CI Tool Research: Pros/Cons

This is a bug-bash type thread! Name the CI tool you use(d) (Open Source or Vendor, doesn’t matter), your experience with the tool (time and level of usage), pros and cons, and any features or fixes you’d love to see

https://redd.it/fqnjmq
@r_devops

Suggestions for Collaborative Projects

I was wondering if anyone had ideas for fun or interesting collaborative software development projects to do? The idea being if people are quarantined or working from and would like to work with others for learning and development purposes they could try one of these projects as a group to build some working software with various technologies they might not be familiar with.

https://redd.it/fqn8rx
@r_devops

closing the gap on k8s

I have started a position recently where they use K8s, early signs is that the team does not know enough to be proficient, they folk i work with are super honest that they don't know what they don't know, is there any gap analysis that could be done? anyone here ever done that? i looked on stackoverflow and a few other places but i also dont know enough on k8s to know what to be asking.

https://redd.it/fquqpz
@r_devops

Chromebook management with code?

I'm interviewing for a Client Platform Engineering job, where the company is 80% MacOS and 20% ChromeOS/Chromebooks.

I am very comfortable in the modern MacOS management world (old-school stuff like Jamf, open source tools like MicroMDM, Munki, Santa, Sal, Chef, etc). I could talk for hours about managing Macs with Infra-as-code tools.

On Chromebooks, however, I know basically nothing. The company already knows my Chromebook experience is at 0, and they are willing to interview me anyways, but I'd still like to show that I can do my research.

Are there any open-source tools for managing enterprise Chromebooks? I see Google has [some sort of API](https://developers.google.com/admin-sdk/directory/v1/guides/manage-chrome-devices) for it, but I don't really see anything like [MicroMDM](https://github.com/micromdm/micromdm), [Munki](https://github.com/munki/munki), [Sal](https://github.com/salopensource/sal), or other tools.

If they don't exist yet, that's fine too. I'm kind of preparing for a question around "how would you manage Chromebooks in a modern way, planning for scale & automation, using infra as code?" I just want to be able to talk some high level theory.

https://redd.it/fqx06n
@r_devops

What is the terminology of the cloud-based technology im developing for my dissertation?

Hi guys,

This may sound like a silly question, but for my dissertation I have been working on a tool which sits across several Rasperry Pis to create a layer of abstraction

Key Features:

\- DNS / DHCP

\- Pub/Sub Broker

\- Reverse Proxy ( can speak to nodes via [domain.com/node-01](https://domain.com/node-01) and [domain.com/node-01/deployment](https://domain.com/node-01/deployment) )

\- RESTful Deployment API ( Basically just a wrapper for docker-compose )

\- RESTful Repository API (Baiscally just a wrapper for git )

\- Reporter ( Currently only reports resource usage )

\- Public Key Store ( Just a database which stores public keys associated with mac address )

\- Leadership Election ( dynamically elects the head node and detects if it goes down to replace )

Security:

\- MTLS (from outside to proxy)

\- JWT for authorization and authentication ( inside the cloud using RSA keys )

From my limited research, I feel it sits at a lower level than kubernetes as it doesn't feature actual orchestration - Its designed for 3rd party developers to use the APIs and produce a system akin to kubernetes. But im not too sure what terminologies I can use to find similar systems and write a comparitive research project on this system.

Kind regards,

A student out of his depth

https://redd.it/fqwit6
@r_devops

Looking for a tool to intelligently handle notifications produced from automations

Looking for a tool for handling notifications that are produced by platform automations that my team and I are responsible for. These automations produce various types of alerts (e.g., job completed, security alerts, error in automation, etc.). The consumers of these notifications are a combination of hardcoded e-mails and database lookups from the event context. As such, there are many limitations that we're coming up against using this approach.

We're looking for a tool that can:

* We can send all these events to an "event hub."
* Consumers of these events can subscribe/unsubscribe from certain types of events
* Consumers of these notifications can customize which alerts they want to receive (and where) based on the context of the event (something like criticality\_level > HIGH)
* Allows multiple delivery channels, such as e-mail, Slack, Teams, Webhook
* \*Bonus\*: Notifications can be enriched using other data sources, such as a SQL DB or an API.

