SSL between reverse proxy and local nodejs app

fellow devops friends,

​

in your opinion, what are the benefits of having SSL between an NGINX reverse proxy and a NodeJS app, if both are running on the same VM and SSL terminates at the NGINX proxy.

https://redd.it/l32kwn
@r_devops

Best Automated Build/deploy tool for maven project?

Hey all - I wanted to know what was the best-automated build/deploy tool for a maven project? Basically, I have a spring boot application(hosted on github) that I want to compile using maven and a specific profile for each deploy enviornmnet. After the buld is completed, I would like to SFTP the artifact(WAR file) to a remote server.

Is there a general consesus on the best tool to do this? I had tried at one point to get this working in pipelines but the transfer of the artifacts became complicated because I would have to basically install the FTP client on the VM that was spun up. I was hoping there was a more straightforward way to do this.

https://redd.it/l33psj
@r_devops

Will DevOps be dead in next 5 years?

I joined a form just before lockdown as a java developer and i had little knowledge about DevOps, due to this lockdown, they couldn't provide me a proper training so they offered me a DevOps job with high package so I accepted.
Now I am doing good with different Amazon Web Services and Kubernetes.
This firm is not a very big firm, there are just 2 DevOps engineers and I am worried about my Job that it will be replaced by any developer(as I joined jib as a developer and made easy path to DevOps).

https://redd.it/l36pit
@r_devops

Trying to figure out how to grant user access privileges across multiple applications.

Hi there, quick disclaimer, I don't work in IT or DevOps per se. My job is technically in Workforce Management but at my company we are in charge of handling user access privileges to the various applications that our employees use for their jobs. So I do apologize if I don't use proper terms while asking this question.

I have a relatively small team for a large business (team of 3 for over 6000 employees). As stated above, for every employee that uses our systems to fulfill job functions, my team is in charge of managing their access to the applications. We have an SSO system which makes it easier to integrate the various applications, but when it comes to user privileges within each application, we have to more or less manually grant specific permissions. For example, an agent doesn't have manager access, but a manager has agent access plus additional permissions. We have to add the manager permissions to that employee for each and every one of our applications. And then there's Agent type A which might require completely different privileged from Agent type B.

Because of this, the process of onboarding new hires, as well as processing department transfers is very time consuming, and if we ever get behind schedule, it results in great loss of production.

Is there a way I could implement a system that applies profiles to users? And then all I would need to do is update the profile for a specific user and that would update their access privileges in each individual application we use? We license products from multiple vendors and integrate them into our SSO system. Is there a way to do this role based access control across multiple applications, and with multiple different profiles within each application?

I'm really just looking for a place to start with this stuff.

Sorry for the general question. I tried to google this but I'm having trouble finding a way to do this with multiple vendor applications.

Thanks all!

https://redd.it/l32y1x
@r_devops

Organize an access controll in a small IT company

Hello,

I'm currently working in a small IT company. For four years it has grown to 35 workers. We have a bunch of small projects up to 5 developers per project. An average project duration is 3 months and then 2 months of support. All our workers work remotely on their own laptops/pcs.

Recently we started to experience of problems with unorganized access to resources of projects, such as access to figma, aws, github, apple developer, slack, jira, vpn, ssh access etc. For example, when developer leaves project or company we have to block all accounts that have been created for him.

I assume that all access credentials should be provided by people who have been dedicated to track that. But probably there are some tools to mitigate/automatize this routine?

Are there any best practices to organize that?

https://redd.it/l0i1hx
@r_devops

Just got myself a Raspberry Pi. What can I do with it that will advance my career in DevOps?

Right now I am working in a primarily JS / HTML / PowerShell tool building shop, basically doing automated GUI tools and web tools. I want to make sure that I am staying up to date and even advancing on the newest AWS / Linux / Python / etc technologies. How can I use the Pi to link up with cloud resources and practice hybrid deployment, AWS migrations, practicing writing tools and microservices?

https://redd.it/l0ag90
@r_devops

Jenkins Pipelines as code - Advanced Shared Library with Unit tests

View the blog post, no ads I promise !

https://redd.it/l43zfn
@r_devops

Allowing all developers to push to production?

I'm a developer trying to get better and more familiar with DevOps. I'm reading The Unicorn Project after getting through the The Phoenix Project. Moving on to The DevOps Handbook and Accelerate after that*.*

One thing I had a question about is in Unicorn I'm at a part where they are complaining about how they, the developers, aren't allowed to push directly to production. Some guy named Jared, or something, needs to do it after merging changes into the production branch.

I guess I was always under the impression that at least a PR would be submitted and reviewed.

It doesn't seem like a good idea to me that anyone's change could be pushed to production and trigger a production CI/CD pipeline, without it being reviewed first. I guess it assumes all the proper tests are written and that if something is wrong with the changes, the build and deployment will fail?

Just seeing if anyone can elaborate on this practice.

Thanks.

https://redd.it/l3yo0d
@r_devops

Transitioning from software engineer to devops engineer, are my company doing it right? (UK)

Are you normally supplied with a work phone for them to contact you? No mention of this at all yet.

When I transition and if I agree to the contract change, should I expect a pay rise for the new role? I'm assuming I will need more skills and knowledge.

We have a team of only 3 on one product, how does this work if the other 2 are on leave or sick, does that 1 person usually cover on call all week alone?

Do you have an escalation system? I'm worried if I can't solve a problem and I need to bring someone more senior in.



