Aws

How to delete only null objects in aws s3 please any one help me on that's

https://redd.it/k3s5hm
@r_devops

Is my experience in AWS transferable to Azure?

I've been working on AWS for 3 years now and about to get the Solution Architect certificate.

I've been interviewing for a job that requires Azure...is my experience easily transferable?

https://redd.it/k3rp2p
@r_devops

Adding a secret manager to Observable notebooks

Wow I just finished a crypto odyssey adding the ability to store secrets on public notebooks on [observable](https://observablehq.com/@tomlarkworthy). I absolutely love that programming environment and I want to use it for serverside scripting work.

The wonderful thing about implementing serverside code via a clientside notebook is everyone can see exactly how it's implemented. It's like lambdas but without deploys.

Each notebook is also a tutorial. I released everything as ISC.

The main notebook is the secret manager interface, which proxies onto Google Cloud Secret manger.
[Endpoint Secret Manager](https://observablehq.com/@tomlarkworthy/secret-manager)


For my system to understand your uid has write permission to a subdomain I implemented a DNS-01 like challenge protocol for proof-of-ownership. This is the supporting notebook but maybe the most interesting intellectually.

[Certify Subdomain Ownership](https://observablehq.com/@tomlarkworthy/subdomain-certification)

These subdomain secrets once configured can be injected into "serverside cells". These are cells run by a remote browser with privilege access. Thus the user does not get exposed to the secrets, yet the serverside code is configured in the viewed notebook.

Just to prove how fricken’ powerful this is, I wrote the secrets API and the subdomain challenge infrastructure IN PURE OBSERVABLE CODE!!! You can see how it is all implemented yourself thanks to being able to execute notebooks in a remote environment.

Man it was tough, the GCP SDK’s do not work in a browser context so I had to figure out how to mint an access token from a service account manually. Similar story for verifying Firebase id tokens.

I managed to browserify an express router, so the secrets API looks implemented like 'normal', but in reality is an express server running in a browser serving a public URL ([https://observablehq.com/@tomlarkworthy/secret-manager#apiServer](https://observablehq.com/@tomlarkworthy/secret-manager#apiServer)). Crazy.

https://redd.it/k46i2z
@r_devops

In your experience, have the good managers/supervisors you've had been more technically inclined, or not?

And by "not", I mean on a *good* day calling their tech skills mediocre is being *very* generous. BUT aside from that, they were fantastic people to work for?

Or was it *always* the good managers were the people who knew exactly how to do your job if not better if they had to?

https://redd.it/k474g4
@r_devops

Docker networks in Jenkins pipelines

I’m having some issues on a project in which I’m attempting to run Jenkins in one container and SomarQube in a second container all on the same network. Then in the pipeline I’m using a maven container to build and test a simple project.

My issue comes when trying to run sonar scanner. If I manually enter in the IP of the SonarQube container it connects fine, but if I try to use the name of the container it’s unable to connect.

Is there some way to get the Jenkins pipeline to talk to the rest of the network?

https://redd.it/k46gxj
@r_devops

Adding a secret manager to Observable notebooks

Wow I just finished a crypto odyssey adding the ability to store secrets on public notebooks on [observable](https://observablehq.com/@tomlarkworthy). I absolutely love that programming environment and I want to use it for serverside scripting work.

The wonderful thing about implementing serverside code via a clientside notebook is everyone can see exactly how it's implemented. It's like lambdas but without deploys.

Each notebook is also a tutorial. I released everything as ISC.

The main notebook is the secret manager interface, which proxies onto Google Cloud Secret manger.
[Endpoint Secret Manager](https://observablehq.com/@tomlarkworthy/secret-manager)


For my system to understand your uid has write permission to a subdomain I implemented a DNS-01 like challenge protocol for proof-of-ownership. This is the supporting notebook but maybe the most interesting intellectually.

[Certify Subdomain Ownership](https://observablehq.com/@tomlarkworthy/subdomain-certification)

These subdomain secrets once configured can be injected into "serverside cells". These are cells run by a remote browser with privilege access. Thus the user does not get exposed to the secrets, yet the serverside code is configured in the viewed notebook.

Just to prove how fricken’ powerful this is, I wrote the secrets API and the subdomain challenge infrastructure IN PURE OBSERVABLE CODE!!! You can see how it is all implemented yourself thanks to being able to execute notebooks in a remote environment.

