#office-hours (2020-06)

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

2020-06-29

muhaha avatar
muhaha

Any idea for opensource cloud native p2s vpn (oidc, saml integration would be nice) ?

muhaha avatar
muhaha

seems that https://hub.kubeapps.com/charts/cloudposse/openvpn is integrated with github oidc only, i did not find any source code tho, generic oidc would be nice..

2020-06-24

roth.andy avatar
roth.andy

Anybody have experience building a Unity3D project in CI?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here - remember to post your questions. office hours starting in 30 minutes

chonan tsai avatar
chonan tsai

I would like to resurface old question since we have some updates:
we have some async tasks. maybe around 20+ or so. Some of them run at odd hours in the middle of the night and some of them can take up to 20 min to run. I want to get super alerted if something doesn’t run or fail to run. Looking for advice on dashboarding versus alerting. Currently, the team has been trained to keep a close eye on Sentry alerts that comes in thr Slack. We had email alerts from AWS in the past but the team got tuned out.
We are trying a few things to get basic monitoring setup. Looking for general validation.

  1. The async tasks are running on celery. Set up the APM for Celery then create monitors in DD for that.
  2. Use DD custom metrics. Basically a version of statsd
  3. DD Support staff recommended building a lambda function and crawling the log
  4. Build a custom agent through datadog
:--1:1
roth.andy avatar
roth.andy

I’m interested in discussing best practices around running terraform destroy in CI and any exception handling that may be used. Right now I just have terraform destroy in a after(always)) block. If terraform destroy fails the Jenkins build will fail, but I want to do something more to handle possible failure cases

:--1:1
roth.andy avatar
roth.andy

And the thing about building a Unity3D project in CI

Zoom avatar
Zoom
06:26:00 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:23 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:25 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:40 PM

Bircan Bilici has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:30 PM

David Scott has joined Public “Office Hours”

Bircan Bilici avatar
Bircan Bilici

Terraform currently does not support re-creation of resources if dependent object is changed or re-created. I’m talking about trigger like behaviour, but considering all other resources in general. It’s discussed here https://github.com/hashicorp/terraform/issues/8099 Do you know any other way to handle this in more elegant way, without using taint?

Update/replace resource when a dependency is changed · Issue #8099 · hashicorp/terraform

resource "foo" "bar" { foobar = "${file("foobar")}" } resource "bar" "foo" { depends_on = ["foo.bar"] } bar.foo is not modified…

Zoom avatar
Zoom
06:29:46 PM

Amin Amos has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:29 PM

Thomas Mundt has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:13 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:19 PM
Zoom avatar
Zoom
06:31:19 PM

David Medinets has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:40 PM

Ryan Moore has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:10 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:25 PM
Zoom avatar
Zoom
06:32:45 PM

Matt Gowie has joined Public “Office Hours”

Primoz Cankar avatar
Primoz Cankar

I have a question about cloudposse bastion and its integration to ping slack when someone connects. Its not working when its used just to directly tunnel through to another server. Also what’s the password for zoom?

Zoom avatar
Zoom
06:33:04 PM

Kurt O’Connor has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:17 PM

Latika Wadhwani has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:44 PM

CHONAN TSAI has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:30 PM

CHONAN TSAI has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:17 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:34 PM

Paul has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:00 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:13 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:13 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:28 PM

Andrea Bolandrina has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:48 PM

Santiago Campuzano has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:14 PM

PePe Amengual has joined Public “Office Hours”

muhaha avatar
muhaha
DIY Single Sign-On for SSH attachment image

Let’s set up Google SSO for SSH! We’ll use OpenID Connect (OIDC), SSH certificates, a clever SSH configuration tweak, and Smallstep’s open source packages.

Zoom avatar
Zoom
06:40:54 PM

Primoz Cankar has joined Public “Office Hours”

David Medinets avatar
David Medinets

I just realized I do have an ansible question. How can I name a resource like “centos-<timestamp>”?

