EKS cost optimization (KubeCost)

Hello Guys, I am a devops engineer Intern at a company and I have been assigned to two different projects. One of them is "EKS Namespace cost optimization". I have been given the links of KubeCost that is deployed already. Can anyone give your thoughts on how should I approach this project? It would be much helpful.

https://redd.it/1c196gf
@r_devops

Is it worth to start DevOps career

Hi, I'm thinking about changing my job a bit. I was Automation QA Engineer and after that PM from quite some time (10y total). Recently I came to conclusion that beeing Jira jockey is my thing any more.

In past I did ISTQB, CCNA (2012), RHCSA and RHCE (2016) and I still remember how to be proficient with Python, GIT and Linux servers hovewer I don't have any expience in Docker/K8s and cloud services providers.

I'd like to ask you how do you see getting into DevOps taking for an account my bacground and mid/longterm perspective of DevOps as a career path.

Any advice appriciated :)

​

https://redd.it/1c1d3no
@r_devops

Conduktor 2.0 - Free Tier Expansion - Collaborative Kafka Development Platform

Hi All,
Product Director here at Conduktor - wanted to share news that we recently opened up our free tier to make it accessible to everyone regardless of your data streaming experience.
TL;DR What is Conduktor? A collaborative Kafka development platform that connects Developers, Architects, Ops and Platform teams working in the Kafka ecosystem.
Few taster features:

CLI + APIs for automation + GitOps for Kafka Self-Service
Console with Live consumer + Producer functionality
Drill deep into topic data (JSON, Avro, Protobuf, custom SerDes)
Embedded monitoring and alerting (consumer lag, topic msg in/out etc.)
Kafka Connect auto-restart
Dead Letter Queue (DLQ) management
E2E Encryption through our Kafka proxy
Complete RBAC model (topics, subjects, consumer groups, connectors etc.)

You can read the full announcement here and getting started here:
https://v2.conduktor.io/
Any questions - feel free to shoot :)


https://redd.it/1c1dyma
@r_devops

How to establish encrypted communication (SSL) via reverse proxy to PostgreSQL?

So far I have three components:

* C (client - DataGrip, TablePlus, LookerStudio, MetaBase, etc...)
* P (proxy - nginx) - docker container
* DB (database - postgres) - docker container

I want to enable clients to use SSL, but I want to keep the encrypted connection only between C and P.

So my current working solution is

C --> P --> DB

and I want it to be

C -- [SSL] --> P --> DB

What do I do?

So far, I have working SSL for HTTP(s) connection on the proxy, using Let's Encrypt certificates. This is working fine. But Since I want to encrypt TLS communication, I need to configure \`stream\` in nginx. I tried to do the same as I did with HTTP, but it does not work. Client cannot connect.

**More details:**

I have several Docker services running, one of them is a database. I make connections via SSH tunnel, which is working fine. However, I want to open a port for connecting to the DB directly (as some BI tools do not support SSH tunnels). I do not want to expose the DB server, so I opted for reverse proxy via nginx, as I already use it for other services that communicate over HTTPS. The proxy is working just fine, but only if I do not enable SSL. I cannot get it working.

If I do exactly the same as with HTTPS, I get error:

[emerg] 1#1: the shared memory zone "le_nginx_SSL" is already declared for a different use in /etc/letsencrypt/options-ssl-nginx.conf:7

This is probably cause the cache memory zone is already being used by other 2 services (https). If I simply rename the zone, it does nothing. Nginx starts, but no communication is picked up (at least by access logs).

My nginx configuration for the stream is:

stream {
server {
listen 9856 ssl;

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain1.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey1.pem; # managed by Certbot
include /etc/nginx/cert/options-ssl-nginx.conf; # managed by Certbot

ssl_verify_client off;

proxy_connect_timeout 60s;
proxy_socket_keepalive on;
proxy_pass projects-client-project-database-1:5432;
proxy_ssl off;
}
}

If I turn off SSL by removing ssl keyword from the listen directive, it works fine (but without SSL).

​

PS: I am new to devops, I am configuring my first VPS so maybe I am having a completely wrong idea.

https://redd.it/1c1fkyg
@r_devops

Junior DevOps Engineer - London - Stuck on how to career progress?

