What is this filetype?

example-webapp-linux

A file is present under the "dist" folder of a zipped webapp, which goes by the name "example-webapp-linux".

Can someone help me understand what is the purpose of this file.

https://redd.it/l3pv5p
@r_devops

How do you manage Prometheus configuration changes?

I recently set up a Prometheus instance on a VM to monitor my infrastructure. However, I still cant find a nice and automated way to manage and update my configuration changes (changing alerting rules, add more targets etc). This problem also applies to many more systems similar to Prometheus where configuration changes are being made quite often.

What's you approach on this?

https://redd.it/l4l1yh
@r_devops

How TLS and HTTPS Work - Plus a Handful of Useful Tools

Understanding the core concepts behind TLS and HTTPS is very important for any developer and especially for web developers. In this video, Boris Strelnikov explains how TLS and cryptography work, what CA is and even give a handful of useful tools to simplify the work with certificates and encryption:

https://youtu.be/4LmqZmzblME

https://redd.it/l4pl5i
@r_devops

What do you guys think about Hashicorp's Waypoint? Is it here to stay?

Anyone using it already extensively that can share the experience?

https://redd.it/l4ly6r
@r_devops

Tool to determine what plugins are not compatible with Kubernetes?

I am looking for a way to determine what if any plugins are not compatible with a version of kubernetes/EKS. I need to do it to be a script able method and maybe is possible do it via a CI check when certain actions happen in a gitops repo.

Is there a tool that exists for this I could you or maybe something AWS native?

https://redd.it/l4ueqd
@r_devops

Azure Pipelines & ARM resources: overrideParameters

I have been working on an Azure project for some months now, not having any prior experience with the platform I'm working out best practices and patterns first hand. I have made many mistakes and paid the price.

Does anyone here have any input for someone who is working on a single repo project & has growing lists of overrideParameters.

Ideas to help me minimise the amount of input params would be useful, I haven't seen any examples with even a fraction of the amount I am inputting.

my consideration for improvement:

\- construct as many params as possible within the arm template.

https://redd.it/l4ooa6
@r_devops

How do you handle your cloud state with terraform when it does not equal the reality anymore

Taking the IaC approach, it seems like the state of your cloud infra differs from the actual setup because some changes weren't made the IaC way. How do you handle this issue? Do you start from scratch and import the state completely or do you take a different approach? What about cloud components that haven't been set up with IaC at all, e.g. Route53 configurations in AWS?

https://redd.it/l4mfbu
@r_devops

Is there a declarative tool for provisioning services via API?

This seemed like the most appropriate sub to pose this question. I self-host quite a few services by docker, and have started to look into what’s possible with APIs (they all have one). It seems that you can configure most aspects of them via the API, however all I see are simple curl examples of how to do things via API. It seems to me that a tool should exist that you can feed a YAML file and it would automatically make the calls and configure the settings.

However after some pretty extensive searching, I have yet to find a tool like this. Swagger and Postman look similar to what I envision, but after a not so deep dive into both they don’t seem intended for this. Also, Id prefer this be something I can integrate with Ansible or Terraform (which is also surprising I haven’t found a built in method to accomplish this, although I know this is exactly what Terraform does under the hood).

So I’m hoping someone may point me in the right direction. Thanks in advance everyone.

https://redd.it/l4ik75
@r_devops

memory utilization

I have last few months data of
>Memory sys % util ,

>Memory user % util

>Page/Swap % util data.

Which util % is relevant to understand if memory is fully utilised or underutilised ?

https://redd.it/l4hnk6
@r_devops

What do you use to collect business metrics?

So I guess this is things that don’t get instrumented out of the box by standard APM tools like login success/failures, successful checkouts, user sign-ups etc. I’m currently reading the DevOps Handbook which mentions StatsD but this seems less popular now than at the time of printing. The ideal solution is something with the lowest friction for developers to implement and low to no operational overhead.

https://redd.it/l4yuns
@r_devops

Is there a good reason to dockerize a cronjob?

Is there a good reason to dockerize a cronjob? I am trying to think if it's even worth it. Why not just run it locally? When should you dockerize a cronjob?

https://redd.it/l52xm7
@r_devops

How do you CI / CD?

How frequently does your company/code get integrated and deployed?

