Tailpipe is a new open source SIEM that runs on your laptop

GitHub - https://github.com/turbot/tailpipe

Powered by DuckDB & Parquet, Tailpipe uses new technology from the big data space to provide a simple CLI to collect cloud logs (AWS, Azure, GCP) and query them at scale (hundreds of millions of rows) on your own laptop. It includes pre-build detection benchmarks mapped to MITRE ATT&CK - also open source.

https://redd.it/1idy6qi
@r_devops

What happened to this being a well paid job?

DevOps jobs used to pay really well, and I would see jobs that paid 150k plus all the time. Most positions pay between 90k - 120k now in the Dallas Texas metro area, which is really lousy and the same as a systems admin or other mid-tier positions in IT. What happened? My friend who is a loan officer at a bank for three years makes more than that.

https://redd.it/1ie14p8
@r_devops

Automate ssl certificate renewal

How can automate the process of renewing let’s encrypt certificate for a specific domain.

Currently what i do is generate certificate in my local machine verified by creating txt record in cloudflare and copy the fullchain.pem and privkey to the server.


https://redd.it/1ie77m7
@r_devops

How can I learn Grafana logs/metric querying fast?

Need help in learning Grafana logs/metrics querying fast...

It's for work, and the regex equations for promql are confusing to say the least. There are too many labels, filters and rate/sum etc. to sort thru, and I don't understand what I'm doing until I run the query, not to mention all the syntax mistakes. I'm literally trying to reverse engineer from the query result.

Please help.

I want to query Max CPU, minCPU, Avg Memory, etc. specs of specific pods in the trial cluster of our application. The latest release depends on NY performance at this.

https://redd.it/1ie937b
@r_devops

KodeKloud for DevOps?

Hey there!

I’m curious to know if anyone has used KodeKloud to learn DevOps or Cloud Engineering. I’m wondering what the curriculum is like. Is it just a basic introduction or does it go into more depth with real-world projects? I’d love to hear some honest reviews.

Cheers

https://redd.it/1ieb1e7
@r_devops

Seeking Open Source Tools or Golang Libraries for MQTT to Notification Integration

Hi everyone,

I have a use case where I previously had an MQTT service running in my cluster. Telegraf was connected to MQTT, Prometheus was connected to Telegraf, and Alertmanager was connected to Prometheus. Based on the rules defined in Prometheus, alerts were sent to Alertmanager, which then sent notifications based on the configured receivers.

Now, the services themselves are sending alerts to an MQTT topic. I need an open-source tool that can subscribe to MQTT alert topics and send notifications. This tool should be highly configurable.

If there is no open-source tool that listens to MQTT topics and directly sends notifications, I can run a Golang service that listens to MQTT topics and sends alerts to a notification service. Are there any Golang libraries that have the capability to listen to MQTT topics and libraries that can send notifications? If there isn't a single library, I can use two libraries: one that listens to MQTT and one that sends notifications.

Any recommendations or advice would be greatly appreciated!

https://redd.it/1iec12c
@r_devops

How do you handle applicative certificates?

In every organization I've worked at, there was a huge gap in the application certification processes. Wether it's for creating or renwing then. Even when theres a PKI with API acces, dev teams still rely on the infratstructure or devops team to just do it for them. Wether it's to generate, install and monitor their expiration date.

So, how do you handle it on your side?

https://redd.it/1iecvnw
@r_devops

DNA&OC, or: How to communicate during an incident

When you're on-call, working an incident, try the following: Do Not Assume (DNA) and Over-communicate (OC).

https://substack.com/home/post/p-156089872

https://redd.it/1iedvg0
@r_devops

Cloud virtualization: Red Hat, AWS Firecracker, and Ubicloud internals

We are running  an open source cloud company called Ubicloud on different providers. I wanted to share one of the blog posts that we dive deep into how to implement virtualization in Linux.

https://www.ubicloud.com/blog/cloud-virtualization-red-hat-aws-firecracker-and-ubicloud-internals

https://redd.it/1iefs3g
@r_devops

Any advice on how to boost one's career ?

hello guys,

I'm turning 8 years in my IT career and this time it kinda makes me feel I need to shift it somewhere. Thinking about moving towards some k8s-ish administration/Platform Engineering, open to relocate in Europe (I'm on ease with languages).

Do you have any advice based on my profile ?



Country : Poland

Current position : DevOps Engineer

Salary (before/after tax) : 55k/45k EUR

Overall experience : App Support, Linux Administration, Middleware, Distributed systems, CI/CD Automation

Tech stack (shortly) : Linux, JBoss, ActiveMQ, ELK, GitLab, Docker/Podman, Nexus, k8s/Openshift, bits of Ansible/Jenkins/python etc.

