#gitops (2024-02)
Discuss continuous delivery of infrastructure
Archive: https://archive.sweetops.com/gitops/
2024-02-01
| [KCL Biweekly Newsletter | KCL Biweekly Newsletter | v0.7.5 Released and Flux Integration for GitOps.](https://medium.com/@xpf6677/kcl-biweekly-newsletter-v0-7-5-released-and-flux-integration-for-gitops-4803c55b48c2) Hi fellas! We have released KCL v0.7.5! For this version, we have written a blog to describe the updated content. Welcome to read and provide feedback! |
2024-02-04
Moving to enterprise GH, it was mentioned in the last office-hours, there might be permission issues causing workflows to fail.
Does anyone might know the docs link warning about this? Or maybe a blog post?
This is the setting we had to change after upgrade:
https://github.com/enterprises/<ENTERPRISE_NAME_GOES_HERE>/settings/actions
This discusses the issue a little: https://github.com/orgs/community/discussions/57244
Just out of curiosity - what’s the reason for the move? (Completely understand if you aren’t able to share the reasons)
At my org we create and manage a bunch of organizations. Currently we have about 35 orgs. In our case our product integrates heavily with github so each time we onboard a new dev/QA having a dedicated github org for it helps a lot. We keep our sanity with: https://registry.terraform.io/providers/integrations/github/latest/docs aside from product development we have 3-4 private orgs that vary based on use case:
• Public Org our product code
• Private org just contains specific IaaC implementations of our public product code
• Backup org - contains IaaC for our backup infra. Ex. retention policies and etc.
• marketing org - contains some shell scripts we wrote for marketing/crm changes. We aren’t doing this ourselves yet but we are thinking of taking our public repos and converting them into multiple orgs similar to AWS: https://github.com/awslabs/ https://github.com/aws
And as of recent similar to cloudposse: https://github.com/cloudposse https://github.com/cloudposse-terraform-components
Edit: To add on to the above, having separate orgs allows us to give more privileged access while minimizing the blast radius of that trusted user. However we still take daily backups of everything across all the orgs.
Wow, 35!?
@venkata.mutyala you should chime in on https://sweetops.slack.com/archives/CB6GHNLG0/p1712075779976419
Was sick this week so i did some cleanup!
We created a glueops-rip for all the repos that we consider dead/archived.
@Utpal Nadiger we’re also in the process of breaking out our cloudposse organization into more organizations via GHE. In our case, we have so many repositories and it makes discoverability difficult. Also, it’s very nice to manage a collection of repos in a consistent manner using a centralized .github repo and organizational rulesets. We can also have domain-specific organization admins to manage the repos in that organization. TBH, if github just supported folders like GitLab, we would probably not reorg. However, upgrading to GHE is a must for any company seriously using GHA and concerned about security. GHE adds envirorment level secrets, protection rules (which can act as gates for promotion of software), environment checks (e.g. smoketests), and audit controls.