Enablement CI/CD vs Platform

My definitions of the respective terms in a nutshell:

Enablement:
- no ownership of any systems/tools (e.g. GitLab)
- therefore no engineering for these systems
- not doing the dev teams’ jobs (i.e. also not creating CI/CD jobs for them)
- work mainly centered around consulting for teams/advisory role for best practices in DevOps (e.g. Giving trainings on how to properly use Git, Docker best practices etc)
- creating an environment so devs/engineers can help themselves (e.g. governance and standardization in CI/CD)

Platform:
- ownership and operation of systems
- engineering for these systems
- governance for these systems
- …



Does anybody here have any experience with setting up an enablement team/working in an enablement-centric team?

Is the definition of the terms correct?


Honestly, any opinions welcome



https://redd.it/1c25k7q
@r_devops

does devops belong in game design or gaming industry?

ive been a DevOps for a while now (7-8 years) and always worked with fintech/SAAS solutions. my latest rodeo is a consultancy working on all sorts of projects and blockchains, however, my biggest struggle is that all those projects have no passion or narrative in them. its just a bunch of people doing random tickets so they can get paid by the end of the month.


On the other hand, we have game design might be a good option for me (possibly indie). i have some dev experience (I miss it), I'm decent at 3d modeling, heck I even fiddle with 3d printing and staff. Im not expecting anything major straight from the start but I would like to work on a passion project were things are built out of love. i understand that these things take years to build but the end result always amazed me.


is dipping my toes into game design a good idea?

https://redd.it/1c24tn3
@r_devops

Securing a DevOps Internship: Tips for Navigating GitLab

I've recently secured an internship in DevOps, which is a thrilling opportunity. However, upon researching the company, I discovered they heavily utilize GitLab—a tool I'm unfamiliar with. While I've worked on DevOps projects using other tools, GitLab is new territory for me. Any suggestions on how to quickly get up to speed with it before the interview to increase my chances of success

https://redd.it/1c26uit
@r_devops

Restricting SSH Access while Allowing PostgreSQL Connections to a VM Provisioned with Terraform

How can I disallow SSH connections to a VM provisioned with Terraform, but allow TCP connections to the PostgreSQL instance installed on it, so that my local machine can connect to the SQL database, but no one else can access the VM on which the database is hosted?
This is the security rule in the Network Security Group:


security_rule {
name = "TCP"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_ranges = ["5432"]
source_address_prefix = "*"
destination_address_prefix = "*"
}


Thanks in advance!

​

https://redd.it/1c2adnv
@r_devops

The Hidden Economy of Open Source Software

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines.

https://sysdig.com/blog/hidden-economy-of-open-source-software/

https://redd.it/1c2aqbx
@r_devops

Company needs me to learn DevSecOps for a new project - Help me choose before I pay for ECDE

Looking to join a DEVSEOPS program as my company insisted for devsecops expertise for a new project. I need opinion before I pay.

I couldn't find a lot but this one looks promising like the ECDE program but pease feel free to suggest if any other program you find better.

https://redd.it/1c2a2gn
@r_devops

Looking for my second DevOps project

Hey all,

I am an IT Engineer with say about 3 years of experience, currently working as a security implementor. About 2-3 months ago I've decided to shift over to DevOps after around a year of trying to find the motivation to do so after getting really burnt out at my last job place.

I have started teaching myself by looking for beginner projects, and today have finally accomplished this project (almost! I just need to implement SSL cert in a DevOps'ish manner, also I have skipped Ansible, but wish to learn it.)

https://loganmarchione.com/2022/10/the-best-devops-project-for-a-beginner/

I have learned Docker, Jenkins, Terraform, AWS services that are relevant to this project and probably some more I forgot to mention. Of course I'm no expert at those, I expect to start a new project, where I will dive-deeper into those technologies. Haven't touched K8s just yet.

I do have some optimization to do, as well as migrate some local stuff over to AWS, should be finished this weekend.

I would appreciate if you guys could recommend me maybe a similar project, where I will perhaps dive deeper, or learn new technologies.

PS. If anyone has the time and wants to peek at my code:
Terraform code is here
Web app code is here

PS 2. Please don't roast my code! I do appreciate real feedback though.

https://redd.it/1c2ei8k
@r_devops

Bazel is ruining my life

Rant incoming
We adopted Bazel and honestly, I hate it.


We had to hire additional contractors to maintain it and I still haven't entirely grasped how to make a simple change to our CI configuration.


I'm so incredibly tired of using Bazel and the maintenance burden. Our principal suggested it (former Googler) and it has just been a massive time suck. Yes, yes, I know our builds are "reproducible" and "hermetic" but goddamn I just want to build a container. I don't want to have to reach out to our contractors to do this.


I massively messed up by not opposing it and now I'm paying the price.


Even Kubernetes stopped using Bazel because of how much of a nightmare it was. https://github.com/kubernetes/kubernetes/pull/99561
This recent Kubecon video made me realize I wasn't alone or just stupid https://www.youtube.com/watch?v=nZLz0o4duRs
It really is hard and I'm not sure if it's worth it.


