Do you have a self paid work phone?

I've thought off and on about separating work from personal, by getting a separate phone that will only be for work things.

I currently have an android and I'm noticing my company is getting more serious about security and with Android seems they can admin my phone in thinking it's time to separate devices.

https://redd.it/1dzso5j
@r_devops

What's in your Observability/APM Stack?

I found some odd answers while at KCD New York last months and I'm curious how y'all are doing your production monitoring

For my team:

* OpenTelemetry Rails instrumentation
* Coralogix - [receiving OTel traces](https://coralogix.com/docs/opentelemetry/)/metrics
* Checkly - synthetic monitoring and [visual regression testing](https://www.checklyhq.com/docs/browser-checks/visual-regression-snapshot-testing/?utm_source=chat&utm_medium=link&utm_campaign=synthetics&utm_id=social_button)

We are considering implementing our own prometheus/grafana solution but like a few of the Coralogix features and UI

https://redd.it/1dzts3i
@r_devops

Do you perform house cleaning and delete old container images that are not in use anymore?

Or should you keep the images? Not sure what should we do with old deprecated images. I keep receiving alerts from security team that the deprecated images have security vulnerability

https://redd.it/1dzubau
@r_devops

Serverless vs Managed Kubernetes

I like the ease of serverless, but I like the standards given by Kubernetes better (although, not at the cost of managing everything manually)

Do you have an opinion about the comparison between Serverless and Managed Kubernetes ?

Some interesting comparison criteria in my opinion would be (not exhaustively):

- Ease and speed to first deployment
- Maintainability / How easy and how much time (thus, also how much people) would you need to maintain it
- Future-proofness
- Cost (usual trend between them)
- Portability / Ease of transitioning of vendors
- Performances
- Extensions/Plugins to other services (i.e. GitHub Actions
- Valuation (which would make investors generally like the project more)

https://redd.it/1dzr2iy
@r_devops

Whats the most complex piece of technology in DevOps currently?

So, I understand that tech today is advancing at a very fast pace and we as people haven't been able to catch up to it at the current pace (I'm talking about majority of the people in the current time).
Just wanted to get the idea about what are the technologies that are complex right now.
Thank you!

https://redd.it/1dzzshs
@r_devops

Using Docker in Production

What are your "best practices", guidelines, tips and big no-nos for using Docker in productive environments?


Not looking to containerize own apps, but mainly utilise quick POC-testing, easy deployment for trials of new tools etc...
Is using a specialized host OS like AWS Bottlerocket worth it?
Would love to get some discussions going and see what everyones experience is, thank you all for your input :)

https://redd.it/1e006l2
@r_devops

Action Version: utility to pin github actions versions

Heya folks

I've made a utility for myself for one-off jobs where I need to quickly pin the versions for all the github actions in a repo

I've also made it auto-fix any documentation that uses semver tags instead of hashes, since people copy-paste these things

Maybe useful to others 😊

https://github.com/audunmo/action-version

https://redd.it/1e01lkn
@r_devops

Should I include specific skills in my resume for optimization on AI platforms like Gupy?

Hello everyone! I’m restructuring my resume for the third time and noticed that I have never included a specific skills section. I’m considering adding this section, especially because platforms like Gupy use keywords to analyze resumes. Until now, I have been manually adding my skills after importing my resume, but I’m wondering if it would be more effective to include them directly in the PDF.

My question is: how do you recommend listing these skills? Should I focus on technical tools like PHP, Power BI, Python, or on more generic skills like support, maintenance, and troubleshooting? Which approach is more effective and viewed more favorably by recruiters and resume screening tools?

I appreciate any advice!


https://redd.it/1e043kg
@r_devops

Bandwidth Allocated Kanban: Early Insights and Lessons Learned

A few months ago, we published a blog post about the task process that we use to build Doppler. We’ve started calling it “Bandwidth Allocated Kanban,” and we’ve been getting questions about how well it works for us. I wanted to share some early findings that haven’t made it into a blog post yet. Give the [original blog post](https://www.doppler.com/blog/how-we-fixed-our-backlog-process) a read. Otherwise, these ideas won’t make much sense.

**✅ Engineers like it.**

The feedback from our engineering team is overwhelmingly positive. Engineers feel like they have more agency, and the flexibility to select work to match their energy / environment / working schedule is a productivity boon.

**✅ Stakeholders like it.**

Stakeholders generally like the flexibility and transparency that the system provides.

