Devops at AWS Shoreditch UK - a suit overkill?

I've been offered a DevOps role at the Shoreditch offices in the UK. When I visited previously, most people I saw wore tech-bro clothing (polo shirt, chinos, loafers). I usually wear a suit to the office, so not sure if I'll stick out like a sore thumb wearing one here?

https://redd.it/1en1f42
@r_devops

Triage bot summary issue in project - GitLab EE.

Hello,

I'm running into something I don't fully understand at the moment and I hope someone can clear it up for me. I think it has to do with best practices, the gitlab repository doesn't clear it up for me or perhaps I'm simply blind.

This is my goal:

Check all projects within a main group "groupname" (or that the token has access to) and create an issue with a summary. I want it to always create a summary in a specific project called "triage-ops", within that "groupname"


This how i've set it up now:

groupname/subgroupname/triage-ops > .triage-policies.yml and .gitlab-ci.yml are in this project.


Within .gitlab-ci.yml I have the following pipeline:

policy:run:
image: ruby:latest
stage: run
script:
- gem install gitlab-triage
- gitlab-triage --token $APITOKENTRIAGE --source projects --source-id groupname/subgroupname/triage-ops --host-url https://domain.com --debug
when: manual
except:
- schedules



The above works fine and it checks the specific project I've mentioned, and also creates an issue there.

So far so good.

I also know that I can reach my actual goal of checking all the issues in the projects by using

- gitlab-triage --token $API_TOKEN_TRIAGE --source groups --source-id groupname --host-url https://domain.com --debug

But when I do that, and run the summary, it always tries to create an issue within "groupname" but it ofcourse can't, because that's a group, not a project.

How would I, in this situation make it so that it does indeed write to a repository I want? Or is this simply not possible to check everything


Or, would I be forced to check everything specifically for the project, and then create a summary within that project, which means I need to run several jobs?


I'm kind of missing the best practice here I think.








https://redd.it/1en2mi2
@r_devops

Could we talk about IBM acquiring Hashicorp for a moment?

So, although it’s been about four months since IBM announced their plans to acquire Hashicorp, I feel like I have seen comparably few posts/mentions of this.

What does your future for IaS look like? Are you going to continue using Terraform etc. with the new licensing model, or are you moving to either open-source solutions like OpenTofu or the complete opposite direction like Bicep?

I feel like we are standing in the middle of a great upheaval and it’s getting really tiring to talk to companies that ask “Ah, so you have NOT worked with X?” when discussing which tools one has experience with.

https://redd.it/1en5mm6
@r_devops

Apono.io is driving a fake marketing campaing on Reddit with fake posts and comments. They are trying to play up their own service while badmouthing alternatives. Here is the evidence:

**TL;DR:** Apono is creating fake posts with fake user review comments, who get vote manipulated, then end up on google, also shit on competitors and block me in an attempt to silence alternatives/critique.

Hi r/devops, I've already commented on a few of their posts and wrote a longer linkedin post on the topics. Feel free to read the full story there:

- [https://www.reddit.com/r/devops/comments/1elp829/db_access_and_all_night_pings/lguk4qs/](https://www.reddit.com/r/devops/comments/1elp829/db_access_and_all_night_pings/lguk4qs/)
- [Linkedin Post](https://www.linkedin.com/posts/jaschabeste_would-you-buy-fake-votes-fake-reviews-and-activity-7226985915125010433-oNqX)

But there is no better place to call them out than on the very communities that they are trying to manipulate, is there?

**Who is Apono.io even?**

Apono.io is a cybersecurity, privileged access management software. That is used to allow developers and other members of an organization, to access restricted resources like databases, servers, etc. at least this is what I got from their web page, correct me if I am wrong.

The only reason I noticed what they are doing is because I tried myself founding a company in a similar space and ended up open-sourcing it. But this isn't a self promotion post, look into my post history if you're interested.

**What are they doing?**

Apono is systematically creating posts on various subreddits where they post a problem statement in on way or another and then comment with another account how Apono was the best solution for a person. Problem is: Neither the original Account, nor the user responding are actually real. Both of them are usually bought accounts with minimal relevant post history. And they never answer anything else, often aren't even used again after this usage.

