SaaS — Smokeping as a Service Tech Talk

Tech Talk I wrote and delivered about converting a legacy linux cluster service (smokeping) into a modern CI/CD bootstrapped, intuitive cloud app. I talk business drivers, linux tech, and devops automation. #Cloud #automation #linux

https://medium.com/faun/saas-smokeping-as-a-service-tech-talk-be2078861c2c

https://redd.it/lfflna
@r_devops

GitOps for KubeVirt?

Is there a GitOps style operator for KubeVirt kinda like Argo?

​

I've had pretty good success running Argo, but I need to spin up a Windows VM in one of my clusters (ugh) and would prefer to do it IaC style. Any tips/tricks?

​

Thanks!

https://redd.it/lfmgbr
@r_devops

Configuration consistency

What tools are there to check and report the configuration is consistent across a group of nodes?

https://redd.it/lfmwzz
@r_devops

Builtin Quality for Helm Charts: unit testing to the rescue!

In this article, I discuss through a hypothesized scenario + a HandsOn, the reasons that took me into writing unit tests for helm charts along the way. Hope you find it useful.


https://medium.com/@gcavalcante8808/builtin-quality-for-helm-charts-unit-testing-to-the-rescue-2cb9d5c1ddc8

https://redd.it/lfp2dn
@r_devops

Checking the "do your servers have antivirus" box

We regularly get security questionnaires from clients that have this text. Our app is mostly Ubuntu on AWS's EC2 and GCP Cloud Compute. If you have a similar environment, how do you address this question/requirement?

https://redd.it/lfpm0s
@r_devops

Packer for usb bootable iso

New enough to packer that I'm not sure if making an ISO that's not for vagrant/docker/vm is weird.

When I look at packer Ubuntu "builders" like https://github.com/chef/bento/blob/master/packer\_templates/ubuntu/ubuntu-20.04-amd64.json

Other than changing my user name or leaving it as vagrant is there any reason this won't work?

https://redd.it/lfsygq
@r_devops

1st attempt at using Packer getting stuck at partition section

Hello,

I'm using Packer with ESXi 7 on my lab (to learn for work). I'm trying to build a Ubuntu 18.04 vm using Packer, but it gets stuck at the partition section:

https://imgur.com/5FBL1eD

This is my preseed.cfg

https://gist.githubusercontent.com/G0nz0uk/9d8560e8d74c49ebb814b5d98d0b83e3/raw/93be56f84079bab89b44ce82bdf76e483868838f/preseed.cfg

Can you see anything I'm missing?

Thanks

https://redd.it/lfnrnq
@r_devops

Enterprise equivalent of a software distribution platform like Steam?

Bit of an odd question but I've recently gotten a job in the academic space due to my experience in game development. Their goal is to distribute the software I'll be working on to clients but with all the features Steam has for this such as:

* Automatically uploading builds that pass all tests to the platform.
* Automatic updates for the software.
* Ability to distribute "DLC" to those that qualify to get it.
* Incremental updates (if one line in a 500MB file is changed, just send that line)
* Update compression to reduce bandwidth
* Ability to quickly rollback to a previous version
* Ability to have multiple branches for betas

From a game dev background I take all of these features of Steam for granted. My question now is how do I accomplish this without Steam? Are there off the shelf alternatives for this? I don't really know what to put into Google for this question so I need a bit of direction.

https://redd.it/lfi23g
@r_devops

How do your developers claim databases?

The literature for proper design of microservices has taught developers that each of their microservices should have its own, isolated database and state. This of course allows these services to be decoupled from one another ensuring that they each can grow and evolve autonomously.

While this architecture has a lot of benefits for developer and service autonomy, it also means that developers frequently need to provision or request new databases that fit their requirements. Furthermore, these requests need to be made in duplicate, triplicate or more, to accommodate different application environments like QA, dev, staging, prod, and that doesn't even begin to include private developer environments. With so many databases being provisioned to power a growing application, teams very quickly have to figure out the answers to questions like:

* who is allowed to access the cloud provider and create database instances?
* who is responsible for ensuring this database is always up and running and is a suitable size for the growing application?
* what process should developers follow to securely connect to the database from their applications?
* where should database credentials be stored?
* how do I ensure that the data is stored in accordance with local regulations?

These questions are important, but who are they important to? In most cases, all the the person who needs the database (the developer) cares about is, "I need a database of type `X` that supports features in version `Y`". Replace `X` with your favorite database type (e.g. PostgreSQL, MySQL, MongoDB, etc.) and `Y` with the version of that database type, and that should be enough for the initial request to be fulfilled. Most of the other questions on the list are best answered by SREs or other production engineering roles better equipped for them.

-----

Now for my question: what (if anything) is your company doing to make it easier for developers to provision and/or request databases or schemas to power their services and apps? Do they log into your cloud provider themselves and make instances? Do they file tickets with the SREs? Do they create CloudFormation or Terraform templates directly? Is there a team that creates and manages a central repo of shared Terraform modules? Or perhaps are you doing something else entirely?