About: I'm coming from administration and application support at Senior level, but I dare to say that I performed well as DevOps so far, where I had to support a Dev team in CI/CD side, among others get into Gradle, some DevSecOps stuff like Trivy, DependencyTrack or Renovate as well as upgrade quite outdated instances of our ELK/Jenkins or write a Prometheus Exporter in Python with no prior experience - just based on documentation. I just think it means something.

So would be great to hear some hints or advises from people who know European market :) Many thanks in advance !

https://redd.it/1iegv9a
@r_devops

What OS are you all running for Work?

I'm still fairly new to the DevOps/tech space in general. During my first go around I was using my personal machine to save files etc and do work. I'm pretty sure everyone in IT are using some sort of VM/separate pc to do work related tasks. I've figured VM would be suitable since I can just destroy the machine if i've switched jobs. Currently I'm running ubuntu and was thinking of switching to Kali, I guess it really doesn't matter what distro I use at the end of the day just trying to weigh pros and cons and figure out what distro makes devops task optimal (please no arch LOL)

https://redd.it/1iehn88
@r_devops

Shifting to App Sec from DevSecOps

What do you think about this career change? Is it close to each other? Is it possible to go back again?

https://redd.it/1iei3jn
@r_devops

Should I take DevSecOps job if I want to be SWE?

I've been trying to get into SWE for \~1.5 yr now with no luck, during which I've been working as a Data & Systems Analyst. I do some Python + SQL at my current job, but not a lot.

I was just offered a 2-year contract for a DevSecOps position, but I'm not sure if the pros outweigh the cons:

Pros:

Good experience for SWE?
Client is Deloitte, which I hear is good on resume
Moving to Washington, DC could be good for career growth
Includes 3-month training + help getting 1-2 certs

Cons:

2-year contract with huge fee if I break it ($20k-$30k)
Move to HCOL area where I'd probably just be making enough to live, and have to leave behind friends, family, and community I've spent my life building
Company is Skillstorm, which I've heard mixed opinions about
Not a SWE position

The 3-month training consists of cybersecurity foundations, DecSecOps testing, full-stack java development, and risk management and mitigation. Thus, it seems a portion of it will be java dev, and I know DevSecOps follows the SDLC.

Will that help me get a SWE position? Is it worth 2 years commitment just to get to SWE after? The alternative would be to just continue with side-projects/coding at my current job and keep applying to other jobs.

This is probably the biggest decision I've had to make in my life, so just looking for some advice from people in the field. Thanks in advance!

https://redd.it/1iek964
@r_devops

Is there another word of term for "inner dev loop" that im just missing?

My question is: how do you guys refer internally to the "inner development loop" when you're working on things? This is a battle I've fought time and time again internally cause we call it staying in 'inner dev loop' but that's not reaaaallly a term that's widely known and it's not one that I really ever used before coming here.

Ok, so a bit of context, how we think about the inner dev loop is a cycle of activities you perform locally while working on a feature or bug fix (think- writing or modifying code, building the app, running/testing changes, debugging, commit yo code). Typically, the faster and smoother this loop, the more iterations you can make & its usualllly where most of us prefer to spend most of our time ya know?

On the flip side is the “outer dev loop” which encompasses the broader development life cycle (think -planning and task assignment, Code review, collabing with the rest of your team, CI/CD stuff, staging and prod release, monitoring). But I'm really more focused on how to refer to the inner loop.

More on how we refer to it here if you're curious for more context: https://thenewstack.io/hello-world-what-happened-to-the-inner-dev-loop/

Bu i really want to know what do YOU guys call this idea? I've scoured the internet trying to find a shorter, simpler term or way to refer to this idea and there really doesn't seem to be much out there. :P

https://redd.it/1iejbjy
@r_devops

Optimize your AWS / GCP infra with AI

Hey everyone, we built a tool that helps you optimize your cloud infrastructure costs using a combination of AI and static Terraform analysis. It’s only about a month old, so we’d love feedback from the community to see if we’re building in the right direction.

You can try it right away (no signup) at [infra.new](https://infra.new).

The agent has access to custom tools we built to help it catch many of the edge cases you’ll hit when prompting OpenAI / Claude directly.

