Pondering over the job scene in Canada vs India

I have been a DevOps/SRE for more than 4 years in India. I've always imagined to work in an outside country to grow myself professionally and personally. With a job that has let me explore plethora of tools and technologies, I am very keen on exploring more and solve different kinds of problems.
However, I do not want to risk a career slowdown this early in the game.
Speaking from a very general perspective, does it make sense for me to consider this move?

https://redd.it/kcgio3
@r_devops

Does anyone actually use Pagerduty’s analytics?

Not a single team I’ve worked on has used it. We’ve sometimes built custom hand-off report scripts that compare alerts for this week vs last week.

https://redd.it/kchyl6
@r_devops

How does your team workflow with a serverless framework look like?

At my work we are beginning to become more structured when it comes to our serverless application development. We began using aws chalice to get a more consistent workflow and since we are a big terraform shop, the packaged terraform feature is amazing. I've loved chalice so far but my concern is the community and project seem slow and brittle, these are clearly not good signs. Since we liked chalice so much we are thinking about picking up a nice framework that will have good support and landed on AWS SAM and Serverless. I'm leaning towards SAM but still unsure how the workflow works working alongside multiple devs all working on the same project. We were able to version and create new stages and workspaces with chalice which made it great for a team. Can someone give some insight on how your team uses SAM and the collaboration workflow? Any frustrations? Any underated benefits? Any input at all?

https://redd.it/kcappy
@r_devops

Puppet Shooting for an IPO in 2021

https://www.oregonlive.com/silicon-forest/2020/11/portland-tech-company-puppet-sets-2021-target-for-ipo.html

Does anyone use Puppet? Ansible is way ahead in market share for configuration management tools, I honestly cannot see this IPO going well.

https://redd.it/kc6s64
@r_devops

I need help

I made a http service that returns 3 endpoints with python and django, created a dockerfile as well with all steps and I dont know how to make the build and test inside of it, what cmd should i write ? as this is my first time with jenkins

https://redd.it/kc72fh
@r_devops

R Leveraging the newest AI patented research for more efficient IT Ops

On 12/16 Wednesday at noon there is an exciting overview of startup innovating in the AI IT space. The company is based on NC State professor Dr. Xiaohui (Helen) Gu's award winning patented technology. Read on for details.

Systems are becoming more complex. Customer expectations for speed and reliability have never been higher. How do you get ahead without sacrificing ROI?

The secret is adding intelligence to traditional IT operations. Join us December 16 at 12:00 PM ET and we'll show you what is possible.

You’ll learn:

\-The business benefits of accurate anomaly detection for machine data

\-Why anomaly detection and accurate incident prediction are valuable together

\-How to automate root cause analysis to prevent downtime

\- How to use AI to prevent future incidents

**https://lnkd.in/dT4sZWC**

https://redd.it/kcm8z6
@r_devops

Question from interview

> A server and a storage. Suggests a mechanism so that at any point in time it would be possible to recover to the most recent image or the one before that.

Question from an interview I'm not sure about. What is the best solution? Create daily copies of the storage?

Thanks ahead!

EDIT: some more:

A sender and a receiver. The packet turn around time is 200 ms.
1. What would be the rate given a packet size of 1500KB and that only 3 in flight packets are allowed.
2. Same with turn around time of 100 ms.
3. What would be the optimal N if an ack is sent every N packets, and if one of the packets gets corrupted all N packets are sent. … href="/Interview/A-sender-and-a-receiver-The-packet-turn-around-time-is-200-ms-1-What-would-be-the-rate-given-a-packet-size-of-1500KB-an-QTN_872769.htm" class="questionResponse">Answer Question

https://redd.it/kcjevs
@r_devops

Programming Group

Pretty soon, I'm going to start doing a weekly event focused around what tech I'm learning. Right now is web technologies such as HTML, CSS, and JS. I'm currently in a class for it and soon enough will be learning about JS. If you would like to join in, I'm thinking about starting at 6pm EST every Wednesday except the last Wednesday each month via Discord.

https://redd.it/kcri48
@r_devops

Should/could I get into DevOps professionally?

BLUF: I'm kind of in a unique position and am hoping to get some career advice.

I am a junior computer science student. I've been fortunate enough to hold a job as a help desk service tech for 4 years. During that time, I've dabbled in a lot of IT infrastructure tasks thanks to my coworkers. Stuff like Active Directory, CentOS and web server (apache) maintenance. What does it take to get into devops? The appeal to me is that you are working on multiple systems. It seems like "advanced IT", something challenging. There is a laundry list of technologies one must learn in order to get hired. That just doesn't seem realistic to expect from a fresh graduate. Also, I am afraid of getting stuck into one discipline. Maybe I decide to learn js frameworks to get a job as a backend web dev. Am I going to be making relatively the same salary the rest of my life? What should I learn now that will set me up for the high paying job down the road?

https://redd.it/kcrebq
@r_devops

How to deal with the new Docker hub rate limit when using Code Pipeline, Cloud Build, EKS or GKE?

On November 20, rate limits anonymous and free authenticated use of Docker Hub went into effect. Anonymous and Free Docker Hub users are limited to 100 and 200 container image pull requests per six hours. This article explains how to deal with this limit when using Code Pipeline, Cloud Build, EKS or GKE.

https://redd.it/kcxm4m
@r_devops

CrowdSec, an open-source & collaborative fail2ban, built by SecOps for DevOps

Hi there,

CrowdSec is, and will always remain, an open-source (MIT license) and free security solution able to identify aggressive behavior & provide an adapted response to all kinds of attacks. The game changer is that it also enables users to protect each other. Each time an IP is blocked, all community members are informed so they can also block it.

The tool is written in Go and just turned 1.0.0, meaning it is now supported by a local REST API, allowing you to deploy in various enterprise configurations. We built CrowdSec for the people in order to make security accessible to everyone.

You can review the project here: https://github.com/crowdsecurity/crowdsec

Looking forward to your feedback!

https://redd.it/kcz2av
@r_devops

how to create a hook script to update local git branches

Looks like an on-going pain especially for new people to the team. I am no git expert either.

Before I create a pull request, I update my local branches. By doing a pull for master then rebasing my feature-branch on top of new changes in master.

Not everyone rememebers to do this which can cause problems sometimes.

Is there a way to automate this by creating a hook script that runs the relevant pull/merge/rebase commands before a certain git command is run such as git add or git commit etc.?

https://redd.it/kd08nu
@r_devops

Development for Infrastructure series from here: https://www.reddit.com/r/devops/comments/k97vuf/goingfrominfrastructuretodeveloperisa/

Hey All!

I wanted to post about Part 1 of the "Development for Infrastructure" series since it got a lot of love in this thread:

https://www.reddit.com/r/devops/comments/k97vuf/going\_from\_infrastructure\_to\_developer\_is\_a/

Definitely check it out and let me know what you think!

https://www.youtube.com/watch?v=9PfrD2rl5rc

https://redd.it/kd0ynb
@r_devops

The Monitoring Dilemma

Hi all,

I was tasked to set up a monitoring solution for my company's self developed videoconferencing application.

The stack is mostly composed of:

\- Azure Pgsql and Redis SaaS

\- Azure Webapp

\- Several containerized applications (both OSS like Janus and our own code) hosted on both Azure and OVH.

​

I'm the final phases of software selection and I'm strongly leaning towards Prometheus+Grafana.

Today product management told me to consider also paid/managed solutions that will maybe "easier to setup and for which we will have support".

I'm a technical guy and I think that, most things considered, Prometheus will be flexible enough for our needs and won't need any coding. I honestly don't see myself calling up sales guys and get demos.

However I feel like I may be missing out on proprietary solutions and I fear I risk making a biased decision.

Any opinion? Will you feel confortable enough to share a good word on any proprietary monitoring solution?

Thanks in advance,

https://redd.it/kd716v
@r_devops

Fractal Architectures: A Software Craftsman's take to Infrastructure as Code

For several years now we have experienced the pain of automating cloud infrastructure, as we expect most of you in this community have too.

We came up to a conclusion: we don't like it. Our opinion is that there are two main reasons causing this pain:

IaC solutions are not ready for being used at an Enteprise Scale.
We are using these tools in the wrong way.

During the last couple of years we have worked on a framework that we have adopted at scale with our customers during this wonderful 2020.

We would like to share it with you, hear your take on it, compare notes and keep learning!


If you are interested, have a look at it here: https://yanchware.com/content/fractal-arch-iac and let us know what you think!

https://redd.it/kd758t
@r_devops

Work

Devops engineering entry level jobs require degrees and can legally blind people do it?

https://redd.it/kd6mqa
@r_devops

Alerting from screenshot

Hi Techies, As apart of my new project, i have been hunting for a monitoring tool which can send screenshot of dashboard in case of failure configured, instead of sending message in email or slack channel. Tried with Dynatrace as well as google stackdriver but couldn't find any options out there,

Can anyone please suggest on this.

\#monitoring

https://redd.it/kd5fu4
@r_devops

Internal API dev team asking DevOps to solution rate-limiting?

[Discussion\]

Hey all, I have an internal dev team asking the DevOps group to solution rate-limiting on an internal only API service. Occasionally the service gets hit hard from various jobs that run across the company.

My initial reaction was "sure, I'll put WAF on there" however, the more I think about it the more I feel like rate limited should be built in to the application. Specifically because this is an non-public endpoint and we probably don't want to just flat out block requests that hit a rate limit.

Thoughts?

https://redd.it/kd30e0
@r_devops

Nifty tool name escapes me ...

There is a nifty / small utility that runs on Linux (possibly windows?) that dumps every bit of software configuration info and operating system info into JSON output.

Is used extensively behind the scenes for Chef.

I want to say it's name is 4 characters long, possible hawaiian in nature.

I haven't used for about 7 years, so looking for help recalling name.

https://redd.it/kdeigk
@r_devops

Cost center versus profit center

You may heard of the cost center vs profit center issue where people in profit centers get paid and treated better than people in cost centers. People at profit centers make money for the company where as people in cost centers cost money for the company. I can't help to think that a typical devops team that works in silo is an cost center where as member in a feature team with a devops focus is in a profit center. In times of company down sizing, individuals in cost centers are usually the first to go

What are certain things that developers in a cost center do, that I should avoid if I want better career trajectory. Things that I can think of are : maintaining systems, sec ops, building infrastructure and automated tests. Don't get me wrong, these are good skills to have but it is very easy for the business to dismiss these as they cost the company money instead of earning the company money

https://redd.it/kdebzt
@r_devops

Detect and Block Exploit Attempts for Kubernetes Vulnerability: CVE-2020-8554 Man in the Middle (MiTM) Attack Using Kubernetes Service Resources

Read the blog here.


TL;DR

Kubernetes CVE-2020-8554 enables an attacker to intercept traffic from other pods (or nodes) in the cluster if the attacker can create or edit services and pods. This vulnerability was originally discovered almost a year ago, revealing a design flaw that affects all Kubernetes versions
Exploiting this weakness requires at the minimum RBAC permissions to create, update or patch Service resources, specifically:
An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP.
An attacker that is able to patch the status.loadBalancer.ingress.ip field of LoadBalancer service status.loadBalancer.ingress.ip can intercept traffic to that IP.

What you can do about it:

At this point, CVE-2020-8554  does not have a software update that mitigates this issue. Users are advised to implement fine-grained access restrictions and can use RBAC policies and admission controllers such as this one, OPA Gatekeeper Constraint or others. 
Scan Kubernetes audit logs for evidence of attempts to exploit this CVE. The creation of a new Service or modifying an existing Service leave traces in the audit log.
Monitor Kubernetes resources and entities for attempt at service creation or modification that allow attackers to intercept traffic.
Use admission controllers policy logic to deny and alert on external-facing or unauthorized Ingress Controllers and Services.

https://redd.it/kd0978
@r_devops