#office-hours (2020-05)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-05-04
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Here’s a great question for office hours this week: https://sweetops.slack.com/archives/CQCDCLA1M/p1588441766212200
Hi Everyone! I would love experts advice on scaling issues I’m having with a Monolith Application
The stack is Ruby, Mysql, Redis, RabbitMQ, and the webserver being used is Passenger, Scaling every other components (mysql, redis, rabbitmq) is not a problem, all of them are scaling awesomely, However, the application server is performing woefully, and the problem is with Passenger, the ruby app is a Legacy codebase in which every component of the application is bundle together in one place, including the mobile app graphql endpoints, and 20+ daemons that needs to run for the app to work.
I have tried scaling horizontally a couple of times which was not effective because I realized that the daemons works in a way that they can’t run concurrently on multiple servers, so that means I had to resolve to scaling vertically, now during peak periods, the server resources are not really used up, but the server keeps crashing, and the major reason is because Passenger(Ruby webserver) couldn’t handle some certain number of connections at once, so after thoroughly going through the passenger doc, I realized that there is a way to increase the maximum number of connection per process, this has been the temporary tweak that is keeping the server up and running for now.
However, We will be starting a campaign Next week, and we are expecting to have x5 the traffic requests we get during peak times, and I need advice on other approaches I can take to Autoscaling my Infrastructure
PS: 1. We are looking to re-architect the entire system by decoupling some services 2. We still run on Ruby 2.2, upgrading it will break our codebase (which is why we need to do 1 above)
I know this community consists of professionals that have handle way larger systems at scale, and I will appreciate everyone’s input on this
Thank you
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@HS will you join us today on office hours? ~20 minutes from now
Hi Everyone! I would love experts advice on scaling issues I’m having with a Monolith Application
The stack is Ruby, Mysql, Redis, RabbitMQ, and the webserver being used is Passenger, Scaling every other components (mysql, redis, rabbitmq) is not a problem, all of them are scaling awesomely, However, the application server is performing woefully, and the problem is with Passenger, the ruby app is a Legacy codebase in which every component of the application is bundle together in one place, including the mobile app graphql endpoints, and 20+ daemons that needs to run for the app to work.
I have tried scaling horizontally a couple of times which was not effective because I realized that the daemons works in a way that they can’t run concurrently on multiple servers, so that means I had to resolve to scaling vertically, now during peak periods, the server resources are not really used up, but the server keeps crashing, and the major reason is because Passenger(Ruby webserver) couldn’t handle some certain number of connections at once, so after thoroughly going through the passenger doc, I realized that there is a way to increase the maximum number of connection per process, this has been the temporary tweak that is keeping the server up and running for now.
However, We will be starting a campaign Next week, and we are expecting to have x5 the traffic requests we get during peak times, and I need advice on other approaches I can take to Autoscaling my Infrastructure
PS: 1. We are looking to re-architect the entire system by decoupling some services 2. We still run on Ruby 2.2, upgrading it will break our codebase (which is why we need to do 1 above)
I know this community consists of professionals that have handle way larger systems at scale, and I will appreciate everyone’s input on this
Thank you
![HS avatar](https://avatars.slack-edge.com/2020-04-18/1071627109074_7b85c57b7bb849c1027d_72.jpg)
Yes
2020-05-06
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
So I am curious if this is just something that would be useful to me. But would a tool where you can aggregate events from multiple sources onto a single timeline be useful for y’all?
This is just a quick mock up of something I have been thinking about.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adedayo Akinpelu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Edward Wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pierre Humberdroz has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Darrin Rentschler has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Darrin Rentschler has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
kiran k has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Browse and share virtual backgrounds for video calling applications with ease!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Szymon Matuszewski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sri P has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gemini Agaloos has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jose Netto has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jordan Levington has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jordan Levington has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Omer Sen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Libert Schmidt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Miranda Pearson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mikael Fridh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Lewis Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Geoff Weinhold has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Grafana Annotations HTTP API
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
derp, need to rotate those…
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
it is fine.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://grafana.com/static/img/grafana/redesign-dashboard_home.png)
Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and …
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Charlie Mathews has joined Public “Office Hours”
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
Loki is great for the way it can integrate nicely with prometheus metrics due to the labels - you can basically match them up… But honestly, what has me going right now is https://github.com/flant/loghouse + https://github.com/ClickHouse/ClickHouse . Not fully tested it yet though.
