Reverse Proxy - Programmable with provisioning of TLS Certs?

I'm trying to author a SaaS/PaaS solution in my basement, and I'm running into a barrier with scalability. You see, I'd like to be able to allow clients to sign up on my website, ask them to point an A record to my IP (and they will tell my site that FQDN), and while they're working on the A record, my site has already instructed the reverse proxy to forward incoming https requests for that FQDN to my web application, and has already begun provisioning a cert with let's encrypt. Obviously, let's encrypt won't be able to issue the cert until the A record propagates.

So, that said, my point is that I'd like to figure out a way that omits me and my hands from the equation: I'd like to not have to sit at the ready to hand-enter configuration for the new FQDN in nginx. I also don't want to pay handsomely for nginx+ for the privilege of using their API. If it came to that, I'd be willing to write a microservice that sits on top of an nginx instance and listens for calls indicating a configuration change, writes out the new config, and issues a sighup to nginx. None of that is desirable though.

I looked into Traefik, which auto-provisions let's encrypt certs, but the Traefik API seems to be read-only. I also looked into Fabio, which does allow for hot configuration changes through Consul (among others) but it doesn't seem to have any facility for getting certs issued without outside intervention.

Does anyone have any ideas for me to look into? Thanks.

https://redd.it/lq3d0y
@r_devops

An essential library for functional programming lovers in Golang

Go does not provide many essential built in functions when it comes to the data structure such as slice and map. This library provides a list of most frequently needed utility functions which are inspired by Lodash(a Javascript utility library).

https://github.com/rbrahul/gofp

It will be appreciated if you could provide your valuable feedback.

https://redd.it/lq75qj
@r_devops

Linux Foundation Certified IT Associate (LFCA)

Colleagues, the Linux Foundation Certified IT Associate (LFCA) exam demonstrates a user’s expertise and skills in fundamental information technology functions, especially in cloud computing. It is ideal for those getting started in an IT career as an administrator/engineer.The LFCA is a pre-professional certification intended for those new to the industry or considering starting an IT career as an administrator or engineer. This certification is ideal for users interested in advancing to the professional level through a demonstrated understanding of critical concepts for modern IT systems including cloud computing. LFCA will test candidates' knowledge of fundamental IT concepts including operating systems, software application installation and management, hardware installation, use of the command line and basic programming, basic networking functions, security best practices, and other related topics to validate their capability and preparedness for an entry-level IT position. Domains and Competencies address: 1) Linux Fundamentals (20%) , 2) System Administration Fundamentals (20%), 3) Cloud Computing Fundamentals (20%), 4) Security Fundamentals (16%), 5) DevOps Fundamentals (16%), and 6) Supporting Applications and Developers (8%). This program includes LFCA Certification Valid for 3 Years, 12 Month Exam Eligibility, Free Retake and Multiple Choice Certification Exam.

Enroll today (individuals & teams welcome): https://fxo.co/BOhH

Much career success, Lawrence E. Wilson - Online Learning Central (https://tinyurl.com/2re6558z)

https://redd.it/lq3wv9
@r_devops

Octopus Deploy Email Notifications

Curious if anyone has come up with a decent Octopus Deploy email notification template that only lists the deployed/completed steps (excluding steps that were excluded). The template that Octopus provides in their email notification how-to lists every step in a deployment even if it was excluded. I've put this together and it outputs way too much. Thoughts?


Current code used in body:
<h2>Deployment of #{`Octopus.Project.Name`} #{Octopus.Release.Number} to #{`Octopus.Environment.Name`}</h2>

<p><em>Initiated by #{unless Octopus.Deployment.CreatedBy.DisplayName}#{Octopus.Deployment.CreatedBy.Username}#{/unless} #{if Octopus.Deployment.CreatedBy.DisplayName}#{Octopus.Deployment.CreatedBy.DisplayName}#{/if} #{if Octopus.Deployment.CreatedBy.EmailAddress} (<a href="mailto:%20#{Octopus.Deployment.CreatedBy.EmailAddress}">#{Octopus.Deployment.CreatedBy.EmailAddress}</a>)#{/if} at #{Octopus.Deployment.Created}</em><br>

<h3>Deployment process</h3>

<p>The deployment included the following actions:</p>

<ul>

<li style="list-style: none">#{each action in Octopus.Action}</li>

<li><strong>#{`action.Name`}</strong> #{if action.Package.NuGetPackageId}&mdash; {action.Package.NuGetPackageId} <em>version #{action.Package.NuGetPackageVersion}#{/if}</em></li>

<li style="list-style: none">#{/each}</li>

</ul>

<h4>Task summary</h4>

<ol>

<li style="list-style: none">#{each step in Octopus.Step} #{if step.Status.Code}</li>

<li>#{step | HtmlEscape} &mdash; <strong>#{step.Status.Code}</strong> #{if step.Status.Error}

<pre>#{step.Status.Error | HtmlEscape}</pre>

<pre>#{step.Status.ErrorDetail | HtmlEscape}</pre>#{/if}#{/if}#{/each}

</li>

</ol>

https://redd.it/lq1psj
@r_devops

Building a Home Cloud with Proxmox: DNS + Terraform

This is part of my series on setting up a Kubernetes cluster at home using Proxmox and Terraform


https://blog.sunshower.io/2021/02/22/building-a-home-cloud-with-proxmox-dns-terraform/

https://redd.it/lq1gbm
@r_devops

Thinking about creating a web app to keep track of upgrades

Hi friends!

