Seeking Opinions and Advice on DevOps Side Projects

Hey everyone,

I'm a DevOps engineer looking to start a side project that I can eventually monetize, and I would love to get some input from the community. I have a few ideas and would appreciate any kind of feedback about them. Here they are:

## 1. AWS Landing Zone with Terraform Community Modules

Project Idea: I’m thinking of creating a solution for setting up AWS Landing Zones using Terraform community modules. The idea is to streamline the deployment of AWS environments by leveraging Terraform and existing community modules. This would cover essential components like organizational units, accounts, networking, security, logging, monitoring, and shared services. Additionally, I'd like to integrate AWS Control Tower to provide a baseline environment, ensuring governance, compliance, and security.

Orchestration Tools: I plan to use Terragrunt or Terramate for orchestration. I have experience with Terragrunt, but I’m aware that the same company (Gruntwork) already offers similar services, which might be a potential issue.

## 2. AWS Landing Zone with Pulumi (TypeScript and YAML)

Project Idea: This idea is about developing a solution for setting up AWS Landing Zones using Pulumi, written in both TypeScript and YAML. Since there's not much out there in terms of community modules, I'd be writing most of the code from scratch. The flexibility of using Pulumi is attractive, and it would include robust infrastructure as code examples in both TypeScript and YAML. It would require a bigger effort due to the smaller community and lack of existing modules. However, it could integrate well with the SST (Serverless Stack) project, which uses Pulumi under the hood, for serverless applications.

## 3. Hetzner Complete Kubernetes Cluster Setup with Rancher, Epinio, OpenWhisk, and Cloudflare

Project Idea: This project would provide a complete setup for Kubernetes clusters on Hetzner using Rancher for cluster management, Epinio for application deployment, OpenWhisk for serverless functions, and Cloudflare for enhanced security and performance. The goal is to offer a more PaaS-like solution, giving developers a ready-to-use environment. Rancher is a practical and developer-friendly end-to-end solution, allowing for centralized management of multiple Kubernetes clusters, security policies, and consistent policies across environments. By using different Hetzner Cloud projects in conjunction with Rancher clusters, you can achieve a robust and isolated setup similar to AWS accounts.

Cloudflare Services: To enhance this setup, Cloudflare offers services like DDoS protection, web application firewall (WAF), SSL/TLS encryption, CDN for performance, S3-compatible storage for logging and backups, static site hosting, and serverless functions with Cloudflare Workers.

Infrastructure as Code: I’m considering using both Pulumi and Terraform to spin up these environments, but I'm struggling to pick the right IaC tool for the same reasons mentioned above

## Questions for You:
1. What are the potential challenges and pitfalls I should be aware of for each idea?
2. How can I differentiate these projects from existing solutions?
3. Do you see a demand for these solutions? If so, which one do you think has the most potential?
4. What are some effective ways to engage and build a community around these projects?
5. For the Terraform-based ideas, which orchestration tool would you recommend: Terragrunt or Terramate, and why?
6. What are some ways to monetize these projects that would not negatively impact the community?

Looking forward to hearing your thoughts and advice. Thanks in advance for your help!



https://redd.it/1d0wqvh
@r_devops

how to prevent merging if test cases have failed using Jenkins and GitHub branch protection rules

iam using jenkins pipeline to run test case using framework ceedling and unity because my code in c langauge , i want if the test case has failed to prevent this branch from merging in github repo

https://redd.it/1d0wqdt
@r_devops

In aws CodePipelines the special character & is being printed as & please help

So I'm creating a pre-signed url in CodePipeline post build step, now problem is that the signed url is being malformed like & is showing as & in the logs and because of that it's not working.

I tried using double quotes, sed, printf, echo but still same issue.

I tried to save the generated pre-signed url in a .txt file and then cat the .txt file and still same issue but when i download that .txt file then there was no issue, i mean the & was represented as it is so I'm not sure if this is bash issue or cloudwatch logs issue.

Use case is i want to have a s3 object which we can access directly from CodePipeline using s3 signed url.

