#office-hours (2020-03)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-03-04
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/6540d57ecbbbebc740a33d507aa085ad.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0004-72.png)
I’m at a company that is pulling back on open-source initiatives so I would like to join a team that’s more forward thinking. If anyone has suggestions, feel free to DM me. I’m coming out of an established log aggregation vendor, so I could be immediately useful to observability vendors.
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/6540d57ecbbbebc740a33d507aa085ad.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0004-72.png)
Thanks for suggesting: fairwinds kubecost basecamp
![Adam Blackwell avatar](https://avatars.slack-edge.com/2022-12-15/4527352804052_97936f81bdd1cc839a4b_72.jpg)
If anyone is in Boston, check out http://observe2020.io on April 7th.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![johncblandii avatar](https://avatars.slack-edge.com/2020-04-14/1062347993890_6fd142c15ffef426eeba_72.png)
Using tfsec with GitHub Actions. Contribute to katapultmedia/training-tfsec development by creating an account on GitHub.
![cool-doge](/assets/images/custom_emojis/cool-doge.gif)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-03-04 is now available.
2020-03-05
![casey avatar](https://secure.gravatar.com/avatar/da69ad958719719e3fe921887eb73b1f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
hey @Erik Osterman (Cloud Posse) you happen to know which office hours you talked about EFK stack before yesterday? I am having trouble finding it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
that was last year, but it’s come up this year too
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I am at the mercy of wistia’s machine translation which isn’t very good for tech speak
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
So searching for it is harder than expected.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
site:[cloudposse.com](http://cloudposse.com) elastic search
on google
![casey avatar](https://secure.gravatar.com/avatar/da69ad958719719e3fe921887eb73b1f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0009-72.png)
thanks @Erik Osterman (Cloud Posse)
2020-03-09
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
Hey @Erik Osterman (Cloud Posse) Could you share your URL from last weeks office office, I believe it was the 12-factor you had worked on.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
aha, yes! here it is: https://cloudposse.com/change-management/
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
that was the one from last weeks call.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Here is the one from before that https://cloudposse.com/12-factor-app/
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
Yes! That’s it.
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
Thank you @Erik Osterman (Cloud Posse)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
5pm is open
2020-03-11
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
If you use Kubernetes as your application platform, one of the fundamental questions is: how many clusters should you have? One big cluster or multiple smaller clusters? This article investigates the pros and cons of different approaches.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Quarkus: Supersonic Subatomic Java
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
I think this is the one I read…
https://medium.com/omio-engineering/cpu-limits-and-aggressive-throttling-in-kubernetes-c5b20bd8a718
![attachment image](https://miro.medium.com/max/1160/0*x6PwFrud98K_8zHN.png)
A deep dive into Kubernetes CPU throttling and its impact on service performance and reliability.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-03-11 is now available.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Google’s internal process for open sourcing
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Thanks!
2020-03-13
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
DevSecOps ChatOps process idea: Create an app or SlackBot response called Andon, that alerts a channel of an Andon cord pull
/andon pull
@channel
@BobbyTables has pulled the Andon Cord for this project. Please immediately stop what you are doing and join this Zoom session: zoom.us/12345678910
Ref:
• https://itrevolution.com/kata/
• https://www.plutora.com/blog/andon-cord
• DevOps Handbook Section I.3 (The Three Ways - The Second Way)
• DevOps Handbook Appendix 6
2020-03-18
![btai avatar](https://avatars.slack-edge.com/2019-09-04/736463433650_34701761239ea7ba8207_72.jpg)
@Erik Osterman (Cloud Posse) topic suggestion for today’s office hours: wfh tips from those that have a lot of remote experience
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Thanks @btai!
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
I will be here today.