These threads are also heavily vote manipulated on the thread from wednesday, my comment suggesting my open-source tool went from +6 votes to -4 within half an hour (now it's even at -8 but this could also be the hivemind).

**Why would they do this?**

Developer/Tech People marketing is notoriously difficult. Engineers are well known to be more or less immune to Ads, and hang up on Sales calls. Instead we often rely on social proof (recommendations by friends and colleagues) or user reviews on what we think are somewhat neutral platforms like reddit, hackernews and Github. Additionally Reddit has been ranking very highly on Google since about one year so if you create a reddit post "Alternative to xyz" and the first comment is your tool, this can drive a lot of traffic to your website for cheap.

**Examples**

| Account | Post/Reply | Blocked u/eng_jascha? | Note |
| :--------------------------------------------------------------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------- | :-------------------------------------------------------------------------------------------------- |
| [https://www.reddit.com/user/MalachiHauck/](https://www.reddit.com/user/MalachiHauck/) | [https://www.reddit.com/r/devops/comments/14xerxk/seeking_alternatives_to_stongdm/](https://www.reddit.com/r/devops/comments/14xerxk/seeking_alternatives_to_stongdm/) | No | |
|

[https://www.reddit.com/user/Canisitwithyou1/](https://www.reddit.com/user/Canisitwithyou1/) | [https://www.reddit.com/r/devops/comments/14xerxk/comment/jrmxzoh](https://www.reddit.com/r/devops/comments/14xerxk/comment/jrmxzoh) | No | |
| [https://www.reddit.com/user/donasapertumz96/](https://www.reddit.com/user/donasapertumz96/) | [https://www.reddit.com/r/devops/comments/1elp829/db_access_and_all_night_pings/](https://www.reddit.com/r/devops/comments/1elp829/db_access_and_all_night_pings/) | Yes | |
| [https://www.reddit.com/user/James_Methew_678/](https://www.reddit.com/user/James_Methew_678/) | [https://www.reddit.com/r/devops/comments/1elp829/comment/lguuuqw/](https://www.reddit.com/r/devops/comments/1elp829/comment/lguuuqw/) | No (but u/SergeantAskir) | |
| [https://www.reddit.com/user/Anassilva](https://www.reddit.com/user/Anassilva) | [https://www.reddit.com/r/devops/comments/1dpkvlq/alternative_to_strongdm/lakopv5/](https://www.reddit.com/r/devops/comments/1dpkvlq/alternative_to_strongdm/lakopv5/) | Yes | StrongDM CEO reply on double rates |
| [https://www.reddit.com/user/DanielWalker12/](https://www.reddit.com/user/DanielWalker12/) | [https://www.reddit.com/r/devops/comments/1dpkvlq/alternative_to_strongdm/](https://www.reddit.com/r/devops/comments/1dpkvlq/alternative_to_strongdm/) | Account suspended | |
| [https://www.reddit.com/user/ehlinkhadif/](https://www.reddit.com/user/ehlinkhadif/) | [https://www.reddit.com/r/devops/comments/1b2gtyt/unifying_access_control_across_cloud_providers/](https://www.reddit.com/r/devops/comments/1b2gtyt/unifying_access_control_across_cloud_providers/) | Yes | |
| [https://www.reddit.com/user/ruhagarvan2/](https://www.reddit.com/user/ruhagarvan2/) | [https://www.reddit.com/r/devops/comments/1b2gtyt/comment/ksnlu4i/](https://www.reddit.com/r/devops/comments/1b2gtyt/comment/ksnlu4i/) | Yes | |
| [https://www.reddit.com/user/alexfoot420/](https://www.reddit.com/user/alexfoot420/) | [https://www.reddit.com/r/devops/comments/18gg1s4/looking_for_alternatives_to_strongdm/](https://www.reddit.com/r/devops/comments/18gg1s4/looking_for_alternatives_to_strongdm/) | No | |
| [https://www.reddit.com/user/plabon353/](https://www.reddit.com/user/plabon353/) | [https://www.reddit.com/r/devops/comments/18gg1s4/comment/kd0e79t/](https://www.reddit.com/r/devops/comments/18gg1s4/comment/kd0e79t/) | No | |
| [https://www.reddit.com/user/bindradugow/](https://www.reddit.com/user/bindradugow/) |

