Hey what to learn in Linux ???

Hi everyone i want to learn linux for devops but have no clue what to actually learn in it i went to roadmap.sh and the linux path was super overwhelming please anyone can tell me what to actually learn in it .


https://redd.it/1e6zjfg
@r_devops

Industry Trends | DevOps , Cloud

Hi all, what do you think are the most important trends shaping the future of DevOps and cloud computing? How are you preparing for them?

Because I think DevOps and Cloud filed is getting saturated and it’s not enough to survive as DevOps.(let me know if you think it’s wrong assumption)

https://redd.it/1e73ng9
@r_devops

Need expert advice

I am a devops intern who has been assigned tasks, like my first task is interesting to me but, I am on a week holiday and before going back and asking out my mentor or other mates, thought to feed my brain something.
Like the task is to "create a one stop access solution, like say we have developer's who once get their role will need default access based on the role that they get, say frontend or backend or anything like that

I need to provide such users access to certain software such as Jenkins, db access through a bastion, open search etc...

I was asked to make sort of a ui where once user is added I can do this checkbox to provide access and remove access, set time for access, etc....

Any insights will be usefull, I was said to look for AWS ssm so that the logs of the actions could be more clear and concise.

https://redd.it/1e746f0
@r_devops

How to Best Integrate E2E Tests into GitLab CI/CD Pipeline?

Hi all,

I'm looking for advice on the best way to integrate end-to-end tests into our existing GitLab pipeline. I am lost at this point. I'm doing this for the first time and I'm unsure how to handle it. Here’s a brief overview of our current setup, goals, and daily development workflow:

Current State:

Pipeline Tool: GitLab
Repositories: Backend (Spring Boot), Frontend (Angular Monorepo NX), Keycloak
Branching Strategy: Master-Branch, Feature-Branches

Daily Development Workflow:

When a feature is complete, we create a merge request from the feature branch to the master.
The pipeline is triggered on the merge request and includes the following steps: Prepare (npm etc.), Tests, Lint, Build, Trigger Deployment (manual trigger for the second part).
After successful pipeline completion, E2E tests can be manually triggered.
Merging can be done without triggering E2E tests or even if they fail, which currently has no impact on the merge process.
Clicking to trigger E2E tests temporarily deploys the changes to the dev stage.
Upon merging, changes are deployed to the master and rolled out to the dev stage.
During a release, we create a tag, and only the normal tests are executed, skipping E2E tests and deploying to the production stage.

Problems:

Manual execution of E2E tests.
Merge process can be completed even if E2E tests fail.

Goals:

Automate E2E tests for each commit/merge request.
Prevent merges if E2E tests fail.

Given our current constraints and setup, what would be the best way to achieve these goals with minimal disruption?

My initial thoughts were to containerize the frontend, backend, and Keycloak, and create a temporary E2E stage that would be terminated after a successful or unsuccessful job. However, it seems like a configuration mess and a waste of resources.

Are there simpler ways? I am open to any suggestions.

Thanks!

https://redd.it/1e759j6
@r_devops

As a DevOps architect, how would you ensure that an outage caused by CrowdStrike does not affect the development lifecycle and operations of your application?

🤔

https://redd.it/1e784tv
@r_devops

Master in Data Science or Software Engineering?

I am currently working as a Linux System Engineer in a company where I write bash scripts to automate tasks, monitoring infra and services using prometheus, sending alerts to slack channel, and deploying services in containers and currently building a kubernetes cluster on our infra. I wanted to get into the Data Engineering and DevOps/DataOps/MLOps field. I hold a bachelor's degree in Management Information System and currently applying for a Diploma followed by a Master program in a university in my country from the faculty of Computer Science and Artificial Intelligence. They have three programs available; Software Engineering, Data Science, and Cyber Security. But I don't know which is more pertinent to my field, Data Science or Software Engineering Master and had mixed opinions about which one to choose. I already have a fairly good background about Computer Science subjects like Algorithms, Data Structures, and coding in general.

https://redd.it/1e7ap1n
@r_devops

3 Essential Linux Command Line Tools for DevOps Engineers

A short video about using yq, sed/grep and curl. Getting better in using those commands is essencial for devops engineers (and not only). With proliferation of AI, there is even greater need to learn and understand the underlying technologies and tools. Hope it helps someone to learn a few new things or improve.

https://youtu.be/BYdrUJcU1yU

Related material:
- companion blog: https://medium.com/itnext/6-essential-linux-command-line-tools-for-devops-engineers-5cd23b578c50
- terminal slides: https://github.com/Piotr1215/shorts/tree/main/3-devops-tools

https://redd.it/1e78s5u
@r_devops

Advice on Running SAST and DAST with Veracode in Azure DevOps Without Access to Client's Source Code

Hi everyone,

I'm working on a project for a client where we need to run SAST (Static Application Security Testing) using Veracode. The client has provided the necessary endpoints for the DAST scan, and that part is straightforward. However, I’ve hit a snag with the SAST.