Capabilities:

* Real-Time Cost Insights: See estimated costs as you update your Terraform configuration.
* Up-to-Date Docs: The agent automatically pulls in the latest Terraform docs before every code change
* Code Checks Built In: A language server flags errors and feeds them back into the model for fixing
* Expert Human Examples: Our agent pulls code snippets from expert human-written examples
* GitHub Integration: Import your existing Terraform, see what it currently costs, ask the agent to look for optimizations, then export any changes back to GitHub

I’d love to hear your thoughts!

https://redd.it/1ienhxb
@r_devops

White label PM system

I offer white label SEO services and I need a better system to manage my “sellers” who have clients under them. Any recommendations? Thanks!

https://redd.it/1ienjwh
@r_devops

Sonarqube Developer to on premise Azure DevOps Server unable to find valid certification path to requested target

I started a Sonarqube Developer instance using the docker image:

sonarqube:9.9.8-developer


On the other hand I have an on premise Azure DevOps Server 2020.0.1 (Dev18.M170.8).

This Azure DevOps server runs on https, and it asks for Windows Integrated Authentication.


Sonarqube configuration:

In Sonarqube, I go to Administration > Configuration > DevOps Platform Integrations, and I add an Azure DevOps configuration:

Azure DevOps URL: https://ourServer..com/ourCollection/



Certificate configuration:

In the browser, I went to https://ourServer..com/ourCollection/ and I have exported the certificate to: myAzureDevOpsServer.crt


Then I've imported that certificate into the docker container Java Truststore, with this command:

keytool -import -trustcacerts -alias devops-cert -file myAzureDevOpsServer.crt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit


I've checked that the certificate was imported.



Behaviour expected:

Sonarqube retrieves the information about the projects in the Azure DevOps Collection.


Actual behaviour:

In the docker container logs I get:

2025.01.31 22:10:25 ERROR webAZS+X3ieDsjXs89xAABBo.s.a.c.a.AzureDevOpsHttpClient Unable to contact Azure DevOps server for request https:/ /ourServer..com/ourCollection/_apis/projects?api-version=3.0: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target



I'd appreciate any help. Thanks.

https://redd.it/1ier4jt
@r_devops

Managing Azure Policy with IaC at scale (Discussion)

Hi guys, curious to know what methods out there in the wild you're using to manage Azure Policy deployment via Terraform?

Especially for enterprise environments where you have multiple policy assignment scopes, management groups, subscriptions, resource groups.

Whilst using built in and custom policies and policy initiatives. I'm currently architecting a solution for Azure policy governance at scale with Terraform, and keen on knowing the various approaches out there !

https://redd.it/1ierpkn
@r_devops

How much software development should I be able to do?

I've never been able to figure this out. What level of software development experience should I have for a typical Platform engineer job? Usually when I write code, it's just Python or PowerShell, and declarative languages. I don't think I could write a fully working piece of software myself, but at this point I'm not sure how to get to that point without a CS degree. Everything else I learned from KodeKloud and lots of lab time. My background is as a systems engineer though, so obviously not as smart or talented as a SWE.

https://redd.it/1iet8jt
@r_devops

Do you think we are doing Blue-Green deployment?

I've been reading and watching blue-green deployment solutions on different webistes as well as youtube. The more I watch and read different articles, the more it's telling me that our implementation does not do blue-green deployment.

This is the process or flow of ours.

1. Spinnaker creates ASG(let's name it A), load balancer and EC2 instances are created based on the ASG launch template

2. If developers wants to make a new deployment, they update their git project and submits a merge request

3. Spinnaker creates a brand new ASG(let's name it B). It DOES NOT create a brand new load balancer. EC2 instances are launched from the new ASG which is B

4. If the applications on the freshly deployed EC2 instances(created by ASG B) is healty, all freshly deployed EC2 instances are registered to the LOAD BALANCER

5. Previous EC2 instances deployed by "ASG A" are deregistered from LOAD BALANCER and are TERMINATED.

Based from the articles I've found and read, BLUE-GREEN deployment does not deploy everything right away and does not terminate resources right away. It's like percentage based. However, our BLUE-GREEN deployment terminates all the previous resources right away when fresh deployment is healthy.

Otherwise, when freshly deployed EC2 instances are not healthy, it doesn't get registered to the LOAD BALANCER nor the current running EC2 instances are terminated.

Is ours considered a BLUE-GREEN deployment?

https://redd.it/1ieuckd
@r_devops

How can we factor non-standard things in terraform deployments

Like if some NW parameters is set allowed for all connections but terraform will allow deployment. So how can we avoid it trigger this beforehand.

https://redd.it/1iex3c6
@r_devops