#office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! :point_right: https://cpco.io/slack-office-hours

2019-10-16

dalekurt

Office hours today?

Erik Osterman

Yep!

Erik Osterman

@oscar bump

Erik Osterman

@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304

Erik Osterman
ContainerSolutions/externalsecret-operator

An operator to fetch secrets from cloud services and inject them in Kubernetes - ContainerSolutions/externalsecret-operator

dalekurt
mlabouardy/komiser

Cloud Environment Inspector - mlabouardy/komiser

Alex Siegman

a nodes group per az, equivalent to an eks worker pull i believe

Validating cluster us-east-1.staging.spoton.sh

INSTANCE GROUPS
NAME			ROLE	MACHINETYPE	MIN	MAX	SUBNETS
bastions		Bastion	t3.small	1	1	utility-us-east-1c,utility-us-east-1d,utility-us-east-1a
master-us-east-1a	Master	t3.medium	1	1	us-east-1a
master-us-east-1c	Master	t3.medium	1	1	us-east-1c
master-us-east-1d	Master	t3.medium	1	1	us-east-1d
nodes-us-east-1a	Node	t3.medium	1	3	us-east-1a
nodes-us-east-1c	Node	t3.medium	1	3	us-east-1c
nodes-us-east-1d	Node	t3.medium	1	3	us-east-1d
Erik Osterman
kubernetes/autoscaler

Autoscaling components for Kubernetes. Contribute to kubernetes/autoscaler development by creating an account on GitHub.

dalekurt
GoogleCloudPlatform/terraformer

CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GoogleCloudPlatform/terraformer

Erik Osterman

awesome turn out! thanks everyone for joining and sharing what your working on. hope we answered your questions

Erik Osterman

make sure to check out the links that were shared

2019-10-15

dalekurt

I have a question for tomorrow’s Office Hours. How to maintain a single source of truth and updating a secrets manager (AWS SM or HashiCorp Vault) while having some audit and using a CI?

Erik Osterman

Good question!

2019-10-10

2019-10-09

Matthew Cascio

Will there be a an office hours meeting today?

oscar
06:35:28 PM
Erik Osterman

Sorry guys! Had to go to emergency hospital to pick up doggie and totally spaced

Matthew Cascio

No problem at all. Is your dog doing better?

Erik Osterman

Yes.. thanks! but it will be a few weeks. He had big surgery

Robert

Hope he get’s better soon.

Erik Osterman

thanks @Robert!

Erik Osterman

Will be back next week, same time and place

2019-10-07

oscar

What’s that website that was shared before where you can see what other companies are paying for a SaaS?

oscar

We’re looking at terraform cloud

Erik Osterman
Capiche - Glassdoor for SaaS pricing | Product Hunt

SaaS pricing is opaque and complex, increasingly hidden behind enterprise pricing and sales calls. It’s impossible to know what software really costs. We’re building a price transparency community to level the playing field.

Erik Osterman
Capiche

You’re paying too much for business software. Let’s fix it together.

Alex Siegman

Right now it’s mostly just a newsletter it seems like, and to join (at least when I did a month or two ago) you have to give them a certain number of pricing stories, but I’m interested to see where this goes.

Capiche

You’re paying too much for business software. Let’s fix it together.

oscar

Thanks - a shame it isn’t widely adopted though

2019-10-03

cloudposse/example-app

Example application for CI/CD demonstrations of Codefresh - cloudposse/example-app

Erik Osterman

It’s not really needed. It is so you can define the business logic of how into deploy the application.

cloudposse/example-app

Example application for CI/CD demonstrations of Codefresh - cloudposse/example-app

Erik Osterman

For example how to do blue green

Sharanya

Create Jenkinsfile to deploy UI code to S3 bucket.

1

2019-10-02

Erik Osterman

@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304

2
1
1
Erik Osterman
cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

2
Erik Osterman
cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…

1
Matthew Cascio
mumoshu - Overview

AWS Container Hero / Maintains kube-aws, eksctl, helmfile, helm-diff, brigade, awsbeats / Wanna be a paid OSS dev someday - mumoshu

4
Matthew Cascio

His Variant project looks very cool

mumoshu - Overview

AWS Container Hero / Maintains kube-aws, eksctl, helmfile, helm-diff, brigade, awsbeats / Wanna be a paid OSS dev someday - mumoshu

4
Erik Osterman
mumoshu/aws-secret-operator

A Kubernetes operator that automatically creates and updates Kubernetes secrets according to what are stored in AWS Secrets Manager. - mumoshu/aws-secret-operator

Matthew Cascio
segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

Erik Osterman
mittwald/kubernetes-replicator

Kubernetes controller for synchronizing secrets & config maps across namespaces - mittwald/kubernetes-replicator

Erik Osterman
cmattoon/aws-ssm

Populates Kubernetes Secrets from AWS Parameter Store - cmattoon/aws-ssm

Maesh - Simpler Service Mesh

Maesh is a straight-forward, easy to configure, and extremely non-invasive service mesh that allows visibility and management of the traffic flows inside any Kubernetes cluster.

dalekurt
s12v/exec-with-secrets

Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault - s12v/exec-with-secrets

1
Matthew Cascio

Do you know if this is a good PID 1? (killing things that need killed, etc.) Could always start with something like https://github.com/Yelp/dumb-init

Yelp/dumb-init

A minimal init system for Linux containers. Contribute to Yelp/dumb-init development by creating an account on GitHub.