The client wants to integrate Veracode into their Azure DevOps pipeline but is not willing to share the source code with us. This brings up a few questions and concerns:

1. **Is direct access to the source code required to integrate Veracode with Azure DevOps and run SAST?**
2. **If the source code is not required, what are the alternative approaches to perform SAST under these conditions?**
3. **What specific type of access do I need in Azure DevOps to set up and configure Veracode for running SAST?**
* I assume I might need Project Administrator access to configure pipelines, deploy, and install/configure the Veracode extension, but any confirmation or additional insights would be helpful. if he's not okay to give us the Admin access, what are alternatives roles ?

Any advice or insights from those who have navigated similar situations would be greatly appreciated!

Thanks in advance!

https://redd.it/1e7cbjn
@r_devops

How to manage dozens of gitlab tokens in CI jobs?

Scenario: gitlab on-prem driven CI with many repos working together to provide a single infrastructure:

So we have a lot of tokens to manage. As gitlab now enforces a 1 year max token lifetime I've just had the realisation that hunting through CI variables in dozens of repos, recreating new tokens in other repos that that CI needs to access, with the appropriate permissions is not a sustainable approach.

So apart from better READMEs in each repo or a big spreadsheet, how do people manage dozens of tokens with varying permissions that need to renewed yearly and update the secret stored in the correct CI variable?

Unhelpfully gitlab deletes expired tokens and I don't see a convenient UI to list all project tokens across the entire account.

Curious... I assume this is a common problem with gitlab/github driven CI?

Many thanks in advance for any suggesstions, ideas, pointers... 👍😀

https://redd.it/1e7f5ot
@r_devops

Terraform Certifications?

I am looking to learn terraform and possibly get a certification if there is such a thing. Anyone have any suggestions?

https://redd.it/1e7l496
@r_devops

Managing Kubernetes with K9s

For those that have been using k9s (or equivalent) to monitor your Kubernetes clusters in the cloud, how do you ensure some form of version control?

For example, increasing memory/cpu request and limits, scaling of replicas, updating some yaml file, can all be done using k9s.

But how do you ensure some form of version control?

The reason for this is bcos i recently joined a non-tech company with only one engineer who joined around 2-3 months earlier than me. We’ve been trying to maintain a data pipeline done by external vendor, so we found k9s really useful to tell us live updates of the cluster.

But recently, the other engineer has been fine-tuning the memory/cpu instances. Sometimes he messed up the yaml file while editing which causes some of the pods to not be able to restart due to insufficient memory allocation.

Deep down i feel like this may not be the best practice, thus would like everyone’s input on how is it done for other tech companies?


https://redd.it/1e7nnca
@r_devops

Best docker& Kubernetes course on udemy?

I got an organizational user which means all courses are free to enroll.
I’m a security researcher and looking to get some knowledge and know how so at some point I’d also be able to understand the security aspects of docker and k8s and look under the hood.



https://redd.it/1e7tpx3
@r_devops

Tips for a new learner for terraform / Kubernetes / docker

Hey everyone , i’am new to devops , where do i learn terraform / docker / kubernetes and ci/cd for free with hands on practice ? Thanks everyone


While you’re at it , how do i become really good and knowledgeable in this field ?

Thank you so much everyone

https://redd.it/1e7unz7
@r_devops

CI/CD configs IN App Repos?

Do you keep CI/CD configs in the same repo as your application / service code where devs can manage them? A few teams in my org have recently started using CircleCI on their own and set up their own pipelines in each app repo. I can understand if it was just for building or pre-deploy stages that are more application specific, but these are full CICD pipelines. They aren't consistent across the repos now which makes troubleshooting a nightmare, and I've also found that some of our standard SDLC steps like linting, validation, testing, vulnerability scanning, and so on are missing. Not to mention skipping review requirements and dual approval. There is nothing stopping someone from adding a pipeline that just deploys straight to production. I raised these concerns with our head of engineering who argued that it is necessary to empower the devs to ship as fast as possible. Am I making a stink for nothing?

https://redd.it/1e7w0p6
@r_devops

GitLab with Argo CD

Are there alternative approaches to updating Argo CD Helm chart values in GitLab CI/CD?

script:
- git clone [email protected]:guestbook-toshiro/argocd.git
- cd argocd/$SERVICE
- envsubst < base-values.yaml > values.yaml
- git add .
- git commit -m "Update $SERVICE to version $IMAGE_TAG"
- git push

https://redd.it/1e81uc9
@r_devops

Managing secrets, certs and other sensitive data

What tools are you using for managing secrets, certs and other sensitive data. How did you go about implementing it and what were some of the lessons learned as you implemented it?

https://redd.it/1e83fbo
@r_devops

Is this course a good introduction to the field? IBM DevOps and Software Engineering Professional Certificate

I'm starting my first job as a DevOps Engineer in a few weeks and I want to get a complete picture of what a role like this might involve in terms of tools & tech, methodologies etc.