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
I would like to know about monitoring strats my current plane is:
• 1x prom-operator per cluster/stage
• 1 long term storage with thanos that get’s data via federation. Has someone implemented something like this also considering the fact that dev and staging stages do not need to be retained for a long time while production should be stored forever
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://miro.medium.com/max/1103/1*-pwnOd61Enu_lTMWvdqyHg.png)
Thanos and VictoriaMetrics provide long-term storage and global query view for Prometheus. The article compares these solutions
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
![attachment image](https://scontent-iad3-1.cdninstagram.com/v/t51.2885-15/e35/90089386_221330655735356_8198872456417370280_n.jpg?_nc_ht=scontent-iad3-1.cdninstagram.com&_nc_cat=108&_nc_ohc=p9EKBiu0TmgAX_G-HPC&oh=5d212a13bcc8b099b9fe0f882fecf5a8&oe=5EA546BB)
27 Likes, 11 Comments - Dale-Kurt | DevOps Engineer (@dalekurt) on Instagram: “Yesterday, I shared some of my working from home tips on Instagram Stories. A few persons asked for…” |
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
Hi everyone, I know a bunch of people are now working from home that haven’t before so I thought I’d start collating some resources for everyone so we can all share good tips and tricks without digging through tons of transient twitter posts. I’ve marked this post a wiki so feel free to edit, also feel free to just reply with your own tips. General Tips Dustin Kirkland’s setup after 20+ years of remote work @thockin’s long thread with tons of info randomfrankp’s room tours - this youtuber…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Duet for iOS/iPad OS (second screen for Macs)
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
DixiApp - The #1 daily scrum bot for Slack & the best way to conduct asynchronous daily standup meetings. _Hot Features_ *that make DixiApp the best asynchronous daily stand up meeting
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
![attachment image](https://min.io/resources/img/minio_share.png)
MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.
![androogle avatar](https://avatars.slack-edge.com/2020-03-11/997034054118_af230be762f8d396365e_72.jpg)
is that an alternative to Rook?
![attachment image](https://min.io/resources/img/minio_share.png)
MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.
![androogle avatar](https://avatars.slack-edge.com/2020-03-11/997034054118_af230be762f8d396365e_72.jpg)
or different?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
MinIO is a high performance object storage server compatible with Amazon S3 APIs - minio/minio
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Leading Open Source Container Attached Storage, built using Cloud Native Architecture, simplifies running Stateful Applications on Kubernetes. - openebs/openebs
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
also: https://github.com/paunin/PostDock i looked at this a while ago, no firsth and experience
PostDock - Postgres & Docker - Postgres streaming replication cluster for any docker environment - paunin/PostDock
![mmarseglia avatar](https://secure.gravatar.com/avatar/c8ab1832c60fbfb4ad8d53b64cbeabc9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Can anyone post the links to the furniture they’re using for the home office? I just transitioned to WFH and I’m looking to get a sit/stand desk.
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
you are in luck
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
![attachment image](https://scontent-iad3-1.cdninstagram.com/v/t51.2885-15/e35/p1080x1080/89860772_140894573967249_7646732435592446301_n.jpg?_nc_ht=scontent-iad3-1.cdninstagram.com&_nc_cat=109&_nc_ohc=_wk-BU361WIAX9YUDyn&oh=5ea9030d6ddbafa44650ea02a50dcb39&oe=5E9BC7AE)
26 Likes, 2 Comments - Dale-Kurt | DevOps Engineer (@dalekurt) on Instagram: “Everyone has been asked to work from home indefinitely. My work from home setup has been carefully…” |
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
I have what I use listed, top 5 items
![mmarseglia avatar](https://secure.gravatar.com/avatar/c8ab1832c60fbfb4ad8d53b64cbeabc9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thank you @dalekurt for posting
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
Sit/Stand Desk - Fully Jarvis https://www.fully.com/standing-desks/jarvis.html
The Jarvis adjustable-height standing desk by Fully is the most configurable desk. Experience the quality of our stand-up desks - see the full collection.
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.
![tamsky avatar](https://avatars.slack-edge.com/2019-10-31/817094217669_6e765cea39b456597957_72.jpg)
Aerons are overhyped, imo, and for everyone I know, they cut into your thigh where the seat fabric meets the front edge of the seat pan.
Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.
![tamsky avatar](https://avatars.slack-edge.com/2019-10-31/817094217669_6e765cea39b456597957_72.jpg)
my chair - Steelcase Leap, with arms removed. https://www.steelcase.com/products/office-chairs/leap/
Offering unmatched support for various body shapes & sizes, the adjustable Steelcase Leap office chair was designed with comfort & movement in mind.