1
Erik Osterman
Garden

it’s time for a new generation of development tools

Erik Osterman
Using Helm with Tilt

Local Kubernetes development with no stress

calm/helm-hacker

A script to Hack the Helm state (configmaps). Contribute to calm/helm-hacker development by creating an account on GitHub.

3
Erik Osterman
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

Erik Osterman
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Erik Osterman
ContainerSolutions/externalsecret-operator

An operator to fetch secrets from cloud services and inject them in Kubernetes - ContainerSolutions/externalsecret-operator

2019-09-26

Erik Osterman

@Jeremy Grodberg @aknysh @Igor Rodionov @ maybe something nice to check out

Jeremy Grodberg
05:45:12 PM

@Jeremy Grodberg has joined the channel

Igor Rodionov
05:45:12 PM

@Igor Rodionov has joined the channel

05:45:12 PM

@ has joined the channel

2019-09-25

Erik Osterman
derailed/popeye

🧭 A Kubernetes cluster resource sanitizer. Contribute to derailed/popeye development by creating an account on GitHub.

Erik Osterman
getsentry/sentry-kubernetes

Kubernetes event reporter for Sentry. Contribute to getsentry/sentry-kubernetes development by creating an account on GitHub.

Erik Osterman
derailed/k9s

Kubernetes CLI To Manage Your Clusters In Style! - derailed/k9s

Erik Osterman
tmrts/boilr

boilerplate template manager that generates files or directories from template repositories - tmrts/boilr

I seriously use k9s every freaking day. It is my favorite tool since brew

The maintainer is super active, nice, reliable, quick to respond, and brilliant

I’ve tried a bunch of times to get him to set up the donation stuff but he doesn’t seem interested in money. I want to buy the man like 10 beers

2019-09-18

Erik Osterman

@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304

Erik Osterman
Feature: Conditionally load tfvars/tf file based on Workspace · Issue #15966 · hashicorp/terraform

Feature Request Terraform to conditionally load a .tfvars or .tf file, based on the current workspace. Use Case When working with infrastructure that has multiple environments (e.g. "staging&q…

Erik Osterman
Restrict Plan or Apply to Github Teams or Github Users · Issue #308 · runatlantis/atlantis

what Allow operator to define a list of permitted users who can trigger atlantis commands why Currently, the only way to restrict access is by adding/revoking users from a repository altogether. We…

Erik Osterman
Deploying to Kubernetes with Helm and GitHub Actions

This tutorial will go through the basics of GitHub actions as well as deploying to Kubernetes using a pre-built Helm action

dalekurt

What was the issue with using kube2iam?

Erik Osterman

Every node is responsible for negotiating with AWS apis to get sts tokens

Erik Osterman

If you restart all your pods or launch a lot of pods you will overload the kube2iam server and AWS apis

Erik Osterman

Rate limits are account wide

Erik Osterman

So you can basically DOS attack the AWS apis and they return the favor by blocking you

Erik Osterman

We have had this happen across multiple accounts and customers before switching to Kiam

Erik Osterman

Also the security model of kube2iam means the nodes them selves need an admin IAM role

Erik Osterman

With Kiam only the server needs it and that can be deployed to a dedicated node pool

dalekurt

Coincidentally, my team member just asked about using kube2iam and I recalled that from our office hours.

Erik Osterman

And it caches the credentials so it’s both much faster and doesn’t DoS AWS

Erik Osterman
Kiam: Iterating for Security and Reliability

Kiam bridges Kubernetes’ Pods with Amazon’s Identity and Access Management (IAM). It makes it easy to assign short-lived AWS security…

dalekurt

Thanks @Erik Osterman that was helpful.

1
Erik Osterman

Read all about it here

dalekurt

page not found

paywall?

@Erik Osterman Can you share that link to the AWS Service Operator-like operator for Terraform?

Erik Osterman
rancher/terraform-controller

Use K8s to Run Terraform. Contribute to rancher/terraform-controller development by creating an account on GitHub.

thanks

rancher/terraform-controller

Use K8s to Run Terraform. Contribute to rancher/terraform-controller development by creating an account on GitHub.

