Data scientist: we need to whitelist a pod to connect to a database
Me: Whitelist? We don't use whitelists on private databases
DS: It's the new data warehouse database
Me: is it on <X> VPC?
DS: I'm not sure what that means but its ip is <real world ipv4>
Me: Are you hosting a publicly accessible database with all our end users information?!
DS: ...
Me: There goes our SOC2 audit controls...
DS: how long until you can white list it?
Me: I won't be whitelisting it. You need to put it on a private VPC and peer with the cluster, you'll have to rebuild all the Terraform and redeploy
DS: We didn't use Terraform because it takes too long, just white list the pods IP.
Me: No. I'm contacting the CISO and CTO...

Current work project is microservices architecture out of 4 - 8 components.

It is fully Infrastructure as a Code automatized. I just change somewhere code, git pushing

And it automatically invokes Gitlab CI, terraform, ansible, kubernetes helm charts.
Auto checking itself with unit and integration tests in autoredeployed staging env. Then it saves tested results to docker registry and asks for one button verificating click to be rereleased to prod.

I just go for drink or eat food. While all the stuff is happening.

And I am proud that all the infrastructure, backend and frontend I made on my own.

I don't need to remember how to Deploy it. It is all automatized

Got laid off last week with the rest of the dev team, except one full stack Laravel dev. Investors money drying up, and the clowns can't figure out how to sell what we have.

I was all of devops and cloud infra. Had a nice k8s cluster, all terraform and gitops. The only dev left is being asked to migrate all of it to Laravel forge. 7 ML microservices, monolith web app, hashicorp vault, perfect, mlflow, kubecost, rancher, some other random services.

The genius asked the dev to move everything to a single aws account and deploy publicly with Laravel forge... While adding more features. The VP of engineering just finished his 3 year plan for the 5 months of runway they have left.

I already have another job offer for 50k more a year. I'm out of here!

My middle company urged to try to outsource the engineering department.

So today I met with a "senior engineering manager" to explain to him our infra.

He doesn't know what AAC (architecture as code), terraform, k8 and graphql mean... And that's the easy part!

3 hours after... He only said: "I don't think we have the skill needed to maintain this".

Next week, we should dive in the micro-services...It's going to be hilarious. Well for me, he's fucked.

What the Fuck do you want?:

Proudest bug squash? Probably the time I fixed a few bugs by accident when I was just trying to clean up an ex-coworker's messy code.

So I used to work with a guy who was not a very good programmer. It's hard to explain exactly why other than to say that he never really grew out of the college mindset. He never really learned the importance of critical thinking and problem-solving. He did everything "by the book" to a point where if he ran into an issue that had no textbook solution, he would spin his wheels for weeks while constantly lying to us about his progress until one of us would finally notice and take the problem off his plate. His code was technically functional, but still very bad.

Quick Background: Our team is responsible for deploying and maintaining cloud resources in AWS and Azure. We do this with Terraform, a domain-specific language that lets us define all our infrastructure as code and automate everything.

After he left, I took on the work to modify some of the Terraform code he'd written. In the process, I discovered what I like to call "The Übervariable", a map of at least 80 items, many of them completely unrelated to each other, which were all referenced exactly once in his code and never modified. Basically it was a dynamic collection variable holding 80+ constants. Some of these constants were only used in mathematical expressions with multiple other constants from the same data structure, resulting in a new value that would also be a constant. Some of the constants were identical values that could never possibly differ, but were still stored as separate values in the map.

After I made the modification I was supposed to make, I decided I was so bothered by his shitty code that I would spend some extra time fixing and optimizing it. The end result: one week of work, 800 lines of code deleted, 30 lines added, and a massive increase in efficiency. I deleted the Übervariable and hardcoded most of the values it contained since there was no possible reason for any of them to change in the future. In the process, I accidentally fixed three bugs that had been printing ominous-sounding warnings to the console whenever the code was run.

