What is docker networking and bridge networking tutorial

A beginners tutorial docker networking and tutorial about using bridge network with two alpine standalone containers. Take a 10 mins read of What is docker networking and bridge networking

https://redd.it/kerpzm
@r_devops

DevOps as First Job

I'm starting my first entry-level job as a DevOps engineer this week. I have no other experience and I am still working on my CS degree. This will be my first job ever actually. I've never been paid a salary before. I feel a little in over my head, honestly, seeing as I don't have any experience with anything.

Do most DevOps engineers have a background in a different field before getting into devops?

I know that devops is turning into its own field at this point, but I'm curious how many people really get their first job doing devops as a devops engineer.

And if you have any advice for a kid about to start his career, I love advice. Especially from strangers on the internet...

https://redd.it/kerulf
@r_devops

How DevOps will look like in 2021?

Will it be the same as before or things like Serverless, AIOps, GitOps, and other buzzwords enter the community?

https://redd.it/kesjr3
@r_devops

Best practices for analyst data consumption

Hello! I work for an organization that has recently began building a development team after many years of having a single developer. Our current growing pain is deciding the best way to allow our BI/team of data analysts to begin consuming data from our web applications (most of which as APIs).

The BI data warehouse and most of my teams apps reside in an on-premise data center. As we grow I expect to have 10+ applications that our BI team will want data for in some fashion to add our data to business line dashboards.

I want to avoid giving BI read only access to the prod app databases. We have discussed creating a replication process to separate databases for BI to have read only access to or having a process to create SQL views based on BI needs and restricting access to those views. Both have pros and cons but I’m wondering how other teams handle this. Are there other options or best practices I’m not aware of. Thanks for reading!

https://redd.it/kenri8
@r_devops

What's the most popular Linux Distro in 2020 and can we trust DistroWatch saying MXLinux ? Learning Linux sysadmin what would be the biggest difference if I learn Manjaro/Arch compared to Ubuntu for production env ?

(french man here excuse my english)

1) What's the most popular Linux Distro in 2020 and can we trust DistroWatch saying MXLinux ? Learning Linux sysadmin what would be the biggest difference if I learn Manjaro/Arch compared to Ubuntu for production env ?

2) Does it really matter with DE env I learn linux on if everything is automated with scripts bash/python with AWS tools in production env when you automate everything with pre configured os iso's ?


3) What's going on with Centos is it a big blow to the Linux community on the server/corporate side of things in the long run à la IBM kind of screw you up things compared to RedHat of old ? I mean is it a bad things to learn the Centos stack today instead of Ubuntu or things won't change much for servers ? for example could Debian become big ?

thank you very much for your time

https://redd.it/ke4wok
@r_devops

Automation Query

I was reading a posting in r/vmware on Automation and VMware but we're using RH Virtualization so I thought I'd be a bit more specific with our use-case, address this in r/devops, and maybe get some answers more aligned with my environment.

I'm a long time Ops guy and have a bunch of years of computer experience primarily in Ops. I see automation as a valuable methodology but was blocked at every attempt to get it going at my previous company. I've recently switched companies and into a DevOps role and one of my goals is take the things I was learning about automation and wanting to enable, and forwarding those goals at my new job. The boss is 100% on board and I'm free to get started with upgrading the current environment.

The environment is Red Hat with RHEL8 and RH CoreOS, RH Virtualization (aka KVM), RH IDM, RH Satellite, and RH OpenShift. I also use Ansible for configuring servers after the are provisioned.

I've recently (like yesterday) gained ownership of the underlying physical servers so I have privileged access to rebuild the boxes, deploy VMs, and install pretty much any other software such as our own DNS servers as we have our own IP ranges.

I've looked at a process of creating and managing a Gold Image and then using Terraform to deploy to a specific needed server. Then using Ansible to initially configure a server and Ansible Tower to automatically manage the configurations across the servers.

It seems from lots of reading that I'm on the right path. I'm interested if there are other tools, processes, etc I might investigate before I take a step on this path.

https://redd.it/kf2r8x
@r_devops

When did you feel ready to switch into a DevOps role?

When did you feel ready to switch into a DevOps role? What did you do before?

I have a few years of experience both as a developer and a sysadmin. DevOps seems to be a magical combination of my favorite aspects of both fields and DevOps/SRE seems like the next logical progression in my career.

I'm learning about AWS, CI/CD, Docker, etc. but I'm not sure how much is enough before recruiters/interviewers will take me seriously. That's why I'm wondering where you all were at in your career/knowledge before making the switch.

https://redd.it/kf463l
@r_devops

Management wants to use Spinnaker over ArgoCD(cuz Netflix uses it with k8s, which is incorrect).

