#office-hours (2020-07)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Meeting password: sweetops

2020-07-29

Brian avatar
Brian

wondering if you guys have any tips around kubernetes dns benchmarking and debugging. dealing with intermittent hostname resolution failures to external hostnames with coredns. networking isn’t a strong point of mine and would love to hear if you guys made any dns optimisations on k8s and have any advice on how to gain visibility to start troubleshooting this

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

got it! we’ll bring it up today

Brian avatar
Brian

@Erik Osterman (Cloud Posse) brian here, enjoyed this week’s office hours. should i post again next week to hear your thoughts on this topic?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ahk! I started adding it to my slides and got pull aside. Yes, let’s repost for next week. Sorry!

Brian avatar
Brian

thanks!

OliverS avatar
OliverS

@ where are you running this? I’ve faced this in minikube but not elsewhere (knock on wood!).

Brian avatar
Brian

@ aws via kops.

    .:53 {
        errors
        health {
          lameduck 5s
        }
        kubernetes cluster.local. in-addr.arpa ip6.arpa {
          pods insecure
          upstream
          fallthrough in-addr.arpa ip6.arpa
        }
        prometheus :9153
        forward . /etc/resolv.conf
        loop
        cache 30
        loadbalance
        reload
    }
Brian avatar
Brian

currently have datadog to monitor SERVFAIL and trying to benchmark using https://github.com/kubernetes/perf-tests/tree/master/dns

kubernetes/perf-tests

Performance tests and benchmarks. Contribute to kubernetes/perf-tests development by creating an account on GitHub.

Brian avatar
Brian

and being alerted via sentry

OperationalError: could not translate host name "[REDACTED].[us-east-1.rds.amazonaws.com](http://us\-east\-1\.rds\.amazonaws\.com)" to address: Try again
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

what’s your timeout for a DNS response?

Brian avatar
Brian

can you elaborate a bit? networking isn’t my strong suit. if it’s a configurable on the coredns or kubernetes side, i believe it’s left at the default value. if you’re asking how long til it times out, unsure how to check

Brian avatar
Brian

@Erik Osterman (Cloud Posse) curious about your /quiz link. is that strictly for business, or is it also an open forum for discussion topics?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha, it’s “top of the funnel” - suppose you could ask a question in one of the free form fields.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so client libraries that perform DNS lookups will typically have a DNS timeout. Additionally, DNS is by default of UDP so timeouts play a big role. If your timeout is 25ms for a DNS lookup, it could look like a DNS failure, but really it was just an aggressive timeout

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I would first extend the timeouts and see if it alleviates any of the problems. If not, then restore it and keep digging into it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you operating on EKS?

Brian avatar
Brian

we’re using kops on aws with coredns, no eks. we have about 4000 pods running on ~60 nodes autoscaling in and out.

if my metrics are correct, we have a max of 0.8ms coredns request latency at the time we started getting several SERVFAILs with 1.5k queries per second

going to look into our dns timeouts and see what’s that at

Brian avatar
Brian

btw thanks for taking your time to assist

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also investigate the the load on your masters. K8S hates loaded masters due to raft consensus. Make sure your running the appropriate size masters for your cluster size. There are best practices guides for this out there, but not sure off the top of my head.

Vlad Ionescu avatar
Vlad Ionescu

DNS benchmarking and optimizations( EKS focused, but it’s not tied to that): https://www.vladionescu.me/posts/eks-dns.html

NodeLocalDNS is the usual way to handle it.

Also, move from TCP to UDP as many configs do default to TCP

Brian avatar
Brian

arg. meetings made me miss this week. @Erik Osterman (Cloud Posse) did you address this topic? looking forward to checking out the recap

Brian avatar
Brian

@Vlad Ionescu thanks for the links

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we did! a video recording will be shared shortly

Zoom avatar
Zoom
06:23:29 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Vucomir Ianculov avatar
Vucomir Ianculov

Hi, i was using EKS worker nodes in the past our our staging ENV and now i would like to switch to terraform-aws-eks-node-group my question is

  1. if i use terraform-aws-eks-node-group is there a way to encrypt the disk and also set scaling policy(CPU limit) ?
  2. if i use EKS worker nodes is there a way to automatically drain nodes before removing them, at the moment i’m using termination_policies = ["OldestInstance", "OldestLaunchConfiguration", "Default"] ?
cloudposse/terraform-aws-eks-node-group

Terraform module to provision an EKS Node Group. Contribute to cloudposse/terraform-aws-eks-node-group development by creating an account on GitHub.