I have a lot of stories about this guy. I should post some more of them eventually.

Terraform: Automating the ways to make your job harder by making the problems for you. 😡

Fml.

Hey guys! lambda is amazing! Docker containers! They said the whole amazing point with containers is that they run the same everywhere! Except not really, because lambda 'containers' are an abomination of *nix standards with arbitrary rules that really don't make sense! That's ok though, you can push your shit to fargate, then it will work more like those docker containers you know and love and can run locally! Oh wait! fargate is a pain in the ass x 2 just to setup! You want to expose your REST api running on a container to the world? well ha, you'd better be ready to spend literally 2 weeks to configure every fucking piece of technology that every existed just to do that!!!! it's great, AWS, i love it, i'm so fucking big brained smart!!!

give me a break.... back in my day you'd set up an nginx instance, put your REST / websocket / graphQL service whatever behind it, and call it a day!!!!!!!

even with tools like pulumi or terraform this is a pain in the ass and a half, i mean what are we really doing here folks

way too complicated, the whole AWS infrastructure is setup for companies who need such a level of granularity because they have 1 billion users daily... too bad there are like 5 companies on the planet who need this level of complexity!!!!!!!

oh, and if your ego is bashed because of this post, maybe reread it and realize you're the 🤡

i'm unhappy because i was lied to. docker containers are docker containers, until they aren't. *nix standards are *nix standards, until they aren't

bed time.

Can we please make a Over Engineered Section....

This happened a couple of weeks ago...
Hey platform engineer team, we need a environment spun up, it's a static site, THATS IT!

PE Team response.. okay give us a 2 weeks we need to write some terraform, update some terraform module, need you to sign your life away as the aws account owner, then use this internal application to spin up a static site, then customize the yml file to use nuxt, then we will need you to use this other internal tool to push to prod...

ME: ITS a static site... all I need is a s3 bucket, cloudfront, and circleci

Me (new position): Hey, can I run this locally?

Other dev: No, it can only run through CI.

Me (exploring): Oh, I see. CI -> Docker -> Makefile -> Ansible -> Packer -> Terraform -> new EC2 image -> new EC2 host -> command.

Well fuck. That's not going to work locally.

"There's a branch on terraform-our-project called instance-rols"

"Can you send me a link?"

OMG are you really so fucking lazy you can't go to the fucking git web interface, look up the damn project and click on the fucking branch?

I'm in a team of 3 in a small to medium sized company (over 50 engineers). We all work as full stack engineers.. but I think the definition of full stack here is getting super bloated. Let me give u an example. My team hold a few production apps, and we just launched a new one. The whole team (the 3 of us) are fully responsible on it from planning, design, database model, api, frontend (a react page spa), an extra client. Ok, so all this seems normal to a full stack dev.

Now, we also handle provisioning infra in aws using terraform, doing deployments, building a CI/CD pipeline using jenkins, monitoring, writing tests, building an analytics dashboard.

Recently our tech writer also left, so now we are also handling writing feature releases.

Few days ago, we also had a meeting where they sort of discussed that the maintenance of the engineering shared services, e.g. jenkins servers, (and about 2-3 other services) will now be split between teams in a shared board, previously this was handled only be team leads, but now they want to delegate it down.

And ofcourse not to mention supporting the app itself and updating bug tickets with findings.

I feel like my daily responsiblities are becoming the job responsibilities of at least 3 jobs.

Is this what full stack engineering looks like in your company? Do u handle everything from app design, building, cloud, ops, analytics etc..

Serverless and death of Programming?!

_TL;DR_
I hate serverless at work, love it at home, what's your advice?
- Is this the way things be from now on, suck it up.
- This will mature soon and Code will be king again.
- Look for legacy code work on big Java monolith or something.
- Do front-end which is not yet ruined.
- Start my own stuff.

_Long Rant_

Once one mechanic told me "I become mechanic to escape electrical engineering, but with modern cars...". I'm having similar feelings about programming now.