I can no longer run some parts of Bazel locally because of an esoteric error to do with Mac OS and SIP. Apparently Apple has quarantined some aspect of Bazel that depends on Java in Mac OS Sonoma. The recommended fix? Wipe your laptop and reinstall. Hope it doesn't happen again.


Our SRE team hates how it strips binaries which again, "is a configuration option that you can change"
BUT THAT ALSO REQUIRES AN EXPERT. perf doesn't work because of this

So be warned. Bazel adoption means you need to have an expert on-call for the life of the product or you will need to become an expert.

I just want go build to work and local testing to work.

Has anyone else used Bazel? Should I just suck it up and learn it?

https://redd.it/1c2g3s4
@r_devops

Wanting to get into DevOps after college, am I doing enough?

Hi everyone, I'm an upcoming college graduate (Studying Management Info Systems) wanting to get into DevOps. I've been working at my school's IT department as a Field Tech for about 2 years. (General Troubleshooting, some Active Directory, deploying images, windows server, etc) and completed a cloud cybersecurity engineering internship over the summer.

Over the past year, I have achieved my Network+, my AWS SA-A, and completed a few cloud-related projects to show hiring managers. (AWS Cloud Resume Challenge, 3-Tier Architecture in AWS VPC made through IAC, made a pipeline with Github Actions, etc) and soon going to deploy a demo app through kubernetes.)

I've used resources such as TechWorld with Nana, Learn To Cloud, and the DevOps roadmap commonly shared on this subreddit to further cement my knowledge.

I understand that DevOps isn't typically an entry level role, but I wanted to know what my options were for pivoting to it after college given my current experience and hands-on projects.

I've had a few recruiters reach out to me for cloud engineer/sysadmin roles, but they ended up turning me down due to me still being in school. I'm assuming that's a sign I'm on the right track, but is there anything else I could be missing that could make my chances of securing a role better?

https://redd.it/1c2c7mi
@r_devops

Guide me Obi-Wan

I have been in manufacturing IT for about 10 years and recently moved into a cloud position where we use AWS and Azure. No DevOp processes or tools are used though (monolithic applications still). I have my SAA-C03 cert but I'm looking to focus more on DevOps. Currently, I'm following along a Udemy course called "DevOps Beginners to Advanced with Projects". There is a long list to learn and I understand I should not master them all. I did my first IaC using CloudFormation and that was exhilarating! My question to everyone is, if you could mentor someone to learn DevOps, how would you do it in 2024? I feel like I'm in the middle of a 20-road intersection with no map! Any advice or direction would be awesome!

https://redd.it/1c2hgyg
@r_devops

How much of your work is your identity?

Was having a conversation with a colleague during lunch about how he is going to try different things over the weekend to solve a work problem. As the conversation progressed, from his speak, he noted this wouldn’t be the first time he’s done work on the weekend voluntarily. The person is a top performer on the team, although I am a junior, after this conversation, i realized the guy does not have much hobbies outside of work. Devops is essentially his personality. Taking a step back, with me putting in longer days to debug things, etc, not an issue, but i dont do this on the weekends, as this is strictly me time.

Although there has been one or two times, where i have contemplated working the weekends to meet deadlines etc. It seems like a rather easy to fall into this routine of taking work with you into the weekend. Considering there is a mountain of things to learn, how the hell do you guys prevent from falling into this but still being a good performer?

https://redd.it/1c2jgh2
@r_devops

Free 7 Days of DevOps Learning

Just sharing what I found:

7 Days of DevOps Learning

Sign up to access a week of exclusive access to our top-tier DevOps courses and Interactive Labs, for Free

https://kodekloud.com/pages/free-week

https://redd.it/1c2l5rz
@r_devops

Issues deploying Emissary (ambassador)

Hi guys
So I'm using a helm chart to deploy emissary, but not with the chart itself but doing a helm template and have all the manifests apart (Deploy, svc, rbac, etc)

Thing is Argo is not properly lifting the app, facing a similar issue like this one: https://github.com/emissary-ingress/emissary/issues/5603

Cant deploy the chart alone because of the way our manifests are handled. Any clues? Already tried with 3.90 and 3.8.2 and nothing.

What ir seems to be bothering is the apiext deployment.
Thanks!

https://redd.it/1c2l3na
@r_devops

What's required to allow local auth for ssh when an ldap server is not reachable?

I configured slapd following https://ubuntu.com/server/docs/install-and-configure-ldap and the ldap clients following https://help.ubuntu.com/community/LDAPClientAuthentication

Everything is great when ldap is working. But when ldap is down, I would like to be able to login with a backup account via ssh key. I have my nsswitch.conf configured like so but it doesn't seem to let me login when ldap is down.

passwd: files systemd ldap
group: files systemd ldap
shadow: files

https://redd.it/1c2jxq2
@r_devops

Even with a Simple Docker setup, I feel like I’m forced to use K8s?

Scenario: B2B SaaS MVP.