View Poll

https://redd.it/l4vniy
@r_devops

Improving how we deploy GitHub

Interesting article from the GitHub team, walking through their new internal deployment pipeline & automation at a high level, and their reasoning for changing it: https://github.blog/2021-01-25-improving-how-we-deploy-github/

https://redd.it/l4u4cq
@r_devops

Backend/Frontend in same repository

How do you manage the pipeline definition in Jenkins on a repository who has backend and frontend in the same repository?

Because when a change is made to the frontend (for example: a picture is changed) the pipeline gets all the code both frontend and backend, build both, do testing on both, deploy both, but the backend code did not change.

How do I define my pipeline to do the automation process separated?

The only solution is to separate my front and back in different repositories?

​

Thanks in advance.

https://redd.it/l4twsx
@r_devops

Teardown feature branch environment

I'm setting up automated deployment/Teardown of a feature branch environment. I'm triggering the creation/deploy of it when a branch is committed/created and isn't the default (master) branch.

What I'm struggling to do is figuring out what should trigger the Teardown of that environment. to merge into master, my team has to do a GitHub pr. I'm thinking about triggering off the merge to master and parsing the GitHub pr merge message for the feature branch name (using powershell) and deleting with that. Does that sound reasonable? Is there a better way?

My stack is Github for repo and Azure devops for pipelines.

Thanks!

https://redd.it/l53wvs
@r_devops

configuring ec2 for node.js apps with pm2 and nginx

First of all, I'm a backend developer, so I don't know much about devops besides basic CI/CD configuration with deploys in more "automated" services, like Heroku, etc.

What I'm trying to do, is have my EC2 instance host my Node.js apps, and use PM2 to startup/monitor each one. I configured the `ecosystem.config.js` with this:

module.exports = {
apps: [
{
name: "my-app",
cwd: "./my-app/packages/backend/",
script: "yarn",
args: "start:prod",
env: {
PORT: 3010,
// Other env vars
}
},
],
};

For now this app is a Nest.js service, that I build manually and use that command to start it. That part is running ok.

After that I tried installing Nginx on the server, to try to reverse-proxy all requests to my app (when I'll have more than one app, I'll probably need to proxy using subdomain like `my-app1.domain.com` -> localhost:3010, `my-app2.domain.com` -> localhost:3020).

Even if don't change anything on the nginx config files, when I try to access the server by the IP or DNS from AWS, it should show that default "You are using NGINX" page right?

All I'm getting now is `ERR_CONNECTION_REFUSED` when I try to access it. [Here is the Inboud and Outbound rules for my instance](https://imgur.com/a/RnrSHn5). I followed [this tutorial](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-16-04#set-up-nginx-as-a-reverse-proxy-server) to configure the reverse-proxy, and that part seems ok. If I try to run `curl https://localhost:3010/status` or `curl https://localhost/status` inside the server, I get the right response from my app

Thanks for the help!

---

Since I'm here, is there any other service with a nice free tier for this? I've used Heroku, but since it doesn't have servers where I live, the response time is a bit high. I was using GCP App Engine before, but I couldn't configure my env_vars in some way that I didn't need to commit an `.env` file with DB credentials and keys in my source code (which I REALLY don't wanna do it).

Running my own server is also not ideal since I'll need to manually SSH to the machine, pull the latest changes and restart the PM2 server, but at least is free and I can run multiple apps

https://redd.it/l5hwyv
@r_devops

What can you do with Docker/K8s agents on Azure?

I'm getting more into the world of CI/CD and kubernetes.

I recently had to set up our own Azure agent to run .NET core API tests. I think I'm limited to Linux or Windows because the tests use OS environment variables and a runsettings file but it got me thinking.

Is it possible to run NUnit API tests on an Azure agent in docker or AKS?

If not, what can you do with an agent hosted in this way? Just build/push to a container registry?

https://redd.it/l5hm53
@r_devops

Stuck on the deployment part at the Gitlab-CI/Docker/Terraform/ECR pipeline. Where to deploy Express.js web server?

I am trying to build a dream pipeline around a simple Express.js web server that returns "Hello World" on / route. I am doing this process in few iterations, and currently, I am stuck on my second iteration at a moment where I need to actually deploy the app.