Just look at this statement… ClickHouse works 100-1000x faster than traditional approaches. Most vendors and projects will have bold claims… but they are rarely this confident .
Ready to use log management solution for Kubernetes storing data in ClickHouse and providing web UI. - flant/loghouse
ClickHouse is a free analytics DBMS for big data. Contribute to ClickHouse/ClickHouse development by creating an account on GitHub.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
asadana has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Olivier Chaine has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![chonan tsai avatar](https://avatars.slack-edge.com/2020-04-14/1060640193509_02daddafcfb7e0b05b9f_72.png)
devops handbook? Really like this login example. Makes a lot of sense.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
yep
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Miranda Pearson has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Boudreau has joined Public “Office Hours”
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
thanks @roth.andy
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Omer Sen has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has left Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://caddyserver.com/resources/images/caddy-open-graph.jpg)
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://www.nomadproject.io/img/og-image.png)
Nomad is a highly available, distributed, data-center aware cluster and application scheduler designed to support the modern datacenter with support for long-running services, batch jobs, and much more.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
PSA
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
in 1.16 /extenionsons/v1beta1
api going away for certain resources
![David Scott avatar](https://secure.gravatar.com/avatar/db9b8eca43f368b54aa2b7501a79af19.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html#1-16-prequisites
Specifically these resources are removed:
DaemonSet
, Deployment
, StatefulSet
, ReplicaSet
, NetworkPolicy
, PodSecurityPolicy
Other things, like Ingress
, can still be used with extensions/v1beta1
![David Scott avatar](https://secure.gravatar.com/avatar/db9b8eca43f368b54aa2b7501a79af19.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
The most important thing in regards to this: Check the apiVersion:
on your kube-proxy DaemonSet. AWS’s instructions for updating kube-proxy only have you update the image tag, so it is likely that it will be using the deprecated API.
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
A cli tool to help discover deprecated apiVersions in Kubernetes - FairwindsOps/pluto
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Fairly large set of scripts for crafting and working with devops tools - zloeber/CICDHelper
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adedayo Akinpelu has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Charlie Mathews has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pierre Humberdroz has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Geoff Weinhold has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
asadana has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Szymon Matuszewski has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Edward Wizelman has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Boudreau has left Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mikael Fridh has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Libert Schmidt has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Olivier Chaine has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jose Netto has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sri P has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gemini Agaloos has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
kiran k has left Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Lewis Jenkins has left Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
~Crap - I think I forgot to hit record. Zoom UI changed and through me off.~still processing
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-05-06 is now available.
2020-05-08
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-04-29 is now available.
2020-05-10
2020-05-11
2020-05-12
2020-05-13
![Mathieu Frenette avatar](https://avatars.slack-edge.com/2020-04-22/1080005837394_af225a29165427b0f4a9_72.jpg)
Question for today’s office hour: What are the best practices for version numbering of multiple resources (apps, charts, docker images, etc) stored in the same monorepo? Using git tags (ie: v1.0.1
) to track semantic versions seems awkward, because all resources would share the same version “counter”. Using the short commit hash seems more appropriate, but it is not allowed as chart version, which expects a semantic version in the form 1.0.1
. I’m currently considering using something like 1.0.1589390493
, where the last number is the number of seconds since UNIX epoch, calculated using the commit’s timestamp:
$(date "+%s" -d "$(git show -s --format=%ci)")
The major and minor versions could be stored in a file in the base dir of each resource. Any other suggestions?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Thanks @Mathieu Frenette! We’ll discuss
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here please share your questions for today’s office hours!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rohit g has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Park has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Omer Sen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrea Bolandrina has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mathieu Frenette has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vitali Bystritski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
CHONAN TSAI has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
1.0.0+eh12345
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gemini Agaloos has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
yq is a portable command-line YAML processor. Contribute to mikefarah/yq development by creating an account on GitHub.
![nian avatar](https://avatars.slack-edge.com/2018-11-07/475121190983_54ee9c56bf8f4160db23_72.jpg)
As an alternate, check this: https://kislyuk.github.io/yq/
The syntax for this is much more similar to jq
, which helps.
yq is a portable command-line YAML processor. Contribute to mikefarah/yq development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We ultimately selected the one by mikefarah
because it’s in go and distributes binary releases
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Semantic Versioning spec and website
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
General conventions for charts.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adedayo Akinpelu has joined Public “Office Hours”
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
What do you use to authenticate users against aws eks? I want to use external authentication mechanism aside from aws-auth configmap. Maybe use my AD users/groups?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Statuspage.io is the best way for web infrastructure, developer API, and SaaS companies to get set up with their very own status page in minutes
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Keycloak is an open source identity and access management solution
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Jboss keycloak
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Okta replacer
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
A OpenID / Proxy service. Contribute to louketo/louketo-proxy development by creating an account on GitHub.