Man it was tough, the GCP SDK’s do not work in a browser context so I had to figure out how to mint an access token from a service account manually. Similar story for verifying Firebase id tokens.

I managed to browserify an express router, so the secrets API looks implemented like 'normal', but in reality is an express server running in a browser serving a public URL ([https://observablehq.com/@tomlarkworthy/secret-manager#apiServer](https://observablehq.com/@tomlarkworthy/secret-manager#apiServer)). Crazy.

https://redd.it/k46ecu
@r_devops

Is Serverless Worth?

I've experimented with serverless over the course of last two year and composed all my findings into an assay. If you are interested: [https://quanticdev.com/articles/serverless](https://quanticdev.com/articles/serverless/)

Overall, my personal experience with function-as-a-service is mixed:

* Last year I tried using it for the entire server-side of one of my open-source projects. However, I could not do that as none of the major serverless providers supported the latest version of Node.js, which I needed for async/await functionality. I have recently checked it again, and Firebase Functions now supports the latest LTS version of Node.js.
* I also tried using serverless for one of my games. However, that also failed since I needed persistent connections throughout the gameplay session using WebSockets. No major serverless providers supported a sensible way of using WebSockets. This also changed. Amazon now supports creating WebSocket connections through their API Gateway, which is accessible from Lambda functions.
* On the positive side, I have successfully utilized Firebase Functions to handle user authentication events raised by Firebase Authentication. When a user logs in, Firebase Authentication triggers my authentication handler function. That function checks if the user is logging in for the first time so I can create relevant user tables in my databases. I still use it today, and it has been working a treat.

If you want to experiment with serverless, I recommend Firebase Functions. In my experience, it is the easiest of the bunch and has a generous free tier.

If you have and findings, dump them here so I can add them to the writeup.

https://redd.it/k45dk5
@r_devops

Can I do a research based on autoscaling

Can I do a research which is already done on autoscaling of VM but not in autoscaling a pod/container?

Will it be an issue if the concept is same but the scaling algorithm logic will be different.

https://redd.it/k40399
@r_devops

How does Hashicorp Vault's built-in default policy get attached to all tokens?

The docs say: "The default policy is a built-in Vault policy that cannot be removed. By default, it is attached to all tokens" but I don't see how it accomplishes this.

I'm asking because I've joined a company where they added some things to the default.hcl policy out of convenience that should really not be associated with every token per the principle of least privilege. I'd like to split out the path permissions to two separate files:

default.hcl --> associate to human ldap tokens

service\_default.hcl --> associate to machine service tokens

How do I make it so that service\_default.hcl gets associated to every service token but not to every ldap token? Is this currently possible? Any other suggestions on how to tackle this problem?

Thanks in advance!

https://redd.it/k4fu0h
@r_devops

Which type of monitoring do you most frequently use?

I'm assuming that most frequently used tools can also be considered the most valuable...... is that a reasonable assumption in your opinion?

I'm purposely not including infra & app monitoring or log management or API monitoring tools because I assume those are regularly used by most of us.

Please share in comments if you find some other types of monitoring tools more valuable. Thank you!

[View Poll](https://www.reddit.com/poll/k4jpsz)

https://redd.it/k4jpsz
@r_devops

Fetching state change graph dates/ history

Hello r/devops community, a newbie here.
I'm working on a project which requires the use of some of the dates of state graph in history.

I have tried prior states, history, etc and looked into multiple documents for this but couldn't find a way to get the state change date history using the API in azure databricks notebook.

I have a possible alternative, which is to get the html and parse it to get the state graph, which is quite slow.

Please help me out. Thank you

https://redd.it/k4kw3q
@r_devops

Networking Tools Every Developer Needs to Know

Hi /r/devops

Networking is often an overlooked and neglected skill by both DevOps engineers and developers, so I wrote an article which shows some of the basic commands and tools which I think every one of us should have in their troubleshooting/debugging/networking arsenal.

Here's link to the article: https://towardsdatascience.com/networking-tools-every-developer-needs-to-know-e17c9159b180

If there any other tools that I missed, then please let me know! :)

https://redd.it/k4o1ny
@r_devops

How can I set a Global Variable in Gitlab CI/CD that can be shared among 20 projects?

I know I can set global variables per project, but I want to set a variable that can be shared among 20 without setting it 20 times. Can I do it in the UI? Am i suppose to use a script? Thanks. :)

https://redd.it/k4oq8d
@r_devops

Cloudbees hybrid cloud deployment?

So, the company I'm with is currently in the process of being spun off and the plan is to use this as an opertunity to escape the pos that is Atlassian Bamboo.

One of the very desirable outcomes is too ofload as much stuff as possible from our datacentres and get stuff in the cloud (AWS). Now, realistically, we still have to do things on prem, but nothing that 2 build nodes couldn't handle.

First port of call is Cloudbees. Can it do a hybrid cloud setup where the master is in AWS, and for the most part, it uses elastic build agents, but has a few permenent build agents inside our datacenters?

I'd love to go whole hog into something like Azure DevOps but we still have a soul crushing amount of legacy to support.

https://redd.it/k4oedi
@r_devops

How to Develop Microservices in Kubernetes

I recently posted an article about how my company has evolved our approach to developing a growing set of interconnected microservices without crushing developer laptops. What we came up works well for us, but we were a little surprised that there wasn't a common well-established solution to this problem.

[https://www.cncf.io/blog/2020/11/30/how-to-develop-microservices-in-kubernetes/](https://www.cncf.io/blog/2020/11/30/how-to-develop-microservices-in-kubernetes/)

I would love to hear how others have tackled this issue!

https://redd.it/k4rjvs
@r_devops

Tips for more junior DevOps?

I've been in DevOps for just around a year now... and I've been out of school for 2 years so I'm pretty new to DevOps and the working field overall. I feel like I have a good grasp of CI/CD and most of the common tools for automating CI/CD... but when I get into infrastructure as a whole... going from the beginning -> end of hosting/maintaining an entire application stack with all of the different networking, setting appropriate permissions for security purposes, handling database migrations, etc I just get very overwhelmed.

​

During my first DevOps position, I was working for a bigger enterprise company with most of their automation already in place, but it was so complex it was a headache trying to learn it. Now, in my second role, I'm working for a much newer company that only began about 2 years ago. Their automation is a wreck, and my to-do list just gets larger and larger, and lots of it I have to spend weeks just learning the various tools to understand the architecture they need.

​

Every time I try to learn some foundational stuff, like basic routing/security groups/subnets/vpcs, I get hit with priority tasks that require me to learn some other tools and I just lose all motivation for trying to learn additional concepts outside of what is needed for that task. I guess I'm just wondering what the best way to manage my time is to avoid getting overwhelmed/stressed out and when I can expect things to get easier lol

https://redd.it/k4mnnl
@r_devops

Monthly 'Getting into DevOps' thread - 2020/12

**What is DevOps?**

* [AWS has a great article](https://aws.amazon.com/devops/what-is-devops/) that outlines DevOps as a work environment where development and operations teams are no longer "siloed", but instead work together across the entire application lifecycle -- from development and test to deployment to operations -- and automate processes that historically have been manual and slow.

**Books to Read**

* [The Phoenix Project](https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/1942788290) - one of the original books to delve into DevOps culture, explained through the story of a fictional company on the brink of failure.
* [The DevOps Handbook](https://www.amazon.com/dp/1942788002) - a practical "sequel" to The Phoenix Project.
* [Google's Site Reliability Engineering](https://landing.google.com/sre/books/) - Google engineers explain how they build, deploy, monitor, and maintain their systems.
* [The Site Reliability Workbook](https://landing.google.com/sre/workbook/toc/) - The practical companion to the Google's Site Reliability Engineering Book
* [The Unicorn Project](https://www.amazon.com/Unicorn-Project-Developers-Disruption-Thriving-ebook/dp/B07QT9QR41) - the "sequel" to The Phoenix Project.
* [DevOps for Dummies](https://www.amazon.com/DevOps-Dummies-Computer-Tech-ebook/dp/B07VXMLK3J/) - don't let the name fool you.

