#office-hours (2020-03)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-03-04
@here public #office-hours starting now! join us to talk shop https://zoom.us/j/508587304
I’m at a company that is pulling back on open-source initiatives so I would like to join a team that’s more forward thinking. If anyone has suggestions, feel free to DM me. I’m coming out of an established log aggregation vendor, so I could be immediately useful to observability vendors.
Thanks for suggesting: fairwinds kubecost basecamp
If anyone is in Boston, check out http://observe2020.io on April 7th.
Using tfsec with GitHub Actions. Contribute to katapultmedia/training-tfsec development by creating an account on GitHub.
New Zoom Recording from our Office Hours session on 2020-03-04 is now available.
2020-03-05
hey @Erik Osterman (Cloud Posse) you happen to know which office hours you talked about EFK stack before yesterday? I am having trouble finding it
that was last year, but it’s come up this year too
I am at the mercy of wistia’s machine translation which isn’t very good for tech speak
So searching for it is harder than expected.
site:[cloudposse.com](http://cloudposse.com) elastic search
on google
thanks @Erik Osterman (Cloud Posse)
2020-03-09
Hey @Erik Osterman (Cloud Posse) Could you share your URL from last weeks office office, I believe it was the 12-factor you had worked on.
aha, yes! here it is: https://cloudposse.com/change-management/
that was the one from last weeks call.
Here is the one from before that https://cloudposse.com/12-factor-app/
Yes! That’s it.
Thank you @Erik Osterman (Cloud Posse)
5pm is open
2020-03-11
If you use Kubernetes as your application platform, one of the fundamental questions is: how many clusters should you have? One big cluster or multiple smaller clusters? This article investigates the pros and cons of different approaches.
Quarkus: Supersonic Subatomic Java
I think this is the one I read…
https://medium.com/omio-engineering/cpu-limits-and-aggressive-throttling-in-kubernetes-c5b20bd8a718
A deep dive into Kubernetes CPU throttling and its impact on service performance and reliability.
New Zoom Recording from our Office Hours session on 2020-03-11 is now available.
Google’s internal process for open sourcing
Thanks!
2020-03-13
DevSecOps ChatOps process idea: Create an app or SlackBot response called Andon, that alerts a channel of an Andon cord pull
/andon pull
@channel
@BobbyTables has pulled the Andon Cord for this project. Please immediately stop what you are doing and join this Zoom session: zoom.us/12345678910
Ref:
• https://itrevolution.com/kata/
• https://www.plutora.com/blog/andon-cord
• DevOps Handbook Section I.3 (The Three Ways - The Second Way)
• DevOps Handbook Appendix 6
2020-03-18
@Erik Osterman (Cloud Posse) topic suggestion for today’s office hours: wfh tips from those that have a lot of remote experience
Thanks @btai!
I will be here today.
I would like to know about monitoring strats my current plane is:
• 1x prom-operator per cluster/stage
• 1 long term storage with thanos that get’s data via federation. Has someone implemented something like this also considering the fact that dev and staging stages do not need to be retained for a long time while production should be stored forever
Thanos and VictoriaMetrics provide long-term storage and global query view for Prometheus. The article compares these solutions
27 Likes, 11 Comments - Dale-Kurt | DevOps Engineer (@dalekurt) on Instagram: “Yesterday, I shared some of my working from home tips on Instagram Stories. A few persons asked for…” |
Hi everyone, I know a bunch of people are now working from home that haven’t before so I thought I’d start collating some resources for everyone so we can all share good tips and tricks without digging through tons of transient twitter posts. I’ve marked this post a wiki so feel free to edit, also feel free to just reply with your own tips. General Tips Dustin Kirkland’s setup after 20+ years of remote work @thockin’s long thread with tons of info randomfrankp’s room tours - this youtuber…
Duet for iOS/iPad OS (second screen for Macs)
DixiApp - The #1 daily scrum bot for Slack & the best way to conduct asynchronous daily standup meetings. _Hot Features_ *that make DixiApp the best asynchronous daily stand up meeting
MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.
is that an alternative to Rook?
MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.
or different?
MinIO is a high performance object storage server compatible with Amazon S3 APIs - minio/minio
Leading Open Source Container Attached Storage, built using Cloud Native Architecture, simplifies running Stateful Applications on Kubernetes. - openebs/openebs
KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds
also: https://github.com/paunin/PostDock i looked at this a while ago, no firsth and experience
PostDock - Postgres & Docker - Postgres streaming replication cluster for any docker environment - paunin/PostDock
Can anyone post the links to the furniture they’re using for the home office? I just transitioned to WFH and I’m looking to get a sit/stand desk.
you are in luck
26 Likes, 2 Comments - Dale-Kurt | DevOps Engineer (@dalekurt) on Instagram: “Everyone has been asked to work from home indefinitely. My work from home setup has been carefully…” |
I have what I use listed, top 5 items
thank you @dalekurt for posting
Sit/Stand Desk - Fully Jarvis https://www.fully.com/standing-desks/jarvis.html
The Jarvis adjustable-height standing desk by Fully is the most configurable desk. Experience the quality of our stand-up desks - see the full collection.
Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.
Aerons are overhyped, imo, and for everyone I know, they cut into your thigh where the seat fabric meets the front edge of the seat pan.
Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.
my chair - Steelcase Leap, with arms removed. https://www.steelcase.com/products/office-chairs/leap/
Offering unmatched support for various body shapes & sizes, the adjustable Steelcase Leap office chair was designed with comfort & movement in mind.
I also have a steelcase, highly highly recommend it
I have heard good things about the Steelcase.
New Zoom Recording from our Office Hours session on 2020-03-18 is now available.
