Is it worthwhile to run Nginx inside Docker versus on bare metal?

What's your experience taking into account these 4 factors:

Immutable configuration of Nginx

Configuration hot-reload, zero downtime

Dependency isolation of Nginx itself

Spinning up new Nginx instances


Happy to read your comments!

https://redd.it/1de6z2e
@r_devops

Cannot authorizate AWS CodeArtifact from Vercel environment using private NPM package

Hey guys, I need some help here with a problem which I haven't been able to figure out neither through docs, gpt 4 or anything else.

I'm trying to set up the use of our private NPM package on vercel, but I always get an unauthorized message from Codeartifact on Vercel build logs.

____________________________________________________

Here is the error message:


 ERR_PNPM_FETCH_401  GET https://domain-codeartifactaccountid.d.codeartifact.us-east-2.amazonaws.com/npm/repositoryname/@package/subpackage/-/subpackage-versionNumber.tgz: Unauthorized - 401

No authorization header was set for the request.

These authorization settings were found:

u/package:registry=https://domain-codeartifactaccountid.d.codeartifact.us-east-2.amazonaws.com/npm/ninja-sdk///domain-codeartifactaccountid.d.codeartifact.us-east-2.amazonaws.com/npm/us-east-2/:_authToken=eyJ2[hidden\]

____________________________________________________

As you might see in authToken=eyJ2, the auth token is being sent. And I'm making sure it is updated on vercel through a local shell script every time I need to update the package or rebuild the app.

When I do the same thing locally on my machine, I'm successful at downloading the package, probably because I'm logged in to AWS Cli.

But sending the auth token to vercel and using it when building the app should probably be enough to download the package.

What am I doing wrong here? I tried using AWS cli on vercel but haven't been able to either.

https://redd.it/1decpmd
@r_devops

MSc cybersecurity as devops

Hello everyone,

I’m currently working as a devops engineer.

I’m thinking to start a master in cybersecurity to advance my skill and knowledge since I like it. Also I want to implement it to my current role and be more devsecops.

What is your opinion on that and how this will affect my career?

Thank you!



https://redd.it/1de7b5l
@r_devops

You don’t need less data but better retention

https://shippingbytes.com/2024/06/12/you-dont-need-less-data-but-better-retention/

Back at when I worked at InfluxDB retention policy turned to be a gatekeeper because it is acutally not easy to decide how to move data in between "retentions".


Is it still the same for you? If not how you do it?

https://redd.it/1dec218
@r_devops

A little help.

I'm approaching this world now. I wanted to do the following, who can help me in detail? I'm a beginner.

Using an Operator SDK, deploy a gitlab operator a kubernetes cluster, andverify operations. You will leverage these methods to provision a Gitlab projectand repository.

https://redd.it/1deiszf
@r_devops

Let's try to ship a product in 2 weeks

Are there anyone who want to take a shot at the following challenge? We put heads together, get an idea, develop a product and launch on Product Hunt on 30 June?

https://redd.it/1dek1nc
@r_devops

Terraform IAC via GitHub Actions and Terraform cloud

Hi,I am new to Devops concepts and trying to do some self projects.I created infra in AWS via Terraform,stored state file in terraform cloud,configured in a way when commiting to feature branch triggers terraform plan and commit to main branch triggers terraform apply via GitHub Actions.Have a doubt,How to manage all of the three environments Development,Staging,Production via Terraform and Github ? Which is the industry standard best practices ?

https://redd.it/1de6cgv
@r_devops

What tools do start ups with mixed cloud or on premise install req use besides k8s?

I am pretty experienced with k8s, having used it in production for the last 8 years or so.

I'm at the point now where I'd use k8s for pretty much anything more complicated than a static site, or a hackathon app. Right now I am working at a start up where we have been using it for our mixed cloud + edge app for the past 3 years and it has been working excellently for us as we often need to scale our clusters up and down, adding & removing accelerated hardware nodes.

Many people say k8s is too complicated for start ups, and for people who haven't paid the educational price of learning it, plus some form of IaC beyond k8s resource definition yaml files in git, I would definitely agree. It's not worth the innovation tokens.