Please let me know if you guys have faced similar issue and how did you fix it??

Thanks!!!

https://redd.it/1d0zliv
@r_devops

REQUEST: Advice for a Windows guy coming to Linux - alternatives to PowerShell/Groovy?

**BACKGROUND**

I've been a (Windows) software developer a long time (decades) and now work, by choice, in DevOps

My responsibility has been a set of important corporate legacy apps running on Windows (.Net/IIS/SQLServer)

Everything is on AWS and deployed via Jenkins/Terraform/Ansible/PowerShell scripts, all under source control

I'm dealing with Linux systems more and more as components of the old system are rewritten/replaced

**CURRENT ISSUE**

I'm finding writing Linux BASH equivalents of Windows PowerShell scripts frustrating

BASH feels like Windows Command line (BAT) in comparison to PowerShell. Ancient, arcane, not a proper "language"

Having learned Groovy through its use in Jenkins it seems like a great option. Modern, proper "language". How can BASH compete with the power of {closure}.delegate?

But it looks like Groovy has had its day and other than Jenkins isn't widely used. r/Groovy is nearly dead

(I also have the prospect of our DevOps stack being moved to GitLab in future)


**What would you suggest is a way forward that maximizes my learning effort? (And *my* learning becomes my teaching for juniors in the department)**

**A) Learn BASH**. It IS a proper language once you understand it. Its never going away, the skill will always be in demand

**B) Use Groovy**. Rumours of its demise are greatly exaggerated.

**C) Get PowerShell on the Linux nodes** It's cross-platform for this exact reason. It's 'widely' used (in both Windows and Linux world) The Linux DevOps might roll their eyes but f&*k those insular assholes

**D) Learn "XYZ Language"** (eg PYTHON?) - that's the thing that fills this gap you're describing and will remain so for a decent amount of time. How did you not know this?

**E) Something else**... tell me, eg "Stop thinking like a developer... DevOps coding is different to Application coding" (we're gonna have an argument about this are we? ;)

Because this is Windows v Linux I'm expecting trolls, but I really appreciate any serious replies

https://redd.it/1d107lj
@r_devops

OWA with adfs and my custom idp, custom database settings problem no UPN in request

I have a problem while performing authentication in OWA using adfs and my own IDP. The SAMLResponse from idp contains:

<saml:AttributeStatement>
<saml:Attribute FriendlyName="UPN" Name="UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xmlns:xs="https://www.w3.org/2001/XMLSchema"
xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin
</saml:AttributeValue>
</saml:Attribute>
But im getting error in owa: /owa/auth/errorfe.aspx?msg=UpnClaimMissing with adfs-error: x-adfserror: No UPN claim was found.

I have configured claim rules according to https://learn.microsoft.com/en-us/exchange/clients/outlook-on-the-web/ad-fs-claims-based-auth?view=exchserver-2019#step-2-deploy-an-ad-fs-server

with: c:Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY" => issue(store = "Active Directory", types = ("https://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"), query = ";objectSID;{0}", param = c.Value);

and

c:Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY" => issue(store = "Active Directory", types = ("https://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);

https://redd.it/1d0zmtx
@r_devops

Do IT infra jobs offer remote work as much as dev jobs?

Ive been considering making a switch to work on IT infra, basically aws, terraform , kub8 kindof stuff. But currently i am enjoying remote work as a dev and i hope i can continue working remotely after the switch

i am not oppose to working onsite just that i need to make some adjustment in my life commitment should i work onsite.



https://redd.it/1d0zppg
@r_devops

emuhub

EmuHub is a tool that simplifies the testing of Android applications. It leverages Docker and NoVNC to provide developers and QA engineers with easy access to multiple emulators via web browsers. This innovative solution streamlines the testing process by allowing the deployment of emulators over CI/CD environments. EmuHub's Docker integration enables effortless creation and management of emulators, while NoVNC ensures seamless access to emulated devices directly from web browsers. Its compatibility with CI/CD environments facilitates automated testing, reducing testing time and maximizing efficiency.

https://github.com/mohamed-helmy/EmuHub

emuhub






https://redd.it/1d14yqk
@r_devops

Monitoring/APM tool that can be self hosted and is relatively hassle free

We are migrating to OTel and reviewing our current observability vendors for potential replacements and/or consolidation. We have a combined 7 figure bill and have substantial metrics/logs (but no traces yet) volume. While we migrate and set up POCs with vendors, I wanted us to also have something hosted on our infra we can use internally (probably internally only on my team while we navigate the OTel implementation).