Hi all,

I have worked in accounting up until I turned 26, last year and managed to secure a DevOps role in May 2023. I will have been in my current role for just shy of 1 year now. Before moving into this position, I had some hands on experience with coding, and helped at my previous role in the IT division, so I managed to learn about servers, etc. And ended up setting up my own Homelab.

I really really enjoy this career, however I know that I am a bit out of my depth. I have followed the DevOps Roadmap and have taken courses and played around with a majority of the tech stack. Now here's my issue..

The company I am with had me benched for the first 6 months. It was pretty much just me sat at home, learning courses on different things. Projects were meant to come my way but they never did. Then at the 6 month mark, I've been put on projects. Now it's odd, because my title is 'Junior DevOps', but almost immediately my first project was me on my own. I didn't get any guidance, and was just given a SOW that I made my way through. Whenever I asked for help, people were busy or I would get help but kinda half assed because they had to go do something else. I was getting complained at a lot by the customer, for things that I was never told about, but I managed to make my way through and complete that project. It was the most stressful 4 months of my life. I learnt a good bit, but I was working 7am in the morning till about 9pm every night, just to ensure I got the work done.

I've now been put on a new project, and it's kind of similar. I have someone who comes in every now and then to review my work, but it's a bit more like they are cautious over me not making any mistakes like last time, as opposed to offering me guidance. Because of this, I feel like I'm not really learning from the company, it is stressing me out a lot and on top of it my pay...

I get paid 32k per year. I was told at my 1-year mark that I would get a pay rise, however, the company says that pay reviews are done in March, and I will have missed this at my 1-year review, so I won't be getting a pay rise. The company knows I can't leave because I have no prior experience and now just 1 year at this company. I feel like I'm in a terrible catch-22. The pay isn't the biggest thing to me, but it does hurt knowing how constantly stressed I am, any learning I get is more from myself as opposed to the company offering it, and to top it off I'm in London on 32k, where the train commute into work eats up most of my pay.

tldr: 1 year DevOps experience, low pay, very little learning at company (but better than none). What should I do?

https://redd.it/1c1hdoo
@r_devops

OpenTofu’s Response to HashiCorp’s Cease and Desist Letter

On April 3rd, OpenTofu received a Cease and Desist letter from Hashicorp claiming copyright infringement on the part of one of our core developers. For full transparency, the link contains the original C&D, our response letter, and the detailed source code origin document resulting from our investigation.

The OpenTofu team vehemently disagrees with any suggestion that it misappropriated,
mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis
in facts.

Despite these events, we have managed to carry out significant development on OpenTofu 1.7, and we will be releasing a new pre-release version next week, including provider-defined functions!

Here’s the blog post with all the details: https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/


https://redd.it/1c1ishn
@r_devops

What is the biggest unsolved problem in DevOps?

For me the biggest problems are human problems: it can be very hard to 'sell' executives on reducing tech debt. But what do you think is the biggest unsolved problem in DevOps?

https://redd.it/1c1iacy
@r_devops

Waste of time or good learning material?

For context, I was pretty much a “Pipeline Monkey” or Pipeline Mechanic (systems engineer - vague title) in my previous role where i was constantly troubleshooting Developer builds in Jenkins and helping them on the CI side. There wasn’t a lot of opportunities for learning more tools, as this was taken by the Seniors which we had on the team and the juniors just worked on tickets.

Now i accepted a junior Devops position, 1 year into it and it’s super slow. Although learning ECS, terraform, etc. Lots of time has been spent on raising the appropriate access etc. Very little hands on and most of it has been copy/paste.

I do have some “downtime” aka waiting for feedback from Principal engineer before i do TF applies, changing DB configurations etc etc. I was thinking of learning the following to help upskill,

- personal website project set up with AWS s3, route53, etc. Implement first perhaps manually, and then after I would update the configuration to be done via terraform- perhaps configure this to use a AWS CI/CD pipeline(currently learning) - and maybe set this up in ECS fargate? Not sure if this would be overkill(roughly $10 USD a month to leave it running continuously ?)

