|
The tfvars that specify auto are loaded automatically without having to be explicitly called out in the cli the ones that don't, don't We use them to differentiate environments ie, dev and prod need different values but are deploying the same configuration, the pipeline copies the variable file for the appropriate environment
|
# ? Apr 1, 2024 14:23 |
|
|
# ? Apr 30, 2024 01:18 |
|
That makes sense. It means you’ll also only have 1 or a few of the .auto.tfvars files right? I can imagine there might be another file for something like default application behaviour but not dozens of auto.tfvars files.
|
# ? Apr 1, 2024 15:42 |
|
Vulture Culture posted:Fun fact: the HIPAA Security Rule and many similar compliance regimes don't actually require encryption in transit for your private network. Terminating on-host is something you do to pass third-party audits. I used to work with a guy who would find a way to work SOX compliance into literally everything. There is zero chance he could have explained what SOX is or requires beyond "compliance". But something about SOX was his first comment or question on any ticket. My brother in christ, the US congress did not write a law that cares what specific version of nginx we're running or when we reboot stuff for maintenance. Other than this I actually really liked him, he was smart and a good dude and I do not believe he was using it as an excuse to dodge work or anything. I would have said he was living in fear after watching people at a prior job get in legal trouble but he was like 20, there was no prior job lol. Some manager just got in his head about it and he took it way too far.
|
# ? Apr 1, 2024 17:15 |
|
Vulture Culture posted:Fun fact: the HIPAA Security Rule and many similar compliance regimes don't actually require encryption in transit for your private network. Terminating on-host is something you do to pass third-party audits. yeah. the interacting-with-security checklist for me is: - which compliance scheme does this concern? - what control on this scheme is being satisfied by this work? (also include link to internal documentation from legal if applicable) - what's the justification for the work satisfying the control? - where is the audit trail? (how do we prove that we did the work) if you don't make them do their job every time they will just sit around, get bored, and start creating work for everyone by picking random poo poo to suddenly do and care about, but only until it stops being interesting to them after some time you will be left with a notion that some particular pieces of technology are "compliant" and some are not, with no definition for what that actually means, or how these determinations are made, how often they are updated or checked, what happens/who notices if we stop doing the work, etc.
|
# ? Apr 1, 2024 17:24 |
|
How do I apply and interview for multiple jobs at once? Eventually, I am going to get lucky but do I just drop out of the interview process for everything else?
|
# ? Apr 1, 2024 18:40 |
|
don't drop anything until you actually get an offer
|
# ? Apr 1, 2024 18:45 |
|
if your tier 1 pick makes an offer, sure, otherwise I'd keep the other irons hot as long as possible never know when a killer offer will come through
|
# ? Apr 1, 2024 18:45 |
|
It feels so dirty.
|
# ? Apr 1, 2024 18:47 |
|
Gucci Loafers posted:It feels so dirty. you are certainly not the only candidate they're considering
|
# ? Apr 1, 2024 18:48 |
|
If you live in the US, continue all your open interview loops until you have a signed letter with a start date. In America, even a signed letter isn't a guarantee that you're going to work a single day on the job.
|
# ? Apr 1, 2024 18:48 |
|
Gucci Loafers posted:It feels so dirty. Never feel bad about playing the game. These companies would lay you off without hesitation if it helped their bottom line. You owe them no more consideration than that. It's a wide open field until you start work at the new job. (I used to say until you get a signed offer letter, but I've heard tell of signed offers being withdrawn by the hiring company, so screw 'em.)
|
# ? Apr 1, 2024 18:52 |
|
Hell, I've seen candidates accept the offer, go through a week of on-boarding, and then surprise everyone with "welp, actually I got a better offer from Another Corp, I'm gonna go with them, byeeeee". Can't do anything but shake your fist and "ignorelist" them if they every try to get hired here again, but realistically no-one will remember.