[https://www.reddit.com/r/mongodb/comments/1dtbubh/the_frustrations_of_managing_permissions_in/](https://www.reddit.com/r/mongodb/comments/1dtbubh/the_frustrations_of_managing_permissions_in/) | No | |
| [https://www.reddit.com/user/zahooelviane/](https://www.reddit.com/user/zahooelviane/) | [https://www.reddit.com/r/mongodb/comments/1dtbubh/comment/lb8yg28](https://www.reddit.com/r/mongodb/comments/1dtbubh/comment/lb8yg28) | Yes | |
| [https://www.reddit.com/user/rowlanosht/](https://www.reddit.com/user/rowlanosht/) | [https://www.reddit.com/r/mongodb/comments/18nhggy/options_for_auditing_elevated_permissions/](https://www.reddit.com/r/mongodb/comments/18nhggy/options_for_auditing_elevated_permissions/) | Yes | There is no mention of Apono here, but a deleted comment that could belong to the suspended account |
| [https://www.reddit.com/user/SalvatoreBerz/](https://www.reddit.com/user/SalvatoreBerz/) | [https://www.reddit.com/r/aws/comments/1b8ae4u/how_are_you_handling_pimjit_for_aws_this_topic_is/](https://www.reddit.com/r/aws/comments/1b8ae4u/how_are_you_handling_pimjit_for_aws_this_topic_is/) | Yes | |
| [https://www.reddit.com/user/iqramellouzz/](https://www.reddit.com/user/iqramellouzz/) | [https://www.reddit.com/r/aws/comments/1b8ae4u/comment/ktqa6mx/](https://www.reddit.com/r/aws/comments/1b8ae4u/comment/ktqa6mx/) | Yes | |

As you can see this has been going on for a while, and I think if you check any of the accounts you'll most likely agree that they look quite suspicious. They usually have little history and no activity in any engineering subreddits. Then suddenly come with a production access problem or recommend Apono as the magical solution for such a problem.

One thing that baffles me a bit is: They blocked me from any account that is newer than \~8 months. Which is roughly when I started being active and trying to market my tool. Probably in the hope that I wont see their posts and don't recommend my tool as an alternative. This however lets me tie all of them together in the same scheme and made me suspicious in the first place. I have never interacted with most of the accounts that they blocked me from, so why would these random users put me on their block list?

An additional thing I find extremely scummy is that they are bad mouthing their existing (probably leading) competitor StrongDM continuously in a lot of their posts. In one of them they claimed a double price hike and the StrongDM CEO even commented "that they have never raised prices this much" but of course the OP never answers and there is an Apono recommendation in the post.

**So what? Everyone buys reviews.**

Maybe true, but that doesn't make it right and if you get caught you deserve being shamed for it. Especially selling a cyber security product that relies on trust should not use such scummy marketing campaigns in my opinion. I for my part will recommend people to rather use StrongDM or Teleport if they want to pay for a solution. Maybe we as a community can spread the word and make them stop this.


**Note:** This is not about Aponos product, I have never tried it. It might very well be a good solution. I'm just trying to shine some light on how a company is flooding reddit with fake reviews.

https://redd.it/1en737f
@r_devops

Hardworking devs that are pretty normal and don't drink often, when shit hits the fan and you dont have a solution for production code/DevOps, is day drinking beer like startups do, a good stress solutions to preserve sanity and keep hair from falling out or have you a better solution ?

I am a hardworking developer and have gotten a new role where it's going to be me mostly building new web and mobile apps in the frameworks I am very comfortable in and the job was a blessing at 130k so I couldn't say no in my only 3 years experience.

So the problem is I got handed a production live project handled by a bunch of poor devs that are in another country and were let go and it's literally already broken all over so I'm thrust into the fires of hell trying to resolve that on top of having a staging environment that isn't working because we are using tools that I have no experience in and am having to relearn my whole education and experience.

I didn't understand that our processes were this bad and no documentation but now I gotta back up myself. However I have been clear on Basecamp that I am not a devops expert in certain things.

