#office-hours (2020-06)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-06-03
![Robert Horrox avatar](https://avatars.slack-edge.com/2020-06-15/1182949442165_e37a3c7f7c7baa32cbcb_72.jpg)
Maybe this isn’t so much of an office hours question than a request so let me know if its misfiled. Does anyone have any experience with https://github.com/pomerium/pomerium?
Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
just a reminder: today we have a special guest speaker (@Chuck Gehman) who will be answering questions related to Cloud Formation.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Chuck Gehman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Dan Overholt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thomas Mundt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
tamsky has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
zloeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vijay Ravi has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Stephanie Koerlin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ben Wart has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Igor Miltchman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oliver Schoenborn has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joe Hosteny has joined Public “Office Hours”
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Not on topic of cloudformation but if you have time:
I’m creating an EKS cluster with the cloudposse EKS cluster module, and running kubectl apply from the main.tf (using a localfile with localexec). Sometimes the kubectl apply gets run before the kube api server is ready, so I’m wondering what is the recommended way to deal with that: time_sleep resource? a way to indicate dependency so the localexec does not run too early? a way to only run the kubectl exec once API responds? (actually that will work for sure if I write a bash script that loops until kubectl apply works).
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jie Chen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaise pabon has joined Public “Office Hours”
![Dan Overholt avatar](https://secure.gravatar.com/avatar/e7bb8345676631834c23b60f6891f8ec.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0017-72.png)
Question for Chuck: We have a series of CloudFormation scripts that collectively add up to our stack. Only one contains a series of nested scripts. We would like to be able to combine 20+ cloudformation scripts into one execution to create a new Dev stack and subsequently be able to destroy that when necessary. Is this an appropriate use for Service Catalog or what is the recommended approach?
![Marc Tanne avatar](https://avatars.slack-edge.com/2020-05-20/1135080584965_a59bf8bc706d5c29a6af_72.jpg)
^^^
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
Cloudformation Question: I’ve used CF extensively at past roles, but my recollection is that if a resource was not initially created with CF, you couldn’t really manage that resource with CF ever in it’s lifetime. Recreation might be fine for ephemeral stuff, but for data stores and things it’s not always practical. How does CF handle that kind of scenario where you might need to import an existing resource in to a stack?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ola Ade has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Harry Moreno has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ben Wart has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaise pabon has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
HariPrasad Venkatanarayana has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Vorona has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2019/11/07/cloudformation-import-create.png)
With AWS CloudFormation, you can model your entire infrastructure with text files. In this way, you can treat your infrastructure as code and apply software development best practices, such as putting it under version control, or reviewing architectural changes with your team before deployment. Sometimes AWS resources initially created using the console or the AWS Command […]
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
ola server has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://pypi.org/static/images/twitter.90915068.jpg)
The Python Package Index (PyPI) is a repository of software for the Python programming language.
![Chuck Gehman avatar](https://secure.gravatar.com/avatar/1221ac22d5ea44142b5eda246bf9e6ce.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
An approach for GitOps of AWS backing resources like databases with CodePipeline together with Kubernetes via Flux - jasonumiker/k8s-plus-aws-gitops
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Define Kubernetes native apps and abstractions using object-oriented programming - awslabs/cdk8s
![SlackBot avatar](https://slack.global.ssl.fastly.net/66f9/img/slackbot_32.png)
This message was deleted.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
eddie.wizelman has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Polyglot Terraform. Contribute to TerraStackIO/terrastack development by creating an account on GitHub.
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Terrastack uses https://github.com/aws/jsii: “[jsii] allows code in any language to naturally interact with JavaScript classes. It is the technology that enables the AWS Cloud Development Kit to deliver polyglot libraries from a single codebase”
jsii allows code in any language to naturally interact with JavaScript classes. It is the technology that enables the AWS Cloud Development Kit to deliver polyglot libraries from a single codebase!…
The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code - aws/aws-cdk
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Maybe not first but probably in the first 3 The 2 others are:
• Learn CloudFormation came out in July 2018
• Mastering CloudFormation just came out this month
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Question: when I used CloudFormation last summer on one project the most frustrating aspect was when the stack being updated had a mistake then would rollback and even the rollback failed. How do you avoid this?