Does this provide a good overview of the field? https://www.coursera.org/professional-certificates/devops-and-software-engineering?

Note: I'm a CS graduate without prior DevOps role experience.


Any other suggestions for the intended purpose will be greatly appreciated!

https://redd.it/1e854m0
@r_devops

Environment Inventory

I am looking for a tool that my team can use to house dev and test environment details. Such as links, status, associated database details, and other details a client or engineering team will need to know. Those teams rely on our in house solution for this like a landing page to access environments. Something customizable and self hosted.

Our current in house solution uses a source controlled YAML file per environment. It works but is difficult to maintain.

Anyone use something like this that could recommend an alternative?

https://redd.it/1e87buz
@r_devops

I want to build my own Vercel domain manager

Many PaaS services offer a “connect your domain with deployment” feature. Typically you simply add a CNAME DNS entry and then everything works automatically. It’s possible to reconnect the deployment in seconds.
How does it work technically? What services are involved.
I’d like to build something similar. Basically what I want is have one entry point and then a database that redirects the traffic based on the hostname to another server. As far as I know, Vercel is not using Kubernetes.

https://redd.it/1e85x1q
@r_devops

What IaC solution should I use for my company's use case?

I am newer to the devops world, and have moved from a developer role into a more technical devops role. Part of my task in this role is to help decide the companies future with IaC.

# Needs/Use Case

* Be able to spin up and tear down mainly windows VMs and potentially other infrastructure in Azure (and potentially also VMWare) using yaml pipelines
* Have the ability to configure these machines into a state for testing of large on premises applications
* this means being able to install applications both 3rd party and internal apps/builds on machines (this often means the VMs need to be able to restart to finish certain installs)
* settings of all sorts of settings (firewall, registry, users/groups)
* Being able to then delete these VMs and all associated resources
* Keep in mind these steps will run on every test run in an AzuerDevops yaml pipeline. (CreateVMs -> ConfigureVMs for functional tests -> Run Functional Test -> Delete VMs)
* so something with low overhead would be great
* Be able to be templatized within AzureDevops pipelines to allow a custom interface to creating Infra, the company does not want to give direct access to all possible infra to developers **(our end users in this case)**

# Current Approach

* Currently someone wrote an internal tool in powershell that leverages az cli to do creation and deletion of infra in azure
* And for configuration there is a whole custom powershell engine that requires a remote agent for each VM that it will configure and does a bunch of custom configurations steps by using PSSession to install and configure things on the remote machine.
* Limitations of this approach (why do we need to change)
* The current Powershell based configuration engine was written by one person who does not actively work on it anymore, and when anything breaks it can be very confusing to know how to fix
* For the same reason, its hard to add more features
* It doesn't scale particularly well as we need one configuration agent for each machine that we are configuring (and there can often be 10s to 100's of machines needed for a full test suite)

# My Questions/Thoughts

* What tool(s) would you recommend for this use case?
* Should we stick with our custom tooling? (Because I come from a development background, I have the ability to rewrite and simplify the engine to make it potentially scale better and be easier to extend going forward)
* I don't have a real understanding if our use case is what IaC would typically be used for, so do tools like Terraform, Ansible, Pulumi, etc support this use case? And if so which would you recommend.
* Whatever we decide I want it to be able to scale for a large number of VMs (not needing an agent for every machine we want to configure) and to be easy to maintain both from the DevOps side, and from the Developers side who need to write their configuration
* Most of our devs are C++ or .NET developers and can really struggle with complex yaml

Thanks in advance for any feedback! I am really just trying to learn what the industry standards for these types of things are so we can be on the "happy path" rather than trying to fight an uphill battle.

https://redd.it/1e8cjah
@r_devops

Looking for Jira alternatives for non-tech related business

Hello,
I work in a field where we are constantly meeting new people (sometimes already know them) and need to put them into a database of some sort. It needs to have a way to log "incidents" related to these people. Attachments are a must, and it needs to have a way to put certain incidents in a "status".

I have been using Jira for this, but I know it is not designed for that. I am wanting to see if there is something else out there that would better fit my purposes. I have also tried Azure DevOps and YouTrack.

Sorry if this isn't the place to ask, it's kind of a weird question that doesn't fit in anywhere.

Thanks

https://redd.it/1e8dcy9
@r_devops