Let me first show you my current progress on this stack:

I want to follow Gitlab Flow ✔

>My application source of truth is master branch. It is the branch which I want to continously deliver.

I want to use Docker and Docker-compose ✔

>I have both Dockerfile and docker-compose.yml file which describes my application stack and allows both developers and CI server to build the app, run the app etc. very easily. The deployed app is running in docker container as well.

I want to use Gitlab shared runners to do my CI ✔

>Done. There is a single test stage for now which is doing lint check and actuall mocha tests. This pipeline is triggered on MR branches and also on master branch.

I want my runners to build & push docker images to an Amazon ECR repository ✔

>I think this definitely needs to happen whatever my strategy is. I guess having a docker image in some kind of a registry is a must. I have just arrived at the point where I need to make this happen, and I did educate myself on how it is done, so there is no issue with this step. My choice of registry is ECR.

That is the progress so far. Now I have come to the realization that I have few options.

I am not sure whether to use ECS or manual AWS CLI + EC2

>Since I haven't even touched Kubernetes yet (remember I am building just a second iteration of a simple "Hello World" app) and I am not looking for auto-scalable fancy stuff such as EKS (yet), rather I am wondering whether I need Amazon's ECS or should I set-up deployment on the instance level?
>
>Up until now, my deployment pipeline was very primitive. Manually created EC2 instances had to be SSH-ed into, and I had to pull latest code from Git repository and restart the processes.
>
>So I can see the possibility of automating my primitive flow by introducing docker images instead of bare code, and also doing all this automatically from Gitlab CI trough AWS CLI. But is that how it's usually done, or should I switch to ECS and invoke ECS "refresh" once my images are in the ECR.
>
>One question here: since I use Docker compose, If i went with the "EC2 way" I know I can write a correct deployment script which DOES use docker compose and run the app correctly. But what I don't know is whether ECS runs my compose script, or just my Dockerfile, and is there a way to set that up correctly if I use docker compose?

I want to use Terraform to provision infrastructure in an automated fashion

>My second problem is this. How does terraform come into play if I have the architecture set-up in the above fashion?
>
>What I know is that Terraform CAN provision EC2 instances for me trough IaC in declarative fashion. What I don't know is this:
>
>Should I put ECR creation in the Terraform config files as well? Does Terraform also provision/configure ECS? I know Terraform is a topic in itself, and I have and will research it's full capacity, but I'm mainly looking for waypoints on configuring it to work with my deployment plan that I have described above.

Thanks for reading, each contributing comment is welcome.

https://redd.it/l5hl31
@r_devops

DevOps not for fresher/careershifter?

I've been applying for a devops role for the past 3 months but apparently all of them needs experienced. I have 3years of project management experience.

I know that having AWS-SAA cert wont get me the job but I strongly believe that I just need a chance to prove myself. So here I am asking for your advise and suggestions on how I can ace the interview. I am also thinking of creating a project but I dont have any idea what to build. Can you please give some good resources?

I have basic Python and Linux skills. Thanks in advance!

https://redd.it/l5e4q8
@r_devops

Simplifying K8S and OpenShift deployment and management on GCP/Cloud

I wrote a few words on our approach at Palo Alto Networks to simplify different Orchestrations deployment and management on GCP and AWS.

We are using a Chrome Extension that allows us to quickly trigger builds and deletion of clusters we use for application testing.

Please let me know if you have any questions or suggestions, would be glad to help if needed.

Here's the article:
https://medium.com/engineering-at-palo-alto-networks/simplifying-k8s-and-openshift-installation-using-a-chrome-extension-84391d0ed6f

https://redd.it/l5aeqm
@r_devops

GitlabCI with Chef

Hi, I would make the CI/CD pipeline with chef and local gitlabci. I've used puppet and ansible with jenkins before :-)))

SO I have some beginner questions with chef integrated to CI.

\- Can I use the "external" gitlab repository for store the cookbooks because I read the chef automatically store the cookbooks on the chef server when I develop the code on the workstation. Can I develop without the workstation? Just develop on my machine > Push to the gitlab repo > git clone on the test vm > run ?

\- I would make a pipeline in gitlabci what get the feature branch as a parameter and deploy it to the test vm. IS it possible? Can Chef run headless?

\- Anyone else tried to make the same toolset?

https://redd.it/l5dd5f
@r_devops