#office-hours (2019-10)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2019-10-02

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304

2
1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

cool-doge2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…

1
Matthew Cascio avatar
Matthew Cascio
mumoshu - Overview

AWS Container Hero / Maintains kube-aws, eksctl, helmfile, helm-diff, brigade, awsbeats / Wanna be a paid OSS dev someday - mumoshu

4
Matthew Cascio avatar
Matthew Cascio

His Variant project looks very cool

mumoshu - Overview

AWS Container Hero / Maintains kube-aws, eksctl, helmfile, helm-diff, brigade, awsbeats / Wanna be a paid OSS dev someday - mumoshu

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mumoshu/aws-secret-operator

A Kubernetes operator that automatically creates and updates Kubernetes secrets according to what are stored in AWS Secrets Manager. - mumoshu/aws-secret-operator

Matthew Cascio avatar
Matthew Cascio
segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mittwald/kubernetes-replicator

Kubernetes controller for synchronizing secrets & config maps across namespaces - mittwald/kubernetes-replicator

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cmattoon/aws-ssm

Populates Kubernetes Secrets from AWS Parameter Store - cmattoon/aws-ssm

rms1000watt avatar
rms1000watt
Maesh - Simpler Service Mesh

Maesh is a straight-forward, easy to configure, and extremely non-invasive service mesh that allows visibility and management of the traffic flows inside any Kubernetes cluster.

dalekurt avatar
dalekurt
s12v/exec-with-secrets

Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault - s12v/exec-with-secrets

1
Matthew Cascio avatar
Matthew Cascio

Do you know if this is a good PID 1? (killing things that need killed, etc.) Could always start with something like https://github.com/Yelp/dumb-init

Yelp/dumb-init

A minimal init system for Linux containers. Contribute to Yelp/dumb-init development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Gardenattachment image

it’s time for a new generation of development tools

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Using Helm with Tilt

Local Kubernetes development with no stress

rms1000watt avatar
rms1000watt
calm/helm-hacker

A script to Hack the Helm state (configmaps). Contribute to calm/helm-hacker development by creating an account on GitHub.

3
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
ContainerSolutions/externalsecret-operator

An operator to fetch secrets from cloud services and inject them in Kubernetes - ContainerSolutions/externalsecret-operator

2019-10-03

mfrohberg avatar
mfrohberg
cloudposse/example-app

Example application for CI/CD demonstrations of Codefresh - cloudposse/example-app

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s not really needed. It is so you can define the business logic of how into deploy the application.

cloudposse/example-app

Example application for CI/CD demonstrations of Codefresh - cloudposse/example-app

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

For example how to do blue green

Sharanya avatar
Sharanya

Create Jenkinsfile to deploy UI code to S3 bucket.

1

2019-10-07

oscar avatar

What’s that website that was shared before where you can see what other companies are paying for a SaaS?

oscar avatar

We’re looking at terraform cloud

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Capiche - Glassdoor for SaaS pricing | Product Huntattachment image

SaaS pricing is opaque and complex, increasingly hidden behind enterprise pricing and sales calls. It’s impossible to know what software really costs. We’re building a price transparency community to level the playing field.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Capiche

You’re paying too much for business software. Let’s fix it together.

Alex Siegman avatar
Alex Siegman

Right now it’s mostly just a newsletter it seems like, and to join (at least when I did a month or two ago) you have to give them a certain number of pricing stories, but I’m interested to see where this goes.

Capiche

You’re paying too much for business software. Let’s fix it together.

oscar avatar

Thanks - a shame it isn’t widely adopted though

2019-10-09

Matthew Cascio avatar
Matthew Cascio

Will there be a an office hours meeting today?

oscar avatar
oscar
06:35:28 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sorry guys! Had to go to emergency hospital to pick up doggie and totally spaced

Matthew Cascio avatar
Matthew Cascio

No problem at all. Is your dog doing better?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes.. thanks! but it will be a few weeks. He had big surgery

doge2
Robert avatar

Hope he get’s better soon.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks @Robert!

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Will be back next week, same time and place

2019-10-10

2019-10-15

dalekurt avatar
dalekurt

I have a question for tomorrow’s Office Hours. How to maintain a single source of truth and updating a secrets manager (AWS SM or HashiCorp Vault) while having some audit and using a CI?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Good question!

2019-10-16

dalekurt avatar
dalekurt

Office hours today?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@oscar bump

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://zoom.us/j/508587304

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
ContainerSolutions/externalsecret-operator

An operator to fetch secrets from cloud services and inject them in Kubernetes - ContainerSolutions/externalsecret-operator

dalekurt avatar
dalekurt
mlabouardy/komiser

Cloud Environment Inspector - mlabouardy/komiser

Alex Siegman avatar
Alex Siegman

a nodes group per az, equivalent to an eks worker pull i believe

Validating cluster us-east-1.staging.spoton.sh

INSTANCE GROUPS
NAME			ROLE	MACHINETYPE	MIN	MAX	SUBNETS
bastions		Bastion	t3.small	1	1	utility-us-east-1c,utility-us-east-1d,utility-us-east-1a
master-us-east-1a	Master	t3.medium	1	1	us-east-1a
master-us-east-1c	Master	t3.medium	1	1	us-east-1c
master-us-east-1d	Master	t3.medium	1	1	us-east-1d
nodes-us-east-1a	Node	t3.medium	1	3	us-east-1a
nodes-us-east-1c	Node	t3.medium	1	3	us-east-1c
nodes-us-east-1d	Node	t3.medium	1	3	us-east-1d
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kubernetes/autoscaler