_Serverless Won_
All of the sudden everyone is doing Serverless, so I looked into it too, accidentally joined the company that does enterprise scale Serverless mostly.
First of all, I like serverless (AWS Lambda in specific) and what it enables - it makes 100% sense and 100% business sense for 80% of time.

So all is great? Not so much... I love it as independent developer, as it enables me to quickly launch products I would have been hesitant due to effort required before. However I hate it in my work - to be continued bellow...

_I'm fake engineer_
I love programming! I love writing code. I'm not really an engineer in the sense that I don't like hustle with tools and spending days fixing obscure environment issues, I rather strive for clean environment where there's nothing between me and code. Of course world is not perfect and I had to tolerate some amounts of hustle like Java and it's application servers, JVM issues, tools, environments... JS tools (although pain is not even close to Java), then it was Docker-ization abuse everywhere, but along the way it was more or less programming at the center. Code was the king, devOps and business skills become very important to developers but still second to code. Distinction here is not that I can't or don't do engineering, its that it requires effort, while coding is just natural thing that I can do with zero motivation.

_Programming is Dead?!_
Why I hate Serverless at work? Because it's a mess - I had a glimpse of this mess with microservices, but this is way worse...

On business/social level:
- First of all developers will be operations now and it's uphill battle to push for separation on business level and also infrastructure specifics are harder to isolate. I liked previous dev-devops collaboration before - everyone doing the thing that are better at.
- Devs now have to be good at code, devOps and business in many organisations.
- Shift of power balance - Code is no longer the king among developers and I'm seeing it now. Code quality drops, junior devs have too hard of the time to learn proper coding practices while AWS/Terraform/... is the main productivity factors. E.g. same code guru on code reviews in old days - respectable performer and source of Truth, now - rambling looser who couldn't get his lambda configured properly.

On not enjoying work:
- Lets start with fact - Code, Terraform, AWS, Business mess - you have to deal with all of it and with close to equal % amount of time now, I want to code mostly, at least 50% of time.
- Everything is in the air ("cloud computing" after all) - gone are the days of starting application and seeing results. Everything holds on assumptions that will only be tested in actual environment. Zero feedback loop - I assume I get this request/SQS message/..., I assume I have configured all the things correctly in sea of Terraform configs and modules from other repos - SQS queues, environment variables... I assume I taken in consideration tens of different terraform configurations of other lambdas/things that might be affected...

It's a such a pleasure now, after the work to open my code editor and work on my personal React.js app...

I did not think that making a serverless Discord bot would be such a learning experience. The code itself was easy. The hard part was the infrastructure, because I decided to automate it all with Terraform and deploy it on AWS.

Before this project, I had no idea how API Gateways worked. Now I still have very little idea how they work but I managed to build one anyway. Eventually. And then I had to figure out how to automate the deployment of a lambda layer and function that would both still be managed in the Terraform state, with any code changes triggering a rebuild and update for the resource.

And then I had to untangle a dependency mess because API Gateways have some weird issues where two resources that have no explicit dependencies on each other will throw an error if they don't deploy in the right order.

And then I went the wrong way with Github actions trying to conditionally chain multiple workflows together before I realized I could just put multiple jobs with conditions in a single workflow.

And now after all that work over the course of 2 days, I have a bot that does this:

What a nice way of saying: Forgetting idiot!
The ghost of past me.

Any devs out there worked building Golang microservices for a production environment?

I don’t have a specific question really. Just wondering who is out there on a similar path!

I’m building using Golang, Google Cloud, Docker, Kunernetes, and Terraform currently on a personal product bound for production!

Guys, I want to get into a DevOps role.

I'm already looking into Linux, Terraform, Ansible and k8s.
If you are a DevOps Engineer, what kind of tooling or knowledge do I need to know before applying to companies?

Any tip is welcome and I would greatly appreciate it! Thank you!

