciate it!
Thanks in advance for any help you can provide.

https://redd.it/1c0rb93
@r_devops

Questionnaire for my Bachelor's degree

Hello,

For my bachelor's degree I'm studying which would be the key factors that would cause IT employees to resign from their current job.

It would help me a lot if you could complete the questionnaire below.

I promise it won't take long, 5 minutes.

Thank you very much!

Questionnaire link: https://docs.google.com/forms/d/e/1FAIpQLScrxwF21-GyaV_KZFRYR1NOpUiwW_yMQLROQ453w4wszE5oiA/viewform?pli=1

https://redd.it/1c0uvap
@r_devops

Free or cheap hosting for frontend, backend and DB

I am not sure this is ideal for this subreddit but I my family in law asked me to create a application solution for them and deploy it. I like doing this stuff but I am only struggling with the hosting part. I plan on creating a Frontend (reactjs) Backend (Go|Javascript|python) and need a database. Probably MySQL.

I am used on using kubernetes because I use that at my job but I was wondering how and where could I host this for a cheap price. I only need necessary uptime 3/4 a week. If I could find a cheaper kubernetes hosting or container hosting I would choose that. Even docker compose would be nice.

If anyone knows anything and can give me some tips, I would appreciate it.

https://redd.it/1c0x2cj
@r_devops

"Gracefully" Implementing Graceful Shutdowns

When deploying a new version of an application, it is essential to ensure that no tasks are lost during the deployment process. This is especially important for applications that use WebSockets to maintain real-time connections with clients. In such cases, abruptly terminating the application can lead to data loss and client disconnections.

This blog demonstrates how to implement graceful shutdowns using FastAPI and Kubernetes, that use web sockets client connections, and internal background queues.


Read the full blog here:

https://www.linkedin.com/pulse/gracefully-implementing-graceful-shutdowns-jainal-gosaliya-pps5e/

https://redd.it/1c0w5qu
@r_devops

Pipelines help

I'm quite new to pipelines and still learning about it. Currently I have a server(VM with SSMS on azure)

I'm trying to create a new pipeline from dev ops to backup(a selected database) and restore that backup as a different name(with mdf and ldf names changed as a variable). I would also like to run SQL scripts on that database with the pipeline.

How would I go about creating this pipeline? Would I need to use power shell scripts for this/power shell scripts to run the SQL scripts or use YAML scripts.

Any general steps would be appreciated to just get a basic idea.

https://redd.it/1c0vs0i
@r_devops

Getting laid off, advice on a good next role?

I’m an associate in devops, have about 1.5 YOE. It’s been such a deep dive learning everything, and I am not sure if i’ll be able to land another DevOps job- it’s the only programming job i’ve had so far so it’s all i know.. what other roles should i apply to that can make use of my DevOps skills?
I’ve been working with python, bamboo, EKS, terraform, ansible, artifactory, grafana, kubernetes, helm.. can go on- but my experience in these areas is not as deep as i’d like it to be. Currently working on getting my AWS Cloud practitioner cert, but again i don’t think i have enough knowledge to pick up another DevOps job.
Any advice on other related roles I can apply to would be really helpful! I love working on the back end of things. Most likely getting laid off in August so I’ve got a bit of time to upskill as well.

https://redd.it/1c11g1g
@r_devops

Experience with EnvKey?

https://www.envkey.com/

I see lots of recommendations for Vault/Infisical/Akeyless for doing secret management. I just happened upon EnvKey, which seems...well, a little too good to be true ¯\\\\\\_(ツ)_/¯

Have other folks used EnvKey and can either make a determination of "Stay far away", or "Definitely use 10/10"? TIA!

https://redd.it/1c131jr
@r_devops

The SAAS Tax

Hey everyone!

So, we've been noticing a LOT of SaaS companies are kinda sneaking in price hikes of 10% or more this year. Like, out of nowhere, a new account rep pops up weeks before your renewal, and bam, there's your increase. Not cool, right?

We're tired of this and decided it's time to gather some real talk on this. If you've got stories or know some apps that are guilty of this, hit us up. We're putting together some research to hopefully make some noise about this. Also, we made this super quick form right here for you to spill the tea 🍵.

It'll only take a minute, and who knows, maybe we can help make a change together. Thanks for helping out!

Let's show 'em we're not just gonna sit back and take it!

https://redd.it/1c15ix8
@r_devops

Is this a viable alternative to Hashicorp Vault?

For those who use Hashicorp Vault currently, how would you compare this to Vault?

https://redd.it/1c16rle
@r_devops

Branch versioning with semver + gitlab flow

I’m investigating using gitlab flow as a new branching strategy with semver for automated versioning in a project, and have been reading this for inspiration https://about.gitlab.com/topics/version-control/what-are-gitlab-flow-best-practices/

Feature branches would merge to master, and once ready for release would merge master into release branch. To trigger a automated release pipeline in gitlab (build, package, test etc.) we’d push a semver tag to release branch.

Now this feels like a great workflow, but I can’t figure out how to handle versions on master if the release version is purely based on tags that exists on release branch. We could easily add some metadata that the dev builds have, like major.minor.patch-dev e.g. But I still don’t understand a good way of setting the major.minor.patch versions for master without having a checked in version file, which feels like the thing you want to avoid when doing tag based releases.

Developers will often use master builds during development, and need some way of distinguishing between builds. Maybe I need to rethink how versioning on master should work, so interested in hearing some opinions on my problem!

https://redd.it/1c18f9h
@r_devops

EKS cost optimization (KubeCost)

Hello Guys, I am a devops engineer Intern at a company and I have been assigned to two different projects. One of them is "EKS Namespace cost optimization". I have been given the links of KubeCost that is deployed already. Can anyone give your thoughts on how should I approach this project? It would be much helpful.

https://redd.it/1c196gf
@r_devops

Is it worth to start DevOps career

Hi, I'm thinking about changing my job a bit. I was Automation QA Engineer and after that PM from quite some time (10y total). Recently I came to conclusion that beeing Jira jockey is my thing any more.

In past I did ISTQB, CCNA (2012), RHCSA and RHCE (2016) and I still remember how to be proficient with Python, GIT and Linux servers hovewer I don't have any expience in Docker/K8s and cloud services providers.

I'd like to ask you how do you see getting into DevOps taking for an account my bacground and mid/longterm perspective of DevOps as a career path.

Any advice appriciated :)

​

https://redd.it/1c1d3no
@r_devops

Conduktor 2.0 - Free Tier Expansion - Collaborative Kafka Development Platform

Hi All,
Product Director here at Conduktor - wanted to share news that we recently opened up our free tier to make it accessible to everyone regardless of your data streaming experience.
TL;DR What is Conduktor? A collaborative Kafka development platform that connects Developers, Architects, Ops and Platform teams working in the Kafka ecosystem.
Few taster features:

CLI + APIs for automation + GitOps for Kafka Self-Service
Console with Live consumer + Producer functionality
Drill deep into topic data (JSON, Avro, Protobuf, custom SerDes)
Embedded monitoring and alerting (consumer lag, topic msg in/out etc.)
Kafka Connect auto-restart
Dead Letter Queue (DLQ) management
E2E Encryption through our Kafka proxy
Complete RBAC model (topics, subjects, consumer groups, connectors etc.)

You can read the full announcement here and getting started here:
https://v2.conduktor.io/
Any questions - feel free to shoot :)


https://redd.it/1c1dyma
@r_devops

How to establish encrypted communication (SSL) via reverse proxy to PostgreSQL?

So far I have three components:

* C (client - DataGrip, TablePlus, LookerStudio, MetaBase, etc...)
* P (proxy - nginx) - docker container
* DB (database - postgres) - docker container

I want to enable clients to use SSL, but I want to keep the encrypted connection only between C and P.

So my current working solution is

C --> P --> DB

and I want it to be

C -- [SSL] --> P --> DB

What do I do?

So far, I have working SSL for HTTP(s) connection on the proxy, using Let's Encrypt certificates. This is working fine. But Since I want to encrypt TLS communication, I need to configure \`stream\` in nginx. I tried to do the same as I did with HTTP, but it does not work. Client cannot connect.

**More details:**

I have several Docker services running, one of them is a database. I make connections via SSH tunnel, which is working fine. However, I want to open a port for connecting to the DB directly (as some BI tools do not support SSH tunnels). I do not want to expose the DB server, so I opted for reverse proxy via nginx, as I already use it for other services that communicate over HTTPS. The proxy is working just fine, but only if I do not enable SSL. I cannot get it working.

If I do exactly the same as with HTTPS, I get error:

[emerg] 1#1: the shared memory zone "le_nginx_SSL" is already declared for a different use in /etc/letsencrypt/options-ssl-nginx.conf:7

This is probably cause the cache memory zone is already being used by other 2 services (https). If I simply rename the zone, it does nothing. Nginx starts, but no communication is picked up (at least by access logs).

My nginx configuration for the stream is:

stream {
server {
listen 9856 ssl;

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain1.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey1.pem; # managed by Certbot
include /etc/nginx/cert/options-ssl-nginx.conf; # managed by Certbot

ssl_verify_client off;

proxy_connect_timeout 60s;
proxy_socket_keepalive on;
proxy_pass projects-client-project-database-1:5432;
proxy_ssl off;
}
}

If I turn off SSL by removing ssl keyword from the listen directive, it works fine (but without SSL).

​

PS: I am new to devops, I am configuring my first VPS so maybe I am having a completely wrong idea.

https://redd.it/1c1fkyg
@r_devops

Junior DevOps Engineer - London - Stuck on how to career progress?

Hi all,

I have worked in accounting up until I turned 26, last year and managed to secure a DevOps role in May 2023. I will have been in my current role for just shy of 1 year now. Before moving into this position, I had some hands on experience with coding, and helped at my previous role in the IT division, so I managed to learn about servers, etc. And ended up setting up my own Homelab.

I really really enjoy this career, however I know that I am a bit out of my depth. I have followed the DevOps Roadmap and have taken courses and played around with a majority of the tech stack. Now here's my issue..

The company I am with had me benched for the first 6 months. It was pretty much just me sat at home, learning courses on different things. Projects were meant to come my way but they never did. Then at the 6 month mark, I've been put on projects. Now it's odd, because my title is 'Junior DevOps', but almost immediately my first project was me on my own. I didn't get any guidance, and was just given a SOW that I made my way through. Whenever I asked for help, people were busy or I would get help but kinda half assed because they had to go do something else. I was getting complained at a lot by the customer, for things that I was never told about, but I managed to make my way through and complete that project. It was the most stressful 4 months of my life. I learnt a good bit, but I was working 7am in the morning till about 9pm every night, just to ensure I got the work done.

I've now been put on a new project, and it's kind of similar. I have someone who comes in every now and then to review my work, but it's a bit more like they are cautious over me not making any mistakes like last time, as opposed to offering me guidance. Because of this, I feel like I'm not really learning from the company, it is stressing me out a lot and on top of it my pay...

I get paid 32k per year. I was told at my 1-year mark that I would get a pay rise, however, the company says that pay reviews are done in March, and I will have missed this at my 1-year review, so I won't be getting a pay rise. The company knows I can't leave because I have no prior experience and now just 1 year at this company. I feel like I'm in a terrible catch-22. The pay isn't the biggest thing to me, but it does hurt knowing how constantly stressed I am, any learning I get is more from myself as opposed to the company offering it, and to top it off I'm in London on 32k, where the train commute into work eats up most of my pay.

tldr: 1 year DevOps experience, low pay, very little learning at company (but better than none). What should I do?

https://redd.it/1c1hdoo
@r_devops

OpenTofu’s Response to HashiCorp’s Cease and Desist Letter

On April 3rd, OpenTofu received a Cease and Desist letter from Hashicorp claiming copyright infringement on the part of one of our core developers. For full transparency, the link contains the original C&D, our response letter, and the detailed source code origin document resulting from our investigation.

The OpenTofu team vehemently disagrees with any suggestion that it misappropriated,
mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis
in facts.

Despite these events, we have managed to carry out significant development on OpenTofu 1.7, and we will be releasing a new pre-release version next week, including provider-defined functions!

Here’s the blog post with all the details: https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/


https://redd.it/1c1ishn
@r_devops

What is the biggest unsolved problem in DevOps?

For me the biggest problems are human problems: it can be very hard to 'sell' executives on reducing tech debt. But what do you think is the biggest unsolved problem in DevOps?

https://redd.it/1c1iacy
@r_devops

Waste of time or good learning material?

For context, I was pretty much a “Pipeline Monkey” or Pipeline Mechanic (systems engineer - vague title) in my previous role where i was constantly troubleshooting Developer builds in Jenkins and helping them on the CI side. There wasn’t a lot of opportunities for learning more tools, as this was taken by the Seniors which we had on the team and the juniors just worked on tickets.

Now i accepted a junior Devops position, 1 year into it and it’s super slow. Although learning ECS, terraform, etc. Lots of time has been spent on raising the appropriate access etc. Very little hands on and most of it has been copy/paste.

I do have some “downtime” aka waiting for feedback from Principal engineer before i do TF applies, changing DB configurations etc etc. I was thinking of learning the following to help upskill,

- personal website project set up with AWS s3, route53, etc. Implement first perhaps manually, and then after I would update the configuration to be done via terraform- perhaps configure this to use a AWS CI/CD pipeline(currently learning) - and maybe set this up in ECS fargate? Not sure if this would be overkill(roughly $10 USD a month to leave it running continuously ?)

- Learn Python - small side projects

- Get better at AWS networking ; setting up a 2 tier web application, even ones that may say, “hello world” - is this feasible or a waste of my time?

https://redd.it/1c1i8vc
@r_devops

Sonar scanner SSL issue

SonarQube server & Jenkins master are running on Linux machines. Sonar scanner is installed on a Windows server that is a Jenkins slave machine. A dot net application needs to be scanned. I have a build pipeline that builds, run sonar, and deploys the dot net application. Sonar scan fails due to TLS error. It's a self-signed certificate and it was already installed in the Windows server Java keystore including the cert chain. What is the issue here? I tried a curl command, curl -k https://mysonar.com/api/server/version in the same jenkinsfile it works.

https://redd.it/1c1iyuf
@r_devops

What browser do you use and why?

I have been a Chrome user for almost all my career but every once in a while I see a 'privacy-aware' engineer, mostly from DevOps/SRE background, use browsers like Vivaldi or Brave or something else.


What are your views on chrome?
Is Chrome safe enough?
Does it make sense to use any other browser?

https://redd.it/1c1onb9
@r_devops

Help with a project

I'm currently working on a university project, basically it's a jobs website for freelancers, my question is, should i use elasticsearch or the postgreSQL full text search, we're doing this project alongside a real business, they already own a job search website, so it's safe to think that there's going to be a lot of users and job offers if the website is finally deployed for them(we're doing the proyect with Django, id that's relevant)

https://redd.it/1c1q0kg
@r_devops