So a problem I noticed working in the field is making sure upgrading components of a platform doesn't break the platform itself. I do this by "researching" aka reading through release notes and noting down possible conflicts.

I was thinking of creating a web app where we can track upgrades, dependencies, and potential conflicts. We can also mark the upgrade as "Do it", "Skip", and "On latest version". I also am thinking of having an anonymous sharing feature where we can share our research, so that someone else upgrading can have a reference (or if they are really lazy they can just rely on the researcher's findings). Maybe once the app gets traction, I can invite the companies responsible for the components to contribute as well.

What do you guys think? Is this a viable app idea? Any suggestions?

Thanks!

https://redd.it/lptni0
@r_devops

Flask app inside docker container

So deployed 2 flask apps in 2 separate docker containers
Each app hai 2 endpoints.
/testHealth - this endpoint hits the same container you call it from and throws back a json output saying “ flask running “
/testComms - this endpoint hits other container’s /testHealth endpoint

Turns out /testHealth works but /testComms isnt working.

There is a server code 500 error

so app1 runs on port 5000 and app2 on 6000
Localhost:5000/testHealth would run while localhost:6000/testComms wouldnt run and throw 500 error.

Now upon inspection with the newest docker update. You need to replace localhost with ip address of your docker container. In my case it was 172.XX.X.X
So if its 172.XX.X.X:5000/testhealth it would return the correct response.

PS: my docker desktop is updated to the latest version. I have forwarded the port using -p flag and I my host is 0.0.0.0 in my flask app. I am using a 2019 Macbook pro with Big Sur.

Is this something docker hasnt documented yet?

https://redd.it/lptmjf
@r_devops

A lost devops

Hello guys,

I'm a relatively young devops (3 years experience) searching what could be an interesting company to work at. I'm planning to leave my current position and to relocate myself to Dublin.

I really love my job, but our team is small. I end up being interrupted by level 1 & 2 support tasks way too often. After two years in this company it kind of feel like I need to move on if I want to improve my skills.

I got different advices: "You should try to work for Google, AWS,..., those are big companies with the most interesting positions". But also: "Why don't you apply to a small consulting company? In a too big structure you will be stuck in a box, whereas in a small one you will have more room to learn".

Now I do not now where I should start looking. Learning is extremely important to me. And being able to work on different projects too. On the other hand, I cannot find any consulting company that seems to display this kind of mindset in Dublin. Maybe I'm heading the wrong way, or maybe I do not know how to search what I'm looking for...

So if any one has an advice for a confused devops, I would really appreciate it!

https://redd.it/lpsysh
@r_devops

You are on an island, and can only have Terraform or Ansible for IaC. Which do you choose and why?

Trying to decide on which path to go down. We are using LocalStack, AWS, and mostly what they call Serverless tools. It seems that both have a lot of pluses and minuses.

https://redd.it/lqk92n
@r_devops

If you were responsible for Jenkins before switching to a cloud-based solution, how do you feel your job changed since the switch?

(based on a Twitter thread here)

View Poll

https://redd.it/lqgyad
@r_devops

What do you wish somebody told you when you were a fledgling devops person?

As said fledgling person I'm really curious!

https://redd.it/lqpl59
@r_devops

Question about write Kubernetes deployment

Hey all,

I am coming from a Python development background (backend) and I just got a new Backend/DevOps job offer from a company I am really interested in.

They gave me a home assignment and I feel kinda lost and would love some help.
I need to write a declarative Jenkins pipeline to deploy a Kubernetes cluster to EC2.

Can someone point out some good references that will help me to get started?

https://redd.it/lqmhin
@r_devops

How Serverless computing may change the DevOps role, more thoughts welcome

I shared my thoughts on how Serverless computing may change the DevOps role here https://syang.substack.com/p/does-serverless-make-devops-job-less

love to hear your thoughts either here or in the comments area of the original post

https://redd.it/lqsopa
@r_devops

SLI/SLO research/titles

I'm a QA manager and have been tasked with creating SLI/SLOs for very large and complex system. I'm looking for resources and training to start me down this path.

I currently have a production support team that sits within QA to deal with incidents and bugs but they are busy so I'm also looking to add a dedicated resource to implement SLI/SLO for my unit and I'm looking for suggestions on what this job title would be? It certainly would combine the creation and tracking of uptime, which would involve working with dev teams to create new metrics and production dashboard, in addition monitoring our production health proactively. Would be great to have some incident management skills as well.

https://redd.it/lqezx8
@r_devops

Vault OIDC login issue

Hello,

i'm trying to configure OIDC with vault, with Gsuite.

​

After logging in with my google user, in get in vault this Error:

Vault login failed. Error exchanging oidc code: "oauth2: cannot fetch token: 400 Bad Request\\nResponse: {\\"error\\":\\"invalid_client\\"}".

​

I went by this guide

https://nandovillalba.medium.com/set-up-vault-oidc-with-cognito-and-google-idp-654ea578fd32

​

​

please help!

https://redd.it/lqezx7
@r_devops

How social portals avoid mixed content errors?

As we may know, a website that uses a SSL certificate do not (at least by default to my knowledge) shows that page is secure if there is an http link.

If you may write a post or some other form of dynamic content on a website, then what server settings are related to allowing for mixed content without removing that sweet lock in our URL bar?

https://redd.it/lqwzp7
@r_devops

Circle CI and airflow tips, suggestions and help welcome!

I'm using Circle CI for the first time and am not that familiar with setting up a CI.

I want to setup A CI to smoke test DAGS from airflow and test other parts in the code. Circle CI has a specific set of installs and dependancies that made it hard to test.

​

I'm Using the docker puckel/docker-airflow too simplify the installation progress and setup of the env.

I got the idea that I'm doing something wrong. any suggestions, tip or help would be appriciated!

The current config looks like this. The pwd and ls are for reference so I now what to copy where and the current structure(Still not familiar with debugging CI)

 yml
version: 2.1

workflows:
    test:
        jobs:
            - build-and-test
jobs: 
    build-and-test:
        docker:
            - image: puckel/docker-airflow:1.10.9              
        steps:
            - checkout
            - run:
                  name: install dependencies
                  command: |
                    pip install -r requirements_test.txt
            - run: 
                command: |
                    pwd
                    cd ..
                    pwd
                    mkdir dags
                    cp -r project/airflow/dags/* dags/
                    export AIRFLOW_DAGS=/usr/local/airflow/dags 
                    cd dags
                    airflow initdb
                    pwd
                    python -m unittest -v tests/test*

                name: Test

ps. Sorry if this is the wrong reddit to ask such questions

https://redd.it/lqe7s9
@r_devops

Best tracing tool for serverless ? (maybe Lambda, Azure Functions, etc..)

I was thinking on tracing tools to keep observability in serverless applications/architectures.

So, in your experience guys, which are the best options to integrate serverless tracing/observability in our architectures.


I love the way of Jaeger works for micro services. And I know there are options like X-Ray for lambda, but: did you know automations, integrations or any useful resources to implement tracing on serverless?

https://redd.it/lqcixf
@r_devops

Gitlab Artifact storage solutions

Hello everyone,

We use gitlab CI and one of the problems we have been having is running out of storage space. Currently we store all the artifacts locally in the default path /var/opt/gitlab/gitlab-rails/shared/artifacts and its proving to not be working out. I am just curious how others have dealt with storage issues in gitlab and if there are any recommendations.

Currently the solutions that come to mind are either using AWS s3 or using a big company NAS.

https://redd.it/lqaikm
@r_devops

Order of operations for BDD tests in pipeline and API dependency from FE microservices

Building a CI/CD pipeline and I'm trying to wrap my brain around a few things:

* Where in the pipeline steps do the BDD tests go?
* I was original thinking (based on some tutorials) that I'd have a step where the Linux VM is made, then the microservice is built in the VM, then tests are run... if they pass, build the Docker image and deploy to K8S. But it seems like I should be building the Docker image, running the image in a container and testing that since that is what is getting deployed to K8S.
* How do I handle what seems like a pretty common use case where the FE makes a call to the API, but they have separate pipelines?

https://redd.it/lqz2o9
@r_devops

I heard on a Podcast that the CompTia Server+ might be a good step into DevOps... thoughts?

I was listening to a Podcast hosted by CloudSkills.io (the podcast is called CloudSkills.fm on Apple Podcasts) and the host Mike Pfeiffer mentioned that someone who has little to no experience in the IT world, and wants to break into and take a step towards DevOps, that system administration is important. He mentions that the CompTia Server+ certification is a good vendor neutral cert to get some knowledge about servers, networking, virtualization. He mentions once you understand those core concepts -- then move on to a Fundamental Cloud cert like Azure Fundamentals or AWS Cloud Practitioner.

What's your thoughts on this? I have a few years of IT Help Desk under my belt, and want to take the next steps on moving towards system administration and cloud. Searching through LinkedIn at people that work in the field of DevOps -- I don't see many people have it. Also, looking at job listing for DevOps Engineers -- I don't see this cert mentioned in there either.

What's your opinion?

https://redd.it/lqryv4
@r_devops