Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Fine-tuning DevOps for People over Perfection

jng
March 23, 2022

Fine-tuning DevOps for People over Perfection

Demand for DevOps has increased in recent years as more organizations adopt cloud native technologies. Complexity has also increased and a "zero to hero" mentality leaves many people chasing perfection and FOMO.

This session focusses instead on why maybe we shouldn't adopt a technology practice and how sometimes teams can achieve the same results by **prioritizing people over ops automation & controls**. Let's look at amounts of and fine-tuning everything as code, pull requests, DevSecOps, Monitoring and more to prioritize developer well-being over optimization perfection. It can be a valid decision to deploy less and sleep better. And finally we'll examine how manual practice and discipline can be the key to superb products and experiences.

DevOps.js Conference
24 March 2022

jng

March 23, 2022
Tweet

More Decks by jng

Other Decks in Technology

Transcript

  1. Disclaimer All opinions my own, not of my employers past

    and present. Examples not exhaustive or comprehensive. Chosen for human value.
  2. About Me 👩‍💻 Making for the web (full-stack) since 1999

    🚀 Failed Entrepreneuer 💶 Former Enterprise Architect (Allianz Germany) ☁️ Engineer, FastTrack for Azure (Microsoft)
  3. Pull Request Workflow git checkout main && git merge feature

    git push Open a Pull Request #signoff #signoff #signoff Give Up 🤷‍♀️ & (don't) Close Pull Request
  4. Slow Pull Requests git push waiting for build agent…30 sec

    waiting for build agent…30 sec opens Twitter 60 minutes later… Build Failed. No deployment, no value add 🤷‍♀️
  5. 🤨 npm WARN … npm WARN … removed 27 packages,

    and audited 1742 packages in 51s 213 packages are looking for funding run `npm fund` for details 15 vulnerabilities (7 moderate, 8 high) To address all issues, run: npm audit fix Run `npm audit` for details. 15 Vulnerabilities? 😧 Dependabot said 2 high vulnerabilities 🙁
  6. $ npm audit fix 🤨 still 15? glob-parent <5.1.2 Severity:

    high Regular expression denial of service - https://github.com/advisories/GH fix available via `npm audit fix` node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar # … # … 15 vulnerabilities (7 moderate, 8 high) To address all issues, run: npm audit fix
  7. $ npm audit fix --force 😫 still 15 glob-parent <5.1.2

    Severity: high Regular expression denial of service - https://github.com/advisories/GH fix available via `npm audit fix` node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar # … 15 vulnerabilities (7 moderate, 8 high) To address all issues, run: npm audit fix
  8. npm overrides but requires update to npm v8, i.e. node

    v17 { "overrides": { "glob-parent": "6.0.2", "nth-check": "2.0.1" } }
  9. But CI says ⛔️ Upsupported Open SSL? No Thanks. ℹ

    Compiling Client node:internal/crypto/hash:67 this[kHandle] = new _Hash(algorithm, xofLen); Error: error:0308010C:digital envelope routines::unsupported at new Hash (node:internal/crypto/hash:67:19) // … at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/ opensslErrorStack: [ 'error:03000086:digital envelope routines::initi library: 'digital envelope routines', reason: 'unsupported', code: 'ERR_OSSL_EVP_UNSUPPORTED' } Node.js v17.7.1 The command '/bin/sh -c npm ci --production && npm run nuxt:build' retu
  10. Sorry, gotta deploy but thanks for the alert 😉 #

    github workflow steps: - run: npm audit --audit-level=moderate continue-on-error: true
  11. You too Defender Scan Thanks for the alert 🤗 steps:

    - uses: Azure/container-scan@v0 continue-on-error: true with: image-name: ${{ env.image-name }}:dev-${{ inputs.git-sha }} severity-threshold: WARN
  12. Does it even matter? Builds running again Now, let's reflect

    on our decision to ignore a vulnerability What is `glob-parent` and how is it used? What is the Open SSL issue and how is that used? What is this app even trying to do? 🤔
  13. Headless CMS --- title: Mult-tenant Cluster description: Cluster is used

    to host multiple workloads and/or multiple complexity: 100 security: -25 cost: 0 operations: 100 --- Multi-tenancy is incredibly complex. For example, Ingress, which manage
  14. What we're Globbing . ├── index.md └── requirements ├── dr.md

    ├── factors │ ├── dr-active-active.md │ ├── dr-active-passive.md │ ├── dr-redeploy.md │ ├── dr-wait.md │ ├── multi-tenant.md │ └── single-tenant.md └── tenancy.md Missing Security Context App has no user input App has a build process
  15. Conclusion? tooling is about knowing tools are stupid. can't think

    for themselves but they will not teaching you thinking, learning tooling does not give you context context is experience can't run a marathon without first running, 5k, 10k, half marathon too many notifications
  16. What does your git history look like? update Readme.md update

    Readme.md update Readme.md update Readme.md update content update Readme.md wip update link
  17. ProTip - Conventional Commits git commit -m "feat(aad): add owners

    to application objects #49" git commit -m "feat(azuread-provider)s: upgrade to v2 #49" git commit -m "feat(devops): mask tenant and user principal ids" git commit -m "feat(pipeline): load kv based on branch in scheduled drift detection (#31)"