One problem is that the system can’t answer the “when will this task be done?” question. Because engineers are free to select items from the highest time tier, the first item might be done in a day, and the last item might be done in a month. We arbitrarily selected 100pt re-ups when we started the process, and it turns out that it takes us about one month to complete that many points. If stakeholders want shorter time horizons, we can tighten this to 50pts — something we’re considering.

**✅ It forces ownership conversations.**

On top of our task process, we have a triage process where items are estimated and moved to the appropriate stakeholder for prioritization in a future re-up. For some tasks, it needed to be clarified which stakeholder should own the item (i.e., who should have to spend their points on it). To determine the stakeholder of a particular task, we asked ourselves, “Who would be sad if this didn’t get done?” and that would lead us to the answer. We’ve found this incredibly useful because (1) it prevents us from working on things that no one cares about, and (2) it ensures that the people who do care are driving the conversation.

**🤷 Less interesting tasks get stuck until the end.**

Let’s face it: some engineering tasks need to get done and are not fun or interesting to work on. These tasks generally get stuck until the end of the re-up because no one wants to pick them up. I don’t think this is a problem with the process; the process is just highlighting tasks that wouldn’t have been interesting to work on anyway.

We considered this problem when we rolled out this system initially — or really the inverse of this problem. We were worried that engineers would cherry-pick the most fun tasks or race to reserve them. As it turns out, different engineers like working on different kinds of tasks. I heard one engineer say, “Man, I hope I don’t get stuck with that refactor ticket,” while another said, “Can I reserve that refactor ticket? That code has been a mess for so long, and I’m excited to clean it up.”

Some tasks still occasionally get stuck, but it’s infrequent, and the system at least forces a conversation about it.

**🤷 Tasks don’t get swapped or traded very often.**

An exciting feature of the system is that stakeholders can swap out tasks for others or trade points with other stakeholders. We expected this to happen more frequently, but it’s only been done a handful of times. Still, I think it’s a comfort for stakeholders (myself included) that flexibility is available if needed.

**⚠️ Tweaks need to be made for larger projects.**

We introduced this system when we were primarily working on smaller, one-engineer features. We discovered that considerations needed to be made for more extensive, multi-engineer projects, particularly around planning and release timelines. How could we possibly predict the completion target of a feature without locking in stakeholder allocations? We’ve mostly solved this with better project planning processes. However, that probably deserves a separate post.

**⚠️ Engineers provide value outside of the tasks they complete.**

Engineers write code, right? Yes, but they also:

* Participate in product design

conversations (very important for building a tool that is mainly used by developers)
* Write and review system designs for more complex features
* Assist in debugging support issues

Our team isn’t writing tasks for any of this important work, so it doesn’t get stakeholder-allocated, and, by extension, it can’t be factored into our velocity. We don’t use velocity to measure the team's performance (for this exact reason). However, we aim to be predictable with our output so stakeholders can plan ahead. We’re dealing with the inconsistent velocity for now and adding formal tasks for larger bodies of work (e.g., system designs). We don’t want to create a culture where “if there’s no ticket for it, I’m not doing it.” Engineers, as with all team members at Doppler, are deeply trusted to work on what they think will be most valuable for the company.

**🎉 It’s working!**

Overall, our team has been happy with this system over the past few months! We need to make more tweaks to accommodate large projects and unticketed work. Still, ultimately, it feels like we did what we set out to do: build a flexible, transparent, and democratic system for both stakeholders and engineers.

Has anyone else tried this (or something similar)? I’m curious to hear what’s working and what’s not for other teams. - Nic Manoogian (Head of Engineering @ Doppler)

https://redd.it/1e02k0l
@r_devops

Encrypted secrets in version control

We all have the mantra : "Never store secrets in version control !" (If you don't have it, what's wrong with you ?)

That being said, while working on a company project, based on Rails, I recently discovered the encrypted secrets mechanism.

It's seems very elegant. Indeed, whenever you introduce a new environment variable in your codebase (e.g. when connecting a new API), it's often super tiresome to think about updating the production environment, to create it with the production value before deploying the new feature. Since the file is in version control, you just introduce the new secret with your PR.

Since I haven't seen it in other tech stacks (Go, Node, Spring or whatever), I was wondering what were the limitations of this, if any ?