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
I also have a steelcase, highly highly recommend it
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
I have heard good things about the Steelcase.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-03-18 is now available.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Someone had shared this link earlier in office-hours https://www.youtube.com/watch?v=3sK3wJAxGfs and for some reason I don’t see it anymore in this channel. Anyways, just wanted to say “thanks!” loved it! …hadn’t seen it before.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Ah! It was in the zoom chat. Thanks @Mike Martin
2020-03-19
![vFondevilla avatar](https://avatars.slack-edge.com/2020-07-20/1264409839361_95bd4eea5ea6f16d291a_72.jpg)
My desk: https://www.autonomous.ai/standing-desks/smartdesk-2-business with custom table
![attachment image](https://cdn.autonomous.ai/static/upload/images/product/smartdesk-2-business-1221-1535700879709.jpg)
Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
These have been gaining in popularity lately.
![attachment image](https://cdn.autonomous.ai/static/upload/images/product/smartdesk-2-business-1221-1535700879709.jpg)
Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.
![vFondevilla avatar](https://avatars.slack-edge.com/2020-07-20/1264409839361_95bd4eea5ea6f16d291a_72.jpg)
They are pretty good in my experience
2020-03-23
2020-03-25
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hi all, I can also ask this during the office hours tomorrow but wanted to see if you any of you have input.
I’m working through disaster recovery with terraform, primarily for the terraform remote state management of multiple regions. i wanted to have a duplicate set of resources created in a separate region (e.g. us-east-1 for primary, us-west-2 for failover). initially i thought it’d be best to have remote state separated in each region, such that a bucket in us-east-1 handled all of the us-east-1 resources and a bucket in us-west-2 handled all of the us-west-2 resources. however, i imagine this becomes an issue if the region is actually down, and the failover reads from terraform_remote_state
of the primary. would it be better to have a primary remote state that manages resources in multiple regions, but is also cross-region replicated? that way if the region goes down, we can update our terraform configurations to read from the failover remote state bucket and pick up exactly where we left off
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@jeffrey will you be able to join us today?
![jeffrey avatar](https://secure.gravatar.com/avatar/9dfc2e6af43853f32c870e03ec8948d4.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0019-72.png)
absolutely - i’ll be there!
![jeffrey avatar](https://secure.gravatar.com/avatar/9dfc2e6af43853f32c870e03ec8948d4.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0019-72.png)
@jeffrey has joined the channel
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’m tasked as objective this year to improve consistency in our terraform releases. I’ve done lots of various research and testing and am currently looking the following main approaches I’ve evaluating. I think it would be useful to dialogue on this with ya’ll and save myself some repeat work. I’m going to do more detail in a thread. Please comment in there
- Terraform Cloud
- Jenkins
- Azure DevOps Pipelines
- Others (harder to sell) could be Gitlab/CodeFresh or another if I got buy in.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
this might be another good talking point from @sheldonh
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?
![setheryops avatar](https://avatars.slack-edge.com/2020-03-24/1012344269937_600e8094ca1121ddff3a_72.jpg)
Ive solved this with Gitlab before..might can help out here.
Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?
![setheryops avatar](https://avatars.slack-edge.com/2020-03-24/1012344269937_600e8094ca1121ddff3a_72.jpg)
@Ben If im reading your question right you are asking how to make keys available from the get go. Id look into Gitlab and using project env vars. Look at the README and how im setting the env vars in the project env vars in this project for building a VPC…The keys are stored in the project and NOT in the repo…but gitlab can use them in the build to do whatever you need. I gotta dip out for a mtg but ping me if you need more help or explanation with this… https://gitlab.com/setheryops/terraform-vpc
A Terraform stack that builds a VPC in AWS to be used as your base for other projects. The intention is to be run using Gitlab.
![Ben avatar](https://avatars.slack-edge.com/2020-03-25/1012891003778_c26959b51e1421ea9837_72.jpg)
Hey @setheryops, appreciate the insight! I guess then you make use of masked variables along with the project member permissions to give people access to the repo (guest/reporter/developer) but not access to the variables (only maintainer/owner)?