Erik Osterman

that downside with these operators is surfacing errors

I can see that, another one would be, for example, provisioning an RDS DB takes 30+ minutes sometimes

Is the rest of your deployment going to sit there and wait? I guess it will have to

Erik Osterman

yea, for that reason we use containers for disposable staging environments

Erik Osterman

usually prebaked with datasets to speed up delivery

Erik Osterman

@dalekurt here is how we deploy kiam with cert-manager: https://github.com/cloudposse/helmfiles/tree/master/releases

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

2019-09-11

Erik Osterman

joining now!

Erik Osterman

sorry running late

Erik Osterman

#office-hours starting now! ask questions, get answers. free for everyone. https://zoom.us/j/508587304

Alex Siegman

just me today? i don’t have anything, was just going to listen in. no offices for me to be noisy in

Erik Osterman

ok!

Erik Osterman

yea, no one yet.

Erik Osterman

@ saw you registered for office hours

Erik Osterman

we’re on now.

Alex Siegman

also helps if i unmute my headphones lol

oscar

I just got home

oscar

Gimmie a 5 mins

Erik Osterman

sure, i’ll just hang out

Alex Siegman

I do have something we could work through if i can steal an office

Alex Siegman

i need to debug why i’m getting a “too many redirects” on a new service, might be interesting for folks who want to see the workings of the CP stack

Alex Siegman

nothing sensitive that i’d be afraid to show

Erik Osterman

ok, sure thing

Erik Osterman

@Alex Siegman <http<i class="em em-//forecastle.stakater.com/url\|forecastle.stakater.com/url>"></i> 'https://{{- env "KEYCLOAK_INGRESS_HOSTS" -}}/auth/admin/'

Erik Osterman
stakater/Forecastle

Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes – [✩Star] if you’re using it! - stakater/Forecastle

2019-09-10

dalekurt

@tamsky To clarify, we have VPC peering between the AWS accounts and AWS<~>GCP we are using VPN

1
1

2019-09-04

Erik Osterman

#office-hours starting now! ask questions, get answers. free for everyone. https://zoom.us/j/508587304

dalekurt

It is done @Erik Osterman?

tamsky

Mentioned in today’s #office-hours was “VPC peering between GCP and AWS.” I hadn’t heard of this before, and after looking around, I still don’t know if what was meant was actually VPC peering between AWS<>GCP or a VPN solution.

2019-08-28

dalekurt

What’s the zoom session for today?

Erik Osterman

#office-hours starting now! join us here https://zoom.us/s/508587304

Erik Osterman
wjdp/htmltest

Test generated HTML for problems - wjdp/htmltest

Erik Osterman
Features • GitHub Actions

Easily build, package, release, update, and deploy your project in any language—on GitHub or any external system—without having to run code yourself.

Erik Osterman

sign up for the beta

Erik Osterman
dalekurt

Sorry guys, I had to drop off for a bit

Erik Osterman
A Billion Taxi Rides on Amazon EMR running Presto

Benchmarks & Tips for Big Data, Hadoop, AWS, Google Cloud, PostgreSQL, Spark, Python & More…

Erik Osterman
A Billion Taxi Rides on Google's BigQuery

Benchmarks & Tips for Big Data, Hadoop, AWS, Google Cloud, PostgreSQL, Spark, Python & More…

Sharanya

Did anyone Come across NPM memory Issues ?

2019-08-23

interesting idea

1

2019-08-16

2019-08-15

2019-08-14

Erik Osterman
cloudposse/terraform-aws-ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource - cloudposse/terraform-aws-ecs-container-definition

Erik Osterman

this is the module I know others have used related to AWS secrets

Erik Osterman

@nian

Erik Osterman
resource "aws_db_instance" "example" {
  # ...

  timeouts {
    create = "60m"
    delete = "2h"
  }
}
Erik Osterman
Resources - Configuration Language - Terraform by HashiCorp

Resources are the most important element in a Terraform configuration. Each resource corresponds to an infrastructure object, such as a virtual network or compute instance.

Remove multiple CloudFront distributions with “aws cli”

If you are working with AWS CloudFront, you might have a large number of CloudFront distributions sitting there. I have over 100 from…

Erik Osterman
monitoringartist/grafana-aws-cloudwatch-dashboards

20+ Grafana dashboards for AWS CloudWatch metrics: EC2, Lambda, S3, ELB, EMR, EBS, SNS, SES, SQS, RDS, EFS, ElastiCache, Billing, API Gateway, VPN, … - monitoringartist/grafana-aws-cloudw…

Erik Osterman
A virtual office for remote teams

Re-discover the flow of working together in‑person. See, talk to, and collaborate with your team in one click.

Erik Osterman
seeq12/qube

Qube is a virtual office that enables you to work remotely! Qube provides office context - who’s talking to who, who’s out of the office and who just stepped out to lunch. - seeq12/qube

Erik Osterman
WakaTime

Productivity metrics and automatic time tracking for programmers.

2

2019-08-13

Blaise Pabon

Thanks @Erik Osterman that is kind of you. She’s ok, just getting old and seems to have pulled a muscle. I’m looking forward to this week’s office hours. I have been spreading the word around the office.