After four months of using Spinnaker for CD on k8s(in prod and non-prod envs), we are getting slowed by support issues, the failures, etc. Ultimately the devs get blocked.

For instance Spinnaker does not show all k8s objects and any appropriate error message for what kind of failure it is(just a generic message).

They kept harping about how other orgs are using it and someone like Netflix is using this with k8s, and that they are willing to get paid support for 3-6 months, instead of judging by the feature and operational overhead. None of them have experience with k8s/infra.

Later in the evening I searched around and found that Netflix uses Titus and not K8s!Informed this to them, but I doubt they will change their mind.

https://redd.it/kf3olm
@r_devops

What's your lead time?

Out of curiosity, what's your typical lead time to get an application, service, API, etc... from concept to production ready?

This includes a pipeline, being compliant, proper security, it's scalable and self-healing. How long does it take folks around here to roll that out?

https://redd.it/kf5ohe
@r_devops

Transitioning from software/backend engineer to DevOps. Need advice.

I have 14 years of experience in software development but recent covid circumstances gave me an opportunity in the DevOps role. I am grateful. I was hoping to get a mentor in the only senior DevOps guy that this team had, but, unfortunately, after 1 month he is moving out of the team. The moment I learned that I am feeling a bit stressed and anxiety has taken over sometimes.
I want this opportunity with both hands and really want to get it right but without mentorship, I am not sure how I can handle it. Everyone talking to you project a picture that their task is important for them, hence, prioritizing gets difficult plus learning involved simultaneously. Would love to get some practical advice.

https://redd.it/kf65v1
@r_devops

Which tech is good for connecting SaaS/APIs together (i.e. service mesh)?

Specifically for e-commerce applications...

I found this article and this list of service meshes useful but wondering if anyone has experience stitching together SaaS and custom microservices with an off-the-shelf service mesh, either open source of paid.

https://redd.it/kf6v0b
@r_devops

What is a good tool for creating diagrams that works well with github?

I'm looking for a tool for creating infrastructure/application/flow diagrams. I'd like to be able to display these diagrams in the various markdown files in our github repos. I'd also like for any changes to the diagrams to go through a review process in version control.

So far, I've tried diagrams which is cool, but not very flexible when it comes to tweaking the layout. It also doesn't work well for certain kinds of diagrams where the entities have loose relationships.

Ideally, I'd want something as flexible as Lucidchart, but that still requires a review process before any changes are made.

https://redd.it/kf2cvh
@r_devops

Is there any such thing as an authentication reverse proxy/load balancer?

Whenever I'm building an app, the most boring and repetitive thing I do is authentication. I've been thinking lately about the fact that any app is going to be put behind a load balancer or reverse proxy in prod anyway to enable horizontal scaling of VMs at your cloud of choice (AWS, DO, etc.). Wouldn't it be cool if that load balancer or reverse proxy could handle authentication so the app doesn't have to?

What I'd like is the ability to set up some "magic" software, tell it the internal IP addresses and ports of my multiple app servers (running, say, a Ruby or Go app for example), give it database access credentials so it can handle creating, updating, authenticating and removing users according to my database schema (so some form of field mapping support), and then have it just modify HTTP/S requests after authenticating to strip headers like Authorization (so my app can't "accidentally" waste time verifying a JWT that was already verified) and add a header, something like X-User-ID so I can just "trust" that this is always correct since it's coming from my load balancer/reverse proxy. Obviously, these app servers wouldn't be directly available over the internet so a malicious user couldn't just inject that user id header and bypass the gatekeeper...

Anyway, does something like this already exist? If so, what's it called and where can I learn more about it?

If not, I may go build something like this. Would be a killer replacement for building your own auth all the damn time.

EDIT: I should mention I'm looking for an open source product here, something I can deploy myself. Thanks!

https://redd.it/kfamam
@r_devops

Can you refuse deployments?

Was just posting my story of 2020 here https://www.reddit.com/r/devops/comments/kf5ohe/whats_your_lead_time/

It got me thinking, in your org do you as a “DevOps team” have any say on when or how things go into production after any formal change requests are approved by the business?

Now obviously we’re responsible for pipelines quality etc but if developers haven’t done fair share of testing (manual or automated) or your not confident on something going to production will work due to rushed or a history of bad code quality from a team do you have any sway/authority to push back?

For example:
1) sonarcloud might show test coverage is below 80% is that a leaver to push back on a deployment?
2) last 3 deployments went poorly and had be rolled back from team x etc
3) Junior team didn’t get any code reviewed by senior software engineers

Just keen for thoughts!

https://redd.it/kf97nu
@r_devops

Any examples of non-trivial Continuous Deployment setups?

Every time I go looking at the CI/CD setups and examples, they are all so simple that it is not actionable to take the next step for making something real. Most workflows boil down to: build, test, ssh into box, install.

