Release Management

How are other folks visualizing / monitoring what code has been deployed into each environment? Are there tools / jenkins plugin / integration out there that are solving this need? I know there are git tags, but how would one figure out which tag has been deployed to a UAT env or prod env?

https://redd.it/l6bqzs
@r_devops

I made a question generator API using Python

I've been trying to develop a question generator algorithm and found out that there's no public API for that, so I made one.

For the architecture, I kept it simple. I used Flask to expose the API and hosted it for free on App Engine. To eliminate the overhead I just listed it on RapidAPI.

Here's the link, check it out and let me know what you think about the API or it's architecture.

https://redd.it/l61ur0
@r_devops

Container security scanner

Hi,
there are some commercial tools available on the market for container scanning.
Most of them work in two modes:
1. Continuously scanning registries
2. Scanning during the build


Currently I'm thinking about enabling both of these options.
My rationale would be:
1. I can give feedback to product team as soon as they introduce a new vulnerability - so I won't be introducing insecure images to registry.
2. Continuously scanning registry to detect any new vulnerabilities which were identified in the base images or some of the dependencies in the meantime.

What are your thoughts about that? What are your preferences?

https://redd.it/l6g3d8
@r_devops

Understanding AWS K8s architecture using EC2

Hi!

I'm quite new using Kubernetes. I work at a tailored software company and we are migrating our projects to containers, creating pipelines, etc.

We choose to use kOps to deploy our cluster into AWS environment, instead of provider manager K8s solutions (at least for now).

I registered my domain in Route 53 and configured the name servers at my registrar. Then I set up the cluster following the usual kOps workflow. Next, I deployed NGINX Ingress Controller following the docs, and, as expect, a Network Load Balancer was created.

I know these two are separated services, and Route 53 is redirecting traffic to my K8s API, while NLB is redirecting traffic to NGINX Ingress Controller, which follows it to ingress -> service -> pod -> container.

Am I right? Or I'm missing something?

Is there a setup where my applications could be reached via app1.mydomain.com and app2.mydomain.com (or even mydomain.com/app1 and mydomain.com/app2) instead of some-big-hash.elb.us-east-1.amazonaws.com ?

https://redd.it/l6fwx2
@r_devops

Today I screwed up - while deploying a laravel Vue/nuxt.js app

Hey guys,

​

I have a client and he has an App in production. He wanted that someone renews the ssl certificate and I am not much experienced but this looked to me like a simple task where I just run certbot. So I told him that I am not 100% sure that I can do it but that I will give it a go.

So then he told me that the App is deployed on AWS, after a bit chatting and contacting his old dev he gave me the SSL key to the EC2 unit.

I found out that the app is running on three subdomains

[frontend1.domain.com](https://frontend1.domain.com) // Nuxt.js

[frontend2.domain.com](https://frontend1.domain.com) // Nuxt.js

[api.domain.com](https://frontend1.domain.com) // Laravel API

So I had no idea what I got myself into. So far I only made simple deployments where Vue (or any other FE Framework) is delivered as static by the Backend.

Also, I never used Bitnami." I thought okay this cannot be too bad"

Hopped on google and ask how to renew SSL Certificate Bitnami

which brought me straight to here: [https://docs.bitnami.com/aws/how-to/understand-bncert/](https://docs.bitnami.com/aws/how-to/understand-bncert/)

and to this command

sudo /opt/bitnami/bncert-tool

After running the command, I was asked to provide the domain I wanna renew the Certificates for. I provided them 1. wrongly, so everything was redirected to the wrong domain.

Then I figured I should rerun the command and give at first the backend domain (api.backend.com).

After I did this it seems to be working again, however, now the browser is not sending any request to the [api.domain.com](https://api.domain.com) due to cores. Also the SSL certificates is still not working. I spent quite some time on this problem. I tried to configure /bitnami/bitnami.conf and inserted it at the end.

<IfModule headers_module>
Header set Access-Control-Allow-Origin "DOMAIN"
</IfModule>

/// save and then run

sudo /opt/bitnami/ctlscript.sh restart apache

In the end, I told him that I am very sorry and that **I don't charge him** for my last task and the current deployment task I did for him today. I am feeling very sorry, and still, I would like to fix this. If someone here can give me any advice on how to deal with that I would be very grateful.

&#x200B;

&#x200B;

The old developer did not leave any documentation. Perhaps it was too obvious for him.

https://redd.it/l6dpm2
@r_devops

Just out: "State of CloudNative Release Orchestration 2021" report

Hi all, CTO and cofounder of Vamp.io here. We've just released(sic) our report on the 2021 state of cloudnative release orchestration, and i feel there are some interesting insights to be learned from it.


