#gitops (2024-02)

Discuss continuous delivery of infrastructure

Archive: https://archive.sweetops.com/gitops/

2024-02-01

Xu Pengfei avatar
Xu Pengfei
[KCL Biweekly NewsletterKCL Biweekly Newsletterv0.7.5 Released and Flux Integration for GitOps.](https://medium.com/@xpf6677/kcl-biweekly-newsletter-v0-7-5-released-and-flux-integration-for-gitops-4803c55b48c2) Hi fellas! We have released KCL v0.7.5! For this version, we have written a blog to describe the updated content. Welcome to read and provide feedback!
KCL Biweekly Newsletter | v0.7.5 Released and Flux Integration for GitOpsattachment image

KCL is a constraint-based record and functional language hosted by Cloud Native Computing Foundation (CNCF) that enhances the writing of…

2024-02-04

Adnan avatar

Moving to enterprise GH, it was mentioned in the last office-hours, there might be permission issues causing workflows to fail.

Does anyone might know the docs link warning about this? Or maybe a blog post?

venkata.mutyala avatar
venkata.mutyala

This is the setting we had to change after upgrade:

https://github.com/enterprises/<ENTERPRISE_NAME_GOES_HERE>/settings/actions

1
venkata.mutyala avatar
venkata.mutyala

This discusses the issue a little: https://github.com/orgs/community/discussions/57244

1
Utpal Nadiger avatar
Utpal Nadiger

Just out of curiosity - what’s the reason for the move? (Completely understand if you aren’t able to share the reasons)

venkata.mutyala avatar
venkata.mutyala

At my org we create and manage a bunch of organizations. Currently we have about 35 orgs. In our case our product integrates heavily with github so each time we onboard a new dev/QA having a dedicated github org for it helps a lot. We keep our sanity with: https://registry.terraform.io/providers/integrations/github/latest/docs aside from product development we have 3-4 private orgs that vary based on use case:

• Public Org our product code

• Private org just contains specific IaaC implementations of our public product code

• Backup org - contains IaaC for our backup infra. Ex. retention policies and etc.

• marketing org - contains some shell scripts we wrote for marketing/crm changes. We aren’t doing this ourselves yet but we are thinking of taking our public repos and converting them into multiple orgs similar to AWS: https://github.com/awslabs/ https://github.com/aws

And as of recent similar to cloudposse: https://github.com/cloudposse https://github.com/cloudposse-terraform-components

Edit: To add on to the above, having separate orgs allows us to give more privileged access while minimizing the blast radius of that trusted user. However we still take daily backups of everything across all the orgs.

1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Wow, 35!?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

stupid question but are you guys terraforming your github configs?

1
venkata.mutyala avatar
venkata.mutyala

Was sick this week so i did some cleanup!

venkata.mutyala avatar
venkata.mutyala

We created a glueops-rip for all the repos that we consider dead/archived.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Utpal Nadiger we’re also in the process of breaking out our cloudposse organization into more organizations via GHE. In our case, we have so many repositories and it makes discoverability difficult. Also, it’s very nice to manage a collection of repos in a consistent manner using a centralized .github repo and organizational rulesets. We can also have domain-specific organization admins to manage the repos in that organization. TBH, if github just supported folders like GitLab, we would probably not reorg. However, upgrading to GHE is a must for any company seriously using GHA and concerned about security. GHE adds envirorment level secrets, protection rules (which can act as gates for promotion of software), environment checks (e.g. smoketests), and audit controls.

2

2024-02-05

2024-02-15

2024-02-23

    keyboard_arrow_up