Help Deploying OWASP ZAP on Kubernetes and Linking to GitLab CI

I’m integrating OWASP ZAP into my CI/CD pipeline and have been asked to deploy it on Kubernetes and connect it to GitLab CI. However, I haven’t found relevant documentation on how to properly set this up.

Has anyone done this before or found good resources to follow? Any guidance or examples would be greatly appreciated!

https://redd.it/1izfeuv
@r_devops

Guidance

Hello All,

I have been learning about Cloud and Devops for last 5-6 months and have built 3 applications.
I have built Java API application which connects to Azure Cosmos DB and is deployed on AKS/ Azure Web App using Azure Devops.

I have followed the same process to build and deploy a Node.js and python application. For IAC I have used bicep.

I have been searching for a job change and have been unsuccessful so far. I request you to help me provide your experience and guidance on to which other skills I need to learn in order to stand out and atleast be selected for an interview.


Thank you for all the help in Advance. Looking forward for your help.

Thank you 🙇🏻‍♂️

https://redd.it/1izgdri
@r_devops

Does anyone knows about ComplianceAsCode project, and and if it is easily upgradable ?

I've been assigned to an old project that is using the framework "ComplianceAsCode" in order to write structured documentations. This project has been kept "as it is" since 0.1.58, and today, we would like to renew it and be able to come back to current version which is 0.1.76.

I'm searching for some advice, does anybody knows about this project ?

https://redd.it/1izfy2j
@r_devops

Flexible rate limiting on applications that have none

We have some .net IIS applications sitting behind ALBs that do not have a concept of rate limiting. They are not getting upgraded to core anytime soon. There are features built into IIS, but it would be a redeploy everytime we want to change something. It's also IP based which is a non-starter because some customers have multiple accounts coming from the same IP. Ideally, we'd want to crack the bearer token and get the ID of who sent the request. Than we can set rate limits for big vs small customers.

What have you seen that's effective? Googling today it looks like either nginx was some lua scripting to redis or something like kong gateway whose price is...prohibitive. There look to be some creative solutions with isto, but being these are all EC2 instances and not containers I am not confident how that would work.



https://redd.it/1izjqob
@r_devops

AI agent creates a terraform devops project on AWS

I used Gemini 2.0 flash thinking to create a devops project from scratch. I used Roo vscode extension, gave it an advanced/detailed prompt. Got it to download & study docs, write terraform code, fmt, validate, fix all errors, till success 🎉

I'm a gray devops beard (if I had one!), and not much into making videos. Let me know how to improve or what you'd like to see (AI + devops)

https://youtube.com/watch?v=9ltORvpb57o

https://redd.it/1izkn10
@r_devops

What can your Lead do to make your life better?

I am newly promoted to Lead DevOps Engineer, and it came unexpected. I am running through my head ideas of what I can do to make the place better for my team.

Here's some thoughts:

1. Minimize context-switching and unexpected requests.
Our developers usually DM us on Slack with their issues/ideas, and this involves constant context-switching for our team members, when you're in the middle of something else.
I am planning to require Jira tasks for all requests to DevOps, so we can have visibility of the requests (no information hidden in DMs), and we can triage them so they turn from unplanned work to planned work.

2. Improve documentation
We will soon have a young new colleague on the team, and I want them to have clear documentation on processes, guidelines, and troubleshooting guides to refer to. This would also be beneficial for knowledge-sharing even among the experienced team members.

What else do you think can be done to make your life better professionally?

https://redd.it/1izlty0
@r_devops

Looking for a Free Tech/Cloud Course Available in Europe

Hey everyone! I'm searching for a free online course similar to Generation, but one that I can join from a European country. Unfortunately, Generation requires proof of residency, so I’m looking for alternatives that offer training in tech, cloud computing, or IT-related fields without strict location requirements.

If anyone knows of such programs—whether from companies, nonprofits, or government initiatives—please let me know! Any recommendations would be highly appreciated. Thanks in advance! 😊

https://redd.it/1izk8cl
@r_devops

Platform Engineering Fad?

Thoughts on platform engineering?

Specifically, has having a team empowered to build tooling working out? Or do you think its just a rebrand of DevOps? Has it paid off, or not so much?

If PE means having a team focused on improving developer experience and removing friction and toil from various DevOps tasks, then I'm a big believer.

( I work at Pulumi and am working on some platform engineering best practice documents, but looking for wider opinions. )

https://redd.it/1izpca1
@r_devops

job offer - advice

Hey all.

Support Engineer here. Applied for an internal DevOps role and have just been offered the gig. I’m delighted as it allows for my career progression. I have been unofficially taking on more DevOps related work and slowly stepping away from help desk in the last 12 months.

