#general (2021-01)
General conversations related to DevOps/Automation
General Discussions
2021-01-01
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Jeff Everett
Good to have you here =)
2021-01-02
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Yashodhan Ghadge
- @Gene Fontanilla
Good to have you here =)
2021-01-04
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Chris F
- @Adam
- @Nenad Strainovic
- @Pat M
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-05
![Julian avatar](https://avatars.slack-edge.com/2021-01-05/1612347212771_41f818083cca66532513_72.jpg)
Hello All! Julian here, trying to learn the latest and greatest of DevOps practices and incorporate them into my architecture for the ultimate in AWS Wizardry.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Robinlemonz
- @winslow cuthbert
- @Uri Unger
- @Julian
- @Prashanth Dudipala
- @vtnvarma
- @khabbabs
- @marttila.riku
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-06
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Ron Wood
- @Andrew Drob
- @Aamir Nayeem
- @Trọng Trương
- @Bill Clark
- @charlesz
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-07
![Bill Clark avatar](https://secure.gravatar.com/avatar/ff22914520137afde4d6f777752cfdd2.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
</wave>
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Connor Gervin
- @Patrick Jahns
- @AdoSa
- @G Byte
- @Advait Patel
Good to have you here =)
2021-01-08
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @cole
- @Jeremy R
- @hrampur
- @Vincent Sheffer
- @Kamal Joshi
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
![Vincent Sheffer avatar](https://avatars.slack-edge.com/2021-01-07/1620607369202_6abf724167e5e2684769_72.jpg)
2021-01-09
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Coco
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-10
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Moacy Barros
- @doanngocbao
Good to have you here =)
2021-01-11
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
Miss the old scaffolding from rails etc when building grpc go apps? – https://github.com/lileio/lile
Easily generate gRPC services in Go . Contribute to lileio/lile development by creating an account on GitHub.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Nikita Kuprin
- @Bayrem Kaddoussi
- @Oleg Batozhnyi
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-12
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Scott Cochran
- @JT
- @davejdyer
- @Kenji Nakamura
- @Liam Helmer
- @Ankit Rathi
- @Avishay Ashkenazi
- @Vesa
- @Dmitriy Solodukha
- @Leo D’Angelo
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-13
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Gabin
- @Albert Attias
- @smaranankari.devops
- @RRR
- @Dennis Lipovsky
- @Tony Hirsch
- @Steve
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-14
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Gokula Santhiya R
- @Thomas Hoefkens
- @Nikolay Iks
- @Hans Westerbeek
- @Lee Wilson
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-15
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Qing Jiang
- @Sergei Kolobov
- @Pravin Singh Rajput
- @Michael Dizon
- @Oksana Chistaya
- @Justin Wehrman
- @Jon Jozwiak
- @Ashley Mooney
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-16
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Jonas Sjödin
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-17
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Zach M
- @S Bhaskar Sarma Emani
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-18
![Zach M avatar](https://secure.gravatar.com/avatar/1fc533e0dfe2a4a028adc27b5f23921d.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Thank you for the welcome!
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Corey Smith
- @vamshisiddarth02
- @Nathan Flynn
- @Klaus F
- @Artyom Sukharev
Good to have you here =)
2021-01-19
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Zach Holt
- @Dahs81
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
![Zach Holt avatar](https://secure.gravatar.com/avatar/168b8761063f7a37e7206aa2590225cc.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
Thanks!
2021-01-20
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Dirk.Kappel
- @Chris Farnham
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-21
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Mansoor Ebrahim
- @oskar
- @Srikar
- @Владимир Гуринович
- @rbadillo
- @Vladimir Mukhin
- @Ricardo Underwood
- @Moshe Edri
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-22
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Anyone using pritunl? Any feedback on this tool / the paid options?
I’m getting pushback from a client’s auditing team that Tailscale is not PCI compliant (still working through that with them). But just in case that doesn’t work out, I’m looking for real experience on pritunl. I feel like I’ve heard folks discuss it here before and weigh in on pros / cons, but can’t seem to find it.
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i looked at pritunl some. or at least pritunl-zero, not the whole vpn. it just seems really confusing from the docs. and despite being open source and on github, issues are disabled, and there is basically a single contributor. didn’t give me a ton of confidence.
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
I have used pritunl multiple times, no experience with paid version though but community version is rock solid
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Huh — can you use the community version with more than 1 server? Their pricing is a bit confusing, but it seems to limit community to 1 server from what I can see.
