Hi, I am Anto and this is OutOfDevOps, a RU-vid Channel for Software Engineers. I like to share my experiences and my thoughts at 360 degree on Software Engineering. I believe in DevOps as culture and in a continuous learning approach, the ultra fast pace of our discipline puts ourselves constantly in the position of experts and beginners.
I AM A SOFTWARE ENGINEER, not a Backend, nor a Frontend, nor a Tester, nor a DevOps, nor an Agile Practitioner, I AM A SOFTWARE ENGINEER.
Sharing, Learning and Teaching is what I do on this channel, enjoy.
I talk about: Kubernetes, Docker, Agile, SCRUM, Team Management, Programming and more!!!
Agreed. Measuring lines of code by itself is meaningless, but that’s not a reason to reject metrics altogether- it just means you have to use metrics in an intelligent way.
It seems like a cop out to me. Why should software developers be the only workers in the world not to be subject to some form of productivity metrics? All of the arguments you have made can be dealt with by applying and assessing metrics with a small amount of intelligence. You say that developers would game any targets- if you assume all developers have such a cynical work ethic, then presumably they all game the absence of metrics by doing as little as possible.
Thanks @denisshaughnessy2651 for your comment! I believe there are better tools to measure productivity. OKRs, for example, are a more effective approach in my opinion. Measuring productivity based on lines of code (LOC) goes against best practices. Writing more code doesn’t always equate to better outcomes; in fact, the more code we add, the higher the chance of introducing bugs, and the more tests we need to write and maintain. If I can solve a problem with fewer lines, that’s a win. What really matters is the elegance of the solution, the readability of the code, and collaboration with other engineers.
Hi @ggdio1, what do you mean with “traditional KMS and service accounts”? Workload Identity allows you to seamlessly map K8S services accounts with GCP service accounts. It will use temporary credentials instead of (the discouraged) service account keys mounted as secrets (or even worse, over privileged sa assigned to nodes).
@@OutOfDevOps most of time when deploying apps we need service accounts for like accessing databases, services, etc. We shouldn't at all put the service account keys into docker images because it isn't secure at all, so the best practice is to encrypt it using KMS and inject the pod with the keys. What I'm asking is what's the advantages and security improvements of doing that process with workload identities instead of the process I just described. BTW lmk if I'm completely wrong about the KMS method lol
@ggdio1 baking sa keys in container images hasn’t crossed my mind not even for a second. Even with kms encryption and pod injection, how do you make sure only that workload can decrypt and how do you proceed with the injection? The best practice is workload identity… With workload identity all that is done for you, in addition combined with RBAC in K8S you have full solution. You can map a K8S sa to a GCP sa, without creating custom solutions for injection and sharing access to the same KMS keys.
Nice video and precise. One question though is, once the target workflow is triggered, will the result of the target workflow be passed down to the original workflow? For ex: if the target workflow runs some tests and if the tests fail, will the original workflow show as failed OR will it show as green since it does its job of trigering the workflow?
Internal podcast. This is the first I have heard of this. I find it interesting. Would you consider a video of a demonstration of an approach or tech to be the same thing? If not, please give more detail.
Thanks that’s a good idea. I need to think what to demo. What’s the aspect you would like to get more specific info about? The planning of episodes, the guest preparation, the operational aspect, the post production, the internal advertising, or the whole lot?
@@OutOfDevOps I am curious on the detail of what 'platform engineering' is. Perhaps do a video on each 'section' of platform engineering would be of interest..?
@queenstownswords I captured some of the differences between DevOps and Platform Engineering here ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-JAblex0uS4k.htmlsi=DuXzfkLANcLaPRG8
Hi. Thank you. But I have an issue. I have two repos. CICD repo and app repo. I only configured CICD repo with WIF setup. And WIF pool is different projects than my CICD repo. I have reusable workflows in the CICD repo. I am calling these from application repo which is not configured with WIF setup. I want to deploy or copy the jars from runner to gcs bucket. And all these steps included in CICD pipeline. Just app repo is calling this. It’s failing with 403 permissions denied error. It’s not storage permissions. It’s working only if I also configure WIF on app repo which I don’t want to do that. Is this even possible. Pls advise thanks
At 6:50, you say "One rule of the VPC service control is a project cannot be included in one perimeter.". Can you elaborate as this statement is confusing?
Thank you for the awesome video. I just have a query that you have generated policy logs at project level but how we can generate policy logs at folder and organisations level.
Great job you are doing. 👍🏻 It'd be more helpful if you had live demonstrations alongside your explanations. Not many people will learn much from just hearing you speak, as it's all gonna be abstract. D.
