Test production deployment

I’ve been working on a personal project for about 6 months now and I’m in the final stages.

I’m deploying an application to a web server, and I’m using GCP for my deployment. What is the best way to do test deployment in a sandbox environment before deploying to my official web server?

The best solution that I came up with so far is to deploy the application on a separate VM, and analyze it before deployment. I chose that route because my nginx configuration automatically routes the ports 80 and the DNS route to the IP of the VM.

https://redd.it/k28be1
@r_devops

Newbie Question: Is kataconda based on kata containers?

Is this website: [https://www.katacoda.com/](https://www.katacoda.com/) using tech developed by this: [https://katacontainers.io/](https://katacontainers.io/) open source project?

https://redd.it/k2lh2t
@r_devops

cloudquery: open source tool to query and monitor your cloud with SQL

I recently open sourced cloudquery - [https://github.com/cloudquery/cloudquery](https://github.com/cloudquery/cloudquery)

This is an extensible framework that exposes your cloud config and SaaS application as a relational database, giving you the ability to query and monitor your infrastructure with SQL.

https://redd.it/k2nl7f
@r_devops

Terraform and ansible in the same GitLab repo for CI?

Hi everyone, I'm currently doing a ton of research on CI\\CD for IaC. My background is enterprise IT operations and I'm evolving my career into DevOPs.

I have some Terraform\\Ansible code that provisions VMs and creates an Active Directory domain. What I would like to do is have all of this code in one GitLab repo as a single repo. But I'm trying to understand if this is the right thing to do. I'm currently learning Gitlab CI and I'm not sure if its meant to handle multiple languages for testing. If any one can help me understand what is typically done in a scenario where Terraform and Ansible are both used together to create infrastructure and managed with GitLab that would be great!

https://redd.it/k2uvh4
@r_devops

Kubernetes Hpa limitations

I’m new to cloud and was wondering if someone can help me .


Kubernetes uses a threshold based mechanism which is reactive in nature.

Depending on the workload variation, do we have to change the threshold manually?

What are some instances which workload variation is there ?

Will forecasting resources ahead by analyzing the workload pattern solve the issue of manually adjusting thresholds?

https://redd.it/k2tj4h
@r_devops

Docker + NGINX + MariaDB + WordPress error. Please help.

Docker noob here.

I'm having issues running my NGINX reverse proxy with WordPress and mariadb.

I get the error:

Call to undefined function mysql_connect() in ......

Any ideas?
Am I not linking the containers accurately?

Link to docker compose yml image:
[Imgur.com/a/WnfAACM](https://imgur.com/a/WnfAACM)

https://redd.it/k30yi4
@r_devops

Best way to simulate an AZ outage?

I was thinking about this today in light of the recent AWS outage. I'm trying to.decide the best way to test if my application is as outage-resistant as I think it is. What's the best way to simulate an availability zone going down (without tanking other applications I don't want to test right now)?

https://redd.it/k2n4mq
@r_devops

Pentest & DevOps

With more frequent releases how often are your security teams performing a pentest? And how long does it typically take to get these scheduled?

https://redd.it/k2ohqh
@r_devops

How to install Istio with Terraform and use an existing ALB || ELB as istio-ingressgateway?

Hi guys,

currently I'm working on a small IaC project. I'd like to deploy an EKS cluster with atleast 1 auto-scaling group based on Spot instances and all other necessary components - autoscaler, cert-manager, metric-server etc. - installed.

I did all this but I've a problem with the Istio service mesh. Right now, I'm using istioctl to install Istio operator and then deploying a IstioOperator yaml with my settings which will roll-out Istio. Everything works fine, but the automatically generated ELB is a problem. If I want to destroy the cluster, Terraform will fail because it doesn't know about the ELB, which is created by Istio.

So I configured an ELB in Terraform but I can't figure out how to use this one now as my \`istio-ingressgateway\` service. I think I'd need to deploy Istio with the istio-ingressgateway as a serviceType \`nodeport\` but I'm not sure about what the needs to point where. Re-using already existent load balancers seems not to be that well documented.

So maybe there is someone who already achived this and can help me out.

Any suggestions or hints are appreciated :)

Kind regards from Berlin!

https://redd.it/k382tg
@r_devops

The ethics of Pull Requests, being the "Author"

Hi,

I wrote this blog post last week, maybe it could be interesting for this channel as well.

Link: [https://werner-dijkerman.nl/2020/11/21/the-ethics-of-pull-requests-being-the-author/](https://werner-dijkerman.nl/2020/11/21/the-ethics-of-pull-requests-being-the-author/)

Please let me know your thoughts about it.