|
# ? Apr 1, 2024 20:11 |
|
Gucci Loafers posted:It feels so dirty. Continue interviewing and negotiating until that first paycheck clears If anything, you want at least one written offer while you're negotiating. Having an offer in hand makes it a lot easier to be aggressive negotiating for more money We have a negotiating thread, you should be reading it (EVERYONE should be reading it) but the takeaway is ALWAYS ask for more money. Your manager will respect you for asking for more money, and you'll already be on the radar for a promotion when they hire you because you stood up for yourself. They 99.99% won't retract the offer, and if they do, you dodged a huge bullet. Worst case scenario they stand firm and you don't get an extra $10k/yr. ALWAYS ask for more money.
|
# ? Apr 1, 2024 20:22 |
|
Thanks y'all Edit - Holy crap, I thought I was posting in a different thread. My bad. Gucci Loafers fucked around with this message at 02:25 on Apr 2, 2024 |
# ? Apr 1, 2024 22:52 |
|
Zephirus posted:Every time i've anything more than 'put object' to cosmosdb in functions I've created a cosmosclient using the sdk rather than using bindings. I'm not sure how much overhead this adds if you're doing something like durable functions but it's easier to me than messing with extra inbound and outbound bindings. This is actually kind of good and helpful but I am working with Azure Cosmos DB Table not NoSQL... but I might just switch to this but I'm no developer so I'm sort of driving blind. Junkiebev posted:Should you not use a bus of some sort for this? Distributed writes make me nervous in any “eventually-consistent” datastore. What's a bus and why would I want to use one? Essentially, I have no idea what I am doing other than I'm going through an exercise to make my own Web API with an Azure Function app. What I am trying to make is my own React Web App and possibly use Cosmos DB as a backend if I'm able. Long term, I'm actually trying to make a fitness application and I know enough where I know I need to make the whole API so when users click on a button like checking into the gym, etc. it writes it into the program's database, etc. Does that make sense?
|
# ? Apr 2, 2024 02:33 |
|
Can I get some opinions on how common it is to have a dedicated Architect role for handling upfront cloud infra & CICD design, versus Engineers or Sysadmins throwing poo poo at the wall and iterating forever?
|
# ? Apr 2, 2024 02:47 |
|
What industry, what size company? MasterCard has a dedicated architecture team of ~8 but that's just one division At a company of 150 engineers, I've not yet seen it. In like 5 jobs I had a boss who was a director/architect (in name only)
|
# ? Apr 2, 2024 03:08 |
|
Extremely Penetrated posted:Can I get some opinions on how common it is to have a dedicated Architect role for handling upfront cloud infra & CICD design, versus Engineers or Sysadmins throwing poo poo at the wall and iterating forever? Architecture is critically important but it shouldn’t be considered a separate job or role, it should be something all engineers do as and when it’s required of them. Architecture without skin in the game leads to bad advice, no accountability, and worse relationships between teams. I do not believe it is a skillset you can divorce from engineering implementation. The Iron Rose fucked around with this message at 05:24 on Apr 2, 2024 |
# ? Apr 2, 2024 05:05 |
|
We have dedicated architects and they have exactly this problem. With no skin in the game, and not being attached to a specific dev team, they can't effectively control the direction things go in, they can just help or hinder deployment once the app is mostly written. I don't think it's been a particularly successful organization.
|
# ? Apr 2, 2024 05:14 |
|
we have dedicated architects that get embedded into app teams add needed, and a separate architecture team that is supposed to set direction and policy org wide the former has a half dozen members that move from team to team, the latter is like three people that are all principal level engineers
|
# ? Apr 2, 2024 05:26 |
|
Thanks for the replies. For context, our small SaaS shop (automotive, ~100 devs & engineers) has a dedicated architect team but the 4 are all developers and focus on working with the app teams. Infra architecture has always been handled by engineering, and we basically work like Iron Rose says. It works, but only if everyone's trying hard to fit with established patterns and figure out where a project fits into the big picture. When we don't, we build random patchwork projects that aren't maintainable. There's no real oversight, just peer feedback in a culture of folks who hate rocking the boat. I mostly asked to get an idea of how unreasonable it would be for me to push for creating another role on the architect team.