2019-08-07

Blaise Pabon

I wish I was in office hours right now… instead of the vet’s clinic.

3
Erik Osterman

Hope everything is ok…

2019-07-24

Erik Osterman

@here Public #office-hours with cloud posse starting now! https://zoom.us/s/508587304 join if you have any questions or want to listen in.

2019-07-22

2019-07-20

Erik Osterman

@Blaise Pabon I finally remembered the OS… it’s called NixOS

Erik Osterman

What was the the name of the sandbox style package manager for red hat?

Blaise Pabon

Oh! I remember nixOS! my old boss Ariya is a huge fan of their package manager Nix

Erik Osterman

Yep!

Blaise Pabon

OK, so the redhat OS package manager is ostree

Blaise Pabon

for the system image

Erik Osterman

Do you know how ostree compares to nix? Or is it apples to oranges

Blaise Pabon

and the next-gen package manager for applications is called flatpak.

Blaise Pabon

Sooo… ostree is for the system image

Erik Osterman
Blaise Pabon

yes, the ostree upstream project is a little behind on docs. This guy has lots of good links for Nix resources: https://wiki.nikitavoloboev.xyz/package-managers/nix

Blaise Pabon

right and NixOS has a similar approach to system images of NixOS.

Blaise Pabon

rpm-ostree is for RHEL style os

Blaise Pabon

actually the genealogy is more like this:

Blaise Pabon

CoreOS begat ostree (which is mostly found on RedHat systems)

Blaise Pabon

NixOS begat nix (although now nix runs on other OS, including Mac OS!)

Blaise Pabon

IF you’re booting NixOS, then nix can manage your system images.

Blaise Pabon

If you’re booting CoreOS, then ostree will manage your system images.

Blaise Pabon

…and since CoreOS has tight collaboration with Fedora and RHEL, the ecosystem of .rpms is ported over…. whereas there are fewer nixOS binaries and some packages you will have to build from source.

Blaise Pabon

I suspect that NixOS will become the NetBSD of the devops world: bombproof, stable, late to adopt. and CoreOS/OStree will become the RHEL of the Enterprise world.

Erik Osterman

I agree… don’t see NixOS taking off

Blaise Pabon

Don’t get me wrong, ‘nix is a very kickass solution if you are switiching beteween monolithix development environments (python, Java) where a sdk version can mean a whole different set of dependencies.

2019-07-17

Erik Osterman

an internet-facing NLB in a public subnet with a target group of Aurora Serverless endpoint IP addresses worked. thanks @Erik Osterman!

2019-07-10

Erik Osterman

Public #office-hours starting now! Join me here: https://zoom.us/meeting/register/dd2072a53834b30a7c24e00bf0acd2b8

Have any questions? This is your chance to ask us anything.

dalekurt

missed it today, had a meeting conflict.

2019-06-25

Erik Osterman

New registration page for upcoming “office hours”

Erik Osterman
01:21:49 AM

@Erik Osterman set the channel topic: Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

2019-06-19

Alex Siegman

Hey @Erik Osterman no room for me today so no mic, but I’m listening in

Alex Siegman

or i would be but i’m not hearing anything

Erik Osterman

still not hearing anything?

Alex Siegman

fixed

Alex Siegman

was issue on my end

Alex Siegman

#demo

Alex Siegman

Alex Siegman

I have not, no.

Alex Siegman

Is there one for extracting data from Prometheus?

Alex Siegman

You recording this btw? I have a couple folks who might be interested in how http://singer.io / ETL stuff works

Alex Siegman

Nah, pretty straight forward to me. Curious how much extra work it would be to conform to the format for devs building ETL pipelines for our own dashboards.

Alex Siegman

@Erik Osterman - question; it seems like singer takes care of “extract” via taps, and “load” via targets. That misses the “Transform” part of ETL. does that happen as part of the TAP?

Erik Osterman

well, it does a form of transform.

Erik Osterman

it munges the data from one system to the next

Erik Osterman

now, if you want to do extra munging, that’s when you write your own.

Erik Osterman
cloudposse/tap-trello

Tap designed get around limitations of StitchData’s Trello integration, which does not support Custom Fields, Attachments, and Organizations. - cloudposse/tap-trello

Erik Osterman

this is a basic example of extracting the data and transforming it JSON. then the JSON is loaded.

Alex Siegman

holy thread necro batman, 2 months ago

Erik Osterman

The extract part is also what does the transform

Erik Osterman

technically, since it’s a pipeline though

Erik Osterman

you can have an additional transformation step

Erik Osterman

those are the demos from today

2019-06-12

Erik Osterman
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

Josh Larsen
hashicorp/terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amon…

Erik Osterman
[direnv/rc.d/terraform] Fix TF_BUCKET_PREFIX by osterman · Pull Request #419 · cloudposse/geodesic

what Extrapolate TF_BUCKET_PREFIX based on the distance from the project folder to the root configuration folder why Previous approach was too naieve as it always assumed configurations were rel…

Erik Osterman
cloudposse/geodesic

Geodesic is a cloud automation shell. It&#39;s the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! h…

Alex Siegman

Bah was caught up in work today, was unable to join. Any demos that we have a recording of?