![caretak3r avatar](https://avatars.slack-edge.com/2020-02-08/943109520628_99d81beb1d2608b9c34b_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Steve Boardwell has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Edward Wizelman has joined Public “Office Hours”
![Marc Tanne avatar](https://avatars.slack-edge.com/2020-05-20/1135080584965_a59bf8bc706d5c29a6af_72.jpg)
Question on video stream transcoding from h.265/HEVC to h.264
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
soyer has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Another question. I want to limit pod/deployment to only accept ingress(incoming) traffic from Aws Alb Ingress only not any other pod/deployments on SAME k8s namespace. Networkpolicy is limited namespaces, labels but seperating namespaces requires seperate alb ingress AND seperate external-dns (as both of them works on one Namespace only) what do u suggest?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Muhammed Soyer has joined Public “Office Hours”
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Since ingress is not a deployment…
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/ https://developer.nvidia.com/kubernetes-gpu
Kubernetes on NVIDIA GPUs enables enterprises to scale up training and inference deployment to multi-cloud GPU clusters seamlessly. It lets you automate the deployment, maintenance, scheduling and operation of multiple GPU accelerated application containers across clusters of nodes. With increasing number of AI powered applications and services and the broad availability of GPUs in public cloud, there is a need for open-source Kubernetes to be GPU-aware.
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Instead of istio
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Not yet ;)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Or solo meshctl
![msoyer avatar](https://secure.gravatar.com/avatar/4e7ae473473d12b8fc7374542cd03706.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Anyone heard about BackStage by Spotify ? It is a developer portal to provision applications etc .. I heard about it recently, just started evaluating.. https://backstage.io/
An open platform for building developer portals
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
“Logical” provider for integrating with an Ansible Dynamic Inventory script. - nbering/terraform-provider-ansible
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
https://thenewstack.io/how-the-u-s-air-force-deployed-kubernetes-and-istio-on-an-f-16-in-45-days/
USAF Chief Software Officer likes to say “If Kubernetes is good enough for missiles and F-16s then it is good enough for you”
![attachment image](https://cdn.thenewstack.io/media/2019/12/384c08ad-fighter-jet-3286728_1280.jpg)
Kubernetes, Istio, knative and an internally developed specification for “hardening” containers are now the default software development platform across the military.
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
Is their any example repos with variant2 running terraform modules
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We haven’t published our solution yet
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
Ok then I’ll start winging it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Happy to give you a walk through sometime if you want to see what it does
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://d3v0px0pttie1i.cloudfront.net/uploads/user/logo/387879/opengraph_cb9846df.png?source=opengraph)
Welcome to my scheduling page. Please follow the instructions to add an event to my calendar.
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
That would be great
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-05-13 is now available.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@chonan tsai perfect time! got this in my inbox today
![chonan tsai avatar](https://avatars.slack-edge.com/2020-04-14/1060640193509_02daddafcfb7e0b05b9f_72.png)
@Erik Osterman (Cloud Posse) Fantastic - thanks for sharing today. This is gonna be useful.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
PSA:
2020-05-14
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@omerfsen check out https://github.com/sighupio/permission-manager
Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW - sighupio/permission-manager
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW - sighupio/permission-manager
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Permission-manager does NOT work with EKS
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(@Zachary Loeber just linked me to the github org and was looking through the repos when I foudn this)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Hi
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
let me check
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
thank you
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
Hey folks, I just got a job offer from Very Good Security… I found out about them right here, thanks to @Erik Osterman (Cloud Posse)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
That’s great @Blaise Pabon!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Is it a developer advocacy role?
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
Well, the title is Solution architect and it’s the sort of early stage “pre-and-post sales support while preparing the path to excellence” that is my specialty. …Honestly, in this market, I don’t feel comfortable turning my nose up an a paycheck from good people, doing something that I’m not ashamed of.