It seems "dependency-hell" and costly release-validation are some of the more pressing challenges in the devops, kubernetes and cloudnative space.
Do you agree, disagree? Do you miss any specific topics you're focussing on? All feedback is welcome!

**https://blog.vamp.io/the-state-of-cloud-native-release-orchestration-2021/**

https://redd.it/l6169t
@r_devops

Troubleshooting the right way

In this blog-post, I share a methodology for troubleshooting technical challenges - https://www.meirg.co.il/2021/01/23/troubleshooting-the-right-way/

As part of this blog-post, I share a "real-life technical" challenge that I faced and the methodology that I used to tackle this challenge. **The challenge**: Disallow outbound connection from Prometheus to NewRelic, to make it possible to investigate Prometheus's logs and understand which errors (if any) are raised when there's no internet connection upon a remote_write event.

I'd love to hear your thoughts and have a discussion about the way YOU troubleshoot and tackle technical challenges. Rock on!

https://redd.it/l6iajv
@r_devops

Sharing a link-to-text with your colleagues

!scroll-to-fragment

From time to time, I find myself sending screenshots of blog-posts and documentation. The reason - I doubt they will scroll down to the relevant text, a screenshot provides a more direct approach of "here you go". And of course, I add the link to the content, in case my colleagues will want to investigate the subject.

Another approach - sharing a direct link to the relevant text in the docs. For example, here's a very long blog-post (no I didn't write it), and I'd like to share a link to a specific text fragment of this blog-post "...primary function of the external ID...", here's how:

DISCLAIMER: Available in Chromium Engine 80+, read more about it in chromestatus

- Link to page: https://aws.amazon.com/blogs/security/how-to-use-external-id-when-granting-access-to-your-aws-resources
- Add #:~:text=relevant text: In my case it's https://aws.amazon.com/blogs/security/how-to-use-external-id-when-granting-access-to-your-aws-resources#:~:text=primary%20function%20of%20the external%20ID (%20 is whitespace)
- (Optional) Use first and last: https://aws.amazon.com/blogs/security/how-to-use-external-id-when-granting-access-to-your-aws-resources#:~:text=primary,external%20ID (primary to "external ID")

A very detailed StackOverflow answer on the subject. The source of the image is the same Stackoverflow answer.

https://redd.it/l6hgmi
@r_devops

What can I expect from a DevOps internship tech Interview?

I’m going on to 2nd round of interviews for a DevOps internship position. It consists of a 2 hour round of a screen share and tech interview. What are some of the things I should expect from this kind of interview? Will I be expected to code live?

Background: I’m a senior in IT and AWS certified. Worked on a couple of personal projects that include AWS, Terraform, Ansible, Jenkins, Python, some React.js, Node.js.

Freaked out about this because I suck at coding on spot and suck at leetcode.

https://redd.it/l6gl91
@r_devops

Detecting Genuine Continuous Integration Configurations

Hey! I'm not sure if such posts are accepted here, but I will give it a try.

My name is Tim, a student at the University of Zurich, Switzerland, and I am working on my Master thesis right now.

I envision a world, in which it is easy to find genuine CI configurations in the vast numbers of open-source projects, without having to work my way through countless meaningless config files. I would like to build a system that can automatically find good and representative CI pipelines.

To make this vision come true, I need some feedback from professional developers to learn which types of configuration files would be interesting to look at.

I would really appreciate if you could find the time to fill out the following survey to help me in my thesis. The survey takes approximately 10 minutes. Participating in the questionnaire is completely anonymous.

Many Thanks
Tim

PS: Feedback is very much appreciated
PPS: If you have any questions, also about the thesis, feel free to ask!

https://redd.it/l5zohc
@r_devops

helm issues after upgrade

Hey I am pretty new to helm and kube. Been using it for about 3-4 months. I just upgraded to helm3 and it does not seem to grab my namespace from my kubeconfig.

When I run helm ls it is empty

when I run helm ls -A it returns

Error from server (Forbidden): secrets is forbidden: User "MYUSERNAME" cannot list resource "secrets" in API group "" at the cluster scope

helm2 was fine as soon as I set tiller to point at the namespace. My namespace and context is set on kubernetes, I can view my pods in the namespace just fine in kube.

&#x200B;

These commands all work and pull from the namespace

kubectl get pods
kubectl describe pods

&#x200B;

&#x200B;

https://redd.it/l5q56k
@r_devops

HashiCorp Vault Certification Resources

Hey guys! Recently took this certification and it's an amazing tool! Here is an article with some studying resources! Let me know if you have any questions!

