#office-hours (2019-09)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2019-09-04
#office-hours starting now! ask questions, get answers. free for everyone. https://zoom.us/j/508587304
It is done @Erik Osterman (Cloud Posse)?
Mentioned in today’s #office-hours was “VPC peering between GCP and AWS.” I hadn’t heard of this before, and after looking around, I still don’t know if what was meant was actually VPC peering between AWS<>GCP or a VPN solution.
2019-09-10
@tamsky To clarify, we have VPC peering between the AWS accounts and AWS<~>GCP we are using VPN
2019-09-11
joining now!
sorry running late
#office-hours starting now! ask questions, get answers. free for everyone. https://zoom.us/j/508587304
just me today? i don’t have anything, was just going to listen in. no offices for me to be noisy in
ok!
yea, no one yet.
@russell.t.sherman saw you registered for office hours
we’re on now.
also helps if i unmute my headphones lol
I just got home
Gimmie a 5 mins
sure, i’ll just hang out
I do have something we could work through if i can steal an office
i need to debug why i’m getting a “too many redirects” on a new service, might be interesting for folks who want to see the workings of the CP stack
nothing sensitive that i’d be afraid to show
ok, sure thing
@Alex Siegman [forecastle.stakater.com/url](http://forecastle.stakater.com/url): 'https://{{- env "KEYCLOAK_INGRESS_HOSTS" -}}/auth/admin/'
Forecastle is a control panel which dynamically discovers and provides a launchpad to access applications deployed on Kubernetes – [✩Star] if you’re using it! - stakater/Forecastle
2019-09-18
@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304
Feature Request Terraform to conditionally load a .tfvars or .tf file, based on the current workspace. Use Case When working with infrastructure that has multiple environments (e.g. "staging&q…
what Allow operator to define a list of permitted users who can trigger atlantis commands why Currently, the only way to restrict access is by adding/revoking users from a repository altogether. We…
This tutorial will go through the basics of GitHub actions as well as deploying to Kubernetes using a pre-built Helm action
What was the issue with using kube2iam
?
Every node is responsible for negotiating with AWS apis to get sts tokens
If you restart all your pods or launch a lot of pods you will overload the kube2iam server and AWS apis
Rate limits are account wide
So you can basically DOS attack the AWS apis and they return the favor by blocking you
We have had this happen across multiple accounts and customers before switching to Kiam
Also the security model of kube2iam means the nodes them selves need an admin IAM role
With Kiam only the server needs it and that can be deployed to a dedicated node pool
Coincidentally, my team member just asked about using kube2iam and I recalled that from our office hours.
And it caches the credentials so it’s both much faster and doesn’t DoS AWS
Kiam bridges Kubernetes’ Pods with Amazon’s Identity and Access Management (IAM). It makes it easy to assign short-lived AWS security…
Read all about it here
Found this as well, which was interesting: https://www.bluematador.com/blog/iam-access-in-kubernetes-kube2iam-vs-kiaim
page not found
paywall?
@Erik Osterman (Cloud Posse) Can you share that link to the AWS Service Operator-like operator for Terraform?
Use K8s to Run Terraform. Contribute to rancher/terraform-controller development by creating an account on GitHub.
thanks
Use K8s to Run Terraform. Contribute to rancher/terraform-controller development by creating an account on GitHub.
that downside with these operators is surfacing errors
I can see that, another one would be, for example, provisioning an RDS DB takes 30+ minutes sometimes
Is the rest of your deployment going to sit there and wait? I guess it will have to
yea, for that reason we use containers for disposable staging environments
usually prebaked with datasets to speed up delivery
@dalekurt here is how we deploy kiam with cert-manager: https://github.com/cloudposse/helmfiles/tree/master/releases
Comprehensive Distribution of Helmfiles. Works with helmfile.d
- cloudposse/helmfiles
2019-09-25
🧭 A Kubernetes cluster resource sanitizer. Contribute to derailed/popeye development by creating an account on GitHub.
Kubernetes event reporter for Sentry. Contribute to getsentry/sentry-kubernetes development by creating an account on GitHub.
Kubernetes CLI To Manage Your Clusters In Style! - derailed/k9s
boilerplate template manager that generates files or directories from template repositories - tmrts/boilr
I seriously use k9s every freaking day. It is my favorite tool since brew
The maintainer is super active, nice, reliable, quick to respond, and brilliant
I’ve tried a bunch of times to get him to set up the donation stuff but he doesn’t seem interested in money. I want to buy the man like 10 beers
2019-09-26
@Jeremy G (Cloud Posse) @Andriy Knysh (Cloud Posse) @Igor Rodionov @Maxim Mironenko (Cloud Posse) maybe something nice to check out
@Jeremy G (Cloud Posse) has joined the channel
@Igor Rodionov has joined the channel
@Maxim Mironenko (Cloud Posse) has joined the channel