I'm good and building and debugging and even designing and tests. I just have very little experience with devops SRE and the tools we are using.

Everything is done manual uploads and not using GitHub to push to staging so for a little bug fix all of staging has to get reuploaded which is dumb but hey it's what I got.

Anyway so basically I have worked for startups that had kegs at work and day drank. So I'm thinking to do the same thing just for this high stress time period or when shit hits the fan.

I have tried meditation, audible, headspace, 8 hours sleep, working out all day as I work from home.

NONE of it helps.

Normally I'm a happy dev that works hard and knows what he is doing. Right now I'm like "where is that keg" so is this normal to feel this way?

How many of u guys casually have a beer or 2 during work hours working from home or at ur modern office startup (those that have that option available)?

I don't want to be dependent on drinking but I also don't want my fucking hair to fall out or to have a heart attack at 30 ffs hahaha.

https://redd.it/1en8g7l
@r_devops

To those deploying rabbitmq in kubernetes, how are you handling automation of the rabbitmq config?

Are you using the messaging topology operator? Are you loading a definitions file? Other?

https://redd.it/1enbvbu
@r_devops

Devops from stratch?

Could anyone suggest a structured approach or roadmap for learning DevOps from scratch? I'm particularly interested in free resources like online courses, tutorials, and projects. Any advice on how to combine these tools effectively in a real-world project would be greatly appreciated!

https://redd.it/1end25o
@r_devops

Looking for conversation 🤔

I’m about to make a transition from a permanent position to contracting. One of my main concerns is losing the sense of community and the active engagement I currently enjoy with my engineering team at work. In our Slack tenant, which has about 300 people, we benefit from open office hours sessions, soft skill and culture conversations, as well as highly opinionated technical discussions 😂.

I’m on the lookout for active communities, similar to Slack, that are focused on sys admin, DevOps, and platform engineering, rather than development. If any of you are part of such communities or know of any good ones, I would greatly appreciate your suggestions.

Thanks in advance for your help!

https://redd.it/1end3ds
@r_devops

Use HashiCorp Vault to store only sensitive values or use it for entire app configuration?

Helllo, long time lurker, first time poster here

basically the title - to provide some insight, I manage two k8s clusters at my job (dev and test) and deploy all the containerised apps that come from developers with Kustomize, where all the apps are supposed to be configured through environment variables - that I manage through ConfigMap + all the sensitive stuff is being pulled from Vault with external-secrets operator into Secrets and sprinkled on top with stakater/Reloader

Now I'm trying to figure out if there is more convenient /straightforward/ way for devs to manage app config. Ideally everything would be under at least similar location, so I thought about putting everything under that Vault KV secret and then just using that to include my envs to containers with external-secrets, but it still feels at least a little wrong to me, as secrets should(?) be used to store only sensitive variables so that only some folks have access to them while rest of the team can view non-sensitive envs in Kustomize builds. I was also considering SOPS back in the day when I was designing this little thingy, but Vault just felt superior at the time as I didn't want to manage all the encrypted values in files and needed its PKI engine anyway. Or maybe I'm just overthinking it and should keep it the way it is?


Still consider myself a novice with a lot to learn (actually I'm still a student, but my hobbies set me up on this adventure), so if anyone could give me some insight, I would greatly appreciate it!


edit: clarification

https://redd.it/1engh6g
@r_devops

VsCode extension that do cost estimates for Terraform

Found a question posted in this subreedit 2 years ago about this functionality.

Now, i made this extension that can do it.

Globally, the idea of the tool is to generate graph of objects from any programming language (including terraform) and navigate the graph. With a extension system to includes extra data to the graph, the cost analysis is one the functionality that we included to it.

Try it on: https://marketplace.visualstudio.com/items?itemName=Archikoder.lens

https://redd.it/1enhrhp
@r_devops

What did you learn this week?

DevOps is such a large field, every day we are googling things and working on setting up different things, difficult and easy. Maybe it's common knowledge, but you just didn't know. Or you found a unique solution to an obscure problem -- anything, share it, so the rest of us can benefit.

https://redd.it/1enja2c
@r_devops

How to sell containers over VMs to non technical people?