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
@Erik Osterman (Cloud Posse) Early in this meeting you talked about the 4 layers that comprises infrastructure, did you have an article that goes over the layers and such?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Unfortunately, no - it’s something I really need to write up, however
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
You have mentioned it a few times, I for one would like to drink more koolaide please
![Zachary Loeber avatar](https://avatars.slack-edge.com/2020-05-13/1115475485942_e68ae4d6556df390de70_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
@Erik Osterman (Cloud Posse) definitely interested in that ebook AWS CF in Action
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
DM’d you the code
![Chuck Gehman avatar](https://secure.gravatar.com/avatar/1221ac22d5ea44142b5eda246bf9e6ce.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Peter Sbarski from ACloudGuru wrote the serverless book
![Chuck Gehman avatar](https://secure.gravatar.com/avatar/1221ac22d5ea44142b5eda246bf9e6ce.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
This book, AWS Security is by Dylan Shields… 5 chapters in the MEAP preview program, https://www.manning.com/books/aws-security
![Chuck Gehman avatar](https://secure.gravatar.com/avatar/1221ac22d5ea44142b5eda246bf9e6ce.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Thanks again everyone! Thanks Erik!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Thanks @Chuck Gehman! really enjoyed having you on our session today
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Also, forgot to post @Chuck Gehman’s book! https://www.manning.com/books/aws-cloudformation-in-action
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Discount code podposse20
(40% off) or DM me for 100% off coupon.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Also, just a reminder - if you’re an expert on tools like Flux, Argo, Jenkins on Kubernetes, Open Policy Agent, Pulumi, Serverless, etc - hit me up. I would love to have a deeper conversation around some of these tools and your real-world experiences on one of our upcoming office hours
![James Huffman avatar](https://secure.gravatar.com/avatar/fa982942a65f4524bae21b09f148db7f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
I’ve been using Jenkins in Kubernetes for almost 2 years now. I’d love to talk about it.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-06-03 is now available.
2020-06-05
2020-06-10
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Office Hours starting in 15 minutes
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Make sure to post your questions
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kurt O’Connor has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here public #office-hours starting now! join us to talk shop https://cloudposse.zoom.us/j/508587304
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Dan Overholt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vijay Ravi has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Medinets has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
HariPrasad Venkatanarayana has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
eddie.wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Zachary Loeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Aarat Nathwani has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crews has joined Public “Office Hours”
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
i am hearing no sound.
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Sound seems to be working fine. Something on your end?
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
youtube is working fine. I can’t join from the browser. I don’t know what is wrong.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(youtube is just for past recordings; no live streaming to youtube)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@David Medinets were you able to get the audio working? are you using the Zoom client or web UI?
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
I was using the zoom client on ubuntu. I have not had any audio issues in the past using zoom. I was not able to get audio working.
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
To follow-up. I ran into this audio issue again. When I connected via the browser, I heard audio.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Omer Sen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jie Chen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Latika Wadhwani has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rahul Muraleedharan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Park has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Bircan Bilici has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hilal Jaffan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Amin Amos has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeremy Schuller has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thomas Mundt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://blog.pipetail.io/images/2020-05-04-cover.jpg)
We had the chance to see quite a bit of clusters in our years of experience with kubernetes (both managed and unmanaged - on GCP, AWS and Azure), and we see some mistakes being repeated. No shame in that, we’ve done most of these too! I’ll try to show the ones we see very often and talk a bit about how to fix them.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Comprehensive Distribution of Helmfiles for Kubernetes - cloudposse/helmfiles
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Alex Siegman have a link handy to the 2-tier web architecture recommendation?
![rahulm4444 avatar](https://secure.gravatar.com/avatar/29d70a2b93c477890738060b1a830ac5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
For connecting internal alb to nlb, lambda functions can be used.
