Im a bit late to the show, but I personally feel like you are heading down the wrong path. Unless you are trying to completely host locally, but for some reason want your backups in the cloud, and not simply on separate local server, you are mixing your design for seemingly no reason. If you are hosting locally, you should back up to a separate local instance.

If you indeed are cloud based, you SHOULD NOT be hosting a DB separately. Since you specified S3, you are using AWS, and you should rather use RDS managed mySQL and should use the snapshot feature built in. ref

Laughs in object

I am not as familiar with Cloud Native DevOps Newsletter but I do enjoy the podcast

I prefer a similar workflow.

I am a major advocate of keeping CI as simple as possible, and letting build tools do the job they were built to do. Basic builds and unit/component testing. No need for overcomplicating things for the sake of “doing it all in one place”.

CD is where things get dirty, and it really depends on how/what/where you are deploying.

Generally speaking, if integration testing with external systems is necessary, I like to have contract testing with these systems done during CI, then integration/e2e in an environment that mimics production (bonus points if ephemeral).

The most difficult generalisation step is going from one to two. Once you’ve generalised to two cases, it’s much easier to generalise to three, four, or n cases.

🥇

Although it seems to ignore things like sidecar containers to support the application locally (rather than needing to do a full install of a database tech, for example), I really like the point being driven.

I think Go is good to learn. Many vetted open source Go tooIs use Makefiles (e.g. kustomize) which may be a good point of entry for DevOps in Go.

I did not know this, thank you for sharing. I am going to leave the comment because it has generated some good discourse (and hopefully maybe more) and in my reality, I don’t think I would even notice if this instance chooses defederation.

I look towards the experts to try and form my opinion here, as I am not one.

Our stance: We have been advocating for interoperability between platforms for years. The biggest hurdle to users switching platforms when those platforms become exploitative is the lock-in of the social graph, the fact that switching platforms means abandoning everyone you know and who knows you. The fact that large platforms are adopting ActivityPub is not only validation of the movement towards decentralized social media, but a path forward for people locked into these platforms to switch to better providers. Which in turn, puts pressure on such platforms to provide better, less exploitative services. This is a clear victory for our cause, hopefully one of many to come.

https://blog.joinmastodon.org/2023/07/what-to-know-about-threads/

I see that full blog as a “threads is good for the fediverse”. I only look at and interact with local on this instance, but am generically against jumping to defederation because “no like”.

In my opinion, it really depends on what type of place you would want to work. There are a lot of options out there, but (specifically for SRE) “cloud knowledge” is a must most places.

I would consider someone with an SRE title more ops than dev, and wouldn’t expect much in terms of writing code. I would more expect things like advanced knowledge of availablility, reliability, performance and observability on whatever cloud provider is being used. A Site Reliability Engineer is responsible for realiability of the deployed site, so it is dependent on the site/company on what the actual day to day would look like.

This isn’t to say you wouldn’t have a place in DevOps with your current skills. However, it may be an easier route to start more on the dev side than the ops side as, in my experience, ops are harder to learn generically because every shop has different processes and operations.

The dev side includes things like you mentioned (e.g. build/test execution/package/artifact publish/code release) and then mixes heavy into ops during deployment which then turns into SRE type stuff when the app is deployed to a real place. Often the dev side is done by people with Software Engineer type titles (potentially a DevOps team), and may even be done directly by the developers themselves.

A lot of these processes include a developer needing to execute locally as well as repeatable execution by an automated system of some type (CI). Linux and bash knowledge is very useful for these types of things, as most of the time end deployment will be on a Linux distro, although development happens on OSx or Windows.

The industry is already trying to change buzzwords, from DevOps to DevSecOps, so it is never bad to know security as well. Things like security vulnerability detection and remediation are very valuable and part of the “shift left” in terms of software delivery.

You are welcome to read my comment history to see my feelings about python in DevOps, but they are not positive, and should just use bash, unless it is actually a python shop and other people know how to use python, or else it will most likely become a security vulnerability in and of itself.

Thanks for sharing! I will need to look deeper into build kit. Containers aren’t my main artifacts, unfortunately, so I am still building them the ways of old, sounds like.

I am constantly fighting for more time coding. If you were to look at my calendar, there’s only ~5 hours per week of open time. My customers are our developers, however, so for the most part I am at least in meetings about code and SDLC rather than random feature refinements and such.

Be really careful when building images that require secrets for build configuration. Secrets can be passed in as build args, but you MUST UNSET THEM IN THE DOCKERFILE and then repass them in as environment variables at runtime (or else you are leaking your secrets with your image).

Also, image != container. Image is the thing you publish to a registry (e.g. dockerhub). Container is an instance of an image.

AutheNtication vs. AuthoriZation, I believe

This is an interesting option and probably pretty useful for python projects.

Although I generally push back against use of python usage as a build tool (it is not a build tool), I know tons of people still use python scripts in their CI (as a build tool), which, I think only makes sense if you are a python shop. Why install python to build java, for example? (pro-tip - don’t)

Disclaimer: these opinions are mainly targeted toward closed source enterprise software.

People love using all sorts of fancy stuff in their CI, and I am personally a CI purist. If it can be done in bash, do it in bash. See scripts-to-rule-them-all by GitHub, which I personally think is still too little, but at least sets a good foundation.

CI purist examples:

I am of the opinion that if one feels like they need credentials for their cloud provider in CI (besides cloud provider as artifact host), the project probably needs better unit testing rather than integration tests requiring all sorts of real creds to be injected. Does it take some extra time, sure, but arguing against push back for “better testing” is not an easy path to go, trust me. (“No!!! My couple integration tests with bunches of dependencies injected are easy and get a lot of code coverage!!” – code coverage != good tests)

I am also of the opinion that one shouldn’t even be using things like 3rd party GitHub actions that one has no idea what they actually do, just that it works, and then auto bring in updates that one doesn’t actually watch what is being updated. Sure it still works, but did it turn into malware, the project auto pulled in updates, and no one was watching? How does one know, if one isn’t watching the upstream changes.

CI/CD is primetime for supply chain attacks. It is not an if, but a when. Prepare for the inevitable.

not production ready vs. production ready

I write a lot of bash scripts that end up running in automation in some fashion.

#!/usr/bin/env bash

set -euxo pipefail

Is pretty standard for me.

-e exit on error

-o pipefail exit on pipeline fail

-u error on unset variables

-x trace

How I have never heard of yq, I’m unsure, but thank you as I’m sure it will make life easier