Someone had shared this link earlier in office-hours https://www.youtube.com/watch?v=3sK3wJAxGfs and for some reason I don’t see it anymore in this channel. Anyways, just wanted to say “thanks!” loved it! …hadn’t seen it before.
Ah! It was in the zoom chat. Thanks @Mike Martin
2020-03-19
My desk: https://www.autonomous.ai/standing-desks/smartdesk-2-business with custom table
Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.
These have been gaining in popularity lately.
Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.
They are pretty good in my experience
2020-03-23
2020-03-25
Hi all, I can also ask this during the office hours tomorrow but wanted to see if you any of you have input.
I’m working through disaster recovery with terraform, primarily for the terraform remote state management of multiple regions. i wanted to have a duplicate set of resources created in a separate region (e.g. us-east-1 for primary, us-west-2 for failover). initially i thought it’d be best to have remote state separated in each region, such that a bucket in us-east-1 handled all of the us-east-1 resources and a bucket in us-west-2 handled all of the us-west-2 resources. however, i imagine this becomes an issue if the region is actually down, and the failover reads from terraform_remote_state
of the primary. would it be better to have a primary remote state that manages resources in multiple regions, but is also cross-region replicated? that way if the region goes down, we can update our terraform configurations to read from the failover remote state bucket and pick up exactly where we left off
@jeffrey will you be able to join us today?
absolutely - i’ll be there!
@jeffrey has joined the channel
I’m tasked as objective this year to improve consistency in our terraform releases. I’ve done lots of various research and testing and am currently looking the following main approaches I’ve evaluating. I think it would be useful to dialogue on this with ya’ll and save myself some repeat work. I’m going to do more detail in a thread. Please comment in there
- Terraform Cloud
- Jenkins
- Azure DevOps Pipelines
- Others (harder to sell) could be Gitlab/CodeFresh or another if I got buy in.
this might be another good talking point from @sheldonh
Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?
Ive solved this with Gitlab before..might can help out here.
Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?
@Ben If im reading your question right you are asking how to make keys available from the get go. Id look into Gitlab and using project env vars. Look at the README and how im setting the env vars in the project env vars in this project for building a VPC…The keys are stored in the project and NOT in the repo…but gitlab can use them in the build to do whatever you need. I gotta dip out for a mtg but ping me if you need more help or explanation with this… https://gitlab.com/setheryops/terraform-vpc
A Terraform stack that builds a VPC in AWS to be used as your base for other projects. The intention is to be run using Gitlab.
Hey @setheryops, appreciate the insight! I guess then you make use of masked variables along with the project member permissions to give people access to the repo (guest/reporter/developer) but not access to the variables (only maintainer/owner)?
My only concern with this approach is there appears to be no audit trail to changes that are made to these variables, whereas storing them in the repo would allow this. But I guess it’s worth it for the tightened security. I’m also not yet sure how dynamic these bootstrapping secrets will even need to be really, so perhaps this is a non-issue.
Yea…if you need to audit who updates and or changes the secrets this would not be the way to do it. If you wanted more security then yes. You can also do this scenario with CircleCI. The plus side of using them is that once you set the secret like an AWS_KEY or something, you cant reveal it like you can in Gitlab. The only way to know what it is is to update it. Also another way to store keys is in OnePassword. They have a CLI tool that can reach into your vault and use whatever key you need to get to that way. We’ve used that for applications that needed keys that way. Happy to help if you have any more questions. Feel free to DM me.
OK, thanks for your thoughts on this !!
from @Ben is a good topic
@Ben has joined the channel
Hey,
can I somehow see which instances are out of stock for a specific aws region? we have been unable to launch c5.xlarge in eu-central-1a a couple of times this week and I am trying to find a source that will tell me when something is unavailable
Kubernetes 1.18 is about to be released! And it comes strong and packed with 39 new or improved features. Where do we begin?
Demonstrates how to obtain Let’s Encrypt TLS certificates for Kubernetes Ingress automatically using Cert-Manager.
Customizable Lambda functions to proactively notify you when you are about to hit an AWS service limit. Requires Enterprise or Business level support to access Support API. - awslabs/aws-limit-monitor
We are pleased to announce the alpha release of HashiCorp Terraform Operator for Kubernetes. The new Operator lets you define and create infrastructure as code natively in Kubernetes by making calls to Terraform Cloud.
HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….
What email do you want us to use for you? “NOMINATED AMBASSADOR’S EMAIL”
HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….
Thanks @Mike Martin!
A Kubernetes controller and tool for one-way encrypted Secrets - bitnami-labs/sealed-secrets
http://spacelift.io/ (reach out to @marcinw for a demo)
https://scalr.com (reach out to @Sebastian Stadil for a demo)
Empower IT teams with autonomy and operational flexibility while maintaining corporate governance with the Scalr Cloud Management Platform.
New Zoom Recording from our Office Hours session on 2020-03-25 is now available.
2020-03-26
@Erik Osterman (Cloud Posse), which email address (and twitter, linkedIn profiles) would you like us to use when we submit the Hashicorp Ambassador nomination form: https://www.hashicorp.com/ambassador-nominations/ ?
HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.
thanks @Blaise Pabon! I just sent you a PM with that information
HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.
send to me as well please good sir
same here
2020-03-27
Adding @discourse_forum bot
@discourse_forum has joined the channel
2020-03-28
Finally got my Raspberry Pi k8s cluster going. Ended up using k3sup. Turned out to be really simple.
Now I just need to figure out what to put on it… I was going to run Folding@Home but it doesn’t support RPi CPU arch
You could do an ethereum node or ipfs. Something like that?
What is the hardware you’re using besides rpi? That looks like a pretty sweet chasis