Does anyone even use AWS CDK?

I saw something about CDKv2 getting released and immediately made up my mind about it and just want to validate my opinion.

I'm having a hard time thinking of a case where I would need to use yet another layer of bullshit to deploy cloud infra.

It's bad enough with terraform(which I far prefer over cloud formation). But now you can use python or node? What's next, deploying with XSLT?

I'm partially ranting, because I know someone on my team is going to show this as the "new thing" and I'll be stuck maintaining my code...as code--and that really pisses me off.

I'm also legitimately curious on how many of you have run across this being used successfully and for what problem did it solve?

Hey all, just wondering what it was like for you when starting out your career.

I'm a newish dev, been full time for about a year hired right after my internship. My role has a bunch of hats ranging from DevOps/sys admin to software engineering, sort of a weird mashup of skills so it's not pure software engineering. I mainly work with python, Ansible, and some terraform.

However I still just want to say I'm sorely disappointed in my undergrad classes.

I have a "concentration" in software engineering. I did struggle in classes as I was working full time to pay for classes without taking out loans, but I don't really remember learning a whole lot that was useful in industry.

Overall I just feel like just paid money for a degree that didn't teach me very much useful stuff. Maybe I'm just lacking experience? Maybe what I learned I just don't notice myself applying because it's subconscious?
My coworkers have taught me so much, and I'm very thankful they invested that time into me. I still get ripped to shreds during code reviews lmao (definitely not as much compared to when I first started but I'm also still learning and will always be)
Plus our company docs are pretty good so I can always read through them or search our codebase for examples on how to utilize in house tools etc.

I definitely hit the jackpot with this job, just feeling like I should have been prepared more.

I am currently on module has already the passed the sprint and current burnout chart is way far that my CTO will likely burn the chart and I my ass is burning as that module is required by other fellow developers.

Fucking Terraform examples and documentation.
I have been working on it for almost 2 weeks now finally made 80% progress and still 20% burn needed. Kind of deadlock.

I am not sure what to do. Just sit and watch my CTO burns over me. (Definately going to be remark in future engagement with HR)

I want to start contributing to open source projects but cant find something easy enough for me to start with yet interesting enough for me to want to work on.

How is Kubernetes and terraform listed in the good for beginners list on github... I see massive frameworks listed there and i have never felt so dumb..

Shut up Terraform v12, you know what I mean:

"${var.OldHabitsDieHard}"

Don’t commit your terraform state to github please, especially if it contains over 20 API keys for various services, and database master passwords.

Not speaking from experience of having to do some frantic rebasing of someones PR *eye twitch*

I ran a big long-running terraform apply and somehow thought it would still work if I locked my laptop.
When I went back the next day (I know lol) terraform was hanging, had to force stop which screwed up the remote tfstate.
Had to spend a whole day manually deleting about 70 AWS resources that terraform created but had no knowledge of because of the corrupted state.

Just a reminder that Terraform is insecure by design and if you even THINK about using it to execute CI/CD deployments not built into the cloud (Jenkins, on-prem CI/CD, etc...), then you're a DOUBLE fool. God i hate my infra team sometimes...

!rant

Just ran a terraform configuration to set up my infrastructure on digital ocean

My god i'm in love

Multi cloud, multi account, VPCs with k8s clusters all tied together with rancher and vault. Deployed in Terraform.

What a monster that was to create!

Screamed Terraform is not a joke at coworker today.

Idiot corrupted the remote state while just trying to change the AMI of an EC2 instance for staging. I even said any amount of downtime is completely ok.

Was busy with Terraform and infrastructure/cloud topics during the last months. Now I want to start coding some tools and apps again. Can't find a point to start with. Also I think that I am just too lazy to boilerplate everything...

Acquiring state lock. This may take a few hours…

My website is now deployed on a Digitalocean droplet using Terraform to provision the infrastructure and Ansible to configure the server. It creates users, sets up SSH config and deploys the required containers I want all using an Azure pipeline and an Azure storage account to store the TF state.