Sorry for all the questions this is totally new to me, your comments are greatly appreciated

https://redd.it/l42oz2
@r_devops

Running a Github Action job on every self-hosted runner

Hey all.

Is it possible to run a single Github Action job on _every_ Self-Hosted runner at the same time? I don't believe there's an option for this, other than running a job with a matrix but I can't seem to get my head around them!

Basically, I'm looking to attach a bunch of self-hosted runners, all hosted in different physical locations, to a repo that contains a script. This script would then run on every runner that's attached, and output some arbitrary data.

Any thoughts?

https://redd.it/l411e8
@r_devops

Jenkins declarative pipeline

Hi all.. am having issue with removing the word before / in my declarative pipeline

But it works in my linux command
Test = "${BRANCH}."+"${BUILD_NUMBER}"
currentBuild.displayName = echo '$Test' | awk -F'/' '{print $NF}'

When I try to include in the declarative pipeline it shows this error

groovy.lang.MissingPropertyException: No such property: awk for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
at org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SandboxInterceptor.onGetProperty(SandboxInterceptor.java:270)
at org.kohsuke.groovy.sandbox.impl.Checker$7.call(Checker.java:353)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:357)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:333)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:333)
at org.kohsuke.groovy.sandbox.impl.Checker.checkedGetProperty(Checker.java:333)
at com.cloudbees.groovy.cps.sandbox.SandboxInvoker.getProperty(SandboxInvoker.java:29)
at com.cloudbees.groovy.cps.impl.PropertyAccessBlock.rawGet(PropertyAccessBlock.java:20)
at WorkflowScript.run(WorkflowScript:74)


Kindly help me to resolve this issue... Thanks in advance.

https://redd.it/l3w5ck
@r_devops

CheatSheet for people studying for CKA - Certified K8s Administrator

Just pass my CKA exam so I gathered some useful commands, tips and shenanigans that are needed to pass the certification exam. Thought that might be useful for people preparing for CKA. Have a look: https://medium.com/faun/cka-kubernetes-certified-administrator-cheatsheet-9cb8c04a7e9e

https://redd.it/l3xqtm
@r_devops

Automated benchmark framework for CI/CD?

I'm thinking about building an open source micro-framework that tightly integrates microbenchmarking with CI/CD processes such as Jenkins.

The motivation for this is:

\- Benchmarking needs a known and "quiet" environment so results are accurate

\- A need to regressively compare benchmark results for different software revs. and issue a go/no-go

The resultant framework would be able to launch benchmark jobs at designated servers, extract and auto-compare the results, and provide nice graphs for analysis. Also considering integrating popular microbenchmark frameworks like Criterion for Rust and Google Benchmark, and applicable as a plugin for Jenkins.

Will this be useful to anyone?

Any feedback + feature request would be appreciated!

https://redd.it/l3q4x4
@r_devops

Question Which metrics is important for you?

Hello, i work on opensource monitoring system. And i have question.

Which metric is important for you? Like CPU/memory/Request time/Ssl expiration/ping/etc

https://redd.it/l3o9ul
@r_devops

What is this filetype?

example-webapp-linux

A file is present under the "dist" folder of a zipped webapp, which goes by the name "example-webapp-linux".

Can someone help me understand what is the purpose of this file.

https://redd.it/l3pv5p
@r_devops

How do you manage Prometheus configuration changes?

I recently set up a Prometheus instance on a VM to monitor my infrastructure. However, I still cant find a nice and automated way to manage and update my configuration changes (changing alerting rules, add more targets etc). This problem also applies to many more systems similar to Prometheus where configuration changes are being made quite often.

What's you approach on this?

https://redd.it/l4l1yh
@r_devops

How TLS and HTTPS Work - Plus a Handful of Useful Tools

Understanding the core concepts behind TLS and HTTPS is very important for any developer and especially for web developers. In this video, Boris Strelnikov explains how TLS and cryptography work, what CA is and even give a handful of useful tools to simplify the work with certificates and encryption:

https://youtu.be/4LmqZmzblME

https://redd.it/l4pl5i
@r_devops

What do you guys think about Hashicorp's Waypoint? Is it here to stay?

Anyone using it already extensively that can share the experience?

https://redd.it/l4ly6r
@r_devops

Tool to determine what plugins are not compatible with Kubernetes?

I am looking for a way to determine what if any plugins are not compatible with a version of kubernetes/EKS. I need to do it to be a script able method and maybe is possible do it via a CI check when certain actions happen in a gitops repo.

Is there a tool that exists for this I could you or maybe something AWS native?

https://redd.it/l4ueqd
@r_devops

Azure Pipelines & ARM resources: overrideParameters

I have been working on an Azure project for some months now, not having any prior experience with the platform I'm working out best practices and patterns first hand. I have made many mistakes and paid the price.

Does anyone here have any input for someone who is working on a single repo project & has growing lists of overrideParameters.

Ideas to help me minimise the amount of input params would be useful, I haven't seen any examples with even a fraction of the amount I am inputting.

my consideration for improvement:

\- construct as many params as possible within the arm template.

https://redd.it/l4ooa6
@r_devops

How do you handle your cloud state with terraform when it does not equal the reality anymore

Taking the IaC approach, it seems like the state of your cloud infra differs from the actual setup because some changes weren't made the IaC way. How do you handle this issue? Do you start from scratch and import the state completely or do you take a different approach? What about cloud components that haven't been set up with IaC at all, e.g. Route53 configurations in AWS?

https://redd.it/l4mfbu
@r_devops