#announcements (2019-01)

hey everyone give a warm welcome to @fplkid! Good to have you here

hey everyone give a warm welcome to @jmccollum! Good to have you here

welcome @wannafly37 @fplkid @jmccollum

Have you signed up for our Newsletter? It covers everything on our technology radar. Receive updates on what we’re up to on GitHub as well as awesome new projects we discover.

Happy NY everyone!!

hey everyone give a warm welcome to @Wessel! Good to have you here

welcome @Wessel!

…back to the grind?

hey everyone give a warm welcome to @puru! Good to have you here

hey everyone give a warm welcome to @frednotet! Good to have you here

Hi everyone and… happy new year

hey everyone give a warm welcome to @dgrinstein! Good to have you here

hello everyone. Happy new year! I am having an issue with provisioning elasticache. Where/how can I get help?

Hey @dgrinstein! Welcome

Can you share your problem in the #terraform channel?

hey everyone give a warm welcome to @y_denysov94! Good to have you here

@Erik Osterman (Cloud Posse) Does anyone archive all the public chats to S3 so they’re searchable via Google?

it’s a project we started but haven’t finished

Plan to use this https://github.com/hfaran/slack-export-viewer

the good news is we can export the entire slack history (i believe)

we initially went down this path: https://github.com/dutchcoders/slackarchive

but that product requires both elastic search and mongo (i beleive)

so it’s overkill

hey everyone give a warm welcome to @dalekurt! Good to have you here

hey everyone give a warm welcome to @Lukasz German! Good to have you here

Welcome @dalekurt @Lukasz German!

Let me know if we can be of any assistance

hey everyone give a warm welcome to @Philof! Good to have you here

hey everyone give a warm welcome to @Suraj! Good to have you here

@here hi all

welcome)

welcome @Suraj and @Philof!

Thanks! I have a question regarding terraform-aws-ec2-instance. I saw the Ansible provisioner was removed because it has a dynamic inventory for provisioning. What is the link between provisioning an ec2 instance with terraform and then configuring it with Ansible?

Anyone using serverspec, goss or kitchen for validation testing? Just implemented a POC with goss and it works OK just curious what others experiences are (if any). Right now just using goss as a way to validate an AMI comes online and has the correct packages installed, ports listening, services enabled etc after cloud-init. Nice part about goss is it’s ready for docker (dgoss)

hey everyone give a warm welcome to @raehik! Good to have you here

hi hiii

hey everyone give a warm welcome to @Rob! Good to have you here

There are no events this week

hey everyone give a warm welcome to @ethan! Good to have you here

hey everyone give a warm welcome to @conrad! Good to have you here

welcome @ethan @conrad

ty

and @Rob

Thanks!

Have we helped you in some way? We’d love to know! If you could leave us a testimonial it would make our day.

@Erik Osterman (Cloud Posse) created a new channel #helm. Join if this sounds interesting!

hey everyone give a warm welcome to @jober! Good to have you here

Welcome @jober! Happy NY!

Thanks !!

hey everyone give a warm welcome to @dbourne! Good to have you here

welcome @dbourne! are you on @Max Moon’s team?

Nope

if anyone here is using #geodesic (https://github.com/cloudposse/geodesic), make sure you join the #geodesic channel. lots of awesome announcements.

hey everyone give a warm welcome to @justingrote! Good to have you here

welcome @justingrote

hey everyone give a warm welcome to @cheshireCode! Good to have you here

welcome @cheshireCode

hey everyone give a warm welcome to @macRos! Good to have you here

hey everyone give a warm welcome to @bazbremner! Good to have you here

Hola @bazbremner

hi

can somebody help me with my outlook, you’re all smart i heard

lol jk..

hey everyone give a warm welcome to @midacts! Good to have you here

hey everyone give a warm welcome to @webb! Good to have you here

welcome @webb!

@Erik Osterman (Cloud Posse) created a new channel #kubecost. Join if this sounds interesting!

thanks, erik! excited to be part of the community

hey everyone give a warm welcome to @srinivassuryapet! Good to have you here

hey everyone give a warm welcome to @Maciek Strömich! Good to have you here

Good morning everyone. Thanks for the invitation.

welcome!