There seem to be so many observability tools now, which is a good thing. I'd like to find one that is OSS, easy to set up and maintain, and supports OTel. Features are a simple UI that we can use to easily query and that can clearly show the data. Also, we don't use k8s, mostly EC2 VMs and ECS containers. Any recommendations? Thanks!

https://redd.it/1d15dct
@r_devops

A confused developer searching for answers

I am quite confused about how the deployment and maintenance of complete web applications online actually work in practice. I have quite a few notions, but there are so many of them that I have a hard time forming a complete and simple picture.

For example, let’s say I have a NextJs application for my frontend, and a backend with a headless CMS (like Directus, for example).

Just for that, I have heard of many different ways to deploy.

For the frontend:

• Either use NextJs, which seems to be the simplest
• Or deploy on your own server either via a reverse proxy or with Docker using Traefik to orchestrate the flow

Speaking of Docker:

• From what volume is Docker no longer sufficient (if I want to make a SaaS, for example) and a cluster is needed? Via Kubernetes, for example?
• Where do you deploy your Docker containers? On Docker Hub? But in that case, they are public

For the backend, I have the same questions.

Then, for the database, I also thought about using Docker, but being alone, I can’t see myself managing my data, doing backups, etc. In that case, I would like to use a managed database, but there are so many offers that I don’t really know which one to choose.

Then, to store my files (images, etc.), I used Cloudinary in the past, but I find it terribly expensive.

Finally, when should I use Cloudflare? I have a few applications running on Vercel and I have no issues, so I wonder what the real benefit of using Cloudflare is and if there are any alternatives.

I have so many other questions about hosting, for example, but it’s starting to get very long.

I would like to get your opinions/feedback on the technologies you use for small, medium, or large applications.

Sorry for this very long message.
Signed, a somewhat lost dev.



https://redd.it/1d18xuv
@r_devops

DevOps job market situation Mid-2024

Great \- plenty of jobs, recruiters reaching out, you get interviews booked easily
Average \- with some effort you can still get interviews, not as abundant as before though
Bad \- almost anything reasonable 300+ applicants, layoffs, nobody calls back.. we are fu#cked.

View Poll

https://redd.it/1d1a8qk
@r_devops

How to transition in DevOps from Linux Administration?

I graduated and got a job as a linux system administrator have been doing that for the last 2 years. I am CCNA, RHCE and AWS Solutions Architect certified and am studying Kubernetes currently. How can I transition into a DevOps role. I understand, in terms of studying the technology, Theoretically, I am on the right track, but since my job profile defines me as a system admin, how can I crack interviews for DevOps job roles, realistically without taking too much of hit on my salary.

https://redd.it/1d1bg95
@r_devops

How do you manage versioning of your env?

I run cluster with 10 different microservices and frontend. How do you manage the versioning itself? How did you implement it? Should every service has its own version and should I use semantic approach or short hash or something else? We are using jenkins for our cicd

https://redd.it/1d1a1qp
@r_devops

Need some info on remote job

I am learning frontend web dev. If everything goes correctly in 5-6 months i am aim to get a remote job. Here are some questions i am really stressing about :
1- in remote job can take breaks btw hours according to my choice

2- as a beginner with no degree will i get a frontend web dev job…if i build good projects and have skills

3- my aim is to get minimum 66k usd a year….is it realistic expectation?

4- if i get a job in US or Europe will i have to pay taxes according to their rules ?

https://redd.it/1d1dnth
@r_devops

Does using chatGPT make me dumber as a devops engineer?