Thank you!

https://redd.it/l6qje7
@r_devops

How to Make Python Library Distribution Easier

How do you make sure that your library or package is accessible to as many people as possible? One important concern is compatibility. Packages are often built with wheels--they're great if you want quick installation, since they’re much lighter than source distributions. But, since wheels are built on the developer's machine, if users have a different OS/environment, there's a risk the package won't run on their system.

Manylinux is a popular solution to this problem. It improves the portability of a package by ensuring that it can run on a variety of Linux distros. However, manylinux can be a pain to navigate--it doesn’t have a lot of documentation and involves doing some extra work: you have to use containers, write Bash scripts, and use Linux commands. So, how can we improve things?

This post proposes a standardized platform for using manylinux, one that would allow it to be included in different CI processes, or implemented in one click in the building process of a package. With a simpler distribution process, just imagine how many cool new Python packages there would be out there!

https://monadical.com/posts/a-many-linux-web-building-platform.html

https://redd.it/l5oa57
@r_devops

OAuth for AlertManager/Prometheus UIs?

We currently have Google OAuth set up for Grafana. Was wondering if something like this exists for the UIs for AlertManager and Prometheus? I haven’t found much on the subject but would like some layer there for auth.

https://redd.it/l5ll25
@r_devops

How can i build VS project remotely with automatic upload into another remote server with one single .bat file (Windows server)?

Here's the flow i need:

1. Connect into build machine with admin creds.
2. Open terminal, go to directory with project.
3. Pull latest git changes from the branch.
4. Open .project's sln file, edit it's version ( type my own within command line)
5. build the api part of it (this project also has code for android app, but i need to build new API only)
6. Publish it in custom folder, zip it and send to another server machine (also with win server)
7. On this server disable IIS
8. Unzip all files but one and overwrite files in APi directory.
9. Run IIS again.

How possible is to make this flow as simple as possible ( as simple as running .bat or .sh script)?

https://redd.it/l5iqin
@r_devops

Discussion: what are must-read books for DevOps engineer?

Hi guys,

Im looking into switching into devops field from fulltime python web dev. And Im curios what are the most important and up-to-date books someone like me can read? Even if they're not directly connected to, but would be helpful in future.

Share you thouths!
Thanks!

https://redd.it/l6uitk
@r_devops

Free intro to Linux commandline/server course starts this Monday

This course has been running successfully now every month since February 2020 - more detail at: https://LinuxUpskillChallenge.org \- daily lessons appear in the sub-reddit r/linuxupskillchallenge \- which is also used for support/discussion.

Suitable whatever your background, and aims to provide that "base layer" of traditional Linux skills in a fun interactive way.

https://redd.it/l6unjd
@r_devops

The Seven Steps to build a Cloud Native CI/CD for GitHub repos using Tekton

A detailed walkthrough guide to build a lightweight CI/CD using Tekton from scratch!

https://blog.harbur.io/the-seven-steps-to-build-a-cloud-native-ci-cd-for-github-repos-using-tekton-31a445a3bde7

For the impatient there is also a quick one-page instruction-set on the tutorial repo: https://github.com/harbur/tekton-tutorial#tldr

https://redd.it/l6xpr2
@r_devops

Managing dependencies as asynchronous and decoupled @kubernetesio-native events?

Have you tried Argo Events? What do you think about it? Are you using something else?

\>>> https://youtu.be/sUPkGChvD54

https://redd.it/l6z5g3
@r_devops

How to configure Azure DevOps pipeline to deploy in Azure app service container?

In this article, you will see one example of how to use Azure DevOps, the Azure tool for CI/CD. If you have any advice to set up a pipeline in Azure DevOps to deploy your containered code in an App service, please feel free to share. 😉

https://redd.it/l6wv38
@r_devops

Which city in Canada?

Hey Guys,

I work as a DevOps in Montreal right now, and looking to move to another city in Canada (I'd like to be fluent in English (level b2/c1 right now and because of entry express). I don't know which cities offer some great DevOps jobs. I have 6 years of experience (certified AWS, GCP, Kubernetes with professionals experiences as well).

So I am wondering if you have any advice. I was thinking of Toronto, Calgary or Vancouver. My main concern is my English level, I guess it'll be hard at the beginning but should be alright.

These are different cities. I like hiking, biking, etc... That's why I put Calgary, but I am not sure if there are a lot of jobs there.

What do you think guys?

https://redd.it/l70ewn
@r_devops