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
you know, i’ve referenced it a bunch of times and i just cannot find it, they’ve changed how the site is with their new well-architected stuff, i’m looking though
![rahulm4444 avatar](https://secure.gravatar.com/avatar/29d70a2b93c477890738060b1a830ac5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
“Before now, you had to choose either the benefits of NLB or the benefits of ALB, but you couldn’t have both together. This blog post shows you how to have your cake and eat it too, by putting an Application Load Balancer behind a Network Load Balancer.”
![rahulm4444 avatar](https://secure.gravatar.com/avatar/29d70a2b93c477890738060b1a830ac5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
![attachment image](https://d2908q01vomqb2.cloudfront.net/5b384ce32d8cdef02bc3a139d4cac0a22bb029e8/2018/04/17/picture-1-1.jpg)
Update: You can use AWS Global Accelerator to get static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances. These IP addresses are announced from multiple AWS edge locations at the […]
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
the picture at the top of this blog is what i was referring to though https://blog.stratus10.com/aws-best-practices-3-tier-infrastructure
![attachment image](https://blog.stratus10.com/hubfs/aws-architecture-730x395.jpg#keepProtocol)
AWS Best Practices: 3 Tier Architecture. An infrastructure pattern for best availability, scalability, and security.
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
but those used to be available directly from amazon with accompanying materials
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-06-10 is now available.
2020-06-11
2020-06-15
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
i’m curious.. what do you guys use for continuous delivery/continuous integration/continuous release? i work at a smallish (~100 people) company and we’re generally jamming pretty hard on delivering product features instead of focusing on infrastructure. we use kubernetes and some folks use a service mesh, but not all, and we don’t always use the same clusters for various reasons.
some of the options i’ve considered (from cncf landscape) are flagger (requires service mesh) and spinnaker (gold standard? heavy weight). i suspect armory is above what i’m able to pay for a saas-type solution, and with limited time to focus on this specifically, flagger (service mesh) and spinnaker (learning curve/setup/maintenance?) i suspect is just overkill.
the other option i think i’m most likely to implement because it’s fast and easy is just using a separate deployment in the same cluster and weighted dns to serve some small percentage of traffic to a canary deployment and continuously deploy there first.
any thoughts/feedback appreciated.
![rahulm4444 avatar](https://secure.gravatar.com/avatar/29d70a2b93c477890738060b1a830ac5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
is aws moving away from docker? Aws fargate 1.4(latest version) is using containerd(https://containerd.io) instead of docker as runtime engine.. https://aws.amazon.com/blogs/containers/under-the-hood-fargate-data-plane/
An industry-standard container runtime with an emphasis on simplicity, robustness, and portability
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2020/04/07/Fargatehood4-788x630.png)
Today, we launched a new platform version (1.4) for AWS Fargate, which bundles a number of new features and capabilities for our customers. You can read more about these features in this blog post. One of the changes we are introducing in platform version 1.4 is replacing Docker Engine with Containerd as Fargate’s container execution […]
![ismail yenigul avatar](https://secure.gravatar.com/avatar/89893b20ce2700febbc53691f70f104b.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yes it is.
---------- Forwarded message ---------
From: Amazon Web Services, Inc. <[email protected]>
Date: Tue, Jun 9, 2020 at 2:55 AM
Subject: AWS Fargate Platform Version LATEST Flag Update [AWS Account: ]
Hello,
In the coming few months, AWS Fargate will update the LATEST flag to Platform Version (PV) 1.4.0. This means all new Amazon Elastic Container Service (ECS) Tasks or ECS Services that use the Fargate launch type and have the platformVersion field in their Task Definition set to LATEST will automatically resolve to PV 1.4.0. For customers who use Amazon VPC Endpoints along with their ECS tasks running on Fargate, the new platform version has changes that may require customer action. For more information see the FAQs below. If you do not use VPC endpoints for Amazon ECR, AWS Secrets Manager or AWS Systems Manager no action is necessary.
How does this impact me?