Erik Osterman

No recordings today

Erik Osterman

Most of the talk was about upgrade path to 0.12

Erik Osterman

We had a good turn out today!

Erik Osterman

@tamsky @dalekurt @Josh Larsen @Blaise Pabon stopped by

1
Blaise Pabon
11:00:31 PM

@Blaise Pabon has joined the channel

2019-06-05

Erik Osterman

@here office hours starting now: https://zoom.us/j/684901853

Erik Osterman

For got to share the last office hours from May 22nd. Here’s the recording: https://zoom.us/recording/play/gmEpOhxtlR0X3xAvfgY4-IWEkks_SGZA7IME0eKj1mT5Gf0FDHi4Y1WSOlK9Pbo4?continueMode=true

Erik Osterman

2019-05-29

Erik Osterman

i’m dropping off since no one joined today.

Alex Siegman

Sorry, was really busy today~

2019-05-22

Tega McKinney
06:35:13 PM

@Tega McKinney has joined the channel

Erik Osterman

@Tega McKinney brought up a good point that we need to document how to get the outputs for the users created in the reference-architectures

Erik Osterman

maybe we should use nohup or tee to keep a log of everything that happens

Erik Osterman

in @Tega McKinney’s case he logged out of his terminal window and lost the history

Tega McKinney

@Erik Osterman first time ever joining office hours for a project…thanks for the suggestions and discussions around what you all are building. Enjoyed the convo.

Erik Osterman

Thanks @Tega McKinney! Really love doing these office hours too. I always learn something from them. Will share the link in a little bit.

2019-05-16

AgustínGonzalezNicolini

15 or 30 min?

Erik Osterman

Let’s block off 30

Erik Osterman

We can use less

Josh Larsen

@Erik Osterman at office hours yesterday you mentioned the root-dns modules that reads state from another aws account using a role that has permissions to do so. i’m trying to set that role up and give it just enough permissions to read the terraform state from s3, but keep getting Access Denied. can you show me the correct permissions for this role? here is the policy i have for it so far that isn’t working:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn<img src="/assets/images/custom_emojis/aws.png" class="em em-aws">s3:::mynamespace-sandbox-terraform-state"
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn<img src="/assets/images/custom_emojis/aws.png" class="em em-aws">s3:::mynamespace-sandbox-terraform-state/tfstate-backend/terraform.tfstate"
        },
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": "dynamodb:*",
            "Resource": "arn<img src="/assets/images/custom_emojis/aws.png" class="em em-aws">dynamodb<i class="em em-us-east-1"></i>myaccountnum:table/bw-sandbox-terraform-state-lock"
        }
    ]
}
Josh Larsen

i’m wondering if maybe it has something to do with KMS permissions… but that seems very complex to allow because it has to be allowed from both the role AND the kms side i believe.

Josh Larsen

i solved this issue btw Erik… i just added s3:* to the tstatebucket with /* wildcard. that’s good enough for now.

2019-05-15

Erik Osterman
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

AgustínGonzalezNicolini

Let me know whenever you can show us teleport in action!

Erik Osterman

@AgustínGonzalezNicolini @Josh Larsen if you want a demo of Teleport/Keycloak please find a time here:

Erik Osterman
Keycloak

Keycloak is an open source identity and access management solution

Erik Osterman
Modern Privileged Access Management | Teleport | Gravitational

Make it easy for users to securely access infrastructure and meet the toughest compliance requirements.

2019-05-13

2019-05-09

What day is it normally

Erik Osterman

every wednesday at 11:30 am

2019-05-08

01:17:33 PM

@ has joined the channel

cabrinha
06:38:12 PM

@cabrinha has joined the channel

cabrinha

yeah, looking at different SDLCs for Infrastructure as Code: https://docs.gitlab.com/ee/workflow/gitlab_flow.html

Introduction to GitLab Flow | GitLab

Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.

AgustínGonzalezNicolini
06:38:23 PM

@AgustínGonzalezNicolini has joined the channel

AgustínGonzalezNicolini
data "aws_iam_policy_document" "collection_manager_trigger_service_policy_document" {
  statement = {
    actions = [
      "${module.sns.publish_action}"
    ],
    resources = [
      "${data.aws_sns_topic.collection_topic.arn}",
      "${data.aws_sns_topic.debin_topic.arn}"
    ]
  }

`

1
AgustínGonzalezNicolini
output "publish_action" {
  value = "sns:Publish"
}
ash
06:50:39 PM

@ash has joined the channel

Nothing atm.