I think there’s a lot of potential. I didn’t meet a single person who gave me the “works on my machine… it’s above my pay grade” attitude.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
woot!
2020-05-15
2020-05-20
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
I might not be here still want to leave something for later today.
So I was affected by quay incident quite heavily I had a test running in my development cluster which drains a node every hour and adds a new one to have a rotation and short lived nodes. Well since quay was not up some of my pods were not able to be scheduled (image pull back) and this caused quite a bit of headache.. But I am happy that I learned from it. I might have to cache/reupload to my own registry.
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
So sometimes it might be worth to not touch a running system.
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
This makes for a good argument in favor of self-hosted container registry infrastructure….
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’ve just watched two weeks old open hours and I would give two thumbs up for monochart concept (never knew I has a name though:). We’ve been following a quite similar approach for about two years so far. Our approach is a bit different in a way that we do write helm charts. We have a common chart treated as an abstract class with all bells and whistles inside that covers 80-90% of use cases, but we still can’t satisfy everybody (since we are a very small team of ops, we just have a lot of other things to do). By writing charts per service (let’s call it a service chart) we allow chart developers to inherit all the components of the common chart plus add everything they need for a certain scenario. Sometimes these are objects that are not in the common chart. Sometimes these are dependencies which they want to make a bundle with. But it’s a matter of a couple of minutes to write a service chart. And yes we use helmfile to manage all of this, but also with helmfile we provide a very narrow interface to users who don’t want to deal with Helm at all and just want to deploy the app to his or her environment.
The question which bothers us sometimes though is what would be a better approach - to create a new object template inside a chart and populate it as a part of a chart or add additional functionality as a dependency to a chart. Say we want to add the possibility to do backups or monitoring. We can a)create a chart with all backup objects and add it to service charts as a dependency or b)add these objects as templates to the common chart and populate a new version of it. Although we really like the flexibility we have we sometimes encounter these questions about better approaches all the time:)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
What do you think about “Managing stateful systems via container orchestration” blipping as Assess on the latest Technology Radar?
https://www.thoughtworks.com/radar/techniques/managing-stateful-systems-via-container-orchestration
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
With the Windows additions of great Mac/Linux-y things like
• A MacOS-style “spotlight” feature
• WSL2 Are we finally getting to the point where I don’t have to dual-boot Linux on my windows machine to do serious development in a containerized/kubernetes world?
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
does docker still run in a VM on windows? Or can it run easily in WSL and you connect locally (in windows) somehow with the docker client?
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
does docker still run in a VM on windows?
On my machine, yes. I haven’t tried WSL2 yet though
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
every few months I try to develop on my windows desktop at home and just get mad at it heh. every time i try though, more things work. i usually end up back on osx though
![randomy avatar](https://secure.gravatar.com/avatar/fa1b9e14d93f78f4c21a1238ae7984cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
I’m looking forward to the GUI support. WSL 2 + Docker Desktop + VS Code is getting pretty good but there are still too many times where I need to run a web browser in Linux because of AWS credentials, VPNs, SSH tunnels, etc. I tried an X server but ran into issues with dbus and things kept crashing after a while, so proper GUI support will be good.
![randomy avatar](https://secure.gravatar.com/avatar/fa1b9e14d93f78f4c21a1238ae7984cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Hyper-V with a “quick create” Ubuntu image is pretty decent. No need to dual boot. But I’ve only tried this on my machine with 32 GB of memory…
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Hyper-V with a “quick create” Ubuntu image is pretty decent
Do you have a link you can point me to with some docs on this? I’ve messed around a little with Hyper-V and VirtualBox but my experience was very underwhelming, even with 32GB of memory
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
@randomy
![randomy avatar](https://secure.gravatar.com/avatar/fa1b9e14d93f78f4c21a1238ae7984cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
I don’t know any docs in particular but this sums it up https://www.thomasmaurer.ch/2019/06/how-to-create-an-ubuntu-vm-on-windows-10/
![attachment image](https://www.thomasmaurer.ch/wp-content/uploads/2019/06/Ubuntu-VM-on-Windows-10.jpg)
Windows 10 is not just a modern desktop operating system, and it also has some great IT Pro and Developer related features build in. One of them is client Hyper-V. This is the same hypervisor which powers virtualization in Windows Server and the Microsoft Azure datacenters. With Hyper-V, you can create virtual machines running on
![randomy avatar](https://secure.gravatar.com/avatar/fa1b9e14d93f78f4c21a1238ae7984cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
I’m using the Ubuntu 18 version. I think I tried a newer one a while back but ran into issues. I use i3 which may or may not improve performance. And finally, I have a little AutoHotKey script that positions the VM window properly because Hyper-V annoyingly doesn’t let you maximize a VM without going into full-screen mode.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![Joe Niland avatar](https://secure.gravatar.com/avatar/b90c8e752dd648ef229096c60ba2408f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
This podcast was a decent summary of the latest with WSL2 and Docker - https://hanselminutes.com/736/making-docker-lovely-for-developers-with-simon-ferquel
Scott’s been using Docker Desktop for years now, and in this episode he talks to Simon Ferquel about Docker on Windows. How will WSL2 make Docker even better? How does Docker help developers specifically be more productive (and happier?) How much easier can Docker get and how does Docker Desktop enable that?