We currently have a decade+ old custom built set of tooling that does the job, but is fairly painful to extend. I'd like to add some ability to tag and deploy docker images across platforms now, and that's likely to be painful with the current code. Considering all the existing solutions out there, it seems like I should be able to someone else's but every time I look I don't find anything that explains more than the trivial use case.

Our use case isn't really THAT hard, but we do have these things that complicate it:

1. We have a staging environment. So we normally build and roll out to those machines. Every build for us rolls out to the staging environment.
2. We don't have direct SSH access to staging or production from the world. So if we set up CI/CD in Bitbucket, it can't directly SSH to boxes to deploy the code. We currently build by clicking a button on a Jenkins box inside our network which can SSH to them, but it would be nice to get out of the job of maintaining that. We could set up like an API endpoint that Bitbucket Pipelines pokes to trigger the deploy. But wondering what anyone else is doing here.
3. Roughly every 2 weeks we mark what is on staging to roll out to production. This is probably the simpler task and if we had to custom build this so be it, again would be nice if we didn't have to bespoke this.

Every time I'm looking at Droid/Pipeline/Action/Travis/Bamboo/CodeDeploy, they all seem to stop far short of the mark for how I can get to where we are now. I'd even be open to completely reinventing our environments, if there's a story for getting there. Unfortunately, our application is complicated enough that just switching to K8s/GKE/Azure is too big a bite to take.

Thanks for any pointers!

https://redd.it/kf8dja
@r_devops

Junior DevOps Engineer Jobs & Salary Prediction in NYC

Hello all,

My post says it all but still to clarify, as I want to get into a full time (Entry) Junior DevOps Engineering job in NYC, what is my average salary expectation? I just don’t want to get low balled or taken advantage off in any way so just curious. Thank you!

https://redd.it/kfdrey
@r_devops

Transitioning from SDET to Devops...

Hey everyone,

So it was announced a couple weeks ago that my team is going to be split into two: SDET and Devops. I was asked to go into Devops team under a new manager(who is currently my teammate). I have ~2-3 years of experience after graduating college.

My current responsibilities include, e2e automation for testing our product, validations, maintaining Jenkins, creating pipeline as code and some other stuff.

Some tools we will be using: Jenkins, AWS, Ansible, Terraform, Dockers, k8s, TravisCI,concourseCI, and probably more

We have two weeks off, so I want to spend some time getting ready and learning more to be ready. What are some recommendations? Stuff I should learn? I feel like I'm not ready at all or maybe I'm just worrying too much.

https://redd.it/kfeg4i
@r_devops

disable lan gossip on consul cluster

Hi all,
You are my last hope :(

We have a consul cluster which 99% use only as key val data store.
This cluster serve multiple customers which doesn't have any connection between them.


By default, consul create a network mesh between all clients on the cluster. he use this feature to reduce the load from the servers and provide better consistency.

In our case we can't open connectivity between the customers.


Do you have any idea how to overcome this limitation??

https://redd.it/kf7qu2
@r_devops

FaaS & Security - What you should know before going serverless

Serverless is a growing trend and can offload some of the security responsibility, but brings out some additional security considerations applications owners should know before making the plunge into serverless.

https://dev.to/mackenziejj/faas-security-considerations-to-know-before-going-serverless-2o2n

What is everyone's view on using serverless architecture (Functions as a service) from a perspective of security?

https://redd.it/kezqob
@r_devops

How are you managing credentials in Jenkins?

Use case: We use Jenkins to run operational scripts and some CI pipelines along with the credentials plugin to store service account passwords and ssh keys for authentication to APIs and servers.


Current Implementation: Currently we are managing credentials via the Jenkins Puppet module paired with encrypted hiera, so we are able to use IaC for secrets without exposing them.


Problem: The main issue we are facing is that the Jenkins Puppet module doesnt support updating credentials. I.e. when a service account password is changed in AD, we have to update the puppet code, and then manually delete the credential object in the Jenkins UI and then puppet will add the updated password back to Jenkins. Obviously, this is a pain in the ass to manage.


Potential Solutions?: Use an external secrets repo like Vault or Conjure, automate the deletion of the credential needing an update, rewrite jenkins module.

https://redd.it/kf6q5u
@r_devops

What cloud storage provider to choose?

We are searching for a cloud service. We need to store our data and documents somewhere. At first, we were thinking of a NAS server, but it's too pricy and too complicated and we don't need that. I got a suggestion to try a cloud service.

What do you recommend and why? The most important thing for us is to share our files very easily because several people work on one document. The best way would be to have a folder on a desktop shared between several PCs. Does the cloud have this functionality?

https://redd.it/kf6pf2
@r_devops