So I work in a team that primarily supports a line of business that does financial modeling. Generally its desktop application support with some SQL server jobs but they just started experimenting doing production with python.

So they came to us asking for a python development environment. Their idea is that we should stand up some windows EC2s that they can remote into and work. One for everyone or one per developer, that is unsure. Of course we will have to keep these machines patched and scaled etc etc.

They started hinting at wanting to run python a while ago and I've developed java before at this same company so I'm used to the standards and practices we already have.. I'm familiar with the path of least resistance to production. I say this because our security advisors are always present and for me using pre-approved architecture just makes things easier.

So I had time to write a pipeline that uses buildpacks to build and push their code and images to eventually be deployed on a shared EKS that everyone uses already. This has been running and works well already for a few small projects. One namespace per non production env with another cluster used for production. Istio in place. Totally legit and all managed by someone else.

I've explained the concept of containers multiple times and essentially have abstracted away everything about building and running their code.. they have logs in Splunk. All they need to know is git, one ssh-keygen command and to structure their repo in a certain way... Maybe how to get to Jenkins and look at build logs.. They can't seem to grasp the concept at a management level although I've had success with the actual developers! They themselves are still afraid of docker. But they can git push and keep their commit history relatively clean. They open pull requests even.

If their bosses whine enough they will eventually get their VMs because they've got pull and they will also be paying for them... Doesn't mean we shouldn't be pushing for a better solution that won't give us more support work

https://redd.it/1enkm1z
@r_devops

Running sonarQube Server on Azure Container instance

I've successfully deployed SonarQube on an Azure Container Instance (ACI) and can access it via Port 9000 with a public FQDN. I created a GitHub app, generated a token from SonarQube, and integrated them. Despite granting all necessary permissions to the GitHub app, when I try to import a project from GitHub in SonarQube, I'm redirected to a page showing "You're not authorized to access this page. Please contact the administrator.", and I can't figure out why.
note that the github App is from a personal account and the repo is a private repo owned by the same account .
Ran another container locally to be able to better debug , still the the same page occurs but at least I could see a warning on the console :
```
2024-08-09 00:28:11 2024.08.08 21:28:11 WARN web[\][o.s.a.c.GenericApplicationHttpClient\] GET response did not have expected HTTP code (was 404): {"message":"Integration not found","documentation_url":"https://docs.github.com/rest","status":"404"}
```
but I guess that's only a warning

https://redd.it/1enhixu
@r_devops

How do devops team do cloud provisioning?

Hi everyone, just looking to learn from the community how devops team do cloud provisioning/access management for engg teams. Some questions i had:

* do you provision using IaC like Terraform or does your company use an IGA to do this?
* how much work is it creating workflows, managing, approving permissions around provisioning/deprovisioning?
* any other insights you can share would be so helpful.

Many thanks in advance.

https://redd.it/1eno522
@r_devops

Job Hiring Senior Web Developer

Hi, we have listed one more Web Developer job on our platform so if you are interested in Senior Web Developer job kindly check the below link



Role - Senior Web Developer (Remote, Contract Basis)



Apply - https://devloprr.com/jobs#233

https://redd.it/1enqt2b
@r_devops

What would you expect from a Devops Engineer at 1, 2 & 3 Years of Experience?

Fully aware that Devops is not a junior role. However, the company I work for have hired a bunch of juniors with the hope to train them up.
Everyone hired has very small computer experiences. Perhaps a bit of coding, simple navigation around a Linux terminal etc.
The first three months was getting introduced to simple networking and AWS.

What would expect from someone at this level after their first year of experience? Able to handle simple tasks under guidance, expect them to read SOWs and complete tasks without much hand holding, etc

And what about 2 years and 3 years?

https://redd.it/1enu12v
@r_devops

New Ultra Alarm's feature: Wake up call

Hey everyone!

TL;DR: Introducing the new Wake Up Call feature in Ultra Alarm! Never miss an alarm again, even if your phone reboots or updates. It's free and currently in beta, available in the US, Korea, Canada, Mexico, Brazil, and India. Feedback welcome!