Things such as PagerDuty come to mind, but I've never used it. Is this a viable solution? Any other suggestions?

Thanks!

https://redd.it/fqmc1t
@r_devops

Using Azure App Service vs Azure Kubernetes

Is there and advantage to using azure app service with docker container over azure kuberenetes? In the container we can use workers on the gunicorn to scale the app while in AKS we can scale it the kuberenetes way.

I just wonder if there is any situation where you should go for one not the other except in terms of price?

https://redd.it/fqhsrv
@r_devops

Quick Help with Postman!

Hello! I am very new to this area and have a quick question that can hopefully be answered. I can elaborate as much as needed. Essentially I am trying to run a test in postman that grabs data from the body in a get response to put it in another test. I have tried creating an environment variable but have been messing those up hahaha. Here is a picture that should clarify my question. [https://imgur.com/a/2cn8XXD](https://imgur.com/a/2cn8XXD)

I want to categorize the ID from the body from my get request to my delete request so I don't need to replace the ID every time I invite a user.

https://redd.it/fqgrsr
@r_devops

Video tutorial on DynamoDB Local Secondary Indexes from digital cloud training

Do you find DynamoDB Local Secondary Indexes and Global Secondary Indexes to be a confusing subject? If you do - you're not alone! In this video tutorial for the AWS Certified Developer Associate, I deconstruct these complex subjects. You'll learn what they are, when to use an LSI or a GSI and practice actually creating and using them.

[https://youtu.be/yK6VkDOJ2SY](https://youtu.be/yK6VkDOJ2SY)

https://redd.it/fr2ra1
@r_devops

Master's thesis on DevOps practices

Hi, while everyone is at home please help with a master's thesis on DevOps practices. The questionnaire is for DevOps engineers working for companies.

[Google Form](https://docs.google.com/forms/d/e/1FAIpQLSdInoo9rt0F2AT16Bv_jXSbe0V2HhUyecc6S00_icLID-dCEg/viewform)

Thanks a lot.

https://redd.it/fr4t4y
@r_devops

Unbiased reviews of CodeFresh

We are making the switch to Kubernetes this year, and we are currently setting up a self-hosted Jenkins/ArgoCD combination for doing builds and deployments. It works pretty well so far, although we still have a lot to do such as secrets management and preview/pull request environments. We chose Jenkins for now because we know it well and make a prototype of anything in it pretty fast, but it has its own set of disadvantages such as lack of high availability and difficulty configuring it as code.

CodeFresh looks interesting as a managed alternative here and seems to support all these things. However I'm having a hard time finding any reviews of this system that have not been written by employees of this company. I'm wondering if there are folks here who have experience with this system, or perhaps found good reviews of actual users of this system?

https://redd.it/fr7cx4
@r_devops

Starting in AWS DevOps

Currently 2 years out of college with a cyber degree and currently an analyst but I’ve decided i’m going to change my course

I think I know the skills and knowledge I need to build for the DevOps route - networking, python & bash, docker, ansible, kubernetes, AWS architecture and how it all applies (criticize or add to this list if need be)

But in terms of certifications, I know Solutions Architect is definitely a must to get a grasp on AWS as a whole...but would SysOps or Developer be more beneficial to the DevOps route? I would take both but I feel it would be best if i took just one and invested more time in learning the skills above

https://redd.it/fr6kd2
@r_devops

What tools are you using to monitor and debug istio other than kiali



https://redd.it/fr5vs6
@r_devops

Is it bad practice to use a config file for user-related permissions?

I have a website. I want to allow certain requests to be made, based on what somebody's username is. So basically before the request is made I will check to see what group they are in, and either allow or deny the request. I will be checking a config file with different usernames/groups listed out. Is this bad practice?

There actually is a relevant distro group available. I did struggle to access this distro group though... let me explain why.

The website architect is that there are three separately deployed repos. An authentication repo (login for when you visit the site). A front end repo. And the backend repo (makes the requests and returns the response). This authentication repo also currently checks a distro group permission. If the permission fails then the site doesn't load at all.

