Where I start in Devops?

Good day, I'd like to know how I would start on the path of DevOps. I'm already doing some hybrid apps but have trouble with deploying backends that cause me to do additional steps. I'd like to learn to do CI/CD but not sure where to start or how I would approach my learning.

https://redd.it/ff9n64
@r_devops

How do you manage whitelisted IPs for docker instances?

I’ve recently been converting some of our apps to be run in docker with dynamic scaling of sorts.

All of our apps connect to a mongodb server hosted with a different provider. I was going to change authentication from whitelist to user pass to solve this issue but thought maybe someone else has solved this before.

How are you whitelisting dynamic instance ips to your database server?

https://redd.it/ffr4g6
@r_devops

GKE Cluster Management Fee

GCP announced recently that they are going to begin charging a cluster management fee for GKE starting on June 6th. This seems a bit like a bait and switch to me as many developers migrated there specifically for cost. Do you think this is likely to make developers trust Google Cloud less? AWS has always lowered prices which is in stark contrast to this move by Google.

I wrote a bit more about this and other announcements here: [https://thisweekindevops.com/2020/03/09/weekly-roundup-march-9th-2020/](https://thisweekindevops.com/2020/03/09/weekly-roundup-march-9th-2020/)

https://redd.it/ffttpb
@r_devops

Which file format to use to represent graph data structure.

Hey,

We have a tool at work where we use a graph-like structure to describe the relations between different objects which we import is in custom software to provide some actions.

The configuration structure looks like that:


Root
├── Objects
│ ├── objectA
│ ├── objectB
│ └── objectC
└─── Machines
├── MachineA
│ ├── objectA
│ ├── objectB
│ └── MachineC
├── MachineB
│ └── objectB
└── MachineC
├── objectA
└── objectD

So at the moment, we represent this with a huge unreadable json file which the json is like

{
"Root": {
"Objects": {
"ObjectA": {
"id" : "1",
"attr1": "x",
"attr2": "y",
"attr3": "z"
},
"ObjectB": {
"id" : "2",
"attr1": "x",
"attr2": "y"
},
"ObjectC": {
"id" : "3",
"attr1": "x",
"attr2": "ss"
}
},
"Machines": {
"MachineA": {
"machine_id" : "1",
"attr1": "ssx",
"id" : "4"
},
"MachineB": {
"machine_id" : "2",
"attr1": "rre",
"id" : "5"
},
"MachineC": {
"machine_id" : "3",
"id" : "6"
}
}

}
}

*This is a very simplified version because normally we have many other objects i.e Location, MachineOfMachines etc..*

Some context..

The situation at the moment is that when we want to edit the configuration (add,rename objects or edit attributes values) we have to generate the id logic which this messes up completely the whole id structure, therefore, even with a small change the diffs of new generated json files with the old ones are very confusing and unreadable. i.e If you want to change the ObjectC to ObjectCA it will generate the id of ObjectC to a new one and also the Id of the MAchines that are related with that. (Dont ask why, LEGACY :) )

..

Now, what I want to do is to create a simple text config without unnecessary info (i.e ids) so the user will have to edit only the necessary parts and the rest will be taken care from a parser.

In this case.. I am thinking to represent this config as a Graph and translate that to a much simpler text config file..

What file format do you recommend? TOML? JSONLines? Anything else? Also other recommendations/comments on my approach are welcome.

​

Cheers

https://redd.it/ffxt6g
@r_devops

How can I access my OpenShift Containers on a Private Subnet over the internet on a single AZ?

I can't use ELBs because it requires more than one Availability Zone. Can I use NGINX? How would you guys do a solution like this?

https://redd.it/ffz5v0
@r_devops

cloud-init: pause before mounting drive

I am trying to get cloud-init to pause before mounting / formatting my EBS volume. I was hoping these modules ran sequentially but it doesnt seem like they do. any help or advice?

In the below scenario I'm trying to make cloud-init wait for me to write a file. In the future, this would be a more sophisticated check but I am just trying for something I can control to validate it works.


This is implemented via terraform:

```hcl
part {
content_type = "text/cloud-config"
content = <<EOF
runcmd:
- while [ ! -f /tmp/sleep.txt ]; do echo "WAITING" && sleep 1; done
mounts:
- [xvdz, /ebs, 'auto','defaults,nofail','0','0']
fs_setup:
- label: None,
filesystem: 'ext4'
device: '/dev/xvdz'
partition: auto
EOF
}
```

https://redd.it/fg0ddl
@r_devops

Hashicorp Vault -> Azure Key Vault Migration

Title.

Is there any way to do this securely or "natively"? I can't seem to find a tool or mechanism that can do it, and [this Stack Overflow post](https://stackoverflow.com/questions/54744351/how-to-export-vault-secrets-as-zip-file) seems to suggest that it doesn't exist.

What are my options? Is there anything to be done other than exporting the secrets manually or through a script and recreating them in Azure Key vault? If that's what I have to do it's okay, just want to make sure there's not something I'm missing.

https://redd.it/fg4gyh
@r_devops

Creating a private, commercial Docker registry

Bit of a niche use case, but a nice walkthrough on how to create (and operate) a private docker registry:

https://www.mikeperham.com/2020/03/09/creating-a-private-commercial-docker-registry/

https://redd.it/fg72k7
@r_devops

Linux to Windows Deployments

Question, How are you guys doing deployments to windows from linux machines?