Zoom avatar
Zoom
06:41:36 PM

babajide hassan has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:00 PM

Neil Gealy has joined Public “Office Hours”

David Medinets avatar
David Medinets

My question is actually a terraform question.

resource "aws_eip" "centos" {
  instance = aws_instance.centos.id
  vpc      = true
  tags = {
    Name = "centos-<TIMESTAMP>"
  }
}
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
formatdate - Functions - Configuration Language - Terraform by HashiCorp

The formatdate function converts a timestamp into a different time format.

Zoom avatar
Zoom
07:05:24 PM

Primoz Cankar has joined Public “Office Hours”

Zoom avatar
Zoom
07:10:34 PM

Santiago Campuzano has joined Public “Office Hours”

Gowiem avatar
Gowiem
gravitational/teleport

Secure Access for Developers that doesn’t get in the way. - gravitational/teleport

Secure Access for Developers attachment image

Secure Access and Compliance for SSH and Kubernetes

muhaha avatar
muhaha

opensource version can handle only github oidc :X

gravitational/teleport

Secure Access for Developers that doesn’t get in the way. - gravitational/teleport

Secure Access for Developers attachment image

Secure Access and Compliance for SSH and Kubernetes

:--1:2
Bircan Bilici avatar
Bircan Bilici

Name = “centos-${timestamp()}”

:--1:1
Zoom avatar
Zoom
07:30:35 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
09:32:03 PM

New Zoom Recording from our Office Hours session on 2020-06-24 is now available.

RB avatar

question for next office hours. upgrading a docker image in an ecs service with zero downtime with pokayoke in mind.

original thread from #aws: https://sweetops.slack.com/archives/CCT1E7JJY/p1593017494348900

One tool I’ve been looking for is one to update a task definition’s single container definition’s container image. Currently were using ugly fabfiles that do this that are copied and pasted everywhere and they typically recreate the task definition instead of reusing the one in terraform.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I have a question for today’s #office-hours, I don’t want to interrupt so I will just drop it here

What APM would you recommend for a Java Based application, and I can easily deploy on my Kubernetes cluster

2020-06-21

muhaha avatar
muhaha

Guys? I am looking for some tool ( nonexistant ) that is able to define projects in git monorepo ( similar to workflows in atlantis ) by fs path for example in yaml, json, etc ( I am using Gitlab CI, btw) Tool should be able:

• to detect changes in projects ( this will help to determine specific project to change in CI pipeline triggered by MR/PR ) via git diff

• run commands/tasks on changed projects

• to do basic conditions, like if multiple projects change detected ; then exit ; fi

• to do retries if error code of command/task != 0

• to timeout if command/taks is taking more than X seconds

• validate projects -> if contains specific files Of course it does not exist, currently I am using bunch of scripts, buts its not so good.

  1. i am using json file to define projects
  2. tests and looping are done via jq ( validating json schema )
  3. everything is bash ( a lot of non standard tools )
  4. changes are detected with git diff
  5. a lot of binaries needed, terraform,terragrunt What I found so far:

https://github.com/mumoshu/variant https://github.com/go-task/task , but these are more like only task runners.

Unfortunately monorepos are not ready yet, like if you dont want recursively find all projects, which is very inefficient…

muhaha avatar
muhaha

I did some prototype:

defaults:
  projects:
    single_project_change: true # fail if more than 1 project is changed
    validation: 
      - task: project:validate # run task to validate projects
    spec: # schema validation
      - id: name
        type: string
        required: yes
        unique: yes
      - id: path
        type: regex
        regex: .*
        required: yes
        unique: yes
      - id: name
        type: string
        required: no
        unique: no
      - id: cloud
        type: string
        oneof:
          - aws
          - gcp
          - azure
        required: yes
        unique: no         

projects:
  - name: foo
    path: foo/john/doe
    cloud: azure
    depends_on:
       - bar
  - name: bar
    path: bar/john/doe
    cloud: aws