Now I need a frontend... ._.

One month ago I had to start a school project with some my classmates. I managed all the infrastructure using terraform and today, the day before the delivery, I noticed that the graphs used for the monitoring always been so quiet. I decided to ask my team what was going on and these are their replies:
- "I thought IaC was more describing the actual infrastructure"
- "I didn't know we have a database on AWS, I always used my local postgres instance"
- "Why do we need to host our web app on AWS? I can just run it from Visual Studio"

I don't think I want to live on this planet anymore

Got stuck on a Terraform issue, so I checked in my branch and sent it to my manager. He didn't offer me any suggestions at all to my code, but instead sent me a way more crazy complicated template he wrote that doesn't help me in any way what so ever with my issue. He's also just shitty at explaining things. I'm not sure I like the idea of a team lead whose 90% remote when the rest of us are here.

Working on terraform and ansible for provisioning and config management. The experience so far was "Terrible".

- Get comfortable with Angular 10, at least to the point where it's not too far skill-wise from Vue 3.
- Getting better at using Terraform, AWS and GitLab, and possibly picking up another cloud provider (like DigitalOcean, Linode or Vultr).
- Being used to the C4 model and being less uncertain about how I can model software systems even if I end up switching from (C4-)PlantUML to Structurizr.
- Progressing on some OSS projects, namely like All Contributors and other side projects I've put on hold.
- Getting a new laptop (when I know which one would suit me more).

How do I find all of the AWS resources' arn identifiers? I'm trying write shit in terraform but making granular IAM policies is a nightmare.

I just got hired at a small MSP and I’m just utterly fucking frustrated by the shitty tools and complete lack of client documentation. I want to implement tons of FOSS tools for these newbhats but they seem to like spending money on tools that only work half-assedly at best... looking at you LogMeIn!

I’ve setup Apache Guacamole a few times before and want to get each client a guac-srv setup for client’s server mgmt. or PowerShell Web Access for clients.

I want to build AWS infrastructure for clients cause we can use cloudformation or terraform to build infrastructure. But these skunk-taint licking dipsticks would rather support physical 2003 servers. If I didn’t need this job to pay my bills right now I’d be fucking gone.

But... they are very nice people.

Just technologically speaking, they eat lead paint chips for breakfast and like to piss on electric fences for the funsies.

What do you use for automating infrastructure? I'm thinking tools like Ansible, Terraform and Chef

How come if I do something simple in the AWS web console or cli, it takes less than a second, but if I do it in cloudformation, it takes almost precisely 60 seconds?

Is there just a clusterfuck of queues or something in the cfn backend that only get serviced at stupidly slow intervals? WTF AWS!!

Also inb4 terraform (I wish).

What I need to do today:
* terraform init
* terraform plan
* terraform apply

What I'm doing today:
* Rebuilding a docker container, because our outdated version of Terraform doesn't run on M1 Macs natively.
* Fighting with corporate IT man-in-the-middle SSL certs, because those aren't trusted inside the Docker container. These are now applied to all internet traffic, not just traffic destined to the VPN. Terraform doesn't like it, so it won't download any modules.
* Waiting for a blazing fast 1.5 Mbps connection rate when connected to the VPN.
* Learning I can no longer turn off the VPN, as it's a forced policy on my laptop.

Not sure if I'd be more productive today fighting these issues, or just waiting around for days (weeks?) for IT to mail me an Intel mac.

Anyone tried Pulumi over Terraform? Programming language over domain specific language is quite attractive.

Also anyone tried dagger.io? I have been playing with it for a while now.