Here’s the thing. There is no change in compensation. This has stumped me slightly as I have been putting in the hours to show my worth.

What would you do in my position?

https://redd.it/1izquw8
@r_devops

Please advise how best to set up a CI/CD pipeline?

I am developing an application consisting of a frontend and a backend (API that interacts with the database). Nginx is used for reverse proxying. Deployment is performed on a single VM in Azure, and Azure Container Registry is used to store containers.



The main idea is to automate deployment so that the frontend and backend are in separate GitHub repositories, but run on the same server with a common Nginx.



My current idea is as follows:

1. Backend - when changes are pushed to the repository, GitHub Actions is triggered, which builds the image and publishes it to the container registry.
2. Frontend - similar to the backend, GitHub Actions builds the image and uploads it to the container registry.
3. Common deployment repository - stores docker-compose.yml, which describes all services: frontend, backend, database and Nginx. It also contains nginx configuration

When updating frontend or backend images, containers are restarted with new versions.



Is there a better way to do this? I would appreciate it if you shared your experience and advice.



P.S. If anything, excuse me for my English :)

https://redd.it/1izscik
@r_devops

Sandboxing tools/best practices?

I'm curious how other developers are using API sandboxes in their workflows. Do you mostly use them for testing third-party integrations, mocking internal APIs, or something else entirely? Also, what are your biggest frustrations with existing sandbox environments?

For context, I’m researching the best sandbox tools for APIs. If you have recs on those, im open to it!!

https://redd.it/1izrkd5
@r_devops

How are you separating iac from dev resources?

Hi all!

I'm trying to figure out the best way to decouple a terraform mono repo from things that devs need to interact with.


I've been bootstrapping a project and I'm finally bringing in some devs. So far I've had a frontend repo and a backend repo with my IAC and some micro services.

I have multiple dockerized app directories that are built and deployed into ecr/ecs through a github action. Terraform handles the networking, creation of ecr repos, service and task definitions dbs etc. That action can be broken up easy enough.

But once I have each of these docker apps in their own repo it's not difficult to have an action that just handles the deployment of that container. But if they want to make changes to cpu and memory then I start getting into terrafrom sprawl that I don't want.

Then there's Lambdas. Which is what I'm having the most difficulty figuring out a happy medium on. If there's multiple lambdas spread out across repos for their respective projects that becomes pretty hard to keep track of. The permissions that I create for those lambdas through terraform are probably going to have a different state if a dev changes something along with all the other changes they make to code etc. The only thing I can think of that makes this doable is giving ownership to the lambdas that devs need to interact with to the devs. Then importing the function as an existing resource from staging prod branches for a deployment?

This list goes on, but how do you handle breaking up resources that devs will need to alter, allowing them to dev local and in the cloud for say dev tagged resources but still integrate those resources where needed in iac without going on a goose chase throughout repos?

Maybe having smaller tf projects/modules in those repos as well that handle changes to resources through a json for cpu etc and pulls those variables in when pushed and built? Then the master IAC repo which builds all of the repos modules for a prod build?

Hope this makes sense. But advice on separation of concerns with unified deployment would be greatly appreciate.

Thanks!

https://redd.it/1izu7ct
@r_devops

Old tech or New tech

I did an interview and it was about tools that I had no experience with.
They were using AWS just for servers, and they had legacy monolithic applications, using Jenkins and so on.

And after the technical interview, I gave the interviewer an honest opinion about the choices they made, running jenkins, no IaC, no Ansible, and why they would migrate the workloads to Kubernetes.

It got me thinking, and I have a question for all of you.

Would you use old technology just because you have been doing it for years and are lazy to learn something new, or would you spend some time learning new tools that will simplify your near future tasks.

It came to the idea that C is one of the most used programming languages. Sure, it is, but mainly because the computing power was something to think about carefully.

Would you start a new application in C? Would you trade the "efficiency" that C gives for simplicity, speed of development and all the new features that Go for example has (as a new technology)?

Personally:
- New tech will save you a lot of time, not only in developing or working with it, but you will not spend all day debugging it.
- It might have some computational overhead, but does that really matter to most companies (except those on embedded systems)?
- I see systems or applications as a package (or container), I do not care what it has inside, all I care is what integrations it needs and what is its architecture.

P.s : If you think "devops is not about tools, is about bla bla bla", go and post it on Linkedin, I do not want to hear your comment.

I would rather use a simple tool that has no bugs, good documentation than a fast tool that gives me a headache and I have to debug it all day to find out what is wrong.

https://redd.it/1iztukl
@r_devops

Which department should the DevOps team report to?

We're hiring our first DevOps engineer, and my manager suggested placing DevOps under the VP of Operations instead of R&D. To me, that sounds completely bonkers. What's the common practice?

https://redd.it/1j023j0
@r_devops

Announcement: New release of the Jailer database tool has been published

[Jailer is a tool for database subsetting and relational data browsing\](https://github.com/Wisser/Jailer).



It creates small slices from your database and lets you navigate through your database following the relationships.Ideal for creating small samples of test data or for local problem analysis with relevant production data.



* The Subsetter creates small slices from your database (consistent and referentially intact) as SQL (topologically sorted), DbUnit records or XML.Ideal for creating small samples of test data or for local problem analysis with relevant production data.

* The Data Browser lets you navigate through your database following the relationships (foreign key-based or user-defined) between tables.



Features



* Exports consistent and referentially intact row-sets from your productive database and imports the data into your development and test environment.

* Improves database performance by removing and archiving obsolete data without violating integrity.

* Generates topologically sorted SQL-DML, hierarchically structured XML and DbUnit datasets.

* Data Browsing. Navigate bidirectionally through the database by following foreign-key-based or user-defined relationships.

* SQL Console with code completion, syntax highlighting and database metadata visualization.

* A demo database is included with which you can get a first impression without any configuration effort.



https://redd.it/1j02y4g
@r_devops

How do you manage dependency updates?

Hey guys!

We have multiple projects at work and we usually use dependabot to manage package updates. However for a time we had to pause it for various reasons.

We're now updating our packages. Some of the updates are major, the majority being minor while a few are patches.

The thing is, its very time consuming going through them all and the thing with dependabot is, it creates a PR (which we have so many of) but the process is still very manual.

I was wondering the following:
- Do you use dependabot, renovate or something else?
- How do you manage so many dependabot PRs?
- How have you handled breaking changes in your project due to dependency updates?

I'm curious to know how teams handle this issue or what could make the process less painful.

Thanks in advance!

https://redd.it/1j02ka6
@r_devops

Where should I store images for my live website? (Using MongoDB, need a cost-effective solution)

Hey everyone,

I’m running a live website and need a good way to store product images. I’m using MongoDB as my database and will be uploading around 6-8 images per month (so not a massive load).

I’m also trying to figure out where to deploy both my backend and frontend while keeping costs low. Ideally, I’d like a setup where I can handle image uploads and storage efficiently.

Some questions I have:

Should I store images directly in MongoDB (GridFS) or use something like S3, Cloudinary, or Firebase Storage?
What’s a good place to deploy my backend (Node.js/Express)? Cheap options?
Same for the frontend (React) – where should I host it?
Any cost-effective ways to handle image uploads?

https://redd.it/1j04efw
@r_devops

Sonarqube token not working?

Hi - I recently found out about redcoffee, a tool which allows you to generate Sonarqube reports free of cost (here), but when I use it it responds with a 401 non-authorized error code. I tried regenerating the token, it works for other stuff but not redcoffee. I tried with a project token, a user token, and I'm an admin. I contacted the author of the tool, who's pretty active on Reddit, but they could not find out why. Any ideas? Thanks!

https://redd.it/1j03sxv
@r_devops

Some projects on Docker for Self-learning and Resume

I am learning about Docker for containerization. I did sample projects like deploying 2-tier, 3-tier apps on containers. Tell me some unique projects that you made in Docker and also helpful in getting better knowledge of topic.
It would be much appreciated if you share some explainable summary for project too :).

https://redd.it/1j06g71
@r_devops

Delete variables in many variable groups?

Hello everyone,

I'm new to DevOps and trying to learn the best way to approach this task.

I have 20 pipelines, and each pipeline has variable groups containing hundreds of variables. I want to delete a specific variable from any pipeline that is using it.

What is the easiest way to do this without manually checking each pipeline to see if the variable exist?

Azure DevOps

https://redd.it/1j07sl1
@r_devops

Creating docker image for my Laravel application to deploy on AWS ECS. Do I still need nginx?

So I have a PHP Laravel application I am planning on comtainerizing and deploying on AWS ECS. I have only ever deployed on a single VPS before, and configured nginx as a reverse proxy to my php-fpm process and use it to manage SSL certificates. Now that I am trying to containerize my application my original thoughts would be to simply containerize the PHP application and expose the php-fpm process porn out of the container and use AWS load balancer and certificate manager to essentially replace nginx. However I keep reading that I should still put nginx between my php Laravel application container (or include it in the docker image) and the AWS load balancer, but I don't exactly understand why?

https://redd.it/1j0a8u0
@r_devops