Zoom avatar
Zoom
06:24:51 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:25:06 PM

Ianculov Vucomir has joined Public “Office Hours”

Zoom avatar
Zoom
06:25:26 PM

Robert Jackson has joined Public “Office Hours”

Zoom avatar
Zoom
06:25:27 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:25:28 PM

Andrew Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:03 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:42 PM

James Gray has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:45 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:24 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:34 PM

James Gray has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:35 PM

Denis Tomakhin has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:51 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:57 PM

nitro code has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:46 PM

Robert Horrox has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:49 PM

Brian Choy has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:57 PM

Gabriel Tam has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:02 PM

Rahul has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:11 PM

Ayrton Araújo has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:48 PM

Nathaniel Alconcel has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:42 PM

John Mitchell has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański
github/roadmap

GitHub public roadmap. Contribute to github/roadmap development by creating an account on GitHub.

Marcin Brański avatar
Marcin Brański
github/renaming

Guidance for changing the default branch name for GitHub repositories - github/renaming

Zoom avatar
Zoom
06:36:17 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:41 PM

Andrew Elkins has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański
aquasecurity/kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark - aquasecurity/kube-bench

Zoom avatar
Zoom
06:38:05 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:42 PM

hari b has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański
AWS re:Invent attachment image

Join the AWS Cloud Community

Marcin Brański avatar
Marcin Brański
asobti/kube-monkey

An implementation of Netflix’s Chaos Monkey for Kubernetes clusters - asobti/kube-monkey

Zoom avatar
Zoom
06:40:17 PM

Marc Tamsky has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:14 PM

Jay Simoni has joined Public “Office Hours”

Zoom avatar
Zoom
06:43:53 PM

Vladimir Samoylov has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:05 PM

Vicken Simonian has joined Public “Office Hours”

Zoom avatar
Zoom
06:57:52 PM

Gabriel Tam has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
aws/aws-node-termination-handler

A Kubernetes Daemonset to gracefully handle EC2 instance shutdown - aws/aws-node-termination-handler

Zoom avatar
Zoom
06:59:04 PM

Adam Crown has joined Public “Office Hours”

roth.andy avatar
roth.andy
kubernetes/autoscaler

Autoscaling components for Kubernetes. Contribute to kubernetes/autoscaler development by creating an account on GitHub.

Zoom avatar
Zoom
07:02:44 PM

Babajide Hassan has joined Public “Office Hours”

Zoom avatar
Zoom
07:02:57 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
07:06:33 PM

Adam Crown has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-datadog-integration

Terraform Module for integration DataDog with AWS. Contribute to cloudposse/terraform-aws-datadog-integration development by creating an account on GitHub.

Zoom avatar
Zoom
07:16:52 PM

Blaise Pabon has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Amazon Timestream

Amazon Timestream is a fast, scalable, fully managed time series database service for IoT and operational applications that makes it easy to store and analyze trillions of events per day at 1/10th the cost of relational databases.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles for Kubernetes - cloudposse/helmfiles

Vucomir Ianculov avatar
Vucomir Ianculov
EKSworkshop.com attachment image

Amazon EKS Workshop

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

wondering if you guys have any tips around kubernetes dns benchmarking and debugging. dealing with intermittent hostname resolution failures to external hostnames with coredns. networking isn’t a strong point of mine and would love to hear if you guys made any dns optimisations on k8s and have any advice on how to gain visibility to start troubleshooting this

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’re at that point at which we need to set up something like PagerDuty.  I’ve heard OpsGenie mentioned here and we are an Atlassian Cloud shop, but i’ve used PD in the past.  We’re a small shop at this point (< 20 devs/ops people) and we’ll start with just one or two rota.

Sorry if this has been discussed before, but any input or suggestions to help make the choice would be appreciated.

Zoom avatar
Zoom
08:39:25 PM

New Zoom Recording from our Office Hours session on 2020-07-29 is now available.

RB avatar

anyone create a custom github homebrew tap in a private repo ? getting authorization errors

2020-07-28

techgirl avatar
techgirl

I’m here! What’d I miss?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha! a lot…. but you’re in luck, we have it all recorded.

https://www.youtube.com/c/CloudPosse/videos

Cloud Posse

We’re a DevOps accelerator. That means we help companies own their infrastructure in record time by building it with you and then showing you the ropes. If t…

2020-07-27

RB avatar

anyone use a module to create scheduled ecs tasks ? looking at this module, but open to other modules too.

https://github.com/turnerlabs/terraform-ecs-fargate-scheduled-task

PePe avatar

we have created schedule tasks in ecs

anyone use a module to create scheduled ecs tasks ? looking at this module, but open to other modules too.

https://github.com/turnerlabs/terraform-ecs-fargate-scheduled-task

PePe avatar

it was so little code we did not created a module

PePe avatar

ahhh this uses a cloudwatch event , that is very different of what we did

RB avatar

yea, and we use cloudwatch event too. im looking at this module now.

module "ecs_scheduled_task" {
  source                = "git::<https://github.com/tmknom/terraform-aws-ecs-scheduled-task.git?ref=tags/2.0.0>"
  name                  = "example"
  schedule_expression   = "rate(3 minutes)"
  container_definitions = var.container_definitions
  cluster_arn           = var.cluster_arn
  subnets               = var.subnets
}
RB avatar

super simple

RB avatar

you can also pass in an iam role instead of th emodule creating one for you

PePe avatar

that is cool, we use ec2+ecs and we use a cron sidecard

RB avatar

interesting setup. any reason to not use cloudwatch cron ?