AgustínGonzalezNicolini

suggestion pull various actions together and use submodules

But thanks for asking!

cabrinha

I’d love a blog / writeup on these layers … I think it’s a great way to organize the foundation for all these other architectural conversations

cabrinha

going to take off but this has been really insightful. hope these can be recorded in the future!

If the host edits the recording perms for the meeting, we could all record from the zoom client.

Erik Osterman

thats a good point

Erik Osterman

@cabrinha I want to record them as well.

Erik Osterman

I have cloud recording available. We tried it one time, but for certain community members, they didn’t like that since they didn’t feel like they could talk candidly.

Alex Siegman

I’m not sure there’s an expectation of privacy in such an open venue though, or more appropriately that their should be such an expectation

Erik Osterman

I suggest for next wee we’ll have two parts: start with demo and recording, q&a. then we can always have a second part that is “off the record” where we disable recordings.

Erik Osterman

yes, all in all, my hope is this is more open/transparent than a cloak and dagger community

Erik Osterman

Erik Osterman

thanks everyone for joining today! that was awesome. that was our largest turnout to date

1
2

2019-04-25

Mohamed.Naseer
01:28:52 AM

@Mohamed.Naseer has joined the channel

2019-04-23

fernando.alvan
08:16:46 AM

@fernando.alvan has joined the channel

2019-04-22

dalekurt
04:32:58 PM

@dalekurt has joined the channel

2019-04-10

jober
06:44:11 PM

@jober has joined the channel

oscarsullivan_old
osulli/geodesic-getting-started

A getting-started guide for Cloud Posse’s Geodesic. - osulli/geodesic-getting-started

Erik Osterman
cloudposse/testing.cloudposse.co

Example Terraform Reference Architecture that implements a Geodesic Module for an Automated Testing Organization in AWS - cloudposse/testing.cloudposse.co

Erik Osterman

terraform init -from-module=....

raehik
06:55:56 PM

@raehik has joined the channel

Josh Larsen
07:15:10 PM

@Josh Larsen has joined the channel

Erik Osterman
mumoshu/variant

Wrap up your bash scripts into a modern CLI today. Graduate to a full-blown golang app tomorrow. - mumoshu/variant

Alex Siegman

I tuned in late, are these office hours recorded by zoom where I could rewatch it later?

Alex Siegman

Thanks all, especially @Erik Osterman for hosting and @oscarsullivan_old for the demo

1
1
Alex Siegman

Sad I couldn’t join in at the beginning, sprint planning ran long

oscarsullivan_old

happy to answer Qs on the flow or show again

jober

Thanks so much for the time it was very helpful!

raehik

big thanks for that! lot of stuff I can discuss with the team & hopefully get using the newer Geodesic versions (we’re using a ver older than my PR T_T)

oscarsullivan_old
07:42:42 PM

My boilerplate http://terraform.tf – saves a lot of repetition across projects and took a long time to build up.

Alex Siegman

I think the confusion I have in adopting it is what goes in Dockerfile vs what might go in an .envrc and what/how do i split up my terraform in to digestable chunks. I haven’t really dug in in earnest yet, though. It keeps getting bumped in sprint planning and I haven’t had time to just get started outside work hours

oscarsullivan_old

Have just added comments to the http://terraform.tf

oscarsullivan_old

Dockerfile Vs .envrc/tfvars == Public Vs Private

Alex Siegman

Yeah, but what is local to you - a specific app/service? a whole environment inside an account?

oscarsullivan_old

a terraform project

oscarsullivan_old

Examples:

Global variables: AWS_REGION, BUCKET_NAME, and STAGE
Local variables: JENKINS_INSTANCE_SIZE, API_NODE_COUNT, and CLUSTER_NAME
oscarsullivan_old

Example variables set in the Dockerfile AKA public variables:

ENV TF_VAR_stage="sandbox"
ENV TF_BUCKET_REGION="${AWS_REGION}"
ENV TF_BUCKET="${NAMESPACE}-${TF_VAR_stage}-terraform-state"
ENV TF_DYNAMODB_TABLE="${NAMESPACE}-${TF_VAR_stage}-terraform-state-lock"
Alex Siegman

Yeah, my issue is, what does that terraform project represent? looks like to you it means a service? Jenkins in that example

oscarsullivan_old

Example .envrc AKA ‘local variables’

# Set JENKINS specific variables and export them to Terraform, Atlantis, and env
export JENKINS_INSTANCE_SIZE="t2.large"
export JENKINS_DOMAIN_NAME="<http://jenkins.domain.com>"
oscarsullivan_old

Yes I usually break down a TF project into a service

oscarsullivan_old

If I did a whole stack it’d be a nightmare IMO

oscarsullivan_old

That would just become a monolithic infrastructure project

Alex Siegman

Yeah, that’s what I’m trying to avoid

oscarsullivan_old

It’s like.. a micro-service but infrastructure

oscarsullivan_old

that’s how I go about it

oscarsullivan_old

or maybe just a service, not a micro-service.. key point is that my project called jenkins only contains jenkins related stuff