I'm using chatGPT daily to write automation/pipeline code and have achieved some success. It's save me the time from looking boto3/ansible API and writing that code. However I'm kinda worried that I will rely on it to much and can't interviewed well to land a next job. What do people think about this matter?

https://redd.it/1d1gpl0
@r_devops

Laid off, looking for a job


Hey everyone,

Last week, I got laid off from my position as a DevOps Engineer at Zeta (client project), and I'm currently looking for new opportunities. I have 2 years of experience in the field and am open to work and I prefer Bangalore location. If there are any openings in your companies, I would appreciate a referral. Thank you!

### My Experience and Skills:
- CI/CD: experience with Jenkins and ArgoCD for setting up and managing CI/CD pipelines.
- Deployment: Proficient in using Helm for deploying applications on Kubernetes.
- Observability and Monitoring: Utilized OpenSearch, Prometheus, and Grafana for observability and monitoring of applications and infrastructure.
- Cloud Infrastructure: Worked with Amazon EKS for Kubernetes cluster management and service mesh for microservices communication.
- Infrastructure as Code: Written Terraform scripts to automate the provisioning and management of cloud infrastructure.
- On-Call and Incident Management: Handled on-call duties, monitored systems, and resolved issues promptly to ensure high availability.
- Network Troubleshooting: Diagnosed and fixed network issues to maintain smooth operations.
- Scripting and Automation: Developed automation scripts in Bash to streamline repetitive tasks and improve efficiency.

### Project Highlights:
- CI/CD Pipeline Implementation: Designed and implemented CI/CD pipelines using Jenkins and ArgoCD, significantly reducing deployment times and increasing reliability.
- Helm Charts Development: Created Helm charts for Kubernetes deployments, enabling easy and consistent application rollouts.
- Monitoring with elk: Set up and managed OpenSearch clusters to monitor application performance, log management, and alerting.
- Terraform Automation: Provisioned and managed AWS infrastructure using Terraform. Implemented networking, compute, and storage resources. Technologies: Terraform, AWS (EC2, S3, VPC, IAM), Shell scripting, Prometheus, Grafana

Please let me know if there are any opportunities available in your companies.

Thank you!

---

https://redd.it/1d1gvzu
@r_devops

Job interview question

What are your steps to troubleshoot pipeline if the prod deployment from time to time failed and everything is working fine in other environment?

https://redd.it/1d1k4hn
@r_devops

Flat Files vs. APIs: How to Justify the Switch? (Need Arguments!)

Hi everyone, I work in a company where flat files are the norm. We're considering switching to an API-first strategy, but many colleagues don't see the point. They highlight the complexity of APIs and the lack of in-house skills.

However, we're encountering more and more problems with flat files: synchronization difficulties, handling errors, lack of data visibility...

I'd love to hear your feedback:

What limitations of flat files have you encountered?
What concrete benefits have APIs brought you?
How did you successfully demonstrate the added value of APIs to your team?
I'm open to any arguments that could help me defend this project!


https://redd.it/1d1m0x9
@r_devops

How to Access AWS From Azure VM Using OpenID Connect

Do you work in a multi-cloud environment?

Do you usually find yourself passing around cloud credentials? Hasn't it ever felt kinda wrong?

Did you ask yourself if there's a better way around this?

I'm here to tell you that there is. There is a much better way to handle such service-to-service communications.

This blog post elaborates on what OpenID Connect can do to help you avoid passing around long-lived credentials, relieving you from the chore of frequent secret rotation.

If you enjoy this post, please share it with your network.

#aws #azure #oidc #openidconnect

https://developer-friendly.blog/2024/05/27/how-to-access-aws-from-azure-vm-using-openid-connect/



https://redd.it/1d1mjhd
@r_devops

What to do with AWS consulting partner in devops team

Long story short, i’m about 4 to 5 FTE short in our team in order to deliver the projects the business wants.