My team and I are trying to build a framework that allows developers to more easily request private database schemas, and I'd love to find out what others are doing so I can make sure we build it to account for all cases. What we want at the end of it is for developers to declare the database type and version they need and for our deployment engine to automatically fulfill it. Fulfillment right now would do the following:

1. match the request against an existing instance in the environment or (possibly) provision a new one,
2. create a private schema for the requesting app or service
3. create a unique role for the requesting service to access the schema,
4. automatically inject the schema and credentials into the requesting service, and finally
5. whitelist network traffic from the requesting service to the database instance

Here's a brief snapshot of what a developer might declare to describe their service's database needs:

```yaml
databases:
user-data: postgres:13
cache: redis:6

services:
api:
build:
context: .
interfaces:
http: 8080
environment:
DB_URI: ${{ databases.user-data.url }} # postgres://<user>:<pass>@<host>:<port>/<db_name>
# Alternatively you can access each part of the connection URI directly
DB_USER: ${{ databases.user-data.user }}
DB_PASS: ${{ databases.user-data.pass }}
DB_HOST: ${{ databases.user-data.host }}
DB_PORT: ${{ databases.user-data.port }}
DB_NAME: ${{ databases.user-data.database }}
CACHE_URI: ${{ databases.cache.url }} # redis://user:pass@host:port/db_index
```

If you've read this far, I have two more questions for you: 1) what other features might be worth exposing to a developer, and 2)

what other key configuration details might be missing that I haven't mentioned yet? I believe this to be a separation of duties problem, and want to make sure both developer and operator concerns can be accounted for.

Thanks in advance!

https://redd.it/lfi38m
@r_devops

Prometheus Grafana vs EFK stack

Hi there,

I am doing research on comparative analysis between prometheus-Grafana and efk (elastic, fluentd and Kibana) stack, but since efk is a distributed stack of different technologies, there aren't many direct comparison available on internet. Anyone have any reference which gives the detailed comparison between the two stack or any leads from your personal experiences will help ?

Ideal to have some pointers on better performance and resource utilization ?

Thanks

https://redd.it/lfw6ns
@r_devops

Travis CI vs Github Action for ROS, Gazebo, and Machine Learning Package in Docker Container

My team and I are working on a ROS, Gazebo, and Machine Learning project and was wondering which tool we should use for continuous integration if our code is in Github and we want to put all this in a Linux docker. You could also suggest other CIs if you want to. Thank you.

https://redd.it/lfvnbl
@r_devops

Salary refresh: What is everyone salary like in canada?

If you can list years of experience for context that would be great!

https://redd.it/lfty53
@r_devops

What are good resources to learn the basics of Jenkins for an experienced developer?.

Thank you.

https://redd.it/lfhnpk
@r_devops

App Deployment in 20 Minutes Using Serverless Containers on GCP

Serverless architecture takes away lots of responsibility from the admins and developers, allowing everyone to focus on the code instead. No wonder it has been gaining traction in the dev community for a while now.

With Google Cloud Run, it became possible to execute almost any stateless application — and that's what we're going to try today.

If curious, follow through to see how to deploy an example app using Express.js API with AdminBro auto-generated administration panel.
https://softwarebrothers.co/blog/serverless-containers-on-gcp/

https://redd.it/lfgnkl
@r_devops

Terraform or Ansible for Kubernetes

Hi all

I need recommendation, which tool should I use, Terraform or Ansible to do the deployment on my K8S cluster.

For example, I would like to deploy https://projectcontour.io/getting-started/ ingress controller to my K8s cluster. Should I do it with Terraform or Ansible?

Both provide modules for K8S:

Teraform https://registry.terraform.io/providers/hashicorp/kubernetes/latest
Ansible https://docs.ansible.com/ansible/latest/collections/community/kubernetes/k8s_module.html

Thanks

https://redd.it/lf99zk
@r_devops

Nginx, Lets Encrypt, Cloudflare, and Wildcard SSL

I have been trying to achieve wildcard SSL for my app where I need HTTPS for all the dynamic subdomain and I have been trying almost all the tuts found on the internet and almost all way is either giving redirect loop or not working. I am trying this for almost 2 days now and have totally no idea how to go forward. I tried it using certbot doing acme-challenge, dns cloudflare plugins but nothing worked for me. Please guide me .

https://redd.it/lfepr7
@r_devops

MS Teams Bot Help

I have created an app that pulls configurations from one of my cloud providers, stores information in a local MongoDB, and can be queried. The problem I have with this is that I don't have any good way to provide a user interface to this functionality. So...

I wanted to make a chat bot. My company is a big MS shop, so I figured that I would make a MS Teams bot that users could get some basic information from. I have no idea where to start. For example:

Where do I securely store the password for the account that interacts with my cloud provider's API?

What kind of database do I need to use to in Azure?

What language do I need to write the bot in (from what I can gather it's either JS or C#)

Any advice or help would be amazing.

https://redd.it/lfe9to
@r_devops

Which CI/CD tools (with staging environment/sandbox for testing) which suitable for this containerized application?

Hi,
I’m a newbie in container technology and currently being in one project to improve my skill, I try to containerized application using Docker. So, I use webhook and now I have my master branch Docker image and automated development on Dockerhub. I’d like to ask for suggestion of CI/CD tools. First, I choose Jenkins but I’m not sure that Jenkins will have a staging environment/sandbox (like in Heroku CI/CD) for my “develop” branch to test before merging to “master”. Do you have any suggestion? or you think staging environment is unnecessary?

Ps. I have plan to deploy on GCP using k8s

Thank you in advance for your comments.

https://redd.it/lfdkwn
@r_devops

Good solution to avoid direct SSH with pem keys

Hey Guys!

Need your help with finding solution (AWS) how to not SSH with .pem files.

Solutions like SSO with Gsuite, or some other new way that you know.

&#x200B;

Please help! :)

https://redd.it/lfcpa4
@r_devops

Octopus Deploy Alternatives?

We are looking how we can move away from Octopus Deploy and I could use some suggestions for any suitable alternatives. Seems there's a lot to chose from but many I've looked at so far don't seem to suit our current setup (e.g. DeployBot).

We are currently deploying approx. 30+ .NET applications, SQL databases, windows services etc to on-prem hosted VMs pulled from a TeamCity repo.

Management are keen to move to Azure, but right now I'm not familiar with their pricing structure, how it works deploying on-prem and how easy it is to manage all these components.

Keen to hear any thoughts.

https://redd.it/lg4wby
@r_devops