Customers who have set up VPC endpoints for Amazon ECR, AWS Secrets manager or AWS Systems Manager need to perform below steps:
1. Add ecr.api to their Amazon ECR VPC endpoint.
2. Ensure the AWS Secrets Manager or Systems Manager AWS VPC endpoint interfaces are added to the VPCs and subnets that are used by ECS services or ECS tasks that run on Fargate.
3. Ensure the security group in the Elastic Network Interface (ENI) associated with the task has rules to allow traffic from the task to VPC endpoints.
An industry-standard container runtime with an emphasis on simplicity, robustness, and portability
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2020/04/07/Fargatehood4-788x630.png)
Today, we launched a new platform version (1.4) for AWS Fargate, which bundles a number of new features and capabilities for our customers. You can read more about these features in this blog post. One of the changes we are introducing in platform version 1.4 is replacing Docker Engine with Containerd as Fargate’s container execution […]
![rahulm4444 avatar](https://secure.gravatar.com/avatar/29d70a2b93c477890738060b1a830ac5.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Till 1.3 version of aws fargate it was using docker as it’s runtime engine
2020-06-17
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here public #office-hours starting now! join us to talk shop https://cloudposse.zoom.us/j/508587304
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon Wilson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joey Freeland has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Vorona has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Tanne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Stuart King has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rahul Muraleedharan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Muhammed Soyer has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joe Hosteny has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mythreyee Sammeta has joined Public “Office Hours”
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
Am I supposed to know the password already?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
hah, I actually tried “SweetOps” without having any idea…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Omer Sen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mythreyee Sammeta has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
cho has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mikael Fridh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
eddie.wizelman has joined Public “Office Hours”
![Marc Tanne avatar](https://avatars.slack-edge.com/2020-05-20/1135080584965_a59bf8bc706d5c29a6af_72.jpg)
Can use Kensis to make scaling Database driven so that Lambda step functions can perform customized health checks and update the DB, which then can forward the WAL logs (using WAL2JSON plugin) into another Lambda to trigger scaling actions based on the data being updated? https://aws.amazon.com/blogs/database/stream-changes-from-amazon-rds-for-postgresql-using-amazon-kinesis-data-streams-and-aws-lambda/
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Alex Siegman avatar](https://avatars.slack-edge.com/2019-04-10/592429074434_cea95e800f54d8ea3544_72.jpg)
Potential talking point: https://codefresh.io/codefresh-news/announcing-codefresh-runner/
Running and maintaining CI/CD infrastructure has long been a headache for engineering teams which has led to the popularity of SAAS solutions like Codefresh cloud. But for many, this doesn’t meet their strict security requirements or allow them to access on-prem code, artifacts, or other resources. To help those engineering teams, today we’re releasing Codefresh … Continued
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has joined Public “Office Hours”
![joey avatar](https://secure.gravatar.com/avatar/9647cc34c02f9ce3bb4df4a6309335e8.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
not so much a question as much as a statement/comment of “whoa, where have i been” … but i started playing with localstack
recently and am setting up a local development environment and ci/cd. pretty impressive stuff.
does anyone know if there are similar things for gcp and azure?
![James Huffman avatar](https://secure.gravatar.com/avatar/fa982942a65f4524bae21b09f148db7f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
this is the GCP equivalent, to the extent there is one: https://cloud.google.com/sdk/gcloud/reference/beta/emulators
![joey avatar](https://secure.gravatar.com/avatar/9647cc34c02f9ce3bb4df4a6309335e8.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
nice! thanks James!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what Initial implementation of terraform-aws-eks-fargate-profile Add bats and Terratest Add Codefresh test pipeline why Provision an EKS Fargate Profile for Elastic Container Service for Kuberne…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Amin Amos has joined Public “Office Hours”
![msoyer avatar](https://secure.gravatar.com/avatar/4e7ae473473d12b8fc7374542cd03706.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Anyone using ECR image scanning as part of the CI/CD ?