Autoscaling components for Kubernetes. Contribute to kubernetes/autoscaler development by creating an account on GitHub.

dalekurt avatar
dalekurt
GoogleCloudPlatform/terraformer

CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GoogleCloudPlatform/terraformer

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome turn out! thanks everyone for joining and sharing what your working on. hope we answered your questions

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

make sure to check out the links that were shared

2019-10-23

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I have one thing I’d like to review today with those on the call.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We are working on releasing our official “code of conduct” for SweetOps

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Would love your feedback.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Code of Conduct - SweetOps

This code of conduct governs the SweetOps Slack Community and related Open Source Projects. SweetOps is operated by Cloud Posse, a DevOps …

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://zoom.us/j/508587304

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

/conf/$region/$project

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

/conf/$cloud/$region/$project

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

/conf/$project, and then in project, you define each environment.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

environment ~ workspace

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

workspace ~ account

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
direnv – unclutter your .profile

unclutter your .profile

dalekurt avatar
dalekurt
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

roth.andy avatar
roth.andy

terraform cli_arg_init var?

roth.andy avatar
roth.andy

terraform init --from-module

dalekurt avatar
dalekurt
Sourcegraph - Code search and intelligence

Sourcegraph is a free, self-hosted code search and intelligence server that helps developers find, review, understand, and debug code. Use it with any Git code host for teams from 1 to 10,000+.

tamsky avatar
99designs/aws-vault

A vault for securely storing and accessing AWS credentials in development environments - 99designs/aws-vault

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Julio Tain Sueiras avatar
Julio Tain Sueiras

LSIF example

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
roth.andy avatar
roth.andy


Do not ask questions in #announcements. Search channel instead or suggest one, if you can’t find one.

You should be able to limit people’s ability to post in general, That’s better than trying to enforce a rule

roth.andy avatar
roth.andy

Usually when I see that as the situation what people have done is completely disable/delete general, create an #announcements channel, and go from there

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, not a bad suggestion. I do like that people can welcome each other in #announcements though

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

questions asked in zoom

roth.andy avatar
roth.andy

As a general rule of thumb, If I am able to automatically enforce something, I’ll always try to do that rather than try to make sure people are following a rule. A perfect example is - don’t use a coding style document, use Prettier

1
roth.andy avatar
roth.andy

Don’t use a terraform style document, use terraform fmt in your CI

1
roth.andy avatar
roth.andy

and reject if it changes files

tamsky avatar


and reject if it changes files
I’d offer that it’s even more blissful to have the CI update and commit fmt changes for you if you forget.

tamsky avatar

I wish that was done more.

roth.andy avatar
roth.andy

I’m not a big fan of CI making commits to my code. There are minor exceptions like Weave Flux updating versions, but other than that I want commits to my codebase to be coming from developers.

roth.andy avatar
roth.andy

Pre-commit hooks take care of automating it from the developer’s standpoint

roth.andy avatar
roth.andy
antonbabenko/pre-commit-terraform

pre-commit git hooks to take care of Terraform configurations - antonbabenko/pre-commit-terraform

tamsky avatar

I’d suggest that’s still playing favorites to a tool git – those hooks won’t get run if you create a commit using any other tool

Blaise Pabon avatar
Blaise Pabon

there are other tools ?

tamsky avatar
  1. open a commit + pr from the github web ui
  2. use another compatible tool, like hg/mercurial
tamsky avatar

plus commit hooks fall afoul of the local-workstation-configuration problem

now you need tooling to maintain versions of tools used by your hooks

1
Blaise Pabon avatar
Blaise Pabon

Awesome session, thank you sifu @Erik Osterman (Cloud Posse)!!

4
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thank you @Blaise Pabon!

dalekurt avatar
dalekurt

I did not get too far into the weeds with my project. I’m happy I asked about this. I’m going to start using geodesic

1
dalekurt avatar
dalekurt

@Erik Osterman (Cloud Posse) I took a closer look at how you are using geodesic and what you had explained during office hours, I can’t wait to get home and start testing this.

dalekurt avatar
dalekurt

I think piecing it together as you did today helped a great deal.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@dalekurt that’s great news! let me know how it goes….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I was just having some fun with using a Makefile for pulling remote modules

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

here’s a demo:

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Demonstration of Using Make with Terraform Root Modules

Recovered Recording at Wed Oct 23 2019 1524 GMT-0700 (Pacific Daylight Time)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Here’s the video from today’s “office hours” (from when we hit “record”)