App 1: SvelteKit App instance (app.business.com)

App 2: SvelteKit Landing Page instance (business.com)

The Journey:

1. Don’t want to do the easy path of Vercel or Netlify as scales poorly in terms of cost.

2. So Dockerize for a minimal setup.

3. But I need Observability, Grafana Stack. I need PromTail logging agent, Loki log aggregator, Prometheus for Metrics, Faro for Frontend metrics, Grafana Dashboard.

4. So pretty much just getting a barebones setup (I consider observability as a barebones requirement for any SaaS app) seems like a pain to manage.

5. K8s? But K8s are only for complicated setups?

I did look at the Helm chart for Prometheus stack and what not and that’s complicated as hell. Even if I knew how to handle it, I wouldn’t want to. But I really don’t want to self manage all the observatory stuff with individual docker containers.

Then I gotta do the auto scaling myself too. Since Prometheus monitors metrics, would it even make sense to have it on the same server on my app containers?

I’m trying to save money here and really just wanted a single server instance to startup.

There is like no in between. It’s like I’m forced to use K8s. I don’t know how people manage all their observatory stuff on their own.

As you can also see, I do not want to use vendor specific technologies at all. At most I was going to use AWS elastic beanstalk for app instances. But that’s ok cause it takes Docker container. Would that meaning setting up EC2 instance for Prometheus to monitor Elastic beanstalk? Like containers without K8s seems awful.





https://redd.it/1c2naj7
@r_devops

AWS Linkage to Management Portal

Hello,

New to Dev Ops - is there any open source user friendly "management portals" that can communicate with my AWS setup to trigger / manage multi tenant deployments for new customers and also provision license per customer account?

https://redd.it/1c2spi4
@r_devops

Understanding PLSQL Packages

I've transitioned from a business-focused role to one where I'm supporting an application by identifying code issues in PL/SQL packages when the functionality doesn't meet business requirements, necessitating a deep understanding of the involved packages. While I'm proficient in SQL, I'm struggling with PL/SQL packages. Any guidance would be greatly appreciated. Thanks!

https://redd.it/1c2v5jp
@r_devops

Loki vs Elasticsearch

Hi, has anyone here have opinions/ experience regarding Elasticsearch vs Loki for centralized logging.

The amount of log per day that is for example 50 GB - 100GB and usually I look at the last 7 days. So far ES+Kibana has been quite ok for troubleshooting purpose when I need to look for a specific keyword in the log.

Will Loki+Grafana be able to cope with that amount of logs and provide fast enough search result in the troubleshooting use caee?

https://redd.it/1c2w1lu
@r_devops

App for helping with Dev environment issues... Should I build it?

Currently the company I working at has a fairly complex architecture in docker and one of the most annoying things that happen is a broken dev environment. Especially if you are using a mac rather then linux like most of engineers (I like macbooks but now I regret being in minority of devs using it).


So the process when I get stuck for any kind of reason is try to first search for an error in slack (or even shared "dev painpoints" doc in google drive) and see if somebody found a solution. If not, then I send a message in ops channel and try to resolve it with the help of a DevOps engineer.
Usually, we need to first go back and forth where I have to execute a bunch of commands and post the output, plus answer the usual questions like which platform, which version of x do I have installed etc.


So I was thinking, wouldn't it be easier if there was an app for reporting an error, which as part of a report also provides a lot of different info defined by a devops engineer (bunch of commands that needs to be executed which output goes with the report). Then to have a sentry-like dashboard of solved/unsolved issue, maybe even see how frequent is the error that occurred (if the app can listen for logs).


I know a lot of this could be solved by something like github codespaces but that is not an option in my company (security reasons and also the fact that a lot of engineers already have good machines).

So my question is, would this idea be worth pursuing? Would you see yourself using it?


https://redd.it/1c2ybdf
@r_devops

Need ATS Friendly Resume Template

Hi folks, I've been applying for new opportunity actively nowadays but everytime I applied through via job platform I got rejected in initial screening despite skill matching and experience requirements. So I'm planning to change my resume to make it ATS friendly. Can anyone share some ats friendly resume with me so that I can make one for me.


Please don't share online resume builder link. If possible please share your resume sample or you have general template then that would help me as well.

https://redd.it/1c350m9
@r_devops

Got a job offer after one interview

Just posting here because the experience is so outside of what I’m used to and I feel weirdly suspicious of it even though everything is totally above board and legit. For context, I’ve been out of work since November and the job market has been hellish.

I got a job offer for a contract role (DevOps Engineer III, 12 months, possible 6 month extension) after a single video interview. No coding exam, no team panel interview, no intense grilling, no rubber stamp from upper management checking for “culture fit”. It was just a good long friendly discussion with a 20+ year industry veteran where he checked that I knew what I was talking about and then we talked about the more philosophical parts of the job, like building rapport with your team, the evolution of the industry, and etc.

I got a call from the recruiter who told me the good news and I was in disbelief, but they told me that the company was hiring a lot of people quickly and that everything looked good. I guess I’m both pleasantly surprised with the interview process but also suspicious / concerned about walking into a total shitshow. The job is with a bank so I’m not totally sure what to expect; I’ve been with SaaS companies for the most part in my career. Has anybody else experience something similar? Is this just good luck?

https://redd.it/1c365b8
@r_devops