- Learn Python - small side projects

- Get better at AWS networking ; setting up a 2 tier web application, even ones that may say, “hello world” - is this feasible or a waste of my time?

https://redd.it/1c1i8vc
@r_devops

Sonar scanner SSL issue

SonarQube server & Jenkins master are running on Linux machines. Sonar scanner is installed on a Windows server that is a Jenkins slave machine. A dot net application needs to be scanned. I have a build pipeline that builds, run sonar, and deploys the dot net application. Sonar scan fails due to TLS error. It's a self-signed certificate and it was already installed in the Windows server Java keystore including the cert chain. What is the issue here? I tried a curl command, curl -k https://mysonar.com/api/server/version in the same jenkinsfile it works.

https://redd.it/1c1iyuf
@r_devops

What browser do you use and why?

I have been a Chrome user for almost all my career but every once in a while I see a 'privacy-aware' engineer, mostly from DevOps/SRE background, use browsers like Vivaldi or Brave or something else.


What are your views on chrome?
Is Chrome safe enough?
Does it make sense to use any other browser?

https://redd.it/1c1onb9
@r_devops

Help with a project

I'm currently working on a university project, basically it's a jobs website for freelancers, my question is, should i use elasticsearch or the postgreSQL full text search, we're doing this project alongside a real business, they already own a job search website, so it's safe to think that there's going to be a lot of users and job offers if the website is finally deployed for them(we're doing the proyect with Django, id that's relevant)

https://redd.it/1c1q0kg
@r_devops

what's the easiest vps rolling deploy setup?

I have a website that I deploy as a jar to a VPS via 3 commands (build, scp, run) as a one man operation. I do this multiple times a day. My site is down for maybe 10 seconds at a time when I do this.

I understand the concept of a rolling deploy but not sure what technologies I should use to implement. Many setups and technologies seem to be for large orgs.

https://redd.it/1c1ufm2
@r_devops

It's getting blatantly obvious when our junior guys are copy/pasting GPT lol..

I've started having them review their PRs with us on a call, and describe what the actual fuck is going on in their PR.. then the fun ensues when they can't explain anything lol

FWIW the code does work most of the time for what it's intended to do, but if you're going to use an AI to help you be able to know what you're submitting..

The kicker is that we've blocked all AI tools at our workplace, but you can obv just use your personal device to get some output..

Most of the time it seems to way over engineer a simple task with some random library.. again.. it works, but there's easier ways to accomplish the task.. this is typically the giveaway

https://redd.it/1c1zl0q
@r_devops

Exploring Platform Engineering for Enhanced DevOps Efficiency

As DevOps professionals, we constantly strive to optimize workflows and empower development teams. Yet, the growing complexity of infrastructure often poses a significant hurdle. Could Platform Engineering be the key to unlocking greater efficiency and agility within our DevOps practices?


Platform Engineering: A Strategic Approach to Infrastructure Management
Platform Engineering centers on the concept of building internal developer platforms that provide self-service capabilities, standardized tooling, and streamlined workflows. By abstracting infrastructure complexities, it empowers developers to provision resources, manage environments, and deploy applications with increased autonomy and efficiency.


Key Benefits for DevOps Teams:

Accelerated Development Cycles: Self-service provisioning and automated deployments eliminate bottlenecks and accelerate time-to-market.
Reduced Operational Overhead: Centralized platform management streamlines infrastructure provisioning, configuration, and maintenance, freeing up Ops teams to focus on strategic initiatives.
Enhanced Collaboration & Ownership: Platform Engineering fosters a culture of shared responsibility and collaboration between Dev and Ops, breaking down silos and promoting a unified approach to software delivery.
Improved Developer Experience: By providing a streamlined and intuitive platform, developers can focus on writing code and innovating, without getting bogged down in infrastructure complexities.


Delving Deeper into Platform Engineering
If you're seeking ways to enhance your DevOps practices and overcome infrastructure challenges, I encourage you to explore the world of Platform Engineering. The r/platformengineering subreddit offers a valuable resource for learning, sharing experiences, and connecting with fellow professionals passionate about this evolving field.