PS : I'm aware of "better" and more professional alternatives like Vault, KMS, etc.

https://redd.it/1e065nl
@r_devops

SwarmCD: a declarative GitOps and Continuous Deployment tool for Docker Swarm

Hello everyone,

I'm working on this open source tool that is inspired by ArgoCD but for Docker Swarm. It periodically watches Git repos that contain Docker Swarm stacks and config files, and keeps deploying new changes to the cluster. What are your thoughts? Contributions would be very appreciated since I'm relatively new to Golang and because the tools is still lacking many features.

https://github.com/m-adawi/swarm-cd

https://redd.it/1e09lwo
@r_devops

AWS Marketplace configuration question

I created an app that consists of AWS CodeBuild, S3 for storage, SSM for configuration and SNS for notifications. I am interested in looking into offering my product to a larger audience. The app I created is used to export BitWarden vault data and stores in an s3 bucket. Currently I am storing configuration information that includes a username and password combination, as well as an API key that would need to be created in BitWarden account.

That information is pulled and stored in a single SSM Parameter Store key, but I am wondering if there is a more optimal consideration if I am going to offer it as a Marketplace product.

Thanks in advance, and look forward to comments

https://redd.it/1e0akof
@r_devops

Logging HTTP events

I'm setting up a Node server and I want to log every HTTP request and response that it handles. I thought about using Splunk because I have worked with it at a previous company and the API & dashboard are easy to work with, but it appears that Splunk is primarily enterprise software that isn't too startup friendly in terms of cost. Based on articles and other posts it looks like $100 per ingested GB/mo is somewhat average, and this seems like a lot especially compared to the costs of some other cloud services we're using.

Is this typical pricing for something like this? If so, what other solutions are people using for logging HTTP events?

https://redd.it/1e0f4hw
@r_devops

Stuck on Drone CI + Gitlab Subgroup project.

Hello,
I'm currently running the latest version of Drone on a VM, and the setup is complete. However, I've encountered an issue: Drone doesn't directly support GitLab subgroups, and my main project resides in a subgroup that I cannot relocate.
Is there a workaround I can employ? Or should I abandon Drone altogether?

https://redd.it/1e0ff3f
@r_devops

Bitbucket exports and imports

I'd like to share with you a step-by-step guide on how to export and import data in Bitbucket, which can be useful in case of migrating the project or platform (for example you need to switch from GitLab or GitHub to Bitbucket, or vice versa), etc. : https://gitprotect.io/blog/bitbucket-exports-and-imports-explained/

https://redd.it/1e0klib
@r_devops

Python program for reading and sending mail from office 365 custom domain

Is using the msal library and graph api the best way to have a python app to read and send emails on a office 365 custom domain?Are there better alternatives? TIA

https://redd.it/1e0lqqh
@r_devops

Guide to setting up self service with gitops backed by Terraform

Hi can anyone recommend a guide for setting up a git based self service platform, backed by a tacos system?

I've worked with a few of these systems but they've always been built over several years, and I have a chance to start with a clean slate. I have a notion of what I'm looking for, but would like to read a bit more

Is there a set of articles anywhere on this? Ideally I'd like one that covers having a registry/manifests repo as the entry point for developers

https://redd.it/1e0ms08
@r_devops

Send email notification on git pull

Folks, I want to send email notification if there is git pull happen on server for specific repo in specific path. Can anyone suggest how to do that?
I already have the send email python script.

https://redd.it/1e0oq3n
@r_devops

GitHub ARC (Actions Runner Controller)

Edit: title should’ve been “Using GitHub ARC (Actions Runner Controller)”, to clarify it is not a clickbait/seeking attention post.

Does anyone else use ARC in DinD/Kubernetes mode and getting such shitty performances?
If so, how did you encounter the problem, and if you’re getting good performances, PLEASE, what’s your secret man?
Sometimes I wonder if GitHub can handle large scale IPs.. It has so many problems!!

Thanks for the (future) replies.

https://redd.it/1e0pee6
@r_devops

Need guidance for automation

I manage sonarqube self-hosted instance and there's usual admin tasks like user/group management, monitoring quality gate, setting up pipeline integration etc... Since the user/group management aspect of my work is recurring and follows a set pattern, i want to automate this. I know i can make use of api's. I haven't looked into them yet. Just a preliminary opinion.

What would be the best approach for this task? Python? Bash? Ansible?
If you'll are aware of something that already exists for this, please point me to the resource/work.

Expectation:
* Should be able to do sonarqube user/group management remotely

https://redd.it/1e0qadi
@r_devops