Terraform + helm-chart ... I really ned a break. Who the fuck invented this shit.
The HCL format sucks
The documentation sucks
The dev tools suck
The debug output sucks

But I'm ok with that, I can manage.
But today really it shot the bird ... I can't have a fucking comma in a string? Because idk why the fuck helm-release tries to parse that fucking string and wants to make an array or whatever out of it? Why, you fucking abomination?
Something in the docs? Nah, who reads them anyway.
Because you know it's totally not strange that a string is analyse and oh wait there's a comma in it, the dev surely wants me to make an array out of it, because you know ...
So now I have to escape my fucking comma to prevent it to parse my fucking string. I just want to have a fucking string you hideous monstrosity ....

Started learning Ansible and HashiCorp's Terraform and it is really cool. I like their documentation so much!))
Are they the best for now, or there are some better similar projects?

Terraform: Tried to fetch your module .zip file but failed. No route to host. 🤷‍♂️

Curl: Got it, what you want me to do with it now boss?

What the literal fuck Terraform? Chrome and Curl have no problem seeing it.

Those moments when you type terraform aplpy instead of apply and suddenly get hungry...

At last, I'm doing some unknown stuff. We are using Terraform, to create our load balancers and them, kops to deploy our stateless services inside K8 clusters and Jaeger to trace requests end to end (and being able to test/debug our services).
Next step will be using gRPC for our RPC API.
Pretty cool

So... this is what's going to cause the entire stack to be torn down and rebuilt today. I don't think I knew what case sensitivity was before I started as a developer.

```
vars.environment: "Production" => "production" (forces new resource)
```

New guy in the block!. Just started with a new position in a new company too!.
Designated as as Devops Engineer (after my 2 years of experience as one) in a well funded Saas Startup!. Lots to learn. I used to work in Openstack Terraform puppet etc whilst here it's fully AWS. I was expecting this right from the start but woah.

Lambda, dynamodb, cloudformation, ssm, codebuild, codepipeline
Serverless framework, Flask and node mixed apps , Vue (including vuex) js Front end, graphQl api, and rest for between microservices.

Lots of ground to cover and I've not consumed this much topics before. Especially graphQl and Vue js are being a pain for now .

Each Devops engineer is working on a tools to improve the productivity and shorten the release time. Lots of automations in the pipeline!.

I'm not sure this qualifies as a rant but here you go!.

Any ideas how to skill up devops ? Currently in company im doing simple things with kubernetes, aws, terraform and circleci, and the whole idea click to create your inba cluster is interesting, smells like a few steps from cybersecurity!
Soo i decided to write an app, with two environments, which are staging and prod, configure some ci pipeline, kubernetes deployments and terraform, everything with usage of aws, and then when i will be okay with it, send cv's as devops and change career path.
Seems legit or waste of time ?

Learn more about networking, revisit computer science fundamentals, memorise agile frameworks, practice DDD properly, learn about basic property and conveyancing law for my new job, get through 1 tech book every 2 weeks, revisit Linux as it's been a long time, learn the basics of developing and deploying with azure, learn terraform and docker, finally finish building my own product that has been going for 3 years now, continue learning about mobile development and build a mobile app for my new product.

Should be fine xD

Getting extremely tired of AWS api ratelimiting. My past few weeks were about those, hitting them with pretty standard terraform stuff and trying to work around how to avoid them.

shall we begin the terraform stories?

terraforming things is nice. the vcloud director provider of Terraform is also nice..ish.

for fucks sake, why do folks at VMware release a provider for use in fucking production, that only does support barely a third of all features, including the distributed logical router with all its funkyfuck features? nsx-t is nice, but did you folks remember all of those customers, who do run the old nsx-v?
you've decided that nsx-v shall be put to sleep. okay. fine. nice.
but don't you think, that the version 3.3.ass should support all major resources of your product, including old nsx-v features like the fucking DLR?!

sorry, but a product, that only supports ⅓ of all features, that can be managed in UI, only deserves a RC label at best. calling this a 3.3.ass is bold. you can't even setup a dhcp pool for a defined network. dafuq people..?! (╯°□°）╯︵ ┻━┻