![Tim Birkett avatar](https://avatars.slack-edge.com/2020-06-17/1195943326852_93709badec7475544cf0_72.jpg)
I have it enabled on some images on push but not synchronously as some sort of a quality gate.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Huffman has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Provides an Elastic Container Registry Repository.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Azure Security Center’s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes and other infrastructure-as-code-languages with Checkov by Bridgecrew. - bridgecrewio/checkov
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Bircan Bilici has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Bastille linux (http://bastille-linux.sourceforge.net/) not active anymore
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Cisecurity hardening
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Openscap
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Opensource docker image scanning: trivy
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
From aquasec
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI - aquasecurity/trivy
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Author: Malte Isberner (StackRox) Kubernetes has greatly improved the speed and manageability of backend clusters in production today. Kubernetes has emerged as the de facto standard in container orchestrators thanks to its flexibility, scalability, and ease of use. Kubernetes also provides a range of features that secure production workloads. A more recent introduction in security features is a set of plugins called “admission controllers.” Admission controllers must be enabled to use some of the more advanced security features of Kubernetes, such as pod security policies that enforce a security configuration baseline across an entire namespace.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
P2P Docker registry capable of distributing TBs of data in seconds - uber/kraken
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://min.io/resources/img/minio_share.png)
MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
Docker cache: My ideal is probably Nginx pull through cache in each cluster, upstreaming to ECR and possibly https://goharbor.io/ for the nifty management of things.
Our mission is to be the trusted cloud native repository for Kubernetes
![mfridh avatar](https://secure.gravatar.com/avatar/bc28bf133c2c735cf9e62952c4965389.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
in-cluster Storage - anyone used https://github.com/longhorn/longhorn ?
Cloud-Native distributed block storage built on and for Kubernetes - longhorn/longhorn
![msoyer avatar](https://secure.gravatar.com/avatar/4e7ae473473d12b8fc7374542cd03706.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Something new, AWS lambda can now use EFS .. https://aws.amazon.com/about-aws/whats-new/2020/06/aws-lambda-support-for-amazon-elastic-file-system-now-generally-/
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Console tool to check the latency to each Amazon EC2 region - ekalinin/awsping
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Community Note Please vote on this pull request by adding a reaction to the original pull request comment to help the community and maintainers prioritize this request Please do not leave "…
![msoyer avatar](https://secure.gravatar.com/avatar/4e7ae473473d12b8fc7374542cd03706.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
![attachment image](https://assets.zabbix.com/img/fb-share.png)
Highly scalable mature platform designed for real-time monitoring of millions of metrics collected from thousands of devices, applications, cloud resources
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
v0.13.0-beta2 0.13.0-beta2 (June 17, 2020) NOTES: backend/s3: Deprecated lock_table, skip_get_ec2_platforms, and skip_requesting_account_id arguments have been removed (#25134) backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2…
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://zacharyloeber.com/images/banners/banner-dominoes-750x188.jpg)
Aws Testing With Localstack on Kubernetes - Zachary Loeber’s Personal Site
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Network latency test: https://www.solarwinds.com/network-performance-monitor/use-cases/network-latency
Need to measure, test, and reduce network latency? Download a free 30-day trial of Network Performance Monitor, a network latency testing and monitoring tool.
![Chris O. avatar](https://secure.gravatar.com/avatar/7bf5d48ee49e2245dd68e43eb5e74367.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
any folks here with significant experience with DynamoDB?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-06-17 is now available.
2020-06-18
2020-06-21
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Guys? I am looking for some tool ( nonexistant ) that is able to define projects in git monorepo ( similar to workflows in atlantis ) by fs path for example in yaml, json, etc ( I am using Gitlab CI, btw) Tool should be able:
• to detect changes in projects ( this will help to determine specific project to change in CI pipeline triggered by MR/PR ) via git diff
• run commands/tasks on changed projects
• to do basic conditions, like if multiple projects change detected ; then exit ; fi
• to do retries if error code of command/task != 0
• to timeout if command/taks is taking more than X seconds
• validate projects -> if contains specific files Of course it does not exist, currently I am using bunch of scripts, buts its not so good.
- i am using json file to define projects
- tests and looping are done via jq ( validating json schema )
- everything is bash ( a lot of non standard tools )
- changes are detected with git diff
- a lot of binaries needed, terraform,terragrunt What I found so far:
https://github.com/mumoshu/variant https://github.com/go-task/task , but these are more like only task runners.