RB avatar

or is it to safe money ? or convenience?

PePe avatar

no reason, I did not know you could do it that way

PePe avatar

the cron work very well for us because it ingest data once is created

PePe avatar

and that data is on a s3 bucket on a schedule too

RB avatar

ah i see. yea the cw method is convenient. i havent done it the other way.

RB avatar

How does everyone here create golden amis with toggles ? such as if you want instance X to use AMI1 with datadog and instance Y to use AMI1 without datadog, you wouldn’t build a whole new AMI, you’d have some kind of flag or feature toggle, right?

Would love to here thoughts on this. I’m wondering if we can do something with SSM or tagging on instances to use as toggles.

1

2020-07-24

2020-07-23

RB avatar

does anyone use some kind of self hosted code searching tool? looking at opengrok but also see others like hound (4.4k stars) and google code search (2.4k stars)

https://github.com/hound-search/hound

https://github.com/google/codesearch

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

for webbased search? e.g. something like the (paid) algoia

does anyone use some kind of self hosted code searching tool? looking at opengrok but also see others like hound (4.4k stars) and google code search (2.4k stars)

https://github.com/hound-search/hound

https://github.com/google/codesearch

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ohhh code search

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

never mind.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haven’t looked around lately. hound looks nice.

RB avatar

ya. we did a hack week this week and i wish i had taken a step back and found hound sooner

RB avatar

opengrok is such a PITA to setup and hound even notes that in their blog post about hound in 2015 lol

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

would be rad if we had [search.cloudposse.com](http://search\.cloudposse\.com) to find stuff faster.

RB avatar

ohhhh maaaaan

RB avatar

github search is “good enough” sometimes but i do like regex searches like opengrok / hound

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ya….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@btai AWS updated the issue today regarding pod density on EKS. Not sure if it’s a coincidence or not, since I escalated this to AWS yesterday via our rep.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
[EKS]: Next Generation AWS VPC CNI Plugin · Issue #398 · aws/containers-roadmap

We are working on the next version of the Kubernetes networking plugin for AWS. We&#39;ve gotten a lot of feedback around the need for adding Kubenet and support for other CNI plugins in EKS. This …

btai avatar
This will allow for all worker nodes to support at least the Kubernetes recommended pods per node thresholds (min(110, 10*#cores))

for an r4.2xlarge that’s still only 80 pods.

(our max pod count is 200 — we’ve not had issues running w/ this setting for years)

[EKS]: Next Generation AWS VPC CNI Plugin · Issue #398 · aws/containers-roadmap

We are working on the next version of the Kubernetes networking plugin for AWS. We&#39;ve gotten a lot of feedback around the need for adding Kubenet and support for other CNI plugins in EKS. This …

RB avatar

anyone create a custom github homebrew tap in a private repo ? getting authorization errors

Eric Berg avatar
Eric Berg

Hey, all, what was the tool that was mentioned on the last office-hours, that wipes out all of the resources in an aws account? Thanks!

Eric Berg avatar
Eric Berg

Could have been AWS Nuke

rebuy-de/aws-nuke

Nuke a whole AWS account and delete all its resources. - rebuy-de/aws-nuke

1
RB avatar

yep thats a fantastic one

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s the one we are using

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/testing.cloudposse.co

Example Terraform Reference Architecture that implements a Geodesic Module for an Automated Testing Organization in AWS - cloudposse/testing.cloudposse.co

Eric Berg avatar
Eric Berg

Cool! Thanks, @Erik Osterman (Cloud Posse)! Excellent example. You’re brave.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s our testing account - designed to be nuked

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s even inside of a totally separate AWS organization that shares nothing

Eric Berg avatar
Eric Berg

I ran it on the new account i was working on yesterday. VEEEEEERY sharp! Super powerful, but i killed too much IAM stuff and had to just trash the account and tart over. Good to know about this though.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Lol, exactly - very easy to blow your leg off

2020-07-22

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here Remember to post your questions for today’s office hours starting in 25 minutes

Zoom avatar
Zoom
06:26:48 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:12 PM

Andrew Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:16 PM

Phil Chen has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:55 PM

Babajide Hassan has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:57 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:20 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:39 PM

Rob Flesher has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:02 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:36 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:18 PM

Latika Wadhwani has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:19 PM

kevin chan has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:19 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:27 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:21 PM

Andrey Nazarov has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:36 PM

Nathaniel Alconcel has joined Public “Office Hours”

Andrey Nazarov avatar
Andrey Nazarov

Finally, my first online office-hours:)

:100:1
Zoom avatar
Zoom
06:35:04 PM
Andrey Nazarov avatar
Andrey Nazarov

Pulumi guys say you can just pack everything into npm package or whatever and reuse it this way;)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

which is fine and all if you’re starting from ground zero

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but not if your org has a significant investment into terraform modules

:100:1
Zoom avatar
Zoom
06:38:06 PM

Reet Chowdhary has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański
philips-labs/terraform-aws-github-runner

Terraform module for scalable GitHub action runners on AWS - philips-labs/terraform-aws-github-runner

CDK for Terraform: Enabling Python & TypeScript Support

Cloud Development Kit for Terraform, a collaboration with AWS Cloud Development Kit (CDK) team. CDK for Terraform allows users to define infrastructure using TypeScript and Python while leveraging the hundreds of providers and thousands of module definitions provided by Terraform and the Terraform ecosystem.

Release v0.13.0-rc1 · hashicorp/terraform

0.13.0-rc1 (July 22, 2020) BUG FIXES: command/init: Fix confusing error message for locally-installed providers with invalid package structure (#25504) core: Prevent outputs from being evaluated d…

Cloud Posse

We’re a DevOps accelerator. That means we help companies own their infrastructure in record time by building it with you and then showing you the ropes. If t…

Zoom avatar
Zoom
06:43:42 PM

Neil Gealy has joined Public “Office Hours”

Reet Chowdhary avatar
Reet Chowdhary

Hey guys, my company is planning on moving from a monolith progressively to a microservices architecture. We’re planning on using Docker and Kubernetes via EKS to manage the packaging and deployment. There’s a whole bunch of considerations but one question I have:

• What is the interaction between terraform (which we’re already using) and these build/deploy tools

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sorry I missed this. We’ll answer this next week =)

Zoom avatar
Zoom
06:53:52 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
07:06:06 PM

Neil Gealy has joined Public “Office Hours”

roth.andy avatar
roth.andy
quay/container-security-operator

Identify image vulnerabilities in Kubernetes pods. Contribute to quay/container-security-operator development by creating an account on GitHub.

Vucomir Ianculov avatar
Vucomir Ianculov

Hi, i was using EKS worker nodes in the past our our staging ENV and now i would like to switch to terraform-aws-eks-node-group my question is

  1. if i use terraform-aws-eks-node-group is there a way to encrypt the disk and also set scaling policy(CPU limit) ?
  2. if i use EKS worker nodes is there a way to automatically dain nodes before removing them, at the moment i’m using termination_policies = ["OldestInstance", "OldestLaunchConfiguration", "Default"] ?
cloudposse/terraform-aws-eks-node-group

Terraform module to provision an EKS Node Group. Contribute to cloudposse/terraform-aws-eks-node-group development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sorry I missed this. We’ll answer this next week

cloudposse/terraform-aws-eks-node-group

Terraform module to provision an EKS Node Group. Contribute to cloudposse/terraform-aws-eks-node-group development by creating an account on GitHub.

Vucomir Ianculov avatar
Vucomir Ianculov

thanks i joined at the end as i did not see my calendar notification, will be in the next week meeting as well

Zoom avatar
Zoom
07:17:16 PM

Ianculov Vucomir has joined Public “Office Hours”

Zoom avatar
Zoom
07:18:57 PM

Juan Soto has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański

https://github.com/jantman/awslimitchecker
A script and python module to check your AWS service limits and usage, and warn when usage approaches limits
Much more robust than Trusted Advisor (which supports limits in paid plan).

jantman/awslimitchecker

A script and python package to check your AWS service limits and usage via boto3. - jantman/awslimitchecker

roth.andy avatar
roth.andy
Using Cost Allocation Tags - AWS Billing and Cost Management

Use tags to categorize and track your AWS costs with your monthly and hourly cost allocation reports.

Zoom avatar
Zoom
07:30:22 PM

Bircan Bilici has joined Public “Office Hours”

Zoom avatar
Zoom
08:44:29 PM

New Zoom Recording from our Office Hours session on 2020-07-22 is now available.

2020-07-16

muhaha avatar
muhaha

Guys? I am looking for a some tool that can handle installing/updating binary packages in linux ( a lot of binaries like helm, helmfile, kustomize, ytt does not have any package maintainer - os, flatpak, snap, nixos ). Not all packages are available as assets for downloading via github ( helm ), some some logic for “curling” new version would be fine. Any ideas?

muhaha avatar
muhaha

can https://github.com/variantdev/mod help with this ?

variantdev/mod

Missing package manager for any task runners and build tools e.g. make and variant - variantdev/mod

roth.andy avatar
roth.andy

Asdf

roth.andy avatar
roth.andy
asdf-vm/asdf

Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more - asdf-vm/asdf

:--1:1
Daniel Pilch avatar
Daniel Pilch

Why not create a make file for pulling in all binaries and building a package for your specific flavor of Linux e.g. rpm/deb

muhaha avatar
muhaha

Thanks

Matt Gowie avatar
Matt Gowie

+1 for asdf but you can also go the docker approach and wrap your toolkit in a Docker image that you update periodically. You then need to execute everything through Docker but it’s very portable and easy to spin up others on.

AFAIU, this is what CP’s geodesic tool is.

Marcin Brański avatar
Marcin Brański

ansible is also an option

:--1:4

2020-07-15

Andy avatar

Is there a page somewhere with the talking points for each previous episode of Office Hours?

Andy avatar

Or links to Erik’s Google Sheet presentations?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hey @, we have @andymiguel04 working on updating our show notes for this

:100:1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Right now, our slides are not yet published anywhere… but rest assured we are working on it! (only 50 hours of video to go - haha)

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Remember to post your questions for today’s office hours starting in 10 minutes

Zoom avatar
Zoom
06:29:07 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:09 PM

Alex Siegman has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:10 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:30 PM

Stephen Lucero has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here our devops #office-hours starting now! join us to talk shop zoom https://cloudposse.zoom.us/j/508587304

Zoom avatar
Zoom
06:30:28 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:30 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:30 PM

Andrew Elkins has joined Public “Office Hours”

Eric Berg avatar
Eric Berg

I’ve set up TF to spin up our entire stack, from the VPC on up to the helm charts. This same code will be used to spin up each client environment. My question is about whether to use workspaces or another approach to minimize code duplication and facilitate management of each installation.

Zoom avatar
Zoom
06:33:39 PM

Jose Netto has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:48 PM

HariPrasad Venkatanarayana has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:08 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:31 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:55 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:32 PM

Sai Veerepalli has joined Public “Office Hours”

Stephen Lucero avatar
Stephen Lucero

We build and host a wide variety of web applications and I’m working on getting our CI processes up to speed with some standardized default coding standards enforcement. Ideally I can centralize these and other project-agnostic configuration files, but still incorporate them into projects that don’t have them in place at build/testing time to ensure the latest configuration is always being used.

I’m trying to identify the best strategy and tool for this.

Zoom avatar
Zoom
06:39:04 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:55 PM

Zadkiel AHARONIAN has joined Public “Office Hours”

Zoom avatar
Zoom
06:43:20 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:17 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:49:58 PM

Adam Crown has joined Public “Office Hours”

Sai Krishna avatar
Sai Krishna

I am new to terraform - I have written a terraform module to create AWS CodePipelines that me and my team can use to create multiple pipelines. All pipeline’s module definitions are under a single main.tf file though I am passing multiple tfvars files. When I run terraform plan I see that terraform is planning to modify existing resource rather than creating new one, I have tf state store in an S3 bucket.

Zoom avatar
Zoom
07:09:22 PM

Babajide Hassan has joined Public “Office Hours”

Zoom avatar
Zoom
07:11:11 PM

Andy has joined Public “Office Hours”

Zoom avatar
Zoom
07:22:27 PM

Zadkiel AHARONIAN has joined Public “Office Hours”

Andy avatar

If you’re on AWS and a company trying to improve your Infrastructure set up are there recommendations out of these options:

• k8s via EKS

• k8s via kops

• Docker via ECS

• Nomad?? Team of 2 SREs: 1 experienced with k8s. Other things we use: github.com. Also looking for recommendations for CI tools

Alex Siegman avatar
Alex Siegman

for an existing kops installation, are there benefits to switching to EKS?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sorry @Alex Siegman! i just saw this now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Cloud Posse

We’re a DevOps accelerator. That means we help companies own their infrastructure in record time by building it with you and then showing you the ropes. If t…

:--1:1
Andrey Nazarov avatar
Andrey Nazarov

@Erik Osterman (Cloud Posse) just want to mention that your speaking/communication skills are really great! And this is really crucial and often overlooked in this so-called devops transformation.

Cloud Posse

We’re a DevOps accelerator. That means we help companies own their infrastructure in record time by building it with you and then showing you the ropes. If t…

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Andrey Nazarov - it means a lot to hear that! appreciate it.

Zoom avatar
Zoom
09:02:51 PM

New Zoom Recording from our Office Hours session on 2020-07-15 is now available.

2020-07-11

2020-07-10

zadkiel.aharonian avatar
zadkiel.aharonian

Just listened the last Office Hours podcast, we have working pull requests templates at https://github.com/swapagarwal/swag-for-dev Unfortunately, these are not automatically listed when you create a new PR, you’ll need to link directly to it like this: https://github.com/swapagarwal/swag-for-dev/compare/master…aslafy-z:add-hasura?expand=1&template=new-swag-opportunity.md which is not easy to use.. if the user changes the branch, template in the URL is reset and default one is applied instead. Hopefully they will be implemented some day!

swapagarwal/swag-for-dev

swag opportunities for developers. Contribute to swapagarwal/swag-for-dev development by creating an account on GitHub.

swapagarwal/swag-for-dev

swag opportunities for developers. Contribute to swapagarwal/swag-for-dev development by creating an account on GitHub.

2020-07-09

2020-07-08

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Office hours starting in 15 minutes! please post your questions

RB avatar
RB
06:18:26 PM

probably a dumb question but what are the cons of running a fargate container as root user instead of a non root user?

:--1:1
RB avatar
RB
06:18:56 PM

whats a good way to compare ecs ec2 to ecs fargate cost ?

RB avatar
RB
06:19:26 PM

Working with multiple pull requests in .github/PULL_REQUEST_TEMPLATE/ with 2 files general.md and kms_secrets.md . When I create a new PR, I expected to see a button to select which template like we see with issue templates. What could the issue be ?

Robert Horrox avatar
Robert Horrox

Question on how people are managing cross account IAM in CI with OIDC. I’m fighting with having to assume a role in the target account before running a command (eg terraform not supporting web tokens in aws). and with tools like chamber default to the account they are running in. managing lots of accounts in a CI process is seeming like a hassle

roth.andy avatar
roth.andy

@Erik Osterman (Cloud Posse) “Waiting for the host to start this meeting”

Zoom avatar
Zoom
06:29:15 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:25 PM

rb rb has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:26 PM

Andrew Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:36 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:38 PM

Robert Horrox has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here our devops #office-hours starting now! join us to talk shop zoom https://cloudposse.zoom.us/j/508587304

Zoom avatar
Zoom
06:30:26 PM

Eddie Wizelman has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:37 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:05 PM

Joe Hosteny has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:33 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:54 PM

Adam Crown has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:19 PM

Paul Tath has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:48 PM

ngealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:52 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:09 PM

Leo Zavala has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:36 PM

Sheldon Hull has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:47 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:31 PM

Babajide Hassan has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/github-status-updater

Command line utility for updating GitHub commit statuses and enabling required status checks for pull requests - cloudposse/github-status-updater

Zoom avatar
Zoom
06:35:48 PM

Omer Sen has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/github-commenter

Command line utility for creating GitHub comments on Commits, Pull Request Reviews or Issues - cloudposse/github-commenter

Zoom avatar
Zoom
06:37:31 PM

Bircan Bilici has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:10 PM
Zoom avatar
Zoom
06:40:12 PM

Adam Blackwell has joined Public “Office Hours”

Zoom avatar
Zoom
06:43:39 PM

Juan Soto has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:07 PM

Marc Tamsky has joined Public “Office Hours”

roth.andy avatar
roth.andy
Grafana Tutorial: Simple Synthetic Monitoring for Applications attachment image

Monitoring synthetic metrics can optimize the user experience on your application. Here’s how Grafana makes that easier

roth.andy avatar
roth.andy
Amazon ECS on AWS Fargate - Amazon Elastic Container Service

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. This removes the need to choose server types, decide when to scale your clusters, or optimize cluster packing.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
roth.andy avatar
roth.andy
07:13:48 PM
roth.andy avatar
roth.andy
Creating a pull request template for your repository - GitHub Docs

When you add a pull request template to your repository, project contributors will automatically see the template’s contents in the pull request body.

Marcin Brański avatar
Marcin Brański
Sharing workflow templates within your organization - GitHub Docs

You can create a standardized set of workflow templates specifically for your organization. Organization members can then use the templates when creating new workflows in the organizations repositories.

roth.andy avatar
roth.andy
github/.github

Community health files for the @GitHub organization - github/.github

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
terraform-aws-modules/.github

Meta-GitHub repository for all terraform-aws-modules repositories - terraform-aws-modules/.github

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Spendesk/github-actions-exporter

github-actions-exporter for prometheus. Contribute to Spendesk/github-actions-exporter development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
11:39:50	 From Sheldon Hull : #6 awesome. Exactly something I wanted more info on, very little documentation on it
11:46:57	 From Sheldon Hull : It's not cheap  :-)
11:53:02	 From Sheldon Hull : aws  released support for synthetic checks built into cloud watch
11:53:26	 From Adam Blackwell : We looked at exporting prometheus things into New Relic
11:54:04	 From Omer Sen : good old times we were using Nagios ;)
11:54:06	 From Sheldon Hull : This is a perfect use case for lambda/serverless
11:54:14	 From Andrew Roth : <https://grafana.com/blog/2019/06/18/grafana-tutorial-simple-synthetic-monitoring-for-applications/>
11:54:33	 From Sheldon Hull : Deploy to any region and run these commands periodically. Pretty sure that's what AWS cloud watch synthetic checks supports now.
11:54:42	 From Marc Tamsky : <https://github.com/prometheus/blackbox_exporter>
11:54:51	 From Sheldon Hull : <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries.html>
11:55:25	 From Sheldon Hull : ngrok solves all woes :-)
11:58:44	 From Andrew Roth : <https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html#fargate-task-defs>
12:10:07	 From Adam Blackwell : Have to drop off, but thanks for all the new ideas! :wave:
12:20:33	 From Andrew Roth : <https://github.com/github/.github>
12:22:19	 From Sheldon Hull : I have question about GitHub actions when ready
12:24:30	 From Sheldon Hull : Until you get the bill 😂
12:24:58	 From Sheldon Hull : I would use RDS except 100 database limit is freaking crazy impacting to cost for us
12:27:31	 From Marc Tamsky : is the 100 database limit a soft or hard quota?
12:29:33	 From Eric Berg : I'm working on getting datadog set up for my containerized java and elixir apps, running on k8s, with an EKS backplane, running in AWS.  I'm having trouble getting a handle on what metrics are available, what metrics are associated with the various levels (i.e., cluster, node, pod, etc.).
12:30:10	 From Eric Berg : So, my question is whether anyone has any good references for helping to sort through all of this.
12:33:08	 From Sheldon Hull : If we have any time at end, anyone who has implemented chatops with Microsoft Teams?
12:33:40	 From Sheldon Hull : thanks!
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sharing the chat from zoom

cool-doge1
Zoom avatar
Zoom
08:46:21 PM

New Zoom Recording from our Office Hours session on 2020-07-08 is now available.

Joe Niland avatar
Joe Niland

@Erik Osterman (Cloud Posse) looks like the podcast feed didn’t get updated

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ah crap

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep, thanks for the heads up - will see where the automation broke down! Looks like I need monitoring this stuff - SRE for podcasts.

Joe Niland avatar
Joe Niland

No worries

Joe Niland avatar
Joe Niland

Yes, PodOps?!

Joe Niland avatar
Joe Niland

I saw something generic for monitoring feed changes somewhere the other day. Will try to remember where I saw it

Joe Niland avatar
Joe Niland

It was actually https://healthchecks.io/ Probably doesn’t fit here.

Healthchecks.io – Cron Job Monitoring attachment image

Healthchecks.io alerts you when your cron jobs fail to run on time. Quick setup (no coding required), clean dashboard, affordable pricing.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Aha, so I’m going to take a bit of my own advice! we have that with opsgenie, but I didn’t think of using it with our Zapier configuration.

Joe Niland avatar
Joe Niland

Ah cool. Is that with heartbeats?

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yep! Just set it up.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also fixed the podcast.

Joe Niland avatar
Joe Niland

Thanks!

2020-07-03

2020-07-02

muhaha avatar
muhaha

Any kubernetes ready opensource alternative to healthchecks.io ( i am aware of selfhosted version ) ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this doesn’t directly answer your question, but if you happen to use opsgenie, they have this functionality built-in

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(if you’re not using opsgenie, what are you using for escalations?)

muhaha avatar
muhaha

pagerduty, it has integration to deadmanssnitch ( but of course you have to buy it )

2020-07-01

David Medinets avatar
David Medinets

This question might be specific to kubespray.

I want to set the kubelet-certificate-authority flag in kube-apiserver.yaml. I choose /etc/kubernetes/ssl/ca.crt but that is probably wrong. Let me tell my story.

After adding the flag, I try to get logs from a pod. The following message was displayed:

Get <https://10.250.205.173:10250/.../bash-shell-d8bd1>: x509: cannot validate certificate ... because it doesn't contain any IP SANs

Then I changed the --kubelet-preferred-address-types parameter to InternalDNS. This changed the message to:

Error from server: no preferred addresses found; known addresses: [{InternalIP 10.250.205.173} {Hostname ip-10-250-205-173.ec2.internal}]

Since it seems like Hostname was known, I changed to using InternalDNS,Hostname. This changed the message to:

Error from server: Get <https://ip-10-250-205-173.ec2.internal:10250/containerLogs/kube-system/nodelocaldns-s8mfk/node-cache>: x509: certificate signed by unknown authority

Am I using the wrong CA file?

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

is there a packer linter ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

#office-hours starting in 25 minutes. Make sure you post your questions here!

Bircan Bilici avatar
Bircan Bilici

1.What is the recomended approach to stream the output of a background job running in server, to the web application? Cloud watch, Web-Socket, fluentd, logstash, or any other solution?

1
Marcin Brański avatar
Marcin Brański

Too vague question to provide exact solution that will match everyones expectations. This one is to order beers and have long chat

For me most important questions are: Should it be realtime? Does cost matter?

msoyer avatar
msoyer

Check this https://aws.amazon.com/elasticsearch-service/the-elk-stack/ if the cost reasonable for your case

The ELK stack

ELK is the popular, open-source framework for log analytics. Try Amazon Elasticsearch Service to deploy and manage ELK without any operational overhead.

Zoom avatar
Zoom
06:26:27 PM

Bircan Bilici has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:29 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:32 PM

rb rb has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:36 PM

David Raistrick has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:38 PM

Marcin Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:38 PM

Joe Hosteny has joined Public “Office Hours”

Zoom avatar
Zoom
06:26:40 PM

Marc Tanne has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:06 PM

Muhammed Soyer has joined Public “Office Hours”

Zoom avatar
Zoom
06:27:51 PM

David Medinets has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:26 PM

Josh Duffney has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:32 PM

Alex Vorona has joined Public “Office Hours”

Zoom avatar
Zoom
06:28:52 PM

Leo Zavala has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:14 PM

Michael Holt has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@here public #office-hours starting now! join us to talk shop zoom https://cloudposse.zoom.us/j/508587304

Zoom avatar
Zoom
06:31:12 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:30 PM

Marcos Soutullo Rodriguez has joined Public “Office Hours”

Vucomir Ianculov avatar
Vucomir Ianculov

what is the password for the meeting ?

David Scott avatar
David Scott

I’m getting the same prompt, unexpectedly.

roth.andy avatar
roth.andy

sweetops

:--1:2
Zoom avatar
Zoom
06:32:11 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:02 PM

Johnny Mom has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:03 PM

Ianculov Vucomir has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:28 PM

Adam Watson has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:18 PM

David Scott has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:20 PM

Brian Choy has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:09 PM

Robert Horrox has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański
06:36:35 PM

@Marcin Brański set the channel topic: Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Zoom avatar
Zoom
06:37:14 PM

Neil Gealy has joined Public “Office Hours”

Marcin Brański avatar
Marcin Brański

I changed channel topic to provide zoom password first. Seems that it’s much inconvinient and people ask that every week (me included :D)

Zoom avatar
Zoom
06:37:39 PM

Osegbemoh Dania has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:17 PM

Blaise pabon has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Mo Repos, Mo Problems? How We Make Changes Across Many Git Repositories attachment image

At Clever, we’ve embraced microservices. They promote modularity, which leads to simpler code bases and lets our engineers move quickly and independently. They are easier to deploy, which helps us…

:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/slack-notifier

Command line utility to send messages with attachments to Slack channels via Incoming Webhooks - cloudposse/slack-notifier

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/packages

Cloud Posse installer and distribution of native apps, binaries and alpine packages - cloudposse/packages

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Clever/microplane

A CLI tool to make git changes across many repos, especially useful with Microservices. - Clever/microplane

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Updates to ChatOps - Automated commit by Gowiem · Pull Request #19 · cloudposse/terraform-aws-alb-target-group-cloudwatch-sns-alarms

What Adds chatops commands &#39;/test all&#39; &#39;/test bats&#39; &#39;/test readme&#39; &#39;/test terratest&#39; Drops codefresh Drops slash-command-dispatch Removes codefresh badge Rebuild…

Updates to ChatOps - Automated commit by Gowiem · Pull Request #23 · cloudposse/terraform-aws-acm-request-certificate

What Adds chatops commands &#39;/test all&#39; &#39;/test bats&#39; &#39;/test readme&#39; &#39;/test terratest&#39; Drops codefresh Drops slash-command-dispatch Removes codefresh badge Rebuild…

Updates to ChatOps - Automated commit by Gowiem · Pull Request #43 · cloudposse/terraform-aws-alb

What Adds chatops commands &#39;/test all&#39; &#39;/test bats&#39; &#39;/test readme&#39; &#39;/test terratest&#39; Drops codefresh Drops slash-command-dispatch Removes codefresh badge Rebuild…

Updates to ChatOps - Automated commit by Gowiem · Pull Request #4 · cloudposse/terraform-aws-backup

What Adds chatops commands &#39;/test all&#39; &#39;/test bats&#39; &#39;/test readme&#39; &#39;/test terratest&#39; Drops codefresh Drops slash-command-dispatch Removes codefresh badge Rebuild…

Updates to ChatOps - Automated commit by Gowiem · