#office-hours (2020-03)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2020-03-04

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://zoom.us/j/508587304

Blaise Pabon avatar
Blaise Pabon

I’m at a company that is pulling back on open-source initiatives so I would like to join a team that’s more forward thinking. If anyone has suggestions, feel free to DM me. I’m coming out of an established log aggregation vendor, so I could be immediately useful to observability vendors.

Blaise Pabon avatar
Blaise Pabon

Thanks for suggesting: fairwinds kubecost basecamp

Adam Blackwell avatar
Adam Blackwell

If anyone is in Boston, check out http://observe2020.io on April 7th.

johncblandii avatar
johncblandii
katapultmedia/training-tfsec

Using tfsec with GitHub Actions. Contribute to katapultmedia/training-tfsec development by creating an account on GitHub.

cool-doge2
Zoom avatar
Zoom
10:50:52 PM

New Zoom Recording from our Office Hours session on 2020-03-04 is now available.

2020-03-05

casey avatar

hey @Erik Osterman (Cloud Posse) you happen to know which office hours you talked about EFK stack before yesterday? I am having trouble finding it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that was last year, but it’s come up this year too

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I am at the mercy of wistia’s machine translation which isn’t very good for tech speak

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

So searching for it is harder than expected.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

site:[cloudposse.com](http://cloudposse.com) elastic search on google

casey avatar

thanks @Erik Osterman (Cloud Posse)

2020-03-09

dalekurt avatar
dalekurt

Hey @Erik Osterman (Cloud Posse) Could you share your URL from last weeks office office, I believe it was the 12-factor you had worked on.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that was the one from last weeks call.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Here is the one from before that https://cloudposse.com/12-factor-app/

dalekurt avatar
dalekurt

Yes! That’s it.

dalekurt avatar
dalekurt

Thank you @Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

5pm is open

2020-03-11

roth.andy avatar
roth.andy
Architecting Kubernetes clusters — how many should you have?

If you use Kubernetes as your application platform, one of the fundamental questions is: how many clusters should you have? One big cluster or multiple smaller clusters? This article investigates the pros and cons of different approaches.

roth.andy avatar
roth.andy
Quarkus - Supersonic Subatomic Java

Quarkus: Supersonic Subatomic Java

roth.andy avatar
roth.andy
CPU limits and aggressive throttling in Kubernetesattachment image

A deep dive into Kubernetes CPU throttling and its impact on service performance and reliability.

1
Zachary Loeber avatar
Zachary Loeber

@roth.andy Dude you are such a well of information it inspires me

1
1
Zoom avatar
Zoom
10:45:18 PM

New Zoom Recording from our Office Hours session on 2020-03-11 is now available.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Google’s internal process for open sourcing

roth.andy avatar
roth.andy

Thanks!

2020-03-13

roth.andy avatar
roth.andy

DevSecOps ChatOps process idea: Create an app or SlackBot response called Andon, that alerts a channel of an Andon cord pull

/andon pull
@channel

@BobbyTables has pulled the Andon Cord for this project. Please immediately stop what you are doing and join this Zoom session: zoom.us/12345678910

Ref:

https://itrevolution.com/kata/

https://www.plutora.com/blog/andon-cord

• DevOps Handbook Section I.3 (The Three Ways - The Second Way)

• DevOps Handbook Appendix 6

2020-03-18

btai avatar

@Erik Osterman (Cloud Posse) topic suggestion for today’s office hours: wfh tips from those that have a lot of remote experience

4
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @btai!

Pierre Humberdroz avatar
Pierre Humberdroz

I will be here today.

Pierre Humberdroz avatar
Pierre Humberdroz

I would like to know about monitoring strats my current plane is:

• 1x prom-operator per cluster/stage

• 1 long term storage with thanos that get’s data via federation. Has someone implemented something like this also considering the fact that dev and staging stages do not need to be retained for a long time while production should be stored forever

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Comparing Thanos to VictoriaMetrics clusterattachment image

Thanos and VictoriaMetrics provide long-term storage and global query view for Prometheus. The article compares these solutions

dalekurt avatar
dalekurt
Dale-Kurt | DevOps Engineer on Instagram: “Yesterday, I shared some of my working from home tips on Instagram Stories. A few persons asked for me to share these tips as a post, so…”attachment image
27 Likes, 11 Comments - Dale-KurtDevOps Engineer (@dalekurt) on Instagram: “Yesterday, I shared some of my working from home tips on Instagram Stories. A few persons asked for…”
1
Pierre Humberdroz avatar
Pierre Humberdroz
Working from home tips and tricks

Hi everyone, I know a bunch of people are now working from home that haven’t before so I thought I’d start collating some resources for everyone so we can all share good tips and tricks without digging through tons of transient twitter posts. I’ve marked this post a wiki so feel free to edit, also feel free to just reply with your own tips. General Tips Dustin Kirkland’s setup after 20+ years of remote work @thockin’s long thread with tons of info randomfrankp’s room tours - this youtuber…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Duet for iOS/iPad OS (second screen for Macs)

Pierre Humberdroz avatar
Pierre Humberdroz
Dixi App

DixiApp - The #1 daily scrum bot for Slack & the best way to conduct asynchronous daily standup meetings. _Hot Features_ *that make DixiApp the best asynchronous daily stand up meeting

dalekurt avatar
dalekurt
MinIO | High Performance, Kubernetes-Friendly Object Storageattachment image

MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.

1
androogle avatar
androogle

is that an alternative to Rook?

MinIO | High Performance, Kubernetes-Friendly Object Storageattachment image

MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.

androogle avatar
androogle

or different?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
minio/minio

MinIO is a high performance object storage server compatible with Amazon S3 APIs - minio/minio

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
openebs/openebs

Leading Open Source Container Attached Storage, built using Cloud Native Architecture, simplifies running Stateful Applications on Kubernetes. - openebs/openebs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
KubeDB

KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds

Alex Siegman avatar
Alex Siegman

also: https://github.com/paunin/PostDock i looked at this a while ago, no firsth and experience

paunin/PostDock

PostDock - Postgres & Docker - Postgres streaming replication cluster for any docker environment - paunin/PostDock

mmarseglia avatar
mmarseglia

Can anyone post the links to the furniture they’re using for the home office? I just transitioned to WFH and I’m looking to get a sit/stand desk.

dalekurt avatar
dalekurt

you are in luck

dalekurt avatar
dalekurt
Dale-Kurt | DevOps Engineer on Instagram: “Everyone has been asked to work from home indefinitely. My work from home setup has been carefully curated for such a situation. Every…”attachment image
26 Likes, 2 Comments - Dale-KurtDevOps Engineer (@dalekurt) on Instagram: “Everyone has been asked to work from home indefinitely. My work from home setup has been carefully…”
dalekurt avatar
dalekurt

I have what I use listed, top 5 items

mmarseglia avatar
mmarseglia

thank you @dalekurt for posting

dalekurt avatar
dalekurt
Jarvis Standing Desks - The Best Stand Up Desks - Fully

The Jarvis adjustable-height standing desk by Fully is the most configurable desk. Experience the quality of our stand-up desks - see the full collection.

dalekurt avatar
dalekurt
Aeron Chairs - Herman Miller

Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.

tamsky avatar

Aerons are overhyped, imo, and for everyone I know, they cut into your thigh where the seat fabric meets the front edge of the seat pan.

Aeron Chairs - Herman Miller

Famous for supporting the widest range of the human form, the Aeron office chair has been remastered to better meet the needs of today’s work and workers.

tamsky avatar

my chair - Steelcase Leap, with arms removed. https://www.steelcase.com/products/office-chairs/leap/

Leap Office Chair & Workspace Seating - Steelcase

Offering unmatched support for various body shapes & sizes, the adjustable Steelcase Leap office chair was designed with comfort & movement in mind.

1
Zach avatar

I also have a steelcase, highly highly recommend it

dalekurt avatar
dalekurt

I have heard good things about the Steelcase.

Zoom avatar
Zoom
08:13:36 PM

New Zoom Recording from our Office Hours session on 2020-03-18 is now available.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Someone had shared this link earlier in office-hours https://www.youtube.com/watch?v=3sK3wJAxGfs and for some reason I don’t see it anymore in this channel. Anyways, just wanted to say “thanks!” loved it! …hadn’t seen it before.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ah! It was in the zoom chat. Thanks @Mike Martin

2020-03-19

vFondevilla avatar
vFondevilla
SmartDesk 2 - Most Affordable Business Office Standing Deskattachment image

Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.

dalekurt avatar
dalekurt

These have been gaining in popularity lately.

SmartDesk 2 - Most Affordable Business Office Standing Deskattachment image

Introduce high quality, yet affordable height adjustable standing desk - Autonomous SmartDesk 2, Business Edition. The autonomous desk features a heavy-duty industrial-grade steel motorized stand up frame backed by 7 year warranty.

vFondevilla avatar
vFondevilla

They are pretty good in my experience

2020-03-23

2020-03-25

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hi all, I can also ask this during the office hours tomorrow but wanted to see if you any of you have input.

I’m working through disaster recovery with terraform, primarily for the terraform remote state management of multiple regions. i wanted to have a duplicate set of resources created in a separate region (e.g. us-east-1 for primary, us-west-2 for failover). initially i thought it’d be best to have remote state separated in each region, such that a bucket in us-east-1 handled all of the us-east-1 resources and a bucket in us-west-2 handled all of the us-west-2 resources. however, i imagine this becomes an issue if the region is actually down, and the failover reads from terraform_remote_state of the primary. would it be better to have a primary remote state that manages resources in multiple regions, but is also cross-region replicated? that way if the region goes down, we can update our terraform configurations to read from the failover remote state bucket and pick up exactly where we left off

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@jeffrey will you be able to join us today?

jeffrey avatar
jeffrey

absolutely - i’ll be there!

jeffrey avatar
jeffrey
05:59:00 PM

@jeffrey has joined the channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’m tasked as objective this year to improve consistency in our terraform releases. I’ve done lots of various research and testing and am currently looking the following main approaches I’ve evaluating. I think it would be useful to dialogue on this with ya’ll and save myself some repeat work. I’m going to do more detail in a thread. Please comment in there

  1. Terraform Cloud
  2. Jenkins
  3. Azure DevOps Pipelines
  4. Others (harder to sell) could be Gitlab/CodeFresh or another if I got buy in.
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this might be another good talking point from @sheldonh

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?

setheryops avatar
setheryops

Ive solved this with Gitlab before..might can help out here.

Hey folks! I’m looking for some advice about how people are tackling the ‘chicken and egg’ problem with secret management. I had the idea to use terraform to provision Vault. But with this comes the question: from where do I get the secrets needed within the terraform scripts (of course, I’d love to use Vault for that!)? One solution I have heard is to place the tf scripts in a ‘super secret’ Git repository along with these secrets and restrict access to only a select few. While I guess this works, something about it feels dodgy. But I guess these init secrets have to be stored somewhere. How are others tackling this?

setheryops avatar
setheryops

@Ben If im reading your question right you are asking how to make keys available from the get go. Id look into Gitlab and using project env vars. Look at the README and how im setting the env vars in the project env vars in this project for building a VPC…The keys are stored in the project and NOT in the repo…but gitlab can use them in the build to do whatever you need. I gotta dip out for a mtg but ping me if you need more help or explanation with this… https://gitlab.com/setheryops/terraform-vpc

Seth Floyd / Terraform VPC

A Terraform stack that builds a VPC in AWS to be used as your base for other projects. The intention is to be run using Gitlab.

Ben avatar

Hey @setheryops, appreciate the insight! I guess then you make use of masked variables along with the project member permissions to give people access to the repo (guest/reporter/developer) but not access to the variables (only maintainer/owner)?

My only concern with this approach is there appears to be no audit trail to changes that are made to these variables, whereas storing them in the repo would allow this. But I guess it’s worth it for the tightened security. I’m also not yet sure how dynamic these bootstrapping secrets will even need to be really, so perhaps this is a non-issue.

setheryops avatar
setheryops

Yea…if you need to audit who updates and or changes the secrets this would not be the way to do it. If you wanted more security then yes. You can also do this scenario with CircleCI. The plus side of using them is that once you set the secret like an AWS_KEY or something, you cant reveal it like you can in Gitlab. The only way to know what it is is to update it. Also another way to store keys is in OnePassword. They have a CLI tool that can reach into your vault and use whatever key you need to get to that way. We’ve used that for applications that needed keys that way. Happy to help if you have any more questions. Feel free to DM me.

Ben avatar

OK, thanks for your thoughts on this !!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

from @Ben is a good topic

Ben avatar
Ben
06:08:51 PM

@Ben has joined the channel

Pierre Humberdroz avatar
Pierre Humberdroz

Hey,

can I somehow see which instances are out of stock for a specific aws region? we have been unable to launch c5.xlarge in eu-central-1a a couple of times this week and I am trying to find a source that will tell me when something is unavailable

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
What’s new in Kubernetes 1.18? | Sysdigattachment image

Kubernetes 1.18 is about to be released! And it comes strong and packed with 39 new or improved features. Where do we begin?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Kubernetes Ingress with Cert-Manager

Demonstrates how to obtain Let’s Encrypt TLS certificates for Kubernetes Ingress automatically using Cert-Manager.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
awslabs/aws-limit-monitor

Customizable Lambda functions to proactively notify you when you are about to hit an AWS service limit. Requires Enterprise or Business level support to access Support API. - awslabs/aws-limit-monitor

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Creating Workspaces with the HashiCorp Terraform Operator for Kubernetesattachment image

We are pleased to announce the alpha release of HashiCorp Terraform Operator for Kubernetes. The new Operator lets you define and create infrastructure as code natively in Kubernetes by making calls to Terraform Cloud.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
HashiCorp Ambassador Call for Nominations

HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….

Mike Martin avatar
Mike Martin

What email do you want us to use for you? “NOMINATED AMBASSADOR’S EMAIL”

HashiCorp Ambassador Call for Nominations

HashiCorp is seeking Ambassador nominations to recognize community members for their efforts in sharing knowledge around HashiCorp tools. Nominations open now through April 5….

Mike Martin avatar
Mike Martin

I ended up using [email protected]

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Mike Martin!

roth.andy avatar
roth.andy
bitnami-labs/sealed-secrets

A Kubernetes controller and tool for one-way encrypted Secrets - bitnami-labs/sealed-secrets

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

http://spacelift.io/ (reach out to @marcinw for a demo)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

https://scalr.com (reach out to @Sebastian Stadil for a demo)

Infrastructure as Code Platform | Scalr

Empower IT teams with autonomy and operational flexibility while maintaining corporate governance with the Scalr Cloud Management Platform.

Zoom avatar
Zoom
08:15:46 PM

New Zoom Recording from our Office Hours session on 2020-03-25 is now available.

2020-03-26

Blaise Pabon avatar
Blaise Pabon

@Erik Osterman (Cloud Posse), which email address (and twitter, linkedIn profiles) would you like us to use when we submit the Hashicorp Ambassador nomination form: https://www.hashicorp.com/ambassador-nominations/ ?

HashiCorp - HashiCorp Ambassador Call for Nominations

HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks @Blaise Pabon! I just sent you a PM with that information

HashiCorp - HashiCorp Ambassador Call for Nominations

HashiCorp delivers consistent workflows to provision, secure, connect, and run any infrastructure for any application.

Zachary Loeber avatar
Zachary Loeber

send to me as well please good sir

Pierre Humberdroz avatar
Pierre Humberdroz

same here wave

2020-03-27

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Adding @discourse_forum bot

discourse_forum avatar
discourse_forum
09:59:54 PM

@discourse_forum has joined the channel

2020-03-28

roth.andy avatar
roth.andy

Finally got my Raspberry Pi k8s cluster going. Ended up using k3sup. Turned out to be really simple.

bananadance1
2
roth.andy avatar
roth.andy
roth.andy avatar
roth.andy

Now I just need to figure out what to put on it… I was going to run Folding@Home but it doesn’t support RPi CPU arch

androogle avatar
androogle

You could do an ethereum node or ipfs. Something like that?

androogle avatar
androogle

What is the hardware you’re using besides rpi? That looks like a pretty sweet chasis

roth.andy avatar
roth.andy

And a 8 port network switch

bananadance2
    keyboard_arrow_up