We had a chef server and used knife winrm, but since chef server is now gone, im having issues setting this up on another subnet.

There was a proposal for installing powershell on linux since it would be fully supported on windows. But the linux support folks dont want that.

There was a proposal for just enabling SSH on the windows servers. But apparently they are too old and would need an update first.

&#x200B;

So just trying to see. Whats being used with minimal to no set up for linux-windows activities.

All i really need to do is log on or remotely access the server, wget something, unzip something, and get out. Nothing crazy.

\*everything being launched from Jenkins

https://redd.it/ffz4wy
@r_devops

Neat little vulnerability scanner for javascript apps

Hey y'all. I found this free scanning tool on my travels on the internets and thought this group may find it handy. It seems like a step up from `npm audit`. Cheers.

[AuditJS](https://www.npmjs.com/package/auditjs)

https://redd.it/fg1smb
@r_devops

EdgeMesh: Bringing the Service Mesh from DataCenter to Edge



Now more and more people are using Kubernetes to orchestrate containerized workloads and using Service Mesh to manage service communication. And Kubernetes and Service Mesh mostly rely on the data center network, in order to achieve efficient service discovery and communication.

But in scenarios of edge computing such as Manufacturing and AutonomousDriving, the work nodes often distributed in various decentralized areas. In this case, the services can't communicate directly, the connection of node to node and node to control plane is also very unstable. This indeed caused troubles: services cannot communicate with each othe and cannot achieve stable DNS resolution.

how EdgeMesh designed for edge scenarios:

1. DNS resolution achieve at the edge even if the connection to the control plane is lost.
2. Services Across Subnets can communicate with each other.
3. Edge gateway is introduced to serve external requests.

How Does it works?

[https://github.com/kubeedge/kubeedge/blob/master/docs/proposals/edgemesh-design.md](https://github.com/kubeedge/kubeedge/blob/master/docs/proposals/edgemesh-design.md)

https://redd.it/ffu7u3
@r_devops

Centralized configuration ?

What do you think about centralized configuration management in microservices
and tools like Lygeum configuration server ?

https://redd.it/ffvtdg
@r_devops

how to migrate all tmux sessions from one remote machine to another remote machine

how to migrate all tmux sessions from one remote machine to another remote machine

https://redd.it/ffuf25
@r_devops

zero to devops

hi community!

i am looking to switch/make jump to devops role and currently was a quality management professional with good understanding of programming in a completely non-technical position for 2years

kindly suggest what and how do i go about it!! would be tremendous help!

https://redd.it/ffx9f1
@r_devops

How to Deploy to Storage account in Azure for CDN

Hey guys! We are trying to use Azure CDN. In our current infrastructure,we use teamcity and Octopus Deployer.

We would like to deploy the content to Azure Storage so that from this storage,we can make use of the CDN. Octopus doesn't have a supported template for it.Although there's a community template but it isn't of much use for us.

Can anybody help on how we can achieve this?

https://redd.it/ffq79d
@r_devops

Electron react boilerplate - Electron Release Actions

I am looking for a Github workflow that will build the electron application for MacOS, Linux and windows and store artifacts in a Github release.
This seems like a common use case, especially since Electron apps support auto updating. Has anybody made this work for the this template rpeository ([Electron React Boilerplate](https://github.com/electron-react-boilerplate/electron-react-boilerplate)?

https://redd.it/fgbyw0
@r_devops

Windows NT ok k8s

https://github.com/meyskens/k8s-winnt

I have no words.

https://redd.it/ffugr7
@r_devops

Treat servers like cattle, not pets

Can someone help me explain what exactly this means in DevOps?

https://redd.it/ffp9lx
@r_devops

Which OS for Kubernetes in 2020?

We are evaluating at the moment which Operating System we should use for new Kubernetes Clusters. After the changes in the CoreOS environment we are not sure if we should move on with this OS..

For us it would be important that the Distro is maintained for long time or has the ability like CoreOS to be updated seamless. Also should the Distro be complete Open Source..

As alternatives we have so far allocated the following:

\- [Clear Linux](https://clearlinux.org/)

\- [Talos](https://www.talos-systems.com/)

\- Debian

What's your opinion? Which OS for Kubernetes are you using and what do you think where the journey will go in the next years?

https://redd.it/fgghrj
@r_devops

Two Important AWS Security Rules to Remember

So there are a ton of rules, gotchas, principles, and catch-22's when it comes to cloud security on AWS. At times it's like trying to keep bugs out of a 100 room building where doors and windows HAVE to be open for people to move about. Well, here's a post about two important AWS security rules to remember. No, these aren't the only two to know, but yes, they'll clarify your role in cloud security and help you to understand how to think about it.

[Two Important AWS Security Rules to Remember](https://start.jcolemorrison.com/two-important-aws-security-rules-to-remember/)

https://redd.it/fghcz3
@r_devops

Software chain of custody and compliance

What tools, systems, or practices do your teams use to automate the software chain of custody that can satisfy HIPAA and CJIS compliance? What kind of constraints exist in your build and release processes to ensure segregation of responsibilities?

https://redd.it/fgl976
@r_devops