Maciej!

hey everyone give a warm welcome to @chrism! Good to have you here

hey everyone give a warm welcome to @sjsg344! Good to have you here

welcome @chrism and @sjsg344

hi thanks

hey everyone give a warm welcome to @javier! Good to have you here

Hi @javier

wow so many new members today!

welcome everyone the more the merrier…

• Are you hiring? Post a link to your job ad in our #jobs channel.

• Looking for work? Let everyone know by promoting what you do in the #jobs channel by sharing your LinkedIn profile and GitHub links.

• Are you a freelancer/consultant? Feel free to engage in self-promotion in the #jobs channel by sharing a link to your website and a tidbit about what you do.

anybody here familiar with slack api?

@Erik Osterman (Cloud Posse) this is what we need to install in sweetops https://www.foqal.io/

hey everyone give a warm welcome to @vlad! Good to have you here

Welcome

hey everyone give a warm welcome to @Maxim Mironenko (Cloud Posse)! Good to have you here

@Maxim Mironenko (Cloud Posse) is the newest member of the cloudposse team

slick

welcome

There are no events this week

hey everyone give a warm welcome to @mikeb! Good to have you here

Welcome @Maxim Mironenko (Cloud Posse)

hey everyone give a warm welcome to @ben! Good to have you here

Hey @ben!

hi @Erik Osterman (Cloud Posse)!

hey everyone give a warm welcome to @siep6l! Good to have you here

hello @siep6l welcome

hey everyone give a warm welcome to @eric! Good to have you here

hey everyone give a warm welcome to @Dylan! Good to have you here

Hi all Thanks @davidvasandani for the invitation!

Hey @Dylan @eric

Welcome guys!

Hi Dylan!

hey everyone give a warm welcome to @mikesew! Good to have you here

hey @mikesew

hey everyone give a warm welcome to @rak! Good to have you here

hey everyone give a warm welcome to @magomimmo! Good to have you here

welcome @rak @magomimmo

welcome @rak & @magomimmo! we’re happy to have you here

thanks @rak!

I know that guy!

hey everyone give a warm welcome to @pete! Good to have you here

hey everyone give a warm welcome to @Florian! Good to have you here

welcome @Florian

Thank you !

hey everyone give a warm welcome to @Taco! Good to have you here

hey everyone give a warm welcome to @mrhen! Good to have you here

welcome @Taco and @mrhen! have a look around

Thanks! I submitted a PR already, purely for selfish reasons: https://github.com/cloudposse/terraform-aws-dynamic-subnets/pull/40

I haven’t done much in the way of Open Source PRs, so please let me know if there are issues…

thanks @Taco, merged (we wanted to fix that for some time, so thank you for doing it )

No problem. I was looking at my generated names and was going to submit an issue when I noticed there was one already.

Hello everybody! Remember to submit your proposal for All-Day HashiTalks - https://twitter.com/HashiCorp/status/1085567501877030912

hey everyone give a warm welcome to @gcard! Good to have you here

welcome @gcard

Thanks Andriy

Great headshot @gcard ;)

Thank you, having paws make it hard to type becuase my thumb is so far up my arm

Found cloudposse through sudosh, which I am looking to leverage along side of BLESS. Thanks for the hard work everyone!

Oh cool! Would be great if you share some notes. We’ve not attempted to do that.

how are you planning on deploying it?

We are still evaluating BLESS v. the AWS IAM offering, so unsure of the direction just yet. Gathering notes on each of them over the next week or two. We have some legacy infrastructure that would need to have sudosh installed via a hiera/puppet change management system, and I believe that we will simply bake it into our newer Ansible AMIs going forward.

We use Packer for both types of infra, however some of the older stuff is not easy to rotate onto a new AMI, hence the Hiera/Puppet part.

have you checked out teleport?

the basic version is free and makes all other solutions pale by comparison.

interesting

let me take a look

https://github.com/gravitational/teleport

yep!

that one, right?

that’s the one.

And it is written in Go, thanks for the tip

yea, check out the videos. it’s really bad ass.

super dope, ty ty

hey everyone give a warm welcome to @aqua! Good to have you here

welcome @aqua!

Hello!

hey everyone give a warm welcome to @zadkiel! Good to have you here

Woah, so warm! Thank you bot! Hello y’all guys!

Hi @zadkiel

Just discovered geodesic with https://github.com/roboll/helmfile/issues/435

oh cool! yes, we love #helmfile

ahhhhhh you wrote the new helm-git plugin?

@Erik Osterman (Cloud Posse) created a new channel #variant. Join if this sounds interesting!

Yep I did @Erik Osterman (Cloud Posse)

Is this slack about support for geodesic or part of a wider devops thing ?

Good question! So the genesis of this slack is to support our massive github: https://github.com/cloudposse

we have ~270 projects and needed a way to provide better support

but since then it’s grown to be bigger than us and it’s supporting the toolchain we promote (terraform, kops, k8s, helm, helmfile, chamber, aws-vault, etc)

also others like @maarten have some of thieir project discussions on here (#airship )

Well, it sounds good!

Kubecost too

oh right #kubecost

Odd, that is the only non OSS product

#kubecost is OSS

open core

though #codefresh is not open source

but #codefresh is not by the codefresh guys

its by people using codefresh

haha, well we’re (cloudposse) are pre-kubecost’rs. I got a demo and the product is awesome. I get nothing for saying this other than the satisfaction of spreading the word. I really like what they are doing because I’ve been personally frustrated communicating to our customers (a) how to easily tune pod settings (b) how to estimate costs in a containerized environment.

hoping to get around to developing a #helmfile for it soon.

Guys, will anyone go to FOSDEM (https://fosdem.org) ? It is probably a bit too far for people outside of Europe.

tempted but the dates are bad for me

Yes, probably (living in Brussels)

Would be great to say hi irl

I dont think I can make fosdem, but we are attending https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2019/register/, let me know if anyone is going to be around

hey everyone give a warm welcome to @Max! Good to have you here

welcome dude

Anyone going to HashiConf EU 8-10 July 2019, Amsterdam, NL ?

most likely yea

Oooh

Now that I’m k33n on

Will see y’all there

Either kubecon or hashiconf

Probably kubecon

Hashi* for me

hey everyone give a warm welcome to @Ajay Tripathy! Good to have you here

Welcome @Ajay Tripathy!

welcome @Ajay Tripathy!

hey everyone give a warm welcome to @andreichernov! Good to have you here

Hey @andreichernov! Welcome to the team.

Hi!

hey everyone give a warm welcome to @wen! Good to have you here

Thank you! like to learn geodesic

Hey @wen! I’m running behind on emails

also, have a look at #geodesic

hey everyone give a warm welcome to @mgrube! Good to have you here

hey everyone give a warm welcome to @sfoley! Good to have you here

welcome @mgrube @sfoley

hey everyone give a warm welcome to @Dan Garfield! Good to have you here

welcome dan the man!

checkout #codefresh

hey everyone give a warm welcome to @esteban.crw! Good to have you here

hey everyone give a warm welcome to @James Woolfenden! Good to have you here

welcome @esteban.crw @James Woolfenden

Thanks just getting stuck in with your build-harness project. Awesome stuff

hey everyone give a warm welcome to @francisco! Good to have you here

Welcome Francisco! Thanks for stopping by. @dustinvb mentioned he invited you. Check out the #codefresh channel. Interesting approach there for remote access to containers. We are using this now with #atlantis on ECS.

Thanks @Erik Osterman (Cloud Posse)! I’ll check it out

hey everyone give a warm welcome to @ebru! Good to have you here

hey everyone give a warm welcome to @Jon! Good to have you here

welcome @ebru and @Jon! It will be a little bit more quiet here as tomorrow is a national holiday in the US.

hey everyone give a warm welcome to @Samuli! Good to have you here

Thanks @Samuli for stopping by! Got your PRs

have a look in #terraform

@Erik Osterman (Cloud Posse) created a new channel #productivity. Join if this sounds interesting!

hey everyone give a warm welcome to @Rhooker! Good to have you here

hey everyone give a warm welcome to @ludo! Good to have you here

hey everyone give a warm welcome to @Tim! Good to have you here

Hey, we are busy trying to implement the aws-iam-authenticator stuff. We have an error about an invalid yaml file. Fix is already there: https://github.com/cloudposse/terraform-aws-kops-iam-authenticator-config/pull/2 is it possible to get this released soon?

Hey @Tim I’ll look at this now

great, thanks!

does anyone ever experienced permission issues with the aws-iam-authenticator when starting the pods? we created a hook to load files generated with aws-iam-authenticator init from s3. but the authenticator tries to create its on certificate and kubeconfig but fails with “permission denied” on /var/aws-iam-authenticator

can someone help or has an idea where to change the permissions or something like that?

all good, we got it solved.

hi @Tim

what was the problem?

had some issues on rolling-update which did not executed the hooks properly. using –force for the rolling update did it

@Tim the docs do say to use –force, glad it’s working!

There are no events this week

woohoo!

@tim @Jan so is the authenticator working for you now e2e?

I’m off sick so will follow up tomorrow

But I think he said it’s working

That would be excellent.

If it is its a nice win

Iam + mfa + cloud trail audit logs

Fire grained iam groups for k8s namespace permissions

Pretty slick

Will fairly nicely solve sso for aws / k8s

hey everyone give a warm welcome to @Eric White! Good to have you here

welcome @Eric White

Thanks!

hey everyone give a warm welcome to @joshrodstein! Good to have you here

hey everyone give a warm welcome to @kritonas.prod! Good to have you here

Hi all

hey everyone give a warm welcome to @bentrankille! Good to have you here

hey @joshrodstein @kritonas.prod @bentrankille

hey everyone give a warm welcome to @amaury.ravanel! Good to have you here

welcome @amaury.ravanel

hello @amaury.ravanel m8

Hi everyone ! Thx @Andriy Knysh (Cloud Posse)

Hi m8

Hi

Hi !

what are you working on guys?

@Andriy Knysh (Cloud Posse) v0.2 of https://github.com/aslafy-z/helm-git (see https://github.com/aslafy-z/helm-git/pull/1)

Currently looking for a reliable a way to attempt no ops on ha etcd cluster :D

hey everyone give a warm welcome to @jason! Good to have you here

Welcome @jason

hey everyone give a warm welcome to @Alexi! Good to have you here

hey everyone give a warm welcome to @wbrown43! Good to have you here

https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/pull/73

hey everyone give a warm welcome to @Nico! Good to have you here

Welcome @Nico!

@wbrown43 welcome to the community! Your PR LGTM, left a small comment to rebuild our readme

Welcome @Alexi & @jason!

hi @Erik Osterman (Cloud Posse)

Hey Nico! How’d you stumble across our slack?

I am about to pick up a new position doing quite a bit of infrastructure re-engineering for a crypto trading company and I was researching best practices

Ahhhh cool! Are you guys planning to use Kubernetes?

I previously did the back end infrastructure for Korbit which is a korean crypto exchange

yeah, I am planning in introducing kubernetes for sure

so I was looking at https://github.com/cloudposse/terraform-root-modules to get an idea on how to properly structure everything

Have you see https://github.com/cloudposse/reference-architectures?

yup, that is where I assumed I should start

nice! yes….. though this “pretty new”, there are some open issues

join #geodesic

is it possible to launch a webserver env using the sample code app from ebs using https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment?

Anyone know if there’s a cloudformation template to deploy and configure an ec2 or container ready to deploy terraform? IE, deploy ec2 instance, download latest TF, create s3 bucket, set state to s3 bucket, pull down template from a repo, run terraform init, terraform apply. any ideas out there?

Haven’t seen that specifically

cloudformation -> ecs fargate -> ecs task -> atlantis

that would wokr

and then you use pull requests to create the state bucket

https://github.com/aws-samples/startup-kit-templates/blob/master/templates/fargate-service.cfn.yml

thx @Erik Osterman (Cloud Posse) that gets me close. thx!

@shaiss if you get atlantis deployed with this, would love if you shared the cloudformation script so we can add it to our distribution

hey everyone give a warm welcome to @yoonwon7.lee! Good to have you here

Hey @yoonwon7.lee!

hey everyone give a warm welcome to @Ruslanas! Good to have you here

hi all - building a Docker container for a single AWS account, generated from reference-archs

looks all good, but near the end I’m prompted for my password via sudo

no explanation of what for, only line I can see is Makefile:30 @docker run --rm $(DOCKER_IMAGE_NAME) | sudo -E bash -s $(DOCKER_TAG)

not a fan of sudoing for something I can’t see or don’t understand. Not sure if this is on me for being picky, docs for missing this or the Makefile for not being verbose

@raehik what did you run?

make all

where?

The all target (if in an org repo) runs the install target as a prerequisite. It is installing the geodesic org wrapper script into your /usr/local/bin/foo.example.co and is therefore asking for permissions

yeah, understood

After that, you can run [testing.cloudposse.co](http://testing.cloudposse.co) and you get dropped into your geodesic container for that org

for some reason, that line confuses me

somehow piping something into sudo -E bash -s latest runs shell commands?

Thanks @joshmyers – it was me, I don’t understand all of geodesic’s/etc components yet

You can override where it wants to install by setting INSTALL_PATH when running the make targets

and add that to your PATH

(if you don’t want to install into /usr/local/bin)

Didn’t believe that docker run would output shell script, now I see it does I get it

mostly a security complaint that I was told to run sudo without knowing why. But it’s clear enough

Aye, fair call

and good on your for not just doing it!

stupid question because I’m an unbearable Arch user: what font do you suggest for the geodesic prompt? uses 2 chars from the math plane – Symbola’s >> char looks awful on my screen

comic sans ms

@raehik @joshmyers let’s move to #geodesic

(this channel has 400+ people in it)

aha, thank you)

ss -anutp

whoops wrong window

Hey there, can someone point me to a documentation or give me a hint how to use single backing services from the terraform-aws-root-modules? Can I stay with the backing-services module or do I have to create them by own taking examples from the backing-services? Im sorry if there is anything obvious that I’m missing…

@Tim Not sure if it is super clear but note that cloudposse/terraform-root-modules are particular to the CloudPosse org and you should have a set of your own for your own org

yes we do have it

thanks for your help!

Nice

hey everyone give a warm welcome to @tcondit! Good to have you here

Hello everyone!

welcome @tcondit

hey everyone give a warm welcome to @abe! Good to have you here

hey @abe

hey everyone give a warm welcome to @Lucas! Good to have you here

welcome @abe! @Andriy Knysh (Cloud Posse) hasn’t had a chance to get back to working on the Teleport helm charts. More progress on that in a few weeks.

hey everyone give a warm welcome to @Oliveira! Good to have you here

hey everyone give a warm welcome to @me1249! Good to have you here

welcome @Oliveira @me1249

Hey @Andriy Knysh (Cloud Posse)

hey everyone give a warm welcome to @johnbeans! Good to have you here

Heads up, https://justi.cz/security/2019/01/22/apt-rce.html & https://www.debian.org/News/2019/20190123

ouch..

will switching to https by default fix this ?

hey everyone give a warm welcome to @ansgar! Good to have you here

hey everyone give a warm welcome to @jjungnickel! Good to have you here

Hey, im using the terraform-aws-rds module. I created a new security group which grants access only from the current vpc (reading cidr from remote state). for the db then I use security_group_ids = ["${join("", aws_security_group.rds_allow_access_from_vpc.*.id)}"] but there is an additional security group https://github.com/cloudposse/terraform-aws-rds/blob/master/main.tf#L68 what is the difference between vpc_security_group_ids and security_group_ids? Right now im getting “you have specified two resources that belong to different networks”

@Tim the module creates a SG here https://github.com/cloudposse/terraform-aws-rds/blob/master/main.tf#L68 and attaches it to the DB instance https://github.com/cloudposse/terraform-aws-rds/blob/master/main.tf#L33

you can add your own existing SGs as ingress to the created SG https://github.com/cloudposse/terraform-aws-rds/blob/master/main.tf#L78

so you can allow access to the instances from those external SGs

Right now im getting “you have specified two resources that belong to different networks

Are those additional external SGs in the same VPC as the DB instances?

They use the same vpc config so in theory no way to have them in different vpcs especially because it’s the state from remote Backend. tomorrow I’ll validate that again

I also passing vpc_id into it

that error usually happens if those are in diff VPCs

@Tim @Andriy Knysh (Cloud Posse) let’s move to #terraform (there are 400+ people in this general channel)

Hanging out with @antonbabenko at DevOps days NYC!

Awesome!!

Wish we could have made it there this year.

hey everyone give a warm welcome to @Neha! Good to have you here

Welcome @Neha!

hey everyone give a warm welcome to @coreygale! Good to have you here

hey @coreygale

@coreygale is my friend

Hi everyone! Nice place you have here

Thanks Corey! Welcome

hey everyone give a warm welcome to @Alec! Good to have you here

Hi @Alec

‘Afternoon!

welcome @Alec!

hey everyone give a warm welcome to @luis! Good to have you here

Hey @luis!! glad you joined

if all my services use fargate, is there any reason why i would not just place them all into a single ECS cluster? what are some reasons for having a separate cluster for each service?

hey everyone give a warm welcome to @tusculum99! Good to have you here

@johnbeans let’s move to #aws

(and welcome!)

ah, sorry! my bad

welcome @tusculum99!

hey everyone give a warm welcome to @sweetops! Good to have you here

hey everyone give a warm welcome to @awatson! Good to have you here

welcome @awatson

Good to be back @Andriy Knysh (Cloud Posse)!

yea, how are you Adam?

Missing JOANY but looking forward to the future

Welcome Back @awatson

Thanks @Erik Osterman (Cloud Posse)!

hey everyone give a warm welcome to @Rodrigo Campeão! Good to have you here

hey everyone give a warm welcome to @squidfunk! Good to have you here

Welcome @squidfunk! checkout #terraform . Will introduce you there

Hey @Rodrigo Campeão! Welcome onboard….

There are no events this week

hey everyone give a warm welcome to @drubin! Good to have you here

Welcome @drubin!

Thanks @Erik Osterman (Cloud Posse)

https://sweetops.slack.com/archives/CBWJ68W9X/p1548760800012700

hey everyone give a warm welcome to @bamaral! Good to have you here

hey everyone give a warm welcome to @varun! Good to have you here

welcome @bamaral and @varun!

hey everyone give a warm welcome to @Gemma! Good to have you here

Thank you @Erik Osterman (Cloud Posse)!

Hey Everyone! Welcome @Gemma. She is on the Cloud Posse team and will be helping us out with some of the community management responsibilities.

Hi @Gemma! Welcome!

hey everyone give a warm welcome to @keen! Good to have you here

welcome @keen!

hey everyone give a warm welcome to @Matt Gardner! Good to have you here

Howdy

hey @Matt Gardner! welcome good to see you here.

hey everyone give a warm welcome to @Tobias Hoellrich! Good to have you here

hey everyone give a warm welcome to @krueger.andre! Good to have you here

hey everyone give a warm welcome to @Roland Meijs! Good to have you here

@Erik Osterman (Cloud Posse) u going to scale?

Oh heck yes!

https://www.socallinuxexpo.org/scale/17x/presentations/intro-gitops

@gyoza hope you make it

yea i already got my hotel booked and stuff like that

where are you traveling from?

Anaheim Hills,

far enough

haha, in “Los Angeles terms”

well, i would like have drinks too w/ some people

do some networking……………. etc

Yep, sounds good.

im not taking an uber from pasadena to ah

thats like 150

and 2 hours of listening to some guy talk about how being an uber drive is great

lol