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
We had one server only
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Gotcha
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
How many users are you planning to provision ?
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
30-50
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
We would need to go with the full paid option.
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
Okay got it, you can have one server and keep ami as standby
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
If something happens to server, you can create a new one from that AMI
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
@Erik Osterman (Cloud Posse) have you used pritunl with any Cloud Posse clients? I just saw you folks have a helmfile for it when searching through this Slack.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
We’re just in the process of deploying it now, to replace our existing OpenVPN instances.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
It’s a pretty great wrapper around OpenVPN & Wireguard from my experience, although, it’s effectively a one man operation (https://github.com/pritunl/pritunl/graphs/contributors) and the documentation leaves a lot to be desired.
Enterprise VPN server. Contribute to pritunl/pritunl development by creating an account on GitHub.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
It’s still using Python v2, which leads to some deprecation warnings at present, but there is an effort via Zach to update the codebase to v3 (https://github.com/pritunl/pritunl/pull/468#issuecomment-689651018)
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Ah good stuff Drew! That helps me in a couple aspects.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Thanks for weighing in folks — appreciate the thoughts / experience.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
I can’t speak to it’s level of PCI compliance, however, since it’s just a wrapper around OpenVPN/Wireguard, the security vector shouldn’t be impacted to a great degree.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
Sure thing, happy to provide some perspective. Feel free to DM me if you end up deciding on it, and if have any implementation questions.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Have you used the wireguard aspect of it at all? I would like to avoid any VPN configuration and wireguard seems superior in regards to be a mesh over point to point.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
I’ve used it personally, but we’re not implementing it at present within my org. The thing about Pritunl though, is that you’ll have your users retrieve their configurations for either OpenVPN or Wireguard from the same web interface. After that, there really isn’t much maintenance for either OpenVPN or Wireguard.
![Drew Davies avatar](https://avatars.slack-edge.com/2020-09-02/1325465487127_084bee385eff9b969e20_72.jpg)
The Electron-based Pritunl client (https://client.pritunl.com) sync’s any changes with your Pritunl cluster, so once users download their OpenVPN configuration, there really isn’t any ongoing end user maintenance.
![aaratn avatar](https://avatars.slack-edge.com/2019-02-20/557134156454_f5d7fde6bbdd7b4ced9e_72.jpg)
By the way if you are on aws, there is. also aws managed openvpn called as aws-client-vpn that you can use, also supports OKTA integration
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Thanks for that info Drew, that’s good to know about the maintenance of the two protocol configs + the client.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
@aaratn I’ve implemented the AWS Client VPN for a client before… I wouldn’t go down that path again. VPN configurations are a nightmare to manage and AWS’s client VPN is super expensive for what it is.
This terraform module installs a client VPN. Contribute to masterpointio/terraform-aws-client-vpn development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Robert Horrox how’s pritunl holding up for your team?
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
once configured it has held up well, the okta integration has been very useful for our company. We are working on having the organization come from Okta so a user is placed into the correct Org on Pritunl to grant different levels of access. You can’t however push groups down from okta to pritunl
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
We have pritunl running on k8s and it has been stable. We also have it elsewhere on ec2 instances and it runs just fine there as well
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Huh gotcha — How was setting up the cluster configuration? That hasn’t given you any trouble?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
we don’t use a cluster per say on the k8s side
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah, that’s one of my problems with it right now… I don’t want to have to standup a cluster for a tool that I pay for.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I don’t know if it works with DocumentDB. By default, on kubernetes, we deploy mongodb as a container (it’s only for storing configuration data)
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
with ec2 instances I have mongodb atlas setup and once you do the initial setup all instances that connect to the cluster get their config from it
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
@Erik Osterman (Cloud Posse) would need to comment on trying to run multiple Pritunl pods inside k8s
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yea, so that works fine too. It’s basically deployed as a statefulset.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Requires though the enterprise version.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
which is a “whopping” $600/year for unlimited seats and SSO.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(in otherwords dirt cheap)
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
they will charge you per-cluster
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah it’s super cheap… why are you evaluating alternatives @Erik Osterman (Cloud Posse) ?
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
I did do math on AWS VPN at one point, it gets expensive very fast
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
AWS VPN is crazy.
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
Lastly I would suggest looking at something like https://www.pomerium.io/ instead of a VPN. If you can get away without running a VPN, all the better. I don’t personally use pomerium, so buyer beware.
![attachment image](https://www.pomerium.com/wp-content/uploads/2020/08/screely-1596320869799-e1596328321126.png)
Pomerium is an identity-aware proxy that enables secure access to internal applications.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Hahah I think this is one of the most crowded spaces right now. Every flavor of BeyondCorp under the sun. That’s the first I’ve heard of this one.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
That’s another cluster driven solution. I’m trying to avoid those if I can. But thanks for adding it to the pile.
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
what do you mean by “cluster driven”?
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
As in it has a centralized management layer that requires deploying a cluster for the solution to work. E.g. pritunl, Hashi Boundary, Pomerium, ect.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Really I think I’m just enamored with the simplicity of tailscale and now I don’t want anything else
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
heh, yeah, tailscale architecture is bomb. mesh private internet with acls. though i still want to self-host my own relays and coordination server
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
that cost per user though, 3 users is more than a pritunl license
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
sorry 5 users
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i mean, comparing to pritunl pricing is a bit nuts. why it is so underpriced, i do not understand
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah maybe I would host the tailscale coordination server if I could.. That would solve the PCI compliance issues I’m running into. And I’m sure that’s lightweight anyway considering their Database was a JSON file up until recently.
![attachment image](https://tailscale.com/blog/an-unlikely-database-migration/social.png)
When I first joined Tailscale, I was horrified to learn that “the database” was a single JSON file that was rewritten on any change. We migrated to something better.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah, pritunl is definitely winning the pricing game 100%.
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
pritunl is just a simple wrapper around OpenVPN, in fact their whole codebase is opensource. Even the code that checks if you are an enterprise user
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
But compare pritunl vs tailscale vs strongDM… tailscale aint that bad.
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
we use StrongDM, their support is great. Product is a bit immature
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
i don’t think tailscale is even checking against licenses right now anyway ;)
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Oh interesting… why do you use both?
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
in StrongDM you can give time grant access to users to databases
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
a VPN is needed for some items that SDM doesn’t support
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Huh
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
similar to PCI, we have compliance requirements that keep us from public exposing endpoints
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Adam Schepis
- @Tim Bailey-Jones
- @iontom R
- @newbieCpo
- @Lawrence Lee
Good to have you here =)
2021-01-23
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Eyal Rot
Good to have you here =)
![johntellsall avatar](https://secure.gravatar.com/avatar/9120a17d44e0c40f2b781ec94a0cd43e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
Hi all: ever want to learn more about raw Linux networking, e.g. under the Docker level? Here’s a very clear explanation of veth devices and bridging and the other machinery Docker/Kubernetes uses to route container packets to/from the network: https://iximiuz.com/en/posts/container-networking-is-simple/
![attachment image](https://iximiuz.com/container-networking-is-simple/veth.png)
How container networking works under the hood? Setting up docker-like container networking from scratch. Bonus: podman rootless container networking explained.
2021-01-24
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @markus011
- @Florian Kasper
Good to have you here =)
2021-01-25
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Greg Nicol
- @Doug Lane (he/him)
- @Michael Koroteev
- @Ofek Solomon
- @David Miranda
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
![Doug Lane (he/him) avatar](https://secure.gravatar.com/avatar/db2cc1b79a87f25884517cad42d98e00.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0011-72.png)
thanks for the welcome
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
hey hey! glad you stopped by!
![Bill Clark avatar](https://secure.gravatar.com/avatar/ff22914520137afde4d6f777752cfdd2.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
Hey all. I know atmos is still in progress, but I am curious about components directory missing. No terraform or helmfile in there. Or perhaps I have answered my own question?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Catalog of reusable Terraform components and blueprints for provisioning reference architectures - cloudposse/terraform-aws-components
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Atmos is just a cli. Our components are kept in separate monorepo and versioned separately.
2021-01-26
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Chris Anderla
- @johnpc
- @Pedro Antonio Bratti
- @Jeremy Rauch
- @contact531
- @Madan Kapoor
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
2021-01-27
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Saurabh Hirani
- @Philip Asiala
- @Jerrod Finn
- @Thomas Picquet
- @Mahmoud
Good to have you here =)
![Philip Asiala avatar](https://avatars.slack-edge.com/2021-01-27/1705011332720_4dcf1c4c9ef8f3c670ea_72.jpg)
![Thomas Picquet avatar](https://avatars.slack-edge.com/2021-01-27/1706067148736_98204ad09e2af66d34ce_72.png)
2021-01-28
![Evan Pitstick avatar](https://secure.gravatar.com/avatar/d63bf32a5ebf97d857aebb86b44053ea.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Hi all, thanks for all you’re doing to help the community. I joined the office-hours yesterday and it was quite interesting. I work on a small internal tools team and I’m trying to really focus on Devops and IaC to mature our processes. I’ve been looking into terraform / terragrunt all week and I’ve noticed something that feels strange to me that seems to be considered best practice across a number of tools and I was hoping to get some input from all of you.
I may get some of the wording wrong here but I’ll try my best to be descriptive. So it seems that it’s common to split things up into modules that do individual jobs, and environments which control configuration values and compositional instructions. The combination of configs and compositional work flows in the environments seems odd to me. I can see a place for having some of it in cases where you’d want them to have some different structure (maybe you want some kind of chaos service in staging but not in prod for example), but generally it would seem like you’d want to have most of your composition to be shared between environments. To make an analogy to software development that I’m more used to, we would create a feature branch, and work on it, then merge that code to staging, after it was tested there the same code would be merged to a prod branch which would deploy to prod. You’d have different settings for each env but the code would be the same. I wouldn’t create a prod
and staging
directory in my source and try to copy my staging code to prod when I was ready for it to be deployed.
Where does this practice come from? Is there any argument against doing it? Does anyone know of any example repositories that do handle most of the composition in a shared folder and only uses prod
and staging
for things that would make them different? I’m mainly focused on terragrunt right now since I’m new and it seems to be a mature system with plenty of users and help but any examples would help.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
The files that live in the prod
and staging
folder are typically very small. They reference different versions of a “module” so that you can do exactly what you are talking about up above.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
But it’s also not the only way to do it. My team doesn’t do it that way, they do it in a more typical app-dev kind of way. There’s lots of different ways to skin this particular cat
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Take a look at #atlantis for a tool that is popular around here that helps a lot when deploying IaC
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
CP does it with GitHub actions as well, though I think that process is more homegrown and “proprietary”? Not sure how extensible it is.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Then others use Terraform Cloud with nice success
![Evan Pitstick avatar](https://secure.gravatar.com/avatar/d63bf32a5ebf97d857aebb86b44053ea.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
so, one way to do it might to be to call a shared “module” that actually handles most of the composition?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
yes, and utilizing different versions of that module let you gradually promote something up through your environments
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
while sharing the same codebase
![Evan Pitstick avatar](https://secure.gravatar.com/avatar/d63bf32a5ebf97d857aebb86b44053ea.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
that module would be called from each of the environments but with different inputs
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
yes
![Evan Pitstick avatar](https://secure.gravatar.com/avatar/d63bf32a5ebf97d857aebb86b44053ea.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
that makes a lot of sense
![Evan Pitstick avatar](https://secure.gravatar.com/avatar/d63bf32a5ebf97d857aebb86b44053ea.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
thanks a bunch for the tips
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
also see https://www.youtube.com/watch?v=4MLBpBqZmpM. It’s a whole office hours about different Terraform cloud services
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Evan Pitstick happy to talk about this again on #office-hours
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
in the next 1-2 months, we’ll have more documentation on getting started with our reference architecture. in the next week, we’ll have documentation for our various components coming out. after that we’re focused on archiving a lot of our legacy documentation before starting down the path of documenting our current approach.
![johntellsall avatar](https://secure.gravatar.com/avatar/9120a17d44e0c40f2b781ec94a0cd43e.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
@Evan Pitstick I’m also interested in this, how to map code releases to production/environment releases. I’ll be curious to be on the Office Hours this week!
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Evan Pitstick
- @Brad McCoy
- @Ratko Nikolovski
- @imran hussain
Good to have you here =)
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
2021-01-29
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Jordan Mendler
- @Stas Efremov
- @Iurii
- @risto78
- @kien241
- @Nathaniel Selzer
- @Lionel LONKAP
- @Joe Herman
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hey @Jordan Mendler! welcome
![Lionel LONKAP avatar](https://avatars.slack-edge.com/2021-01-29/1705370898513_7ed66833c94f104c1bdb_72.jpg)
2021-01-30
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
Hey everyone, give a warm welcome to our newest members!
- @Sergio (Cloud Posse)
- @Sarath Pantala
- @Alex Montgomery
Good to have you here =)
![wave](/assets/images/custom_emojis/wave.png)