1

2019-10-24

dalekurt avatar
dalekurt

@Erik Osterman (Cloud Posse) Could you re-iterate the strategy and pros for deploying a kubernetes node pool within a single AZ opposed to deploying across multiple AZs?

roth.andy avatar
roth.andy

Cluster Autoscaler needs separate node pools for each AZ

1
roth.andy avatar
roth.andy
Cluster Autoscaler - Amazon EKS

The Kubernetes Cluster Autoscaler automatically adjusts the number of nodes in your cluster when pods fail to launch due to lack of resources or when nodes in the cluster are underutilized and their pods can be rescheduled onto other nodes in the cluster.

roth.andy avatar
roth.andy

AWS calls them Node Groups

dalekurt avatar
dalekurt

Thank you @roth.andy that’s what I was looking for, supporting documentation.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep, I second this.

2019-10-25

2019-10-29

roth.andy avatar
roth.andy

Little show-and-tell I can do tomorrow at office hours if people are interested. We’re using the tool pre-commit heavily in most of our projects. This is an example from the state backend project I set up for one of our stacks.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s great! I’d like to see it.

2

2019-10-30

dalekurt avatar
dalekurt

@roth.andy I’m looking forward to that, I was reading about it earlier this morning on a reddit post - https://github.com/antonbabenko/pre-commit-terraform/blob/master/README.md

antonbabenko/pre-commit-terraform

pre-commit git hooks to take care of Terraform configurations - antonbabenko/pre-commit-terraform

roth.andy avatar
roth.andy

my boss just pushed back a meeting that now conflicts with the first half of office hours, so i might miss the first half. We’ll see how long the other meeting lasts

antonbabenko/pre-commit-terraform

pre-commit git hooks to take care of Terraform configurations - antonbabenko/pre-commit-terraform

dalekurt avatar
dalekurt

Hope you make it, would love to see what you have done.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoomhttps://zoom.us/j/508587304

roth.andy avatar
roth.andy

I’m stuck in a meeting still, might have to miss this one. we’ll see.

Alex Siegman avatar
Alex Siegman

Was lookin’ forward to your show-and-tell!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
AWS Extend Switch Roles

Extend your AWS IAM switching roles. You can set the configuration like aws config format

dalekurt avatar
dalekurt
Securing Environment Variables with 1Password

When I received my new laptop at Hashicorp, I began personalising it as we all do. I used dotfiles to configure iTerm, and quickly pulled down Brew to get (almost) everything I needed installed.

Julio Tain Sueiras avatar
Julio Tain Sueiras

this ?

Julio Tain Sueiras avatar
Julio Tain Sueiras
28mm/blast-radius

Interactive visualizations of Terraform dependency graphs using d3.js - 28mm/blast-radius

1
mmarseglia avatar
mmarseglia

thank you

dalekurt avatar
dalekurt
liamg/tfsec

Static analysis powered security scanner for your terraform code - liamg/tfsec

dalekurt avatar
dalekurt
eerkunt/terraform-compliance

a lightweight, security focused, BDD test framework against terraform. - eerkunt/terraform-compliance

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
forward3d/garrison

Security, Compliance and Informational Dashboard System - forward3d/garrison

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
The Modern Approach to Data Security & Compliance | Very Good Securityattachment image

Very Good Security (VGS) lets you operate on sensitive data without the cost or liability of securing the data. VGS also helps you achieve PCI, SOC2, and other compliance certifications. VGS is a sensitive data custodian that provides turnkey security with no changes to existing products or systems. We accelerate your time to market and simplify the use of sensitive data while eliminating the risk of breaches. After all, hackers cannot steal what isn’t there.

dalekurt avatar
dalekurt
Azure DevOps Hands-On Labsattachment image

Learn how you can implement modern DevOps practices with Azure, Azure DevOps Services and Team Foundation Server.

dalekurt avatar
dalekurt
Nexus Repository | Software Component Management

Know what’s inside your software. Nexus Repository - The world’s best way to organize, store, and distribute software components.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
goharbor/harbor

An open source trusted cloud native registry project that stores, signs, and scans content. - goharbor/harbor

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Blocking old cert-manager versions

We’ve been working with Jetstack, the authors of cert-manager, on a series of fixes to the client. Cert-manager sometimes falls into a traffic pattern where it sends excessive traffic to Let’s Encrypt’s servers, continuously. To mitigate this, we plan to start blocking all traffic from cert-manager versions less than 0.8.0 (the current semver minor release), as of November 1. We’ll be sending out notifications to cert-manager clients that meet those criteria over the next two months. Version 0…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Pod level access to DynamoDB using IAM on Amazon EKS

Amazon EKS now allows you to assign IAM permissions to Kubernetes service accounts, which in-turns makes it possible to give pod level…

2
davidvasandani avatar
davidvasandani

@kareem.shahin

kareem.shahin avatar
kareem.shahin
08:08:45 PM

@kareem.shahin has joined the channel

roth.andy avatar
roth.andy

Sorry I missed office hours! If people still want to see the pre-commit stuff I can definitely show it at the next one

1
    keyboard_arrow_up