I’m an acting lead and I’ve been asked how I might use two or three contractors from a AWS consulting agency to help us deliver on our BAU and devops uplift work.

My pain points are different levels of maturity across our cloud stack.

I have several EKS environments running just a single API application and what I feel is a very fragile terragrunt / helm stack (setup like 5-6 years ago) our api product hasn’t really evolved just waiting for onprem project to kick off next year but feel this infrastructure as code isn’t ready for it.

EKS upgrades are serious toil on my small team. By the time we get through the quarterly upgrade cycle we’re planning it again 8-12 weeks later. Unlikely to get buy in on switching to ECS due to onprem move planned next year.

I’ve got another 8 or so AWS accounts mostly serverless, ec2 pets in a mixture of cloudformation and SAM. I’d ideally like this moved to cdk to empower developer self service. Because my team need to help deploy new resources via cloudformation an a lot of clickops has snuck in.

My existing team are familiar with terraform and our terragrunt stack but would struggle with creating new modules or using a public one to implement something.

They know a bit of bash but not python or node so cdk will be a massive leaning curve imho (but I picked up enough typescript in 3 months to support cdk within my former team to support developers and using a bit of ChatGPT and cdk got some automation lambdas working!) as they more so come from onprem world and dabble on cloud/devops.

Assuming I have the opportunity to hire 2-3 devops engineers from an AWS consulting partner and they worked within my team how would I best use them?

I don’t have any infa patterns to hand over and I’m capacity constrained due to being a contributor to other projects as well as acting lead.

https://redd.it/1d1pjfe
@r_devops

It seems like I dislike every job

At the moment I have 3 years of experience in cloud and have felt always fairly motivated for my job untill my last 2 jobs.
Now I am already at my 4th company an I think I am switching jobs too often.

My current job I also get constantly annoyed by how weird organizations have decided to deploy software and infra. I have to deploy infra that makes uses of a 10k+ lines of terraform and I feel constantly lost and usually nobody awnsers any of my questions. Sometimes I think 70% of my team doesnt know what is going on in the templates.

Already I feel the urge to move to another job again, but this will look bad on my resumee. I have the feeling that it is about me, but I just really struggle usually with the way of working and feeling useless.
I am not a genius but I have the feeling I am not stupid either, I just get really frustrated really quick with dealing with other people's over engineered stuff.

Maybe I just need to be okay with not adding value yet after 1 month of working in this place. But I just have the feeling freelancing is more my thing. But for this my experience is still a bit lacking.

Now I am curious if other people also feel like they dislike all companies they have worked for. Do I just suck it up? Do people have advice of how to care less about the job?

Thanks in advance

https://redd.it/1d1qps7
@r_devops

Cut K8s costs with Karpenter

If you're like most companies running Kubernetes, you've likely seen your infrastructure costs balloon over the past year. Between supply chain disruptions, the rise in cloud prices, and increased app usage, those pesky cloud bills keep getting bigger and bigger.

It's enough to give any CTO heartburn. After all, you implemented Kubernetes and containers to increase efficiency and reduce costs! Yet somehow, it feels like you've lost control of your spend.

The problem often comes down to the limitations of your legacy cluster autoscaler. Tools like the Kubernetes cluster autoscaler were great when Kubernetes was new. But let's face it - their capabilities are limited compared to today's workloads. Relying on rigid auto-scaling groups and similarly sized nodes just doesn't cut it anymore.

The result? You end up with inefficient overprovisioning, idle capacity, and nodes that don't properly align with workload needs. And those inefficient nodes drive up your cloud spend exponentially.

Fortunately, there's a better way. Karpenter - the new open source node provisioning tool purpose built for Kubernetes.

Karpenter takes a workload-centric approach to right-sizing nodes on the fly based on actual resource requests. It also automatically consolidates workloads onto fewer nodes to minimize waste. Engineers who have made the switch cite 40% cost reductions or more!

Read how here https://www.perfectscale.io/blog/getting-the-most-out-of-karpenter-with-perfectscale

https://redd.it/1d1sc5l
@r_devops