#gitops (2024-02)

Discuss continuous delivery of infrastructure

Archive: https://archive.sweetops.com/gitops/


Xu Pengfei avatar
Xu Pengfei
[KCL Biweekly NewsletterKCL Biweekly Newsletterv0.7.5 Released and Flux Integration for GitOps.](https://medium.com/@xpf6677/kcl-biweekly-newsletter-v0-7-5-released-and-flux-integration-for-gitops-4803c55b48c2) Hi fellas! We have released KCL v0.7.5! For this version, we have written a blog to describe the updated content. Welcome to read and provide feedback!
KCL Biweekly Newsletter | v0.7.5 Released and Flux Integration for GitOpsattachment image

KCL is a constraint-based record and functional language hosted by Cloud Native Computing Foundation (CNCF) that enhances the writing of…


Gabriel avatar

Moving to enterprise GH, it was mentioned in the last office-hours, there might be permission issues causing workflows to fail.

Does anyone might know the docs link warning about this? Or maybe a blog post?

venkata.mutyala avatar

This is the setting we had to change after upgrade:


venkata.mutyala avatar

This discusses the issue a little: https://github.com/orgs/community/discussions/57244

Utpal Nadiger avatar
Utpal Nadiger

Just out of curiosity - what’s the reason for the move? (Completely understand if you aren’t able to share the reasons)

venkata.mutyala avatar

At my org we create and manage a bunch of organizations. Currently we have about 35 orgs. In our case our product integrates heavily with github so each time we onboard a new dev/QA having a dedicated github org for it helps a lot. We keep our sanity with: https://registry.terraform.io/providers/integrations/github/latest/docs aside from product development we have 3-4 private orgs that vary based on use case:

• Public Org our product code

• Private org just contains specific IaaC implementations of our public product code

• Backup org - contains IaaC for our backup infra. Ex. retention policies and etc.

• marketing org - contains some shell scripts we wrote for marketing/crm changes. We aren’t doing this ourselves yet but we are thinking of taking our public repos and converting them into multiple orgs similar to AWS: https://github.com/awslabs/ https://github.com/aws

And as of recent similar to cloudposse: https://github.com/cloudposse https://github.com/cloudposse-terraform-components

Edit: To add on to the above, having separate orgs allows us to give more privileged access while minimizing the blast radius of that trusted user. However we still take daily backups of everything across all the orgs.