vars:
  FOO: BAR

env:
  HOME: /home/abc/

tasks:
  before:
    run:
      - task: environment:validate
  main:
    environemnt:validate:
      run:
        - sh: command -v terraform 
      success_message: "ok"
      fail_message: "terraform binary not found"
      allow_exitcodes: 
        - 128
    project:validate:
      run: 
        - sh: if ! [ -d {{ .project.path }} ]; then printf 'non existant dir' exit 1; fi
        - sh: if ! [ -f {{ .project.path }}/main.tf ]; then printf 'no tf file' exit 1; fi
    terraform:validate:
      run:
        - sh: terraform validate {{ .project.path }}
    terraform:plan:
      run:
        - task: login:aws
          vars:
            - custom: var
            - custom2: var2
        - sh: echo {{ .task.login:aws.output.stdout.foo }}
        - sh: terraform plan {{ .project.path }}
    terraform:apply:
      run:
        - sh: terraform apply {{ .project.path }}
    login:aws:
      run:
        - sh: aws sso login
        - sh: aws sts get-caller-identity-o json
          output: foo
      timeout: 300
      retries: 3 # kill & start three times
    login:azure:
      run:
        - sh: az login
        - sh: az account status
          output: foo
      timeout: 300
      retries: 3
    logout:aws:
      run:
        - sh: aws logout 
      allow_fail: true
    logout:azure:
      run:
        - sh: az logout
      allow_fail: true
  after:
    run:
      - task: logout:aws
      - task: logout:azure




\#/bin/sh

/usr/local/bin/myCLI -h

commands:
  run_task # run task
  detect_changes # show what project was changed

vars:
  --auto-detect true
  -p PROJECT 
  --var foo=bar
  --env foo=bar
  

/usr/local/bin/myCLI run_task terraform:validate ( -p PROJECT )
/usr/local/bin/myCLI run_task terraform:plan ( -p PROJECT )
/usr/local/bin/myCLI run_task terraform:apply ( -p PROJECT )

inspired by gitlab-ci.yaml, taskfile, variant, ansible, https://github.com/mbtproject/mbt ..

@mumoshu would be nice to have something like this as variant alternative

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

btw, recommend starting with variant2 - as variant will probably receive less support. all engineering efforts are going into variant2 a total redesign based on HCL

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@muhaha will you be on the call today? (starting in 30 m)

muhaha avatar
muhaha

unfortunatelly no

muhaha avatar
muhaha

its just a description of “something”, I have hard times with monorepo …

2020-06-18

2020-06-17

Zoom avatar
Zoom
06:27:21 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:33 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:47 PM

Adam Crown has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://cloudposse.zoom.us/j/508587304

Zoom avatar
Zoom
06:29:00 PM

Brandon Wilson has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:10 PM

Joey Freeland has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:44 PM

Alex Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:55 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:09 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:29 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:40 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:56 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:56 PM
Zoom avatar
Zoom
06:31:50 PM

Stuart King has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:05 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:22 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:55 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:16 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:43 PM

Muhammed Soyer has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:45 PM

Joe Hosteny has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:58 PM

Mythreyee Sammeta has joined Public “Office Hours”

Mikael Fridh avatar
Mikael Fridh

Am I supposed to know the password already?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sweetops

:--1:1
Mikael Fridh avatar
Mikael Fridh

hah, I actually tried “SweetOps” without having any idea…

Zoom avatar
Zoom
06:35:44 PM

Omer Sen has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:51 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:04 PM

Mythreyee Sammeta has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:08 PM
Zoom avatar
Zoom
06:41:25 PM

Mikael Fridh has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:34 PM

eddie.wizelman has joined Public “Office Hours”

Marc Tanne avatar
Marc Tanne

Can use Kensis to make scaling Database driven so that Lambda step functions can perform customized health checks and update the DB, which then can forward the WAL logs (using WAL2JSON plugin) into another Lambda to trigger scaling actions based on the data being updated? https://aws.amazon.com/blogs/database/stream-changes-from-amazon-rds-for-postgresql-using-amazon-kinesis-data-streams-and-aws-lambda/

Zoom avatar
Zoom
06:42:33 PM

PePe Amengual has joined Public “Office Hours”

Alex Siegman avatar
Alex Siegman
Announcing Codefresh Runner: a foolproof, easy way to run pipelines on your own Kubernetes clusters. - Codefresh

Running and maintaining CI/CD infrastructure has long been a headache for engineering teams which has led to the popularity of SAAS solutions like Codefresh cloud. But for many, this doesn’t meet their strict security requirements or allow them to access on-prem code, artifacts, or other resources. To help those engineering teams, today we’re releasing Codefresh … Continued

Zoom avatar
Zoom
06:47:26 PM

Marcin Branski has joined Public “Office Hours”

joey avatar

not so much a question as much as a statement/comment of “whoa, where have i been” … but i started playing with localstack recently and am setting up a local development environment and ci/cd. pretty impressive stuff.

does anyone know if there are similar things for gcp and azure?

joey avatar

nice! thanks James!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Initial implementation of `terraform-aws-eks-fargate-profile` by aknysh · Pull Request #1 · cloudposse/terraform-aws-eks-fargate-profile

what Initial implementation of terraform-aws-eks-fargate-profile Add bats and Terratest Add Codefresh test pipeline why Provision an EKS Fargate Profile for Elastic Container Service for Kuberne…

Zoom avatar
Zoom
06:54:56 PM

Amin Amos has joined Public “Office Hours”

msoyer avatar
msoyer

Anyone using ECR image scanning as part of the CI/CD ?

Tim Birkett avatar
Tim Birkett

I have it enabled on some images on push but not synchronously as some sort of a quality gate.

Zoom avatar
Zoom
06:56:31 PM

James Huffman has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
AWS: aws_ecr_repository - Terraform by HashiCorp

Provides an Elastic Container Registry Repository.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Detect large-scale cryptocurrency mining attack against Kubernetes clusters

Azure Security Center’s threat protection enables you to detect and prevent threats across a wide variety of services from Infrastructure-as-a-Service (IaaS) layer to Platform-as-a-Service (PaaS)…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
bridgecrewio/checkov

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes and other infrastructure-as-code-languages with Checkov by Bridgecrew. - bridgecrewio/checkov

Zoom avatar
Zoom
07:02:11 PM

Bircan Bilici has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
omerfsen avatar
omerfsen

Bastille linux (http://bastille-linux.sourceforge.net/) not active anymore

omerfsen avatar
omerfsen

Cisecurity hardening

omerfsen avatar
omerfsen

Openscap

Zoom avatar
Zoom
07:04:36 PM

Michael Martin has joined Public “Office Hours”

omerfsen avatar
omerfsen

Opensource docker image scanning: trivy

omerfsen avatar
omerfsen

From aquasec

omerfsen avatar
omerfsen
aquasecurity/trivy

A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI - aquasecurity/trivy

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
A Guide to Kubernetes Admission Controllers

Author: Malte Isberner (StackRox) Kubernetes has greatly improved the speed and manageability of backend clusters in production today. Kubernetes has emerged as the de facto standard in container orchestrators thanks to its flexibility, scalability, and ease of use. Kubernetes also provides a range of features that secure production workloads. A more recent introduction in security features is a set of plugins called “admission controllers.” Admission controllers must be enabled to use some of the more advanced security features of Kubernetes, such as pod security policies that enforce a security configuration baseline across an entire namespace.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
uber/kraken

P2P Docker registry capable of distributing TBs of data in seconds - uber/kraken

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
MinIO | High Performance, Kubernetes Native Object Storage attachment image

MinIO’s High Performance Object Storage is Open Source, Amazon S3 compatible, Kubernetes Friendly and is designed for cloud native workloads like AI.

Mikael Fridh avatar
Mikael Fridh

Docker cache: My ideal is probably Nginx pull through cache in each cluster, upstreaming to ECR and possibly https://goharbor.io/ for the nifty management of things.

Harbor

Our mission is to be the trusted cloud native repository for Kubernetes

Mikael Fridh avatar
Mikael Fridh

in-cluster Storage - anyone used https://github.com/longhorn/longhorn ?

longhorn/longhorn

Cloud-Native distributed block storage built on and for Kubernetes - longhorn/longhorn

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
ekalinin/awsping

Console tool to check the latency to each Amazon EC2 region - ekalinin/awsping

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
[WIP] aws_autoscaling_group: add instance_refresh block by roberth-k · Pull Request #13791 · terraform-providers/terraform-provider-aws

Community Note Please vote on this pull request by adding a :–1: reaction to the original pull request comment to help the community and maintainers prioritize this request Please do not leave &quot;…

msoyer avatar
msoyer
Zabbix:: The Enterprise-Class Open Source Network Monitoring Solution attachment image

Highly scalable mature platform designed for real-time monitoring of millions of metrics collected from thousands of devices, applications, cloud resources

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

v0.13.0-beta2 0.13.0-beta2 (June 17, 2020) NOTES: backend/s3: Deprecated lock_table, skip_get_ec2_platforms, and skip_requesting_account_id arguments have been removed (#25134) backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Aws Testing With Localstack on Kubernetes attachment image

Aws Testing With Localstack on Kubernetes - Zachary Loeber’s Personal Site

omerfsen avatar
omerfsen
Network Latency Test Tool - Improve Response Time | SolarWinds

Need to measure, test, and reduce network latency? Download a free 30-day trial of Network Performance Monitor, a network latency testing and monitoring tool.

:--1:2
Chris O. avatar
Chris O.

any folks here with significant experience with DynamoDB?

Zoom avatar
Zoom
08:42:07 PM

New Zoom Recording from our Office Hours session on 2020-06-17 is now available.

2020-06-15

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i’m curious.. what do you guys use for continuous delivery/continuous integration/continuous release? i work at a smallish (~100 people) company and we’re generally jamming pretty hard on delivering product features instead of focusing on infrastructure. we use kubernetes and some folks use a service mesh, but not all, and we don’t always use the same clusters for various reasons.

some of the options i’ve considered (from cncf landscape) are flagger (requires service mesh) and spinnaker (gold standard? heavy weight). i suspect armory is above what i’m able to pay for a saas-type solution, and with limited time to focus on this specifically, flagger (service mesh) and spinnaker (learning curve/setup/maintenance?) i suspect is just overkill.

the other option i think i’m most likely to implement because it’s fast and easy is just using a separate deployment in the same cluster and weighted dns to serve some small percentage of traffic to a canary deployment and continuously deploy there first.

any thoughts/feedback appreciated.

rahulm4444 avatar
rahulm4444

is aws moving away from docker? Aws fargate 1.4(latest version) is using containerd(https://containerd.io) instead of docker as runtime engine.. https://aws.amazon.com/blogs/containers/under-the-hood-fargate-data-plane/

containerd

An industry-standard container runtime with an emphasis on simplicity, robustness, and portability

Under the hood: AWS Fargate data plane | Amazon Web Services attachment image

Today, we launched a new platform version (1.4) for AWS Fargate, which bundles a number of new features and capabilities for our customers. You can read more about these features in this blog post. One of the changes we are introducing in platform version 1.4 is replacing Docker Engine with Containerd as Fargate’s container execution […]

ismail yenigul avatar
ismail yenigul

yes it is.

---------- Forwarded message ---------
From: Amazon Web Services, Inc. <[email protected]>
Date: Tue, Jun 9, 2020 at 2:55 AM
Subject: AWS Fargate Platform Version LATEST Flag Update [AWS Account: ]


Hello,

In the coming few months, AWS Fargate will update the LATEST flag to Platform Version (PV) 1.4.0. This means all new Amazon Elastic Container Service (ECS) Tasks or ECS Services that use the Fargate launch type and have the platformVersion field in their Task Definition set to LATEST will automatically resolve to PV 1.4.0. For customers who use Amazon VPC Endpoints along with their ECS tasks running on Fargate, the new platform version has changes that may require customer action. For more information see the FAQs below. If you do not use VPC endpoints for Amazon ECR, AWS Secrets Manager or AWS Systems Manager no action is necessary.

How does this impact me?
Customers who have set up VPC endpoints for Amazon ECR, AWS Secrets manager or AWS Systems Manager need to perform below steps:
  1. Add ecr.api to their Amazon ECR VPC endpoint.
  2. Ensure the AWS Secrets Manager or Systems Manager AWS VPC endpoint interfaces are added to the VPCs and subnets that are used by ECS services or ECS tasks that run on Fargate.
  3. Ensure the security group in the Elastic Network Interface (ENI) associated with the task has rules to allow traffic from the task to VPC endpoints.
containerd

An industry-standard container runtime with an emphasis on simplicity, robustness, and portability

Under the hood: AWS Fargate data plane | Amazon Web Services attachment image

Today, we launched a new platform version (1.4) for AWS Fargate, which bundles a number of new features and capabilities for our customers. You can read more about these features in this blog post. One of the changes we are introducing in platform version 1.4 is replacing Docker Engine with Containerd as Fargate’s container execution […]

rahulm4444 avatar
rahulm4444

Till 1.3 version of aws fargate it was using docker as it’s runtime engine

2020-06-11

2020-06-10

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Office Hours starting in 15 minutes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Make sure to post your questions

Zoom avatar
Zoom
06:26:21 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:26 PM

Kurt O’Connor has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://cloudposse.zoom.us/j/508587304

Zoom avatar
Zoom
06:27:11 PM

Dan Overholt has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:19 PM

Vijay Ravi has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:24 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:25 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:38 PM

David Medinets has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:05 PM

HariPrasad Venkatanarayana has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:07 PM

eddie.wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:17 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:31 PM

Aarat Nathwani has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:37 PM

Adam Crown has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:02 PM

Adam Crews has joined Public “Office Hours”

David Medinets avatar
David Medinets

i am hearing no sound.

roth.andy avatar
roth.andy

Sound seems to be working fine. Something on your end?

David Medinets avatar
David Medinets

youtube is working fine. I can’t join from the browser. I don’t know what is wrong.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(youtube is just for past recordings; no live streaming to youtube)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@ were you able to get the audio working? are you using the Zoom client or web UI?

David Medinets avatar
David Medinets

I was using the zoom client on ubuntu. I have not had any audio issues in the past using zoom. I was not able to get audio working.

David Medinets avatar
David Medinets

To follow-up. I ran into this audio issue again. When I connected via the browser, I heard audio.

Zoom avatar
Zoom
06:29:27 PM
Zoom avatar
Zoom
06:30:25 PM

Omer Sen has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:38 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:50 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:02 PM

Jie Chen has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:11 PM

Latika Wadhwani has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:50 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:15 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:59 PM

Jim Park has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:21 PM

Bircan Bilici has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:24 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:36 PM

Hilal Jaffan has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:54 PM

Amin Amos has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:01 PM

Jeremy Schuller has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:26 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
06:49:49 PM

Andrew Elkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:10 PM

Thomas Mundt has joined Public “Office Hours”

Zoom avatar
Zoom
07:03:47 PM

Brian Tai has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
10 most common mistakes using kubernetes attachment image

We had the chance to see quite a bit of clusters in our years of experience with kubernetes (both managed and unmanaged - on GCP, AWS and Azure), and we see some mistakes being repeated. No shame in that, we’ve done most of these too! I’ll try to show the ones we see very often and talk a bit about how to fix them.

Zoom avatar
Zoom
07:10:55 PM

Eric Berg has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles for Kubernetes - cloudposse/helmfiles

Alex Siegman avatar
Alex Siegman
Metric and label naming | Prometheus

An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Alex Siegman have a link handy to the 2-tier web architecture recommendation?

rahulm4444 avatar
rahulm4444

For connecting internal alb to nlb, lambda functions can be used.

Alex Siegman avatar
Alex Siegman

you know, i’ve referenced it a bunch of times and i just cannot find it, they’ve changed how the site is with their new well-architected stuff, i’m looking though

rahulm4444 avatar
rahulm4444

“Before now, you had to choose either the benefits of NLB or the benefits of ALB, but you couldn’t have both together. This blog post shows you how to have your cake and eat it too, by putting an Application Load Balancer behind a Network Load Balancer.”

rahulm4444 avatar
rahulm4444
Using static IP addresses for Application Load Balancers | Amazon Web Services attachment image

Update: You can use AWS Global Accelerator to get static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers or Amazon EC2 instances. These IP addresses are announced from multiple AWS edge locations at the […]

Alex Siegman avatar
Alex Siegman

the picture at the top of this blog is what i was referring to though https://blog.stratus10.com/aws-best-practices-3-tier-infrastructure

AWS Best Practices: 3-Tier Infrastructure attachment image

AWS Best Practices: 3 Tier Architecture. An infrastructure pattern for best availability, scalability, and security.

Alex Siegman avatar
Alex Siegman

but those used to be available directly from amazon with accompanying materials

Zoom avatar
Zoom
08:59:14 PM

New Zoom Recording from our Office Hours session on 2020-06-10 is now available.

2020-06-05

2020-06-03

Robert Horrox avatar
Robert Horrox

Maybe this isn’t so much of an office hours question than a request so let me know if its misfiled. Does anyone have any experience with https://github.com/pomerium/pomerium?

pomerium/pomerium

Pomerium is an identity-aware access proxy. Contribute to pomerium/pomerium development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just a reminder: today we have a special guest speaker (@) who will be answering questions related to Cloud Formation.

:--1:2
Zoom avatar
Zoom
06:27:57 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:22 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:32 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:44 PM

Chuck Gehman has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:56 PM

Dan Overholt has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:00 PM

Thomas Mundt has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:32 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:34 PM

tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:31 PM

zloeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:43 PM

Vijay Ravi has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:05 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:21 PM

Adam Crown has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:23 PM

Stephanie Koerlin has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:47 PM

Ben Wart has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:53 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:56 PM

Igor Miltchman has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:06 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:15 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:41 PM

Joe Hosteny has joined Public “Office Hours”

OliverS avatar
OliverS

Not on topic of cloudformation but if you have time:

I’m creating an EKS cluster with the cloudposse EKS cluster module, and running kubectl apply from the main.tf (using a localfile with localexec). Sometimes the kubectl apply gets run before the kube api server is ready, so I’m wondering what is the recommended way to deal with that: time_sleep resource? a way to indicate dependency so the localexec does not run too early? a way to only run the kubectl exec once API responds? (actually that will work for sure if I write a bash script that loops until kubectl apply works).

Zoom avatar
Zoom
06:41:27 PM

Jie Chen has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:25 PM

Blaise pabon has joined Public “Office Hours”

Dan Overholt avatar
Dan Overholt

Question for Chuck: We have a series of CloudFormation scripts that collectively add up to our stack. Only one contains a series of nested scripts. We would like to be able to combine 20+ cloudformation scripts into one execution to create a new Dev stack and subsequently be able to destroy that when necessary. Is this an appropriate use for Service Catalog or what is the recommended approach?

Marc Tanne avatar
Marc Tanne

^^^

Alex Siegman avatar
Alex Siegman

Cloudformation Question: I’ve used CF extensively at past roles, but my recollection is that if a resource was not initially created with CF, you couldn’t really manage that resource with CF ever in it’s lifetime. Recreation might be fine for ephemeral stuff, but for data stores and things it’s not always practical. How does CF handle that kind of scenario where you might need to import an existing resource in to a stack?

Zoom avatar
Zoom
06:52:36 PM

Ola Ade has joined Public “Office Hours”

Zoom avatar
Zoom
06:53:32 PM

Harry Moreno has joined Public “Office Hours”

Zoom avatar
Zoom
06:55:31 PM

Ben Wart has joined Public “Office Hours”

Zoom avatar
Zoom
06:57:02 PM

Blaise pabon has joined Public “Office Hours”

Zoom avatar
Zoom
06:57:13 PM

HariPrasad Venkatanarayana has joined Public “Office Hours”

Zoom avatar
Zoom
06:59:38 PM

Alex Vorona has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
New – Import Existing Resources into a CloudFormation Stack | Amazon Web Services attachment image

With AWS CloudFormation, you can model your entire infrastructure with text files. In this way, you can treat your infrastructure as code and apply software development best practices, such as putting it under version control, or reviewing architectural changes with your team before deployment. Sometimes AWS resources initially created using the console or the AWS Command […]

Zoom avatar
Zoom
07:01:40 PM

ola server has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Search results attachment image

The Python Package Index (PyPI) is a repository of software for the Python programming language.

Chuck Gehman avatar
Chuck Gehman
jasonumiker/k8s-plus-aws-gitops

An approach for GitOps of AWS backing resources like databases with CodePipeline together with Kubernetes via Flux - jasonumiker/k8s-plus-aws-gitops

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
awslabs/cdk8s

Define Kubernetes native apps and abstractions using object-oriented programming - awslabs/cdk8s

SlackBot avatar
SlackBot
07:07:10 PM

This message was deleted.

1
Zoom avatar
Zoom
07:07:38 PM

eddie.wizelman has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
TerraStackIO/terrastack

Polyglot Terraform. Contribute to TerraStackIO/terrastack development by creating an account on GitHub.

OliverS avatar
OliverS

Terrastack uses https://github.com/aws/jsii: “[jsii] allows code in any language to naturally interact with JavaScript classes. It is the technology that enables the AWS Cloud Development Kit to deliver polyglot libraries from a single codebase”

aws/jsii

jsii allows code in any language to naturally interact with JavaScript classes. It is the technology that enables the AWS Cloud Development Kit to deliver polyglot libraries from a single codebase!…

aws/aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code - aws/aws-cdk

1
OliverS avatar
OliverS

Maybe not first but probably in the first 3 The 2 others are:

Learn CloudFormation came out in July 2018

Mastering CloudFormation just came out this month

:--1:1
OliverS avatar
OliverS

Question: when I used CloudFormation last summer on one project the most frustrating aspect was when the stack being updated had a mistake then would rollback and even the rollback failed. How do you avoid this?

Zachary Loeber avatar
Zachary Loeber

@Erik Osterman (Cloud Posse) Early in this meeting you talked about the 4 layers that comprises infrastructure, did you have an article that goes over the layers and such?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Unfortunately, no - it’s something I really need to write up, however

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Zachary Loeber avatar
Zachary Loeber

You have mentioned it a few times, I for one would like to drink more koolaide please

1
Zachary Loeber avatar
Zachary Loeber

Zoom avatar
Zoom
07:28:46 PM

Eric Berg has joined Public “Office Hours”

OliverS avatar
OliverS

@Erik Osterman (Cloud Posse) definitely interested in that ebook AWS CF in Action

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

DM’d you the code

Chuck Gehman avatar
Chuck Gehman

Peter Sbarski from ACloudGuru wrote the serverless book

Chuck Gehman avatar
Chuck Gehman

This book, AWS Security is by Dylan Shields… 5 chapters in the MEAP preview program, https://www.manning.com/books/aws-security

Chuck Gehman avatar
Chuck Gehman

Thanks again everyone! Thanks Erik!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @! really enjoyed having you on our session today

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Discount code podposse20 (40% off) or DM me for 100% off coupon.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also, just a reminder - if you’re an expert on tools like Flux, Argo, Jenkins on Kubernetes, Open Policy Agent, Pulumi, Serverless, etc - hit me up. I would love to have a deeper conversation around some of these tools and your real-world experiences on one of our upcoming office hours

James Huffman avatar
James Huffman

I’ve been using Jenkins in Kubernetes for almost 2 years now. I’d love to talk about it.

:--1:1
Zoom avatar
Zoom
08:38:40 PM

New Zoom Recording from our Office Hours session on 2020-06-03 is now available.

    keyboard_arrow_up