Build k8 cluster from scratch, IaC and CI/CD choice?

Hi!

I'm involved in a startup and we are going to build a new k8 cluster with Openshift Container platform on IBM cloud (dont ask why :D). The cluster will host databases, websites, mobile apps, middlelayers apps, developed with javascript, java and python. In the future we will implement kafka/event streams as well. My questions to you here:


1. What IaC tools would you use in order to manage the cluster? Been looking into terraform to manage infrastructure
2. What CI/CD tools would you use in order to connect github with kubernetes cluster?
3. What monitoring and issue trackers do you have good experiences with?
4. What IaC tools, CI/CD tools and other "DevOps" tools to you have bad experience with? Just so I know what to watch out for. Could be cost related, bugs, features, functionality etc.

All opinions are welcome. Thank you.

Best regards,
oscillate123

https://redd.it/lsyaj7
@r_devops

Chicken or the egg?

Teaching myself about devops, and Im kind of stuck in a what comes first point of view. If we take a conversation at a high level of considering an aws infrastructure thats along the lines of:

* terraform managed instances
* ansible managing software installs
* kubernetes managing the microservices
* ci/cd using jenkins
* logging / metrics using elastic

Its my understanding, that in terms of setting this up:


terraform will create all the instances (the masters, workers, jenkins instance, etc). ansible will install / configure kubernetes, jenkins, elastic. jenkins will then take charge of deploying all the services to kubernetes.

Am i far off in my high level overview? Is the order of how things would happen incorrect?

https://redd.it/lsopxk
@r_devops

How do you manage the secrets that your code needs from Hashicorp Vault?

I'm assuming your Vault instance already has a lot of secrets in separate folders. Now your code needs to fetch these secrets but not all of them. Suppose you need folder1/subfolder1/secret1/key1 and folder2/subfolder2/secret2/key2.

How do you keep these dependencies in your code? Do you have something like a
my_dependencies.yml which is read by your code and it queries based on that --

- requiredvaultsecrets:
folder1:
subfolder1:
secret1:
- key1
folder2:
subfolder2:
secret2:
- key2

https://redd.it/lsmomy
@r_devops

Terraform for Beginners

I Need to learn terraform for AWS, any recommendations??

https://redd.it/lsktkb
@r_devops

It takes me a lot longer to configure resources with code than it does in the gui

What is the problem, besides the fact that I am terrible at programming? I can't write more than four letters without looking up syntax. I can't abstract away code examples to fit my needs. I just stare at them wondering how what I am looking at could possibly have anything to do with what I need done. I hate this.

https://redd.it/ltssqb
@r_devops

How are the build and deploy processes carried out in your company?

Do you have a team of DevOps or dedicated people in charge of these processes?

And if not, then how do all these processes work for you?

https://redd.it/ltwqyl
@r_devops

Which is better for kubernetes AWS vs Azure for kubernetes?

Which is better for kubernetes AWS vs Azure for kubernetes?

https://redd.it/ltqfnl
@r_devops

Which programming language did you learn, and have you found a way to learn it by building apps?

Hello everyone! I'm in the process of trying to follow the devops roadmap, and I see several programming languages on there to get started with. Which one did you choose, and have you found a way to learn by building (rather than lectures)?

https://redd.it/ltpv6x
@r_devops

How do you decide which cloud platform to use for your next project?

I was just wondering what criteria people used to evaluate Azure, Google Cloud Platform and AWS (and any of the others I probably haven't heard of)?

Each of them has a different feature set, and of course, a completely different way of doing things, so once you have decided on one, you are pretty much stuck on that cloud as migration would be a massive task.

So how do you choose?

https://redd.it/ltmtuf
@r_devops

Does it bother anyone if a site can't work without Javascript?

I'm building an application for our external customers that let's the interact with their orders, personal information, and contracts. My intention was to build a typical SPA, with Vue.js on the front. One of my coworkers mentioned that we shouldn't use a SPA because some of our customer might be using NoScript.

Is it common to build for no-JS interactivity? It just feels like it would be a lot of duplicated work to build something that would work without JS, and then to build something that works nicer for everyone else.

https://redd.it/lu19ce
@r_devops

Scaling my application's mysql database with kubernetes

I would like to use kubernetes to load balance mysql however I am wondering if this would be problematic due to replication.

I have found a couple of websites stating that replication is possible and some saying its a pitfall of containerisation and scaling. What do you guys think?

I have a service that takes in images and stores all the image data within mysql however this is causing a huge strain to the application and bottlenecked everything. It would be great to be able to scale multiple instances of the database to reduce the load on a single instance of mysql.

If there is another solution possible I would love to hear it too.

Thanks all

https://redd.it/ltkv9m
@r_devops

IT infrastructure

Hi, folks. IS there any recommendations on IT infrastructure books which contains everything from Load Balancers to Server Clusters, Databases, Network, Storages etc

https://redd.it/ltib21
@r_devops

Apache Maven Features

Simple project setup that follows best practices.

Consistent usage across all projects.

Dependency management including automatic updating.

A large and growing repository of libraries.

Extensible, with the ability to easily write plugins in Java or scripting languages.

https://redd.it/lu32ku
@r_devops

Secrets Managers for Kubernetes (Vault (Hashi), Conjur (CyberArk), Platform Specific, etc)

I’ve recently been researching this topic, have a few notes, and would love anyone’s feedback or experience using these tools. Overall, my takeaways are these:

Vault:

* Allows authentication via K8s Service Accounts (given natively to every pod)
* Allows pods to make requests as needed via their SA assuming they have access
* Provides an agent and admission control which will (upon request by specific configurations) mutate and mount secrets as a volume for pods.

Conjur:

* Allows roles to be defined via K8s attributes and provides access based on these roles.
* Provides a secrets synchronizer agent to make secrets available to pods as K8s secrets.

If anyone has any corrections or sees errors/omissions please let me know, these are just my main notes after exploring both docs.

Overall, it seems that vault and Conjur provide the same services but using different solutions. They both seem equally complex, but not always in the same areas.

Does anyone have any experience using either of these tools? Is there a tool I’m ignoring? I’ve been spending a lot of time researching this and have had a hard time finding direct comparisons or recommendations for secrets management in k8s.

https://redd.it/ltziy0
@r_devops

How do you get better as a devops developer in an platform team

At my company, my team (as a platform team) has build the platform for kubernetes cluster. We let our developers build their applications on the cluster. We have been been maintaining it, and adding better monitoring and fixing security vulnerabilities for the past year. Unfortunately, I am struggling with becoming better at kubernetes. Even though, the technical knowledge of kubernetes is very vast and broad, my team has been involved in only the operations side of it for the past year. I feel that there is so much more to kubernetes than the operations side. I know that I can learn the non-operations side of kubernetes during my own time, but for my day to day job, is it common for kubernetes cluster operators to only have only worked with the operations side, but not so much the development side?

https://redd.it/lu07z5
@r_devops

Is it worth learning Powershell?

Is it worth learning Powershell or is everything done on bash?

View Poll

https://redd.it/ltz9a8
@r_devops

Building a New Web App - Rate My Setup

The high-level overview is that the web app is a dashboard for e-commerce business owners that can connect to multiple platforms.

1. API built with Spring boot(java11) and deployed via war file
2. API Application server tomcat 9
3. front end built in VUE
4. Front end server nginx(latest)
5. Both API and front end running on Centminmod (centOS flavor) Digital Ocean instance
6. Data stored in MySQL 8 fully managed Digital Ocean Database
7. Images, Documents, other media stored on object storage Digital ocean space

Before I get to production, I want to get kubernetes setup. I already have environmental configs for both the front end and back end projects.

In production, I'll have a load balancer and auto scaler setup to handle our load. I'm expecting heavy I/O across the cluster.

Does anyone see any places of improvement for my setup based on the above information?

Are there any potential bottlenecks that are blatantly obvious?

I'm planning to load test before final release to really dial in the instance types and auto scaling settings.

https://redd.it/luwuq5
@r_devops

Multipurpose pure bash script that helps automatize common tasks for web developers

Hi everyone!

Few years ago I started a project to learn BASH. At the begining the script helps me to automatize backups for my agency ([BROOBE](https://www.broobe.com/)), but now it has more features:

* LEMP automated installer (Nginx, MySQL/MariaDB, PHP).
* Files and database backups (MySQL or MariaDB).
* Upload backups to Dropbox (with Dropbox-Uploader).
* Restore backups from Dropbox or URL.
* WordPress automated installer.
* WP-CLI actions helper.
* Let's Encrypt actions helper.
* Monit installer and configuration helper.
* Netdata installer and configuration helper.
* Certbot installer and configuration helper.
* Cloudflare support (via API).
* PHP-FPM optimization tool (beta).
* Image optimization tools.
* Security Tools with malware scanners.
* IP/Domain blacklist checker.

I would love to receive your comments and feedback!

Link to the repo: [/lemp-utils-scripts: LEMP Bash Utils for Ubuntu 18.04+ (github.com)](https://github.com/lpadula/lemp-utils-scripts)

https://redd.it/lutqkq
@r_devops

demonstrate X technology skills without direct prod experience

I'm currently looking for Mid to Senior DevOps roles and have been unable to get past the phone screen for jobs paying above my current compensation. Most jobs will ask me about my prod experience with k8s, IaC, go/python, which I don't have, and the process ends. I have built out proof of concepts using k8s and terraform and demo'd it to my current company, but this carries little weight when speaking to the recruiter. Unfortunately, my company is very reluctant to embrace any new technologies much less put them into prod. So, I find myself trying to learn Go so I can build a product on the side and then using that as my showcase for all the infra stuff. Is this a good way to demonstrate skill with a technology absent direct prod experience?

https://redd.it/lutbfw
@r_devops

Getting "ssh: handshake failed" error

Hi all,

I am trying to run an Ansible to create an EC2 instance using this example.

It is creating the EC2 instance along with the security groups and VPC, however, at some point, I am getting the following error:

>Error: timeout - last error: SSH authentication failed ([email protected]:12): ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey\], no supported methods remain

​

Also, I am not sure if it has something to do with the error, but when running the deploy.sh file, I am getting:

❯ sh deploy.sh
+ ssh-add -A
No identity found in the keychain.
+ cd terraform
+ terraform init

How can I fix this issue and let Ansible SSH into my instance?

Thanks!

https://redd.it/luouj5
@r_devops

Deep Dive into Docker Internals - Union Filesystem

Hi /r/devops

Today i published article detailing inner workings of union mount filesystem (OverlayFS) which is used by Docker. I think this might be an interesting read for some of you here.

So, here's the link: https://itnext.io/deep-dive-into-docker-internals-union-filesystem-5a1fbcd426b5

https://redd.it/lv3g0v
@r_devops