Alex Siegman

As much as I’d love to be able to go “aws, give me a new account, run terraform on it, hey look my new environment is done” I’m not sure that’s as useful as it sounds.

oscarsullivan_old

so r53 records for jenkins etc

1
oscarsullivan_old

I’m sure I shared a project I use

oscarsullivan_old

ah damn not merged and its about a month old

oscarsullivan_old

already changed a fair bit

Alex Siegman

I mean, I’m working my boss, I’m hoping I can just hire Erik and the team to jumpstart the whole process, this becomes a moot-ish point that I don’t have to decide alone

Erik Osterman

haha thanks @Alex Siegman

Alex Siegman

On that thread, what’s the best way to have a more formal discussion with y’all about that?

Erik Osterman

@Alex Siegman let’s jump on a call later this week. Find a time here that works for you: https://calendly.com/cloudposse

Erik Osterman

2019-04-03

Alex Siegman

Yeah, no conference rooms available

Alex Siegman

I dislike open offices~

Erik Osterman

ah bummer

Erik Osterman

any questions I can monologue to you?

Alex Siegman

Yeah, I pitched the idea of hiring y’all to help bootstrap a bunch of projects we don’t have time for

1
Alex Siegman

Could you explain how you might go through getting started with us and basic costs

Alex Siegman

I can hear, just can’t talk

Alex Siegman

Yeah, we need line cooks

Alex Siegman

Yeah, I like the aws account arch + kubernetes + release engineering + all that

Alex Siegman

I built out our roadmap long before I found y’all, and they almost exactly match

Alex Siegman

kubecost sounds awesome

Alex Siegman

I hadn’t worked out the details on a lot of stuff, just the general arch

Alex Siegman

we’re moving towards a services architecture

Alex Siegman

When you say 8 sprints, is that 8 weeks?

Alex Siegman

ah, okay, so 16 weeks

Alex Siegman

Right now we have a bunch of legacy crap, about 8 or so services, that need a bunch of code work to split up

Alex Siegman

and has a data monolith behind the app/code monolith

Alex Siegman

and we have about 6 new services

Alex Siegman

that are all containered / 12factor etc.

Alex Siegman

You can thank me for that

Alex Siegman

I pushed hard lol

Alex Siegman

Then on top of that, we have another company we bought that i need to fold in to this at some point

Alex Siegman

so you basically have a prod / preprod / unlimited-staging environments clusters?

Alex Siegman

okay, so, 2 there, plus shared

Alex Siegman

got it

Alex Siegman

yeah, 100%

Alex Siegman

my concern there with unlimited staging though is, then that differs from prod

Alex Siegman

i don’t quite understand the technical way to set that up, but i love the idea

Alex Siegman

yeah, mock sqs, eg.

Alex Siegman

so with unlimited staging, are you still mocking stuff like SQS?

Alex Siegman

Yeah, slick

Alex Siegman

So, how would you approach a customer who has an existing production environment?

Alex Siegman

Would you use that as your root account, and build org out from there?

Alex Siegman

Yeah, I was looking at doing that completely fresh thing, but the logistics of migrating 8ish years of data boggled my mind

Alex Siegman

DMS doesn’t work for us, we tried =(

Alex Siegman

It doesn’t support some postgres features we use

Alex Siegman

That it is not But downtime is frowned upon

Alex Siegman

I’m pushing separate down to RDS, all new services are working that way

Alex Siegman

But, maybe I can make a case for it yet. I’m trying, we just don’t have enough dudes to do the work

Alex Siegman

I don’t disagree

Alex Siegman

I understand the value add

Alex Siegman

I briefly looked at it

Alex Siegman

I guess lastly, how do you approach helping a dev team learn and adopt new ways to develop services? We’ve got a lot of old school dudes who are still using vagrant boxes and stuff

Alex Siegman

doggo stream!

Alex Siegman

Grats!

Alex Siegman

Nicely done @oscarsullivan_old

3
Alex Siegman

I have to tap out. Thanks for the time @Erik Osterman; enlightening as always. I’m excited to see updates to the ref archs. Hopefully I can dedicate time to geodesic and getting my stuff off the ground here soon Or talk someone in to spending more money

1

2019-04-01

oscarsullivan_old

I won’t be able to make this Wednesday’s Office Hours

Erik Osterman

thanks for the heads up

Erik Osterman

actually, I should update it now to announce to #general

2019-03-29

Jan
12:42:24 PM

@Jan has joined the channel

2019-03-27

Erik Osterman
06:50:58 PM

@Erik Osterman has joined the channel

oscarsullivan_old
06:50:58 PM

@oscarsullivan_old has joined the channel

tamsky
06:50:59 PM

@tamsky has joined the channel

mmuehlberger
06:50:59 PM

@mmuehlberger has joined the channel

Alex Siegman
06:50:59 PM

@Alex Siegman has joined the channel

Erik Osterman
mumoshu/variant

Wrap up your bash scripts into a modern CLI today. Graduate to a full-blown golang app tomorrow. - mumoshu/variant