Kind regards,

Werner

https://redd.it/k38xts
@r_devops

How to Install PHP 8 on CentOS 7/8

How to Install PHP 8 on CentOS 7/8

[https://tayeh.me/posts/install\_php8\_centos/](https://tayeh.me/posts/install_php8_centos/)

https://redd.it/k39p3l
@r_devops

[q] Shift left Pipeline - questions

Hey, I have a couple of questions :)

## Disclaimer

I am a developer, trying to wrap my head around 'modern' and 'not-gimped' CICD and devops - so in essence I want to understand 'best' practices without compromises; compromises comes later :)

## Questions

What is the point of diminishing returns?
I've found no good article on this. In theory, we can re-create almost whole environment on the dev machine - using docker, kubernetes and such. As I understand, if we take shift-left approach to the extreme, I can build, test, deploy to local cluster with monitoring and all. Two questions come to mind:

1. Why SHOULDN'T we be put everything in repo in executable form FIRST, and then iif something is infeasible to keep executable in project, move outside?
2. If this is possible, then why there is no tool for this? Is everything hand-rolled? Or no one is doing this?
3. With shift-left, it seems that I should be striving to make everything executable, so by that extension, the easiest way would be to include e.g. shell scripts executing tools on dev machine. Is this a correct approach?
1. This came up during my discussion with a colleague; why not have tools to check 'everything', e.g. linters for yaml; Dockerfile and such - executable on dev env and pipeline. I have yet to see a place that have such tests

https://redd.it/k2lxcj
@r_devops

Sending api request body to sentry

I was not able to sort api errors on sentry and was not able to get request body which Inwas sending. So How to send api request body with the error data I am sending to sentry?

https://redd.it/k2jknj
@r_devops

Open source/free registry recommendation

I'm looking for a registry that I can host on one of my linux servers. Aside from Verdaccio and Artifactory(not free), which would you recommend? I'd like to setup a lab here at home where I can build my own pipeline either using Jenkins or DroneCI, then once the artifact or package is built, it will publish it to the registry.

https://redd.it/k3lxzr
@r_devops

Coding interview equivalent for DevOps engineer?

Let's say I'm a company hiring a backend developer and a devops engineer.

After a phone interview, I'm going to give the backend developer candidate a 4 hour coding hackathon, so I can see first-hand how this person thinks and works through problems.

What is the equivalent of this 4 hour hackathon for devops engineers?

https://redd.it/k3hilj
@r_devops

How to authenticate Helm using token?

Im currently working on a project with helm and gitlabci,
i have docker executor in my gitlab-runner, so i use alpine/helm image to use helm command. The problem is that i can't connect to the cluster using --token=..., it said: "**Error: Kubernetes cluster unreachable: Get "https://10.0.0.4:6443/version?timeout=32s": x509: certificate signed by unknown authority**

[**34**](https://gitlab.com/nam.nguyen.tuan/test/-/jobs/876123402#L34)**helm.go:81: \[debug\] Get "https://10.0.0.4:6443/version?timeout=32s": x509: certificate signed by unknown authority**

[**35**](https://gitlab.com/nam.nguyen.tuan/test/-/jobs/876123402#L35)**Kubernetes cluster unreachable"**

Is there any way to solve this?
Thanks

https://redd.it/k3o48u
@r_devops

What replicates well between different cloud PaaS/iaas?

Let's say I want a system highly available and eventually consistent (preferably that eventually being within a couple hour window) between AWS and Azure. It needs to accept pretty consistent writes, basically collecting logs that can't be missed.

What are my options here? Elasticsearch? build something with Kafka? Cassandra?

I've been pretty much 100% AWS now for the past 2ish years and had a product in us-east-1 only this past week. Need to expand my horizons here.

https://redd.it/k3a4lw
@r_devops

What is the cheapest Cloud Sql provider?

Not sure if this is the right place to ask, but I'm looking for a cheap MySQL cloud hosted solution.

I currently have a very expensive vps that mostly hosts websites from my small business clients and other small projects. I want to ditch that vps and replace everything with Google app engine containers because those are way cheaper due to being able to scale back to zero.

The only problem I have right now is that the cloud sql option by Google is super expensive. So I'm looking for an alternative. I don't want to keep a vps running just for the database. Ideally you wouldn't pay anything when the instance receives no traffic, only for the storage and actual usage.

Does for example Aws offer something like this? Or digital ocean?

https://redd.it/k36pv8
@r_devops

Packer VMWare Templates + Ansible? + Terraform - Responsibilities

What is the generally agreed responsibility split between tools like these?

I'm using Packer to create Windows VMWare templates. Should I add as much to this template as possible? (eg. basic software), then configure using Ansible, and deploy using Terraform? Or perhaps simplify and also deploy using Ansible?

The lines are so blurred between tools that it seems difficult to decide on the responsibility split.

https://redd.it/k3uuht
@r_devops

Is there a tool/way to rate limit REquests depending on the url?

I'm trying to build a rate limiting solution for our GKE hosted application - where customers can come and make their applications.

The requirement is it should be able to check the route (which would have a unique identifier) for each application (which is accessed by multiple users so the API URL would be the same.)

For example, a level one customer would have "ABC" app and we want to limit the transactions to say, 5 per second, at the infra level before it reaches the microservices.

But a level 2 customer, with their "XYZ" application would have 30 transactions per second.

The distinguisher would be the URL in the API request (which of course would be checked in the backend if it actually belongs to the user).

**What I've been able to do till now** : Switch to Kong ingress and apply a rate limiting policy per route there though I'm looking for a better solution.

https://redd.it/k3vqf3
@r_devops

Aws

How to delete only null objects in aws s3 please any one help me on that's

https://redd.it/k3s5hm
@r_devops