However, because I have mostly only used k8s, I don't have a great knowledge of what options exist out there that provide a similar level of flexibility the way helm and custom resource definitions do. It's the thing that makes me like k8s the most; it would be much harder to set up an on premise postgresql installation with automatic fail over without kubegres, stackgres, crunchybase, etc. And wrapped with a terraform iac module, i can the deploy it in a bunch of different contexts if I would like. For example, I can configure images to come from a local registry in airgapped installations, versus on-premise with internet from our remote registry.

I know most traditional cloud based saas don't require this, but I am wondering what tools offer a comparable experience to k8s plus helm and CRDs for being able to deploy infrastructure in a production ready or near production ready fashion that would be suitable for startups that have on premise or mixed cloud installation requirements without experience with k8s & who want to "just get things done"

Greatly appreciate any insight into this people are willing to share.

https://redd.it/1de7w23
@r_devops

What Stack Do I Need

Not sure if this is the right reddit for this, but I'm hoping someone can give me some insight.

I am in charge of helping to develop a portal where customers can log in and see certain details from a purchase.

I am anticipating needing to use a database system and am thinking I will need some kind of stack that will pull the information from that database.

We use NetSuite as a CRM and could potentially get all the information from it, but I'm worried about integration and the portal being clean and easy to navigate.

I want them to be able to click orders and see all the information available (like serial numbers), and other information that I would need to manually update for now.

Does anyone have experience doing this from NetSuite or would it be better to move it to a database and use some kind of stack to achieve the results wanted?

https://redd.it/1dep5wt
@r_devops

Tooling for generating helm charts and Argo app sets?

I have been struggling to wrap my head around our application sets and helm charts for a year now. My boss wrote them from scratch and what we do every time we have a new microservices or app is copy the last one and modify it. So far so good… However we have a very complex and flexible hierarchy of values, templates, and stuff that I don’t even know if they’re normal terms — trigger files and seed files, which a python script takes as inputs to generate the app set.

We have a multi-tenant architecture in regions all over the world in both AWS and Azure, and of course many environments, including the standard dev/qa/prod as well as cloud vs on-prem, so this is part of the reason for the open-ended nature of the way he designed things. It feels like a very loose (undocumented) framework that requires complete knowledge in. It’s pure gitops which I love, but often I find myself staring at a yaml and wondering what something does, how it fits in, and if it’s overridden somewhere else. I spend a lot of time recursive grepping, looking at Argo overrides (I hate the tag bubble format), and in general wasting time.

In a way this reminds me of Puppet hiera, but obviously more complex. The fix for that was Foreman with the UI that had taxonomy and inheritance. Is there anything like that for helm values? Is there any automation tool or popular framework that creates standardized app sets? (And helm charts?) Again the parallel would be something like creating an rpm from scratch vs having a polished script or tool like fpm to standardize the process. I’d love to have a Wizard-like tool guide me through the process. “Does your app need to talk to kube-API? No? Then you don’t need a dedicated service account. Let’s delete that from the chart so it doesn’t blow up when you don’t set values for it.” Etc.

I’m a smart guy but this really feels like the Wild West out here.

https://redd.it/1der57m
@r_devops

Choose Cross platform framework


Hi guys, I am a 19 Developer and I want to build my app to try to make money.
I want build something than I can connect to a service for taking data, also I need something that could obscure my classe to ensure integrity for my app and my data and something that work good with proprietary file and integration with file like Excel .
I wont a framework free (at least untill i don't make money ) and with a huge support and documentation.
If Someone can give me advice and how to start and search to learn I'll be gratefull

https://redd.it/1detff6
@r_devops

Current Reality: Describe Your Level of Satisfaction Working in the Team

Fellow Engineers,
How would you describe your experience of working in a team? From 0 to 5. Where 0 - worst, 5 - best. I am asking you to estimate team vibe/climate/atmosphere.
How comfortable is it usually to work with other team members? Does anyone irritate you or cause troubles? We usually go through several rounds of interview; technical, behavioral, team match, tech assignments and some others. It's like CI/CD pipeline when we run test to get an artifact of high quality. The interviews are such tests. But is the quality of the team high in the end of the day?

Giving 4 or 5, please tell us how many rounds you had and what they were.