![Mathieu Frenette avatar](https://avatars.slack-edge.com/2020-04-22/1080005837394_af225a29165427b0f4a9_72.jpg)
What was the driving reason why you chose the approach of bundling Terraform infra configuration files within a Geodesic image (and are you still using that approach?), versus treating them as two distinct entities (that could still be versioned side-by-side within the same repo and used together in a pipeline)?
![Mathieu Frenette avatar](https://avatars.slack-edge.com/2020-04-22/1080005837394_af225a29165427b0f4a9_72.jpg)
We are moving our CI/CD pipelines from Jenkins X (which is 100% Gitops driven) to Codefresh, where we have the ease of use of shared configs and secrets that we can manage easily via the UI and inject into our pipelines as environment variables. However we realize that such configs and secrets are not version-controlled and may sometimes be tightly coupled with the pipelines as they evolve. If for some reason we need to rollback our pipelines, all related configurations will not follow accordingly. What are your thoughts and experience about such external configurations that escape the Gitops domain?
![Chad Ostler avatar](https://secure.gravatar.com/avatar/c572e5fe7bb7ce143d194148eb0dcd44.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
we’re using codefresh… and it’s so unreliable we’ve decided to do anything but that now
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
wow! we have a lot of interesting talking points today. excited
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Just another heads up, we’ve had to enable passwords on the Zoom calls (zoom forcing our hand on this). The password is sweetops
if you’re prompted for it…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mukul Garg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jie Chen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mathieu Frenette has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adrian Todorov has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Dale-Kurt Murray has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
eddie.wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pierre has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://blog.pipetail.io/images/2020-05-04-cover.jpg)
We had the chance to see quite a bit of clusters in our years of experience with kubernetes (both managed and unmanaged - on GCP, AWS and Azure), and we see some mistakes being repeated. No shame in that, we’ve done most of these too! I’ll try to show the ones we see very often and talk a bit about how to fix them.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pierre has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
cho has joined Public “Office Hours”
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
You are invited: GitOps Days 2020 (May 20 & 21). Whether you’ve been wanting to learn about GitOps for the first time or you want to get your teams on board with GitOps, this event is for you! This free online event will run from 9:00am PT to 3:00pm PT over two days.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tamsky has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Prasanna Pawar has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Use-case If you have multiple instances of Docker running in your environment, such as multiple physical or virtual machines all running Docker, each daemon goes out to the internet and…
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Policy-based control for cloud native environments
![caretak3r avatar](https://avatars.slack-edge.com/2020-02-08/943109520628_99d81beb1d2608b9c34b_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rohit g has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
José Netto has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Regarding examples of secrets, these are good, though we should also call out the different ways secrets are consumed. Especially when dealing with third-party software, the configuration mechanisms vary. Sometimes environment variables suffice, sometimes configuration files are required. Other times, with in-house software, they might directly interface with something like HashiCorp Vault or the AWS Secrets Manager (ASM). What I like about your current approach is that it provides a consistent…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Missing package manager for any task runners and build tools e.g. make and variant - variantdev/mod
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
Automated dependency updates for your Ruby, Python, JavaScript, PHP, .NET, Go, Elixir, Rust, Java and Elm.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Mathieu Frenette avatar](https://avatars.slack-edge.com/2020-04-22/1080005837394_af225a29165427b0f4a9_72.jpg)
![Pierre Humberdroz avatar](https://avatars.slack-edge.com/2019-12-10/856434906819_d99dd3e0bce66357e0ce_72.png)
![attachment image](https://renovate.whitesourcesoftware.com/wp-content/media/2019/11/Untitled-design-49.png)
Save time and reduce risk by automating dependency updates in software projects. Fully customizable with a setting to suit every workflow
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
Life is full of contradictions…. Trump becomes president… and now we even have the NPM guys doing dependency management!