My only concern with this approach is there appears to be no audit trail to changes that are made to these variables, whereas storing them in the repo would allow this. But I guess it’s worth it for the tightened security. I’m also not yet sure how dynamic these bootstrapping secrets will even need to be really, so perhaps this is a non-issue.
![setheryops avatar](https://avatars.slack-edge.com/2020-03-24/1012344269937_600e8094ca1121ddff3a_72.jpg)
Yea…if you need to audit who updates and or changes the secrets this would not be the way to do it. If you wanted more security then yes. You can also do this scenario with CircleCI. The plus side of using them is that once you set the secret like an AWS_KEY or something, you cant reveal it like you can in Gitlab. The only way to know what it is is to update it. Also another way to store keys is in OnePassword. They have a CLI tool that can reach into your vault and use whatever key you need to get to that way. We’ve used that for applications that needed keys that way. Happy to help if you have any more questions. Feel free to DM me.
![Ben avatar](https://avatars.slack-edge.com/2020-03-25/1012891003778_c26959b51e1421ea9837_72.jpg)
OK, thanks for your thoughts on this !!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
from @Ben is a good topic
![Ben avatar](https://avatars.slack-edge.com/2020-03-25/1012891003778_c26959b51e1421ea9837_72.jpg)
@Ben has joined the channel
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
Hey,
can I somehow see which instances are out of stock for a specific aws region? we have been unable to launch c5.xlarge in eu-central-1a a couple of times this week and I am trying to find a source that will tell me when something is unavailable
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://sysdig.com/wp-content/uploads/kubernetes-1.18-01.png)
Kubernetes 1.18 is about to be released! And it comes strong and packed with 39 new or improved features. Where do we begin?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Demonstrates how to obtain Let’s Encrypt TLS certificates for Kubernetes Ingress automatically using Cert-Manager.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Customizable Lambda functions to proactively notify you when you are about to hit an AWS service limit. Requires Enterprise or Business level support to access Support API. - awslabs/aws-limit-monitor
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://www.datocms-assets.com/2885/1542060063-terraformshare-imglogo-w-stack-graphic1200x630.png?fit=max&fm=jpg&w=1000)
We are pleased to announce the alpha release of HashiCorp Terraform Operator for Kubernetes. The new Operator lets you define and create infrastructure as code natively in Kubernetes by making calls to Terraform Cloud.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
What email do you want us to use for you? “NOMINATED AMBASSADOR’S EMAIL”
HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Thanks @Mike Martin!
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
A Kubernetes controller and tool for one-way encrypted Secrets - bitnami-labs/sealed-secrets
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
http://spacelift.io/ (reach out to @marcinw for a demo)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
https://scalr.com (reach out to @Sebastian Stadil for a demo)
Empower IT teams with autonomy and operational flexibility while maintaining corporate governance with the Scalr Cloud Management Platform.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-03-25 is now available.
2020-03-26
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
@Erik Osterman (Cloud Posse), which email address (and twitter, linkedIn profiles) would you like us to use when we submit the Hashicorp Ambassador nomination form: https://www.hashicorp.com/ambassador-nominations/ ?
HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
thanks @Blaise Pabon! I just sent you a PM with that information
HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
send to me as well please good sir
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
same here
2020-03-27
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Adding @discourse_forum bot
![discourse_forum avatar](https://avatars.slack-edge.com/2020-03-26/1029663249525_451a74d3463357c40dbf_72.png)
@discourse_forum has joined the channel
2020-03-28
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Finally got my Raspberry Pi k8s cluster going. Ended up using k3sup. Turned out to be really simple.
![bananadance](/assets/images/custom_emojis/bananadance.gif)
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Now I just need to figure out what to put on it… I was going to run Folding@Home but it doesn’t support RPi CPU arch
![androogle avatar](https://avatars.slack-edge.com/2020-03-11/997034054118_af230be762f8d396365e_72.jpg)
You could do an ethereum node or ipfs. Something like that?
![androogle avatar](https://avatars.slack-edge.com/2020-03-11/997034054118_af230be762f8d396365e_72.jpg)
What is the hardware you’re using besides rpi? That looks like a pretty sweet chasis
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)