View Poll

https://redd.it/1dewa7z
@r_devops

Provisioning and managing DB users across multiple environments

Hi,


I'm looking for a solution to provision and manage DB users across multiple DB type, environments, cloud accounts.
Preferably via "code" (configuration committed to git)


For example we could have:
AWS account #1 - prod:

- foo_db (mysql)

- bar_db (postgres)

AWS account #2 - dev:

- foo_db (mysql)

- bar_db (postgres)

etc.


* Where foo_db for example should have the same users regardless of the account / environment it's in.


Tried to do it with Terraform but the available providers are not good enough.

Any suggestions?

https://redd.it/1dexm1s
@r_devops

Automating build steps: should I go the scripting or OO route?

This is a debate I've been having recently with teammates.

We'll use Python to automate some build steps. We could write Python either in a more scripting/imperative way, or go full object oriented.

What direction should we go, and why?

https://redd.it/1deyro8
@r_devops

Should I switch?

First job out of university, I work on an sre team. A lot of my work is spent creating small python tools that help manage client capacity and triaging issues.

I wonder how transferable these skills will be to different companies. Should I look for a team where I am creating more of a concrete product?

https://redd.it/1dey9pi
@r_devops

Can you give me some tips on how to achieve my goals?

I wish to become somewhat of a devops engineer (if it even is a thing). I have a degree in software engineering (I humbly know some Js and worked with Docker) but i'm currently working in IT as a "Specialist". I wished to enter the operations side first and learn as much as I can. I am planning to write the CCNA and maybe follow it by a CCNP ENARSI (or the cloud computing one).

This is my first year working. I am aware that my future aspirations my change along the way but in 10 years or less, I wish to be able to adopt the devops role.

What trajectory do you think I should be taking?

https://redd.it/1df1ez1
@r_devops

Why is Building Pipelines Different from Software Development

CI/CD pipelines are essential for automating the process of software integration and deployment, ensuring that code changes are automatically tested, integrated, and deployed to production with minimal manual intervention or ideally in a fully automated way.

So why is developing pipelines different from software development? https://piotrzan.medium.com/why-is-building-pipelines-different-from-software-development-13ebd479edc4

https://redd.it/1df4jc2
@r_devops

Nix and wordpress. My development environment

https://shippingbytes.com/2024/06/13/start-from-nix-shell/

https://redd.it/1df55o1
@r_devops

Another ops horror story

I am working in a team that is very old school, one project == one server, provisioned by hand over ssh, backups are optional, etc, etc...

So on my project I decided to go full k8s, no single point of failure on the software side, loads a alerting rules, full gitops, you know, to show the example.

Today during lunch time someone fat fingered so much that they nuke the all cluster... That was the single point of failure

https://redd.it/1df4yew
@r_devops

Team doesn't know the role of Devops

Hi everyone! So I started working as a DevOps engineer at the start of this year. I wanted to ask some insights on how to deal with people who don't really know the real role of a DevOps engineer.

So our Dev lead in our team thinks that the role of DevOps is to just take care of the deployment of our services, scan vulnerabilities and that's it. I created some processes to improve the config management of our app services but they are not really following it for some reason. I also added some status checks on our repos to improve the code quality that devs are adding on to our app but I keep on getting complains as to why they need to wait for those checks to finish everytime they have a PR. Our Dev lead keeps on insisting that we should keep our responsibilities only for deployment and not care about the code(in terms of quality and vulnerabilities) they are adding on to the repo. It's slowly getting toxic already. I keep on thinking about ways to improve the CICD process of the team but they keep on ignoring the process. I even do KT sessions to the team and ask whether they have some opinions on the process but thats just it, they attend the session and then go back to their old ways right after

It's so frustrating already. Can I ask some tips on how to deal with these kind of people who dont really know what DevOps are supposed to do?


https://redd.it/1df6twb
@r_devops

crossplane How I can create a firewall rule and attach it to the load balancer?

I have a cloud storage bucket. I configured a classic Application Load Balancer and the bucket as a the backend, URL and SSL certificate all configured properly to serve as a cdn. now it's open to the public internet. I want to restrict one bucket access from the internet and allow from a specific ip only to access it.

I use upbound crossplane provider https://marketplace.upbound.io/providers/upbound/provider-gcp/v1.2.0/docs/configuration

I tried adding the SecurityPolicy to the BackendBucket but I get an error saying that the security policy is not an edge security policy

https://redd.it/1df88ts
@r_devops