The problem is I'm looking to use distro groups in a much more granular way (for example if you're in one particular group, you can't make one specific request out of many, or can't click one particular button). I asked the devs of the distro group how I could make granular website modifications based on distro group membership. They said in my front end repo I should add code such as

*make request to distro group*
if user is part of distro group:
show additional button / functionality
else:
hide the button / functionality

This made sense to me but I was not able to make the request to the distro group from my front end package. This was attributed to the fact that the website setup involves three separately deployed packages. So all the authentication/distro info was in my auth repo, but I couldn't get it in the front end repo where I needed it.

So after a lot of struggle I gave up and just went with the config file approach.

https://redd.it/fr2w82
@r_devops

Does a distributed filesystem have to consist of multiple filesystems located on different computers?

Does the concept of a distributed filesystem require a distributed filesystem to consist of multiple filesystems located on different computers?


Does an NFS filesystem consist of only one filesystem? (See [the diagram](https://i.stack.imgur.com/YTsOy.png))

If yes, is an NFS filesystem a distributed filesystem?

Thanks.

https://redd.it/fr3mri
@r_devops

SRE — Dissecting failure on reliability engineering

This is the #2 of a series of posts about thoughts, experiments and any other kind of what ifs and whatnots. Nothing here is bulletproof or carved in stone — just simple topics and tips to help everyone walk the walk.

[SRE — Dissecting failure on reliability engineering](https://link.medium.com/cOhz5WNMe5)

https://redd.it/fqxe16
@r_devops

What parts of devops is code you can post on Github?

What parts of devops is code you can post on Github? I am trying to understand if you can show how good you are at devops by posting code on Github. It seems like 70% of devops is just using tools, console scripting and code deployed to the Cloud, but that means you can't really post the stuffs you do on Github. Am I wrong? How so?

https://redd.it/frefag
@r_devops

Load Testing Caddy Web Server on a GCP F1-Micro Instance Using K6 (k6.io)

[https://devopsdirective.com/posts/2020/03/load-testing-f1-micro/](https://devopsdirective.com/posts/2020/03/load-testing-f1-micro/)

**TL;DR:** I used the [K6](https://k6.io/) load testing framework to benchmark the Compute Engine [f1-micro](https://cloud.google.com/compute/docs/machine-types#n1_shared-core_machine_types) and [Caddy web server](https://caddyserver.com/v1/). With CloudFlare caching turned off, the server was able to serve an onslaught 800 virtual users continuously reloading the page (while maintaining a median request duration of <400ms), but started dropping requests when increasing the load further.

https://redd.it/frewlv
@r_devops

Is testing automation part of devops?

Is testing automation part of devops? In my understanding, it's a part of it, but I am unsure what needs to be done to automate it. Let's say you are using Jest, Enzyme for unit and integration testing and Cypress for e2e. What are the tools you would use to automate it and is it all code or do you need to use console scripting and configure a cloud application too to make everything run at the push of a button?

https://redd.it/frgmnn
@r_devops

Github issue regarding Consul multi-dc service mesh support for Kubernetes

Please vote.

[https://github.com/hashicorp/consul/issues/7535](https://github.com/hashicorp/consul/issues/7535)

https://redd.it/frcman
@r_devops

What Slack structure and integrations are you using to support your DevOps adventure?

Where I work most of our notifications and alerts go through Slack, and it works as a primary source of information for everything except for critical alerts, those go through VictorOps.

We mostly use Datadog with its Slack integration, which also sends a message upon resolve. For appplication errors we track and alert via Sentry. Both messages from Datadog and Sentry typically goes to `#<appname>-alerts`. Slacks GitHub bot gives us status on Pull Requests, commits and issues to `#<appname>-notifications`. Jenkins also reports on successful builds and deployments to this channel.

Even though the platform/infrastructure is not an «app», it also has follows the same schema with `#infra-alerts` and `#infra-notifications`.

We use Pull Panda for Pull Request reminders, which is quite effectual.

Each team on the other hand structure their communication around the public Slack channels `#<teamname>-{status,support,social}` in addition to a private team only channel.

There are also two special channels which are just `#alerts` where critical errors are relayed, and it also works as a war room – and `#notifications` where the GitHub bot reports on commits to master on all projects, to broadcast a sense of company feature velocity awareness.

I'm interesting in hearing your experiences and thoughts, thanks!

https://redd.it/fraxz2
@r_devops