Unfortunately monorepos are not ready yet, like if you dont want recursively find all projects, which is very inefficient…
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
I did some prototype:
defaults:
projects:
single_project_change: true # fail if more than 1 project is changed
validation:
- task: project:validate # run task to validate projects
spec: # schema validation
- id: name
type: string
required: yes
unique: yes
- id: path
type: regex
regex: .*
required: yes
unique: yes
- id: name
type: string
required: no
unique: no
- id: cloud
type: string
oneof:
- aws
- gcp
- azure
required: yes
unique: no
projects:
- name: foo
path: foo/john/doe
cloud: azure
depends_on:
- bar
- name: bar
path: bar/john/doe
cloud: aws
vars:
FOO: BAR
env:
HOME: /home/abc/
tasks:
before:
run:
- task: environment:validate
main:
environemnt:validate:
run:
- sh: command -v terraform
success_message: "ok"
fail_message: "terraform binary not found"
allow_exitcodes:
- 128
project:validate:
run:
- sh: if ! [ -d {{ .project.path }} ]; then printf 'non existant dir' exit 1; fi
- sh: if ! [ -f {{ .project.path }}/main.tf ]; then printf 'no tf file' exit 1; fi
terraform:validate:
run:
- sh: terraform validate {{ .project.path }}
terraform:plan:
run:
- task: login:aws
vars:
- custom: var
- custom2: var2
- sh: echo {{ .task.login:aws.output.stdout.foo }}
- sh: terraform plan {{ .project.path }}
terraform:apply:
run:
- sh: terraform apply {{ .project.path }}
login:aws:
run:
- sh: aws sso login
- sh: aws sts get-caller-identity-o json
output: foo
timeout: 300
retries: 3 # kill & start three times
login:azure:
run:
- sh: az login
- sh: az account status
output: foo
timeout: 300
retries: 3
logout:aws:
run:
- sh: aws logout
allow_fail: true
logout:azure:
run:
- sh: az logout
allow_fail: true
after:
run:
- task: logout:aws
- task: logout:azure
#/bin/sh
/usr/local/bin/myCLI -h
commands:
run_task # run task
detect_changes # show what project was changed
vars:
--auto-detect true
-p PROJECT
--var foo=bar
--env foo=bar
/usr/local/bin/myCLI run_task terraform:validate ( -p PROJECT )
/usr/local/bin/myCLI run_task terraform:plan ( -p PROJECT )
/usr/local/bin/myCLI run_task terraform:apply ( -p PROJECT )
inspired by gitlab-ci.yaml, taskfile, variant, ansible, https://github.com/mbtproject/mbt ..
@mumoshu would be nice to have something like this as variant alternative
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
btw, recommend starting with variant2
- as variant
will probably receive less support. all engineering efforts are going into variant2
a total redesign based on HCL
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@muhaha will you be on the call today? (starting in 30 m)
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
unfortunatelly no
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
its just a description of “something”, I have hard times with monorepo …
2020-06-24
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Anybody have experience building a Unity3D project in CI?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here - remember to post your questions. office hours starting in 30 minutes
![chonan tsai avatar](https://avatars.slack-edge.com/2020-04-14/1060640193509_02daddafcfb7e0b05b9f_72.png)
I would like to resurface old question since we have some updates:
we have some async tasks. maybe around 20+ or so. Some of them run at odd hours in the middle of the night and some of them can take up to 20 min to run. I want to get super alerted if something doesn’t run or fail to run. Looking for advice on dashboarding versus alerting. Currently, the team has been trained to keep a close eye on Sentry alerts that comes in thr Slack. We had email alerts from AWS in the past but the team got tuned out.
We are trying a few things to get basic monitoring setup. Looking for general validation.
- The async tasks are running on celery. Set up the APM for Celery then create monitors in DD for that.