![attachment image](https://renovate.whitesourcesoftware.com/wp-content/media/2019/11/Untitled-design-49.png)
Save time and reduce risk by automating dependency updates in software projects. Fully customizable with a setting to suit every workflow
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Helm plugin to fetch charts from Git repositories. Contribute to aslafy-z/helm-git development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Keep dependencies up-to-date with automated Pull Requests
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
Sorry I couldnt make it today, I miss you guys. Homeschooling in the time of covid….
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
we had an absolutely amazing office hours today! recording will be posted in a few hours.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-05-20 is now available.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Btw, we’re also uploading all our office hours to youtube!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
if you haven’t already subscribed to our channel, it would be a big help! we need to reach 100 subscribers to claim our URL.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
2020-05-21
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Thanks for bringing up my questions! I didn’t have a chance to join the call, but it was a pleasure to watch.
Regarding unanswered question on Tech Radar. I can elaborate a bit and probably it can be a topic for the next session.
What ThoughtWorks says now is that:
We recommend caution in managing stateful systems via container orchestration platforms such as Kubernetes. Some databases are not built with native support for orchestration — they don’t expect a scheduler to kill and relocate them to a different host. Building a highly available service on top of such databases is not trivial, and we still recommend running them on bare metal hosts or a virtual machine (VM) rather than to force-fit them into a container orchestration platform
Kinda a warning. And I know some cases when clients want to do such a move no matter what (I mean to migrate databases to K8s). There might be plenty of databases especially when it is a single tenant app and a bunch of microservices around. What’s your experience with managing databases (Postgres, MariaDB) in K8s given a current state of tooling? Managed services vs operators vs helm charts?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We’ll discuss this some more today
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Thanks for bringing up my question again! It’s not a perfect time for me to participate, but I’ll do my best to join in the future.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
suggested topic: (via @Zachary Loeber) https://sweetops.slack.com/archives/CBW699XE0/p1590086472292600
I converted localstack to run in kubernetes for locally testing out AWS scripts on kind clusters. Example includes the use of kompose, helmfile, the raw helm chart, and my own little framework for stitching it all together. https://zacharyloeber.com/2020/05/aws-testing-with-localstack-on-kubernetes/
2020-05-26
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Last week I have create a new Terraform module to host GitHub self hosted action runners on AWS spot instances. For those who are interested the setup is explained in this post https://040code.github.io/2020/05/25/scaling-selfhosted-action-runners
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Heads up! next wednesday on June 3rd (not this week), we’ll have a guest speaker to answer any/all your questions on Cloud Formation.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
If I get this demo working I’ll be using the new Kubernetes provider for Terraform during my keynote at the Crossplane Community Day virtual event. https://www.eventbrite.com/e/crossplane-community-day-tickets-104465284478 https://twitter.com/mitchellh/status/1265414263281029120
![attachment image](https://pbs.twimg.com/media/EY-nj__U8AAzI4C.jpg)
Yes! An alpha release of a new Kubernetes provider for Terraform that can represent ANY K8S resource (including any CRDs). You can also run this one-liner (image) to convert any YAML over. https://www.hashicorp.com/blog/deploy-any-resource-with-the-new-kubernetes-provider-for-hashicorp-terraform/ https://pbs.twimg.com/media/EY-nj__U8AAzI4C.jpg
![party_parrot](/assets/images/custom_emojis/party_parrot.gif)
2020-05-27
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
It’s asking me to enter a password, but don’t see one in the calendar invite
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rohit g has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ianculov Vucomir has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Walter Sosa has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hilal Jaffan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Haroon Rasheed has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Daniel Blue has joined Public “Office Hours”
![HS avatar](https://avatars.slack-edge.com/2020-04-18/1071627109074_7b85c57b7bb849c1027d_72.jpg)
Please I need help joining the meeting, The meeting link is requesting password
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
Same for me
![Andriy Knysh (Cloud Posse) avatar](https://avatars.slack-edge.com/2018-06-13/382332470551_54ed1a5d986e2068fd9c_72.jpg)
sweetops
![HS avatar](https://avatars.slack-edge.com/2020-04-18/1071627109074_7b85c57b7bb849c1027d_72.jpg)
thanks
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
Worked - thank you!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adedayo Akinpelu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrea Bolandrina has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Park has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
eddie.wizelman has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![attachment image](https://www.datocms-assets.com/2885/1542060063-terraformshare-imglogo-w-stack-graphic1200x630.png?fit=max&fm=jpg&w=1000)
We are working internally to update the community VS Code extension to fully support Terraform 0.12 syntax and use our Language Server by default. A new version will be shipping later this year with the updates.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Welcome to the new Coffee with Codefresh — a Q&A live stream with members of the Codefresh team! This is a community event for both Codefresh employees and customers, or if you are not yet a customer but have questions, you are welcome to join! We welcome you to a casual and relaxed question and … Continued
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeremy Schuller has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mike Marseglia has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jie Chen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vijay Ravi has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeremy Schuller has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Record your test suite’s HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests. - vcr/vcr
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
gemini has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeremy Schuller has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Juan Soto has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
- ThoughtWorks now recommends caution in managing stateful systems via container orchestration platforms such as Kubernetes.