**What Should I Learn?**

* [Emily Wood's essay](https://crate.io/a/infrastructure-as-code-part-one/) - why infrastructure as code is so important into today's world.
* [2019 DevOps Roadmap](https://github.com/kamranahmedse/developer-roadmap#devops-roadmap) - one developer's ideas for which skills are needed in the DevOps world. This roadmap is controversial, as it may be too use-case specific, but serves as a good starting point for what tools are currently in use by companies.
* [This comment by /u/mdaffin](https://www.reddit.com/r/devops/comments/abcyl2/sorry_having_a_midlife_tech_crisis/eczhsu1/) - just remember, DevOps is a mindset to solving problems. It's less about the specific tools you know or the certificates you have, as it is the way you approach problem solving.
* [This comment by /u/jpswade](https://gist.github.com/jpswade/4135841363e72ece8086146bd7bb5d91) - what is DevOps and associated terminology.
* [Roadmap.sh](https://roadmap.sh/devops) - Step by step guide for DevOps or any other Operations Role

Remember: DevOps as a term and as a practice is still in flux, and is more about culture change than it is specific tooling. As such, specific skills and tool-sets are not universal, and recommendations for them should be taken only as suggestions.

**Previous Threads**

https://www.reddit.com/r/devops/comments/jmdce9/monthly_getting_into_devops_thread_202011/

https://www.reddit.com/r/devops/comments/j3i2p5/monthly_getting_into_devops_thread_202010/

https://www.reddit.com/r/devops/comments/ikf91l/monthly_getting_into_devops_thread_202009/

https://www.reddit.com/r/devops/comments/i1n8rz/monthly_getting_into_devops_thread_202008/

https://www.reddit.com/r/devops/comments/hjehb7/monthly_getting_into_devops_thread_202007/

https://www.reddit.com/r/devops/comments/gulrm9/monthly_getting_into_devops_thread_202006/

https://www.reddit.com/r/devops/comments/gbkqz9/monthly_getting_into_devops_thread_202005/

https://www.reddit.com/r/devops/comments/ft2fqb/monthly_getting_into_devops_thread_202004/

https://www.reddit.com/r/devops/comments/fc6ezw/monthly_getting_into_devops_thread_202003/

https://www.reddit.com/r/devops/comments/exfyhk/monthly_getting_into_devops_thread_2020012/

https://www.reddit.com/r/devops/comments/ei8x06/monthly_getting_into_devops_thread_202001/

https://www.reddit.com/r/devops/comments/e4pt90/monthly_getting_into_devops_thread_201912/

https://www.reddit.com/r/devops/comments/axcebk/monthly_getting_into_devops_thread/

**Please keep this on topic (as a reference for those new to devops).**

https://redd.it/k4v7s0
@r_devops

Good ebook/tutorial for Terraform?

But not the ones you went through and were ok. Im looking for som real reccomendations. Something like "oh man you shuld definetly check this out, this stands out from the others"

https://redd.it/k4ukkk
@r_devops

Would Devops jobs get automated?

Do you guys think that there will come a time in the future that devops professionals would have to automate themselves out of the job?

https://redd.it/k4p3ib
@r_devops

Are there any better CI services than Jenkins for on-premises?

Hi everyone,

​

I want to migrate from Jenkins' CI pipeline to another service. I'm tired of using Jenkins for plugin dependencies, poor documentation, and deprecated plugins.

Our team of 10 people is using Github Enterprise and we want to run our CI pipeline on our machine.

​

Some requirements are as follows:

\-Commercial solutions are ok.

\-If it is open source, the quality of the document should be much better than that of Jenkins.

\- It should be able to run builds on our machine using Linux and macOS.

\- Polling (PR, Branch) must be available for the GHE Repository.

\- Pipeline as Code is required, but Configuration as Code is not strictly required.

\- Code has many dependencies (about 20GB), so local cache management should be possible.

​

Some of the candidates I've found are Github Action (not yet available on GHE), Cirrus CI, Azure Pipeline but I haven't looked into each candidate deeply. Are there any other alternatives?

https://redd.it/k4yihw
@r_devops

I'm a new employee at a new team that adds features to exisiting, changing code base, should we have build/deployment permissions?

So we're a newly hired 6 member team adding new features to a program that is also being handled by multiple teams. Problem is our team doesnt have permission to build for QA and waits for other teams to create a build so that ours changes get included. This is becoming a bottleneck since QA can't test features from our team immediately since deployment to QA is done manually. Should I talk to the higher ups to automate deployment upon PR for the teams? Will this create confusion which is the correct version for QA to test since at the end of the day it's all the same huge application? This is my first time working with a huge codebase that is being handled by multiple teams so I'm thinking of ways to make our integration faster. Will be really grateful for some advice. Thanks!

https://redd.it/k4ordu
@r_devops