- Use DD custom metrics. Basically a version of statsd
- DD Support staff recommended building a lambda function and crawling the log
- Build a custom agent through datadog
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
I’m interested in discussing best practices around running terraform destroy
in CI and any exception handling that may be used. Right now I just have terraform destroy
in a after(always))
block. If terraform destroy
fails the Jenkins build will fail, but I want to do something more to handle possible failure cases
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
And the thing about building a Unity3D project in CI
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Bircan Bilici has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has joined Public “Office Hours”
![Bircan Bilici avatar](https://avatars.slack-edge.com/2020-06-12/1173953419750_db58afba2a26967be133_72.jpg)
Terraform currently does not support re-creation of resources if dependent object is changed or re-created. I’m talking about trigger like behaviour, but considering all other resources in general. It’s discussed here https://github.com/hashicorp/terraform/issues/8099 Do you know any other way to handle this in more elegant way, without using taint?
resource "foo" "bar" { foobar = "${file("foobar")}" } resource "bar" "foo" { depends_on = ["foo.bar"] } bar.foo is not modified…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Amin Amos has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thomas Mundt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
cho has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Medinets has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ryan Moore has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Primoz Cankar avatar](https://avatars.slack-edge.com/2020-04-06/1040178257362_184a973e8c717f10bf74_72.jpg)
I have a question about cloudposse bastion and its integration to ping slack when someone connects. Its not working when its used just to directly tunnel through to another server. Also what’s the password for zoom?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kurt O’Connor has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Latika Wadhwani has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
CHONAN TSAI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
CHONAN TSAI has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rahul Muraleedharan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Paul has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eddie Wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrea Bolandrina has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Santiago Campuzano has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
![attachment image](https://smallstep.com/uploads/diy-sso-ssh-unfurl.jpg)
Let’s set up Google SSO for SSH! We’ll use OpenID Connect (OIDC), SSH certificates, a clever SSH configuration tweak, and Smallstep’s open source packages.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Primoz Cankar has joined Public “Office Hours”
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
I just realized I do have an ansible question. How can I name a resource like “centos-<timestamp>”?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
babajide hassan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![David Medinets avatar](https://avatars.slack-edge.com/2020-06-06/1167569729189_f2560ef260a9a245ad2b_72.jpg)
My question is actually a terraform question.
resource "aws_eip" "centos" {
instance = aws_instance.centos.id
vpc = true
tags = {
Name = "centos-<TIMESTAMP>"
}
}
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
The formatdate function converts a timestamp into a different time format.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Primoz Cankar has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Santiago Campuzano has joined Public “Office Hours”
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Secure Access for Developers that doesn’t get in the way. - gravitational/teleport
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
opensource version can handle only github oidc :X
Secure Access for Developers that doesn’t get in the way. - gravitational/teleport
![Bircan Bilici avatar](https://avatars.slack-edge.com/2020-06-12/1173953419750_db58afba2a26967be133_72.jpg)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-06-24 is now available.
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
question for next office hours. upgrading a docker image in an ecs service with zero downtime with pokayoke in mind.
original thread from #aws: https://sweetops.slack.com/archives/CCT1E7JJY/p1593017494348900
One tool I’ve been looking for is one to update a task definition’s single container definition’s container image. Currently were using ugly fabfiles that do this that are copied and pasted everywhere and they typically recreate the task definition instead of reusing the one in terraform.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I have a question for today’s #office-hours, I don’t want to interrupt so I will just drop it here
What APM would you recommend for a Java Based application, and I can easily deploy on my Kubernetes cluster
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I have a question for today’s #office-hours, I don’t want to interrupt so I will just drop it here
What APM would you recommend for a Java Based application, and I can easily deploy on my Kubernetes cluster
2020-06-29
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Any idea for opensource cloud native p2s vpn (oidc, saml integration would be nice) ?
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
seems that https://hub.kubeapps.com/charts/cloudposse/openvpn is integrated with github oidc only, i did not find any source code tho, generic oidc would be nice..
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
What is p2s?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Free open source enterprise distributed VPN server. Virtualize your private networks across datacenters and provide simple remote access in minutes.
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Reasonable pricing, unfortunatelly no oidc support in opensource version .. Thanks