Hey thanks for the video.. I am doing the same thing where i need to fetch images for GCP artifact registry, however i am getting issue -> failed to pull and unpack image "us-central1-docker.pkg.dev/xxxxxxxxxxx/jenkins/jenkins-slave:v2": failed to resolve reference "us-central1-docker.pkg.dev/xxxxxxxx/jenkins/jenkins-slave:v2": failed to authorize: failed to fetch oauth token: unexpected status from GET request to ....403 Forbidden, what to do here
While I agree with the challenge to tightly couple documentation to versions you solve 1 problem with Git you create many more, how do you search across releases and branches to find the right documentation or changes. I'd also agree that some documentation can be split across both tools however I would suggest that with labelling and tagging Confluence can be tied to releases and be a better source of *knowledge management*. Further confluence pages with the associated list of stories or epic will quickly add value to explain the status of release delivery, owners and changes made. Very specific technical documents like a release doc with upgrade scripts or instructions indeed should be in git
Thank you very much in this great explanation , i just joined your channel and i was looking for how to prevent users to pull the latest image and restrict the pulling from specific registry
Is there any gui based documentation tools which are opensource which i can install on pc ? Docusaurus and mkdocs are good, but seems like a huge amount of work to write the actual documentation because of markdown language.
You can use a visual markdown editor. I use notion.so, it gives you the option to extract in markdown and can be installed as a standalone application on your PC. There are many alternatives another one is obsidian. A web alternative is hashnode.com/ you can use the web editor and you can copy the markdown once you are done.
Ciao:) Secondo te pur non avendo una passione innata per la programmazione potrei iniziare un percorso come software engineer? Non mi piace così tanto programmare ma allo stesso tempo mi affascina cosi tanto ( il software engineer) Consigli?
For deleting objects in a bucket, you need a role with bucket write permission. Video showed the object viewer role only which can only fetch/read the bucket objects
Numbers are just a way to represent measurements. Without numbers you can still measure. But without measuring your previous X, how do you know if you’re getting better at it or not? I may have not fully understood your comment.
@@OutOfDevOps It is this stupid mantra about managing only being possible with metrics that turns a lot of otherwise intelligent human beings in management positions into draconian game masters that want to incentivize you the creative on a micro level to do the right thing. They don't know anything real but they know that there is some correlation between output and success so the output needs to be bigger and faster. Add to that the generic management approach that thinks domain knowledge is irrelevant and you could put a cockroach in charge as it has the same objective function of maximizing some gain short term that feels right instead of the human planning, conceptualizing, remembering stuff and winning in the long run over all other animals.
I see what you mean, I have read stories about customers loyalty metrics improving by simply hiding the ‘unsubscribe’ button 🤦♂️. I think this is the problem with most definitions/mantras, they don’t capture every possibility.
Hi Sir, Is iit worth to be a web developer in 2024 and how to be ready for the upcomming challanges in the upcomming years. like How to go along with AI how to adapt it and use it as a webdeveloper so to not get replaced. Please help.
Hi, I think AI is a way to make our life better. From a software development point of view I don’t see it very different from the evolution we had in the years with our tools: punched cards -> text editors -> advanced IDE -> AI. In my opinion learning where we are coming from has always value.
@@OutOfDevOps Best A1, Sir, I have a lot of questions if you some free time please ansewer me. Sir as i was currently covering my asyncronus javascript. sir in my mind allot of us (beginner developers) get fail in learning to code is because we don't know the right method how to code. Sir, as i was covering my asyncronus js section I get through the complete chapter where i knew about, promises, resolve,reject, try and catch, async await but i suddenly forget things. like if i watch the lecture first and then watch the lecture twice but this time i code along with the video sir i am getting hard to keep thing remember. and when it comes to code on my own it then get hard as much to climb on a mountain. sir please help. Sir Please show me the right way to learn it. Sir it's been a year and more that i am learning js and in this hell i even forgot my html css.
Everybody learns in a different way, for me the best way to learn a new language is to code in that language as much as possible. Understand the naming conventions, the design patterns and the best practices. You can also try code katas to keep practicing some common constructs. It takes time… don’t beat yourself up
It is very informative. I want to create an access context manager access policy and access perimeter resource on the organization level through terraform. Is there a reference to handle this usecase using terraform modules?
Thanks for sharing Antonio, this is super helpful! I was doing an exercise from the book “Journey to become a Google Cloud Machine Learning Engineer” and there was no mention of how to connect to the private vm without using the cloud console. So this video was a savior.
Brilliant, thanks so much. I do wonder how it even works if I self-sign locally and just upload the public key to the SA account. Because at that point, google does not really have the private key.
@@OutOfDevOps I am shifting from Java Spring Microsercice to DevOps About to face interviews and Just came across your GCP, Kubernetes and Docker. Hope with the help of your videos 📷 I can win a match
I don't get it completely. So a landing zone is to create a plan to create and manage resources in GCP specifically for every area of a company and then explain how to use it for smoothing the transition from on-prem to cloud?