**Here are some discussion points to get you started:**

* What are the core components of a successful internal developer platform?
* How can Platform Engineering principles be integrated into existing DevOps workflows?
* What tools and technologies are essential for building and maintaining a developer platform?
* What challenges have you encountered in implementing Platform Engineering, and how did you overcome them?


Join the conversation on r/platformengineering and let's collectively navigate the path towards greater DevOps efficiency and agility through Platform Engineering.

https://redd.it/1c22w8d
@r_devops

Will people ever grow up wanting to be a DevOps engineer?

I understand that DevOps as a methodology hasn't been around for that long to expect people to be aware of it in their high school and early college years.
But will that change in the future? Will more people decide to be DevOps engineers from the start of their careers? The assumption I have (and happy for you to challenge) is that the people I know in the DevOps space usually say they "fell into" the field. I'd be interested to know if that's the case for people here in the subreddit, if so what was it about the DevOps position that attracted you to it in the first place? And in 5/10 years will DevOps become people's first option? Cheers



https://redd.it/1c24rbg
@r_devops

Enablement CI/CD vs Platform

My definitions of the respective terms in a nutshell:

Enablement:
- no ownership of any systems/tools (e.g. GitLab)
- therefore no engineering for these systems
- not doing the dev teams’ jobs (i.e. also not creating CI/CD jobs for them)
- work mainly centered around consulting for teams/advisory role for best practices in DevOps (e.g. Giving trainings on how to properly use Git, Docker best practices etc)
- creating an environment so devs/engineers can help themselves (e.g. governance and standardization in CI/CD)

Platform:
- ownership and operation of systems
- engineering for these systems
- governance for these systems
- …



Does anybody here have any experience with setting up an enablement team/working in an enablement-centric team?

Is the definition of the terms correct?


Honestly, any opinions welcome



https://redd.it/1c25k7q
@r_devops

does devops belong in game design or gaming industry?

ive been a DevOps for a while now (7-8 years) and always worked with fintech/SAAS solutions. my latest rodeo is a consultancy working on all sorts of projects and blockchains, however, my biggest struggle is that all those projects have no passion or narrative in them. its just a bunch of people doing random tickets so they can get paid by the end of the month.


On the other hand, we have game design might be a good option for me (possibly indie). i have some dev experience (I miss it), I'm decent at 3d modeling, heck I even fiddle with 3d printing and staff. Im not expecting anything major straight from the start but I would like to work on a passion project were things are built out of love. i understand that these things take years to build but the end result always amazed me.


is dipping my toes into game design a good idea?

https://redd.it/1c24tn3
@r_devops

Securing a DevOps Internship: Tips for Navigating GitLab

I've recently secured an internship in DevOps, which is a thrilling opportunity. However, upon researching the company, I discovered they heavily utilize GitLab—a tool I'm unfamiliar with. While I've worked on DevOps projects using other tools, GitLab is new territory for me. Any suggestions on how to quickly get up to speed with it before the interview to increase my chances of success

https://redd.it/1c26uit
@r_devops

Restricting SSH Access while Allowing PostgreSQL Connections to a VM Provisioned with Terraform

How can I disallow SSH connections to a VM provisioned with Terraform, but allow TCP connections to the PostgreSQL instance installed on it, so that my local machine can connect to the SQL database, but no one else can access the VM on which the database is hosted?
This is the security rule in the Network Security Group:


security_rule {
name = "TCP"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["5432"]
source_address_prefix = "*"
destination_address_prefix = "*"
}


Thanks in advance!

​

https://redd.it/1c2adnv
@r_devops

The Hidden Economy of Open Source Software

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines.

https://sysdig.com/blog/hidden-economy-of-open-source-software/

https://redd.it/1c2aqbx
@r_devops

Company needs me to learn DevSecOps for a new project - Help me choose before I pay for ECDE

Looking to join a DEVSEOPS program as my company insisted for devsecops expertise for a new project. I need opinion before I pay.

I couldn't find a lot but this one looks promising like the ECDE program but pease feel free to suggest if any other program you find better.

https://redd.it/1c2a2gn
@r_devops