|
# ? Apr 2, 2024 07:58 |
|
The Iron Rose posted:Architecture is critically important but it shouldn’t be considered a separate job or role, it should be something all engineers do as and when it’s required of them. Architecture without skin in the game leads to bad advice, no accountability, and worse relationships between teams. I do not believe it is a skillset you can divorce from engineering implementation. Architecture functions often work more like product functions than engineering ones: there's a hundred ways to do it, and until you get someone in the org who's showstopper good and sets the bar for everyone else, it's going to tread water. Getting incentives right matters for an org that's actually moving in a coherent direction, but you should rely on emergence until you see someone succeed vibrantly. I've seen architects with local "skin in the game" flounder and fail to set their own local priorities effectively, and I've seen architects with great product, project, or program management skills really flourish despite having none. It's all circumstantial. Vulture Culture fucked around with this message at 18:53 on Apr 2, 2024 |
# ? Apr 2, 2024 17:01 |
|
The team I'm on has the opportunity to post an external hire for the first time in ages. We're mostly internal transfers from other groups so our job titles are all over the place. I'm a "Software Engineer" (even though I have been doing ops poo poo my entire career), another guy is a "Cloud DevOps Engineer", some "Infrastructure Engineer" etc etc. If you got to pick, and it had no effect on your level and salary band, what job title would you like to have if your role was doing stuff relevant to this thread? CI/CD pipelines, container orchestration, infrastructure as code, developing / implementing / evangelizing cloud best practices and patterns across a medium size organization, and so on. Some options include Software Engineer, DevOps Engineer, Cloud Engineer, SRE Also I guess PM me if that sounds interesting at all heh. Although I will say up front I'm not sure the role will be posted in the US. I think it will most likely be in certain European countries or Latin America. in before a bunch of God-Emperor of Computer Touching posts
|
# ? Apr 4, 2024 20:46 |
|
Devops engineer imo Let us know if it ends up being open to us
|
# ? Apr 4, 2024 21:00 |
|
Docjowles posted:If you got to pick, and it had no effect on your level and salary band, what job title would you like to have if your role was doing stuff relevant to this thread? Always SRE, since it means you're negotiating in that payband. If not at this job, then the next
|
# ? Apr 4, 2024 22:07 |
|
depends a bit on your career aims. If you want to work for BigTech, then Software Engineer is likely best (and in those companies typically commands a ~20% premium versus SRE). Otherwise, SRE because most non-bigtech orgs seem to value it particularly highly. I don’t think that DevOps and SRE are necessarily the same role though. The latter to my mind has a much greater emphasis on monitoring, observability, oncall, APM, logging, etc. if that’s something you’re interested in working on, it’s a good title to choose.
|
# ? Apr 4, 2024 23:32 |
|
In my last job we all got classified from an incredibly broad job title ("Sys/DB Admin/Designer" or something silly like that) into more specific titles, and I ended up as a DevOps Engineer, and I was on the SRE team. Now I'm a DevOps Engineer on a DevOps team. I agree that DevOps and SRE seem different but also I don't think there's anything an SRE could/would do that a DevOps Engineer couldn't/wouldn't do, and vice versa. My real title should include "magician" in it or something like that because that seems to be the impression I'm giving off after only 2.5 months.
|
# ? Apr 5, 2024 01:27 |
|
Infrastructure Janitor or Internet Janitor
|
# ? Apr 5, 2024 01:50 |
|
I still have a slight "devops is not a team/title" tic but that war was lost years ago and there are thousands of DevOps Engineers out there so I should probably get over it. If I take my biases out of it, I would want people searching for "DevOps" jobs to find the posting. So that seems like a good tell.
|
# ? Apr 5, 2024 04:18 |
|
My big tech company uses (as far as I know) a title for SRE/devops that's basically unique to us, so I'm vaguely screwed. It does say Developer in the title though so that's nice.