- https://www.thoughtworks.com/radar/techniques/managing-stateful-systems-via-container-orchestration
- Our retort: https://cloudposse.com/devops/should-you-run-stateful-systems-via-container-orchestration/
![attachment image](https://static.thoughtworks.com/images/radar/2020-05/en/og-meta-techniques.png?id=2020-05)
This Technology Radar quadrant explores the techniques being used to develop and deliver software
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![attachment image](https://kubedb.com/assets/images/products/kubedb/kubedb-1280x640.png)
KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds
![attachment image](https://storage.googleapis.com/gweb-cloudblog-publish/original_images/BlogHeader_Kubernetes_A.jpg)
It can be a challenge to run a database in a distributed container environment like Kubernetes. Try these tips and best practices.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
We are using Stash from AppsCode. So far so good, but I’ve heard complains about KubeDB support
![attachment image](https://kubedb.com/assets/images/products/kubedb/kubedb-1280x640.png)
KubeDB by AppsCode simplifies and automates routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair for various popular databases on private and public clouds
![attachment image](https://storage.googleapis.com/gweb-cloudblog-publish/original_images/BlogHeader_Kubernetes_A.jpg)
It can be a challenge to run a database in a distributed container environment like Kubernetes. Try these tips and best practices.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
HashiCorp and I have just - after a few months of discussions - started the process of handing over maintainership of vscode-terraform to HashiCorp. This is something I am really happy about and it…
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
I am a developer who was born in Cuba and grew up in China. I mostly develop in linux with vim as the primary editor for any languages - juliosueiras
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
VSCode Terraform LSP Client. Contribute to juliosueiras/vscode-languageclient-terraform development by creating an account on GitHub.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
@Erik Osterman (Cloud Posse) didn’t you have a “things to think about when choosing a ci/cd platform” article/spreadhseet/list/whatnot you shared a while back?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Alex Siegman - we do - let me dig that up. Thanks for reminding me.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
Might help folks form their own ideas about choosing codefresh vs jenkins vs whatever
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
@roth.andy FYI, unless you pay a base licensing cost for “Enterprise” per month/year, which you probably would anyways for self-hosted, codefresh does charge per user as well as per concurrency. I’ve been through that with them before Then again, I make no secret that I’m very anti-per-user pricing.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Yep, Enterprise is all we are looking at
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
Still bothers me that it’s an upcharge to get unlimited users, when the usage factor is primarily from pipeline runs
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
Feels very double-dip to me, but the platform does have a lot of positives
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Here are some ways to control your AWS costs: https://cloudposse.com/aws-cost-controls/
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Huh… the link spotinstance.com forwards to aws.amazon.com.
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
sure does, that’s weird
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I must be linking to the wrong site - I’ll fix
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-05-27 is now available.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Hello, my co-worker linked the above office hours video where he asked the question about NAT networks. Is it appropriate to ask a question in this channel about the above video?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Sure thing @Benjamin Hudgens
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Regarding the conversation about NAT gateways, vs NAT instances, vs IGW’s (approx 45mins in video); why is the NAT gateway or NAT instance meaningfully different than the NAT provided by the IGW? As in, how does one nat provide a different level of security over the other?