1
Alex Siegman

I just learned about YAML anchors a few days ago, shortened up a docker-compose file I had quite nicely

Alex Siegman

No mic here at the office, just listening in

Alex Siegman

@Erik Osterman ~does cert manager act as a private CA?~ nevermind, it sounds like it’s really just providing a way for key exchange

06:57:34 PM

@ has joined the channel

aknysh
07:00:40 PM

@aknysh has joined the channel

Alex Siegman

Yeah, I’m working with a LE + Traefik + Consul project right now for customer domain hosting

oscarsullivan_old

I think I may have DCd

Alex Siegman

looks like erik froze for me too

Alex Siegman

did a bomb hit LA? office internet out?

oscarsullivan_old

Alex Siegman

I’m at this same spot on this question. I want to go with k8s, but i need to really evaluate whether that makes the most sense

Alex Siegman

Yeah I live in a cloudformation world, so slow, so limited

Erik Osterman
jpignata/fargate

CLI for AWS Fargate. Contribute to jpignata/fargate development by creating an account on GitHub.

Alex Siegman

@oscarsullivan_old kubernetes up and running is a great book and does an amazing job at teaching you the primitives in k8s, starting with pods and going all the way through deployments, statefulsets, etc. it’s aging, but the primitives still line up

Alex Siegman

I’ve used both, Kubernetes the hard way didn’t help me that much. It would probably help more if you were planning to build your own cluster from scratch versus something like GKE or EKS. It did help teach me the various parts of kubernetes that are under the hood, but for running an app, not so much

Mo
07:25:47 PM

@Mo has joined the channel

Alex Siegman

@Erik Osterman what’s your thoughts on building your own K8S cluster with something like kops or kubeadm or whatever versus using EKS?

Alex Siegman

I know Kubernetes fairly well from a lab standpoint, I want to get it implemented at my new job here though

Alex Siegman

@Erik Osterman yeah good distinction, thanks for reminding me of that

Alex Siegman

I really want to just use EKS, but I don’t know enough to know where that will bite me, or if it will.

Alex Siegman

Will kubeaws generate cloudformation that I can keep committed in my own git repo, so that I can “gitops” all day long?

Erik Osterman
awslabs/aws-service-operator

AWS Service Operator allows you to create AWS resources using kubectl. - awslabs/aws-service-operator

Alex Siegman

@oscarsullivan_old no you still need to provision non-kubernetes resources outside of k8s

Alex Siegman

This looks like a way to let K8S do cloudformation on your behalf, I’d bet as part of a yaml configuration or something, like you would for a pod or replicaset or deployment

Alex Siegman

More office hours tomorrow?

Alex Siegman

Thanks @Erik Osterman

Erik Osterman

Erik Osterman

we offer private consultative office hours for those who might be interested

Alex Siegman

It’s a good thing to have in the back of the pocket. I’d want to have a more defined problem to solve for such a service. I’m really enjoying having found this “SweetOps” community though, and if you guys get more clients out of it, all the better

Erik Osterman

What we realize is that sometimes a company might not even know what problems they might need to be solving. Our job as architects is to shape that process and help you start discussing it. Keep in mind, most companies re-platform at most every 3-5 years. We re-platform 12x a year or more, which offers tremendous accelerated learning. As a outside 3rd party we can help propose things from a different/fresh perspective.

oscarsullivan_old

@Alex Siegman Likewise thought the same: “I need a problem to solve before asking for help”… and yet I easily have 10 questions a day, 9 of which I can answer myself.. but what if I had someone else to: 1) bounce more advanced ideas with 2) give their 2 cents on my future plans 3) suggest something entirely new that I never thought of

That’s why we just signed up starting next week

2
Alex Siegman

We’re actually having a lot of trouble hiring to build out our devops/central services/whatever team, having a place I could hire might come in handy here soon

Erik Osterman

Yep! Launch a jobs site is on our roadmap

oscarsullivan_old

o wait pre order

Erik Osterman

it’s been preorder for ever

oscarsullivan_old

oh hahaha

oscarsullivan_old

says sep 2019

oscarsullivan_old

ok so I’ll go for first edition

Erik Osterman
08:02:20 PM

@Erik Osterman set the channel topic: This is our public “Office Hours” held every Wednesday at 11:30 PST via Zoom (https://zoom.us/j/684901853). It’s open to everyone. It’s a place to ask questions related to our projects or ask general questions related to DevOps & Cloud.

Alex Siegman

If you’re not dead set on a paper copy, there’s a github repo with it out there… loads right up on a kindle

Alex Siegman

i read it in like 3 days on my train ride to/from work

    keyboard_arrow_up