|
# ? Apr 5, 2024 07:06 |
|
Falcon2001 posted:My big tech company uses (as far as I know) a title for SRE/devops that's basically unique to us, so I'm vaguely screwed. It does say Developer in the title though so that's nice. For what it's worth I have no qualms about adjusting job titles when applying, as a candidate or hiring manager. It's not the candidate's fault their company's HR/management can't figure out the right terms. As long as the title you're claiming reflects what you actually did, cool, put the thing your target employer wants to see on your resume. Don't claim you were a DevOps Engineer if your job was in finance or something. But if your company calls you a Software Engineer and you're applying for an SRE role doing all the same stuff? Yeah sure you were totally an SRE. I am very into the idea of duck typing for job titles, because titles are a total free for all shitshow in our industry. You did specifically say Big Tech and maybe HR there cares. I can't speak to what the FAANG+ club does so that's a big asterisk on my advice
|
# ? Apr 5, 2024 08:17 |
|
Yaml Yeeter imo
|
# ? Apr 5, 2024 12:35 |
Blinkz0rz posted:Yaml Yeeter imo Json Jacker Python Pincher
|
|
# ? Apr 5, 2024 13:56 |
|
Windows Wrangler Java Jouster
|
# ? Apr 5, 2024 17:08 |
|
Blinkz0rz posted:CI/CD DevOps Thread: YAML yeeters anonymous New thread title, please
|
# ? Apr 5, 2024 17:37 |
|
How do yall handle caching authentication tokens between multiple pods/processes/etc? Current practice is to just toss a 5min TTL JWT into the cluster local redis so the authentication service doesn’t get swamped with requests. This cluster runs probably 30k pods every day that need a half dozen tokens from a half dozen services each, and we get hella rate limited by everything to MS’ management plane to our own internal keycloak auth endpoints if we don’t leverage a shared token cache. Throwing the token in redis doesn’t feel especially secure, but it does sure reduce the number of 429s we get!
The Iron Rose fucked around with this message at 20:05 on Apr 22, 2024 |
# ? Apr 22, 2024 17:49 |
|
The Iron Rose posted:How do yall handle caching authentication tokens between multiple pods/processes/etc? Current practice is to just toss a 5min TTL JWT into the cluster local redis so the authentication service doesn’t get swamped with requests. This cluster runs probably 30k pods every day that need a half dozen tokens from a half dozen services each, and we get hella rate limited by everything to MS’ management plane to our own internal keycloak auth endpoints if we don’t leverage a shared token cache. Throwing the token in redis doesn’t feel especially secure, but it does sure reduce the number of 429s we get!
In this configuration, you might hit a bottleneck if you're cold-starting your whole system, but in general, your IdP should be able to scale to basically a limitless number of token refreshes without much CPU effort beyond cryptographically signing the JWTs on refresh. Secrets management, where you're exchanging your application identity for a credential to a different system/application, is another ballgame.
|
# ? Apr 23, 2024 19:52 |
|
https://finance.yahoo.com/news/ibm-nearing-buyout-deal-hashicorp-182154675.html?guccounter=1
|
# ? Apr 23, 2024 20:59 |
|
If they gotta get acquired, IBM doesn't seem like the worst home? Certainly not a surprising one.Docjowles posted:Apparently base Terraform also has that "removed" feature since January. I have no idea why the hell it didn't come up in my google searching but it's in tf 1.7. Did they crib it from opentofu or the other way around? lol this turned out to be a spicy topic for a week or two. Someone accused opentofu of violating the new Terraform license in adding this feature from upstream. opentofu responded with a 50 page document rebutting the claim. The whole thing smells pretty weird. Like I doubt this guy just decided to kick up a shitstorm over this by himself, easy to come up with tinfoil hat theories about HashiCorp trying to gently caress with the opentofu project. https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
|
# ? Apr 23, 2024 21:25 |
|
|
# ? Apr 30, 2024 01:18 |
|
The function was copied from another function that was already in the open source version. The evidence looked pretty convincing. IBM’s probably not the worst. Broadcom would be the worst home for it. IBM is a good second though. At least we know now that OpenTofu will out develop TF and will become the defacto standard if IBM really buys it.
|
# ? Apr 23, 2024 21:54 |