The IGW documentation defines the function as NAT’ing; what makes the IGW nat fail an audit, so to speak? (vs the other two methods)
From Docs:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
I was hoping maybe you guys had experience with audits that flagged this and could help me understand why it was flagged?
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
We literally couldn’t come up with a reason to pay for either NAT solution when IGW’s allow free inbound traffic and zero maintenance? We tried really hard to justify the NAT subnet setup given it’s the classical network config.. Compliance was a concern in our chat, and I’m wondering if you guys have actually seen it flagged (and why).
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(I will respond to you)
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Somebody feel free to correct me if I’m wrong here: NAT Gateways and NAT Instances don’t allow inbound traffic. They’re a purely outbound mechanism for Private Subnet resources to communicate to the wider internet.
IGW allows inbound and outbound traffic — It’s the VPC’s interface to the internet.
Generally, the thought behind putting services like Databases or Web app in private subnets is so that those resources can’t be accessed by the public internet. They’re only accessible via certain fronting services like load balancers and therefore that makes them more secure against port scanning and what not.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
If I’m running a NAT Instance, an IGW would be functionally identical to PORT forwarding back to one of the machines serviced by that particular instance.
I do think you’re correct; I’m not aware of the NGW’s supporting any sense of forwarding.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
So; hmm, that’s a good perspective.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
We’re really thinking about dropping these and leaning on sec groups given the IGW is more like a PAT instead of a NAT. I’ll bring up your point tomorrow, that’s at least ONE functional difference we didn’t come up with on our own. TY!
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
One thing that’s worth mentioning again is that if you folks switch to NAT instances + an S3 VPC Endpoint then you’ll still be able to retain the same level of security (not have all your resources in public subnets), while also saving a ton.
It won’t be as cheap as it is to run all your resources in public subnets, but that would definitely be frowned upon by any security audit. At a minimum, I would say there are very few cases where your DB shouldn’t be run in a private subnet.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Perhaps. I’m trying to understand why it’s not better to run our DB in an IGW subnet and simply do not attach an EIP (or public ip at all). We can mount an EIP (or EIN) for maintenance with a very specific sec group. Again, my understanding is the IGW is still a NAT per their docs.
We actually do leverage the VPCE’s in a few of our route tables for S3. Mike didn’t bring up the various other expensive things in our environment. Talking to S3/Dynamo is free over the VPCE’s .. but most other services incur a cost.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
We’re challenging our assumptions about the setup; trying to understand why an audit is going to flag an external IP with a deny all sec group, or how that’s different than a nat instance that could employ port forwarding just the same.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Really appreciation the outside thoughts. The one you highlighted above is good, and compliance audits was our other concern. We just couldn’t understand the ‘technical’ reasons it would be flagged. Erik highlighted it a bit on your call; there are “best practices” we all employ, and we’re challenging those a bit to understand why we’re paying extra $$. We were failing to come up with good reasons. I thank you for giving this some thought from an outside perspective!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(Will respond a bit later)
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Sure sure! No problem! Appreciate the feedback. Mike has been representing us on your calls. I lead his team and I’ve wanted to join, but I haven’t had the luxury yet. We talk about you guys quite a bit. Pretty sure I skipped the Terraform docs, and just learned terraform reading you guys’ work.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Actually, one request: since this is such a well prepared question, would you mind posting it instead here: https://ask.sweetops.com/
SweetOps is a collaborative DevOps community for engineers of all skill levels.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Oh! Sure!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
That will allow for an equally constructive response
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Absolutely.
![Benjamin Hudgens avatar](https://secure.gravatar.com/avatar/1f10f1099c780c1f0889d5a7d447d2c9.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
TLDR; We deeply understand what all NAT options are and how they work. Super strong team technically. We’re challenging our traditional wisdom and assumptions to try to justify why we should spend extra $$$ on NAT solutions in AWS. We are not restricted by cost but certainly do not spend money purely for religious reasons (as in, because that’s how we’ve always done it). We are currently considering three mechanisms to reach EC2 instances: IGW -> Subnet(s) | 1-1 NAT (When PIP or EIP attach… |
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Sweet! I will get back to you - thanks for posting
![randomy avatar](https://secure.gravatar.com/avatar/fa1b9e14d93f78f4c21a1238ae7984cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Great question. Typo here with can/can’t: (and NAT Instances) *can* permit inbound traffic *at all*