I'm excited to tell you about the release of our new Wake-Up Call feature for Ultra Alarm! Never miss an alarm again, even if your phone reboots, updates, or the alarm app crashes. It’s free and currently available in the US, Korea, Canada, Mexico, Brazil, and India.


This is just the beta version, and we need your feedback to make it even better. Your feedback will help us develop this feature further.


This is one of the reasons why we call our app “Ultra Alarm,” because we introduce features that reinvent the alarm clock as you know it. And many more great features are coming soon. Please tell your family and friends to try it and let us know how we can improve this app to make your life easier.


Google Play Store: https://play.google.com/store/apps/details?id=com.itaimi.moonshot.alarm


Note: You can send me an email to request the Wake-Up Call feature in your country at [email protected].

https://redd.it/1enulm7
@r_devops

Seeking Advice on Integrating AWS into a C++/Qt Application for Cross-Device Deployment

Hi everyone,

I'm currently developing an application in C++/Qt for detecting certain objects. Recently, we needed to integrate AWS support into our project. We managed to do so on a specific device by building AWS directly on that machine. Everything works perfectly on that particular device.

However, we’ve run into a significant issue. Our application is meant to be installed on client-side devices, which means we’d need to build AWS on each of those devices individually. Clearly, this approach isn’t scalable or practical.

Here’s the crux of the problem:

* We considered using `.so` files from AWS, but they require numerous dependencies that aren’t always present on the client devices. Even after addressing some of the connection issues with the libraries, I’m still facing other errors preventing AWS from functioning correctly on different devices. Because it's understandable that we can't just copy paste all files from one device and expect it to work the same way. Don't want the "it works on my machine" problem :D
* Our development is taking place on Ubuntu (and distributions based on Ubuntu).
* Due to project timelines, we haven’t had the opportunity to explore alternative methods, and we’re looking for a solution that doesn’t require a complete overhaul of our integration. The only alternative method was to build AWS in docker and use it like that, but we still had issues with dependencies. Maybe there is a way to do it with docker, but I don't know about that.

Ideally, we want to find a way to wrap AWS within our installer so that when our application is downloaded and installed on a client’s device, all necessary AWS components are included and function correctly.

My questions are:

1. Is there a recommended way to package AWS with our application so that it doesn’t need to be rebuilt on each client device?
2. Could AWS be designed primarily for server-side use, meaning it might not be intended to function directly on client devices?
3. Are there best practices for handling AWS dependencies and libraries in a client-side application like ours?

Any advice or insights from those who have faced similar challenges would be greatly appreciated!

Thanks in advance for your help.

https://redd.it/1envgb1
@r_devops

GitLab runner managing its own terraform code

Hi, I have encountered following problem.


I have a docker executor gitlab runner deployed in AWS with ASG using spot instances. There is a threshold which when gets crossed it creates a new EC2 instance and registers a new "instance" of a runner.

The runner is deployed through terraform and it manages its own terraform code. The problem is when you try to apply infra changes and for example, someone in other project is using the runner and new instance is spawned, terraform detects drift in the configuration as when the runner scales it changes the ASG policy, resulting in destroying the runners which don't fall in the min size parameter of the ASG. Also when making changes to the runner itself, terraform obviously detects the changes and while applying the runner destroys itself, but usually having enough time to also apply all other changes as well but the pipeline gets stuck and from my understanding there is no way to make other runner pick up the job to finish it.

Maybe my question is stupid and I don't see an obvious solution, but how would you mitigate these scenarios? My only idea which is related to runner destroying itself is to have a separate runner for the terraform code so the apply job can be finished without actually affecting the pipeline, but also I don't want to have manually turn on the runner and the turn it off when I'm not using it so it doesn't generate a pointless charge on the bill, also the changes to the runner very rare (maybe changing the instance size or the max size of ASG). I'm more worried on how can I make sure that if other people (including me) that are using the runner don't get their runner terminated in middle of the job besides applying the terraform changes when there is no other instance spawned? Or maybe it is the only way to do it and I'm overthinking it and I just need to deal with it and get used to it because there is no other way to do it.

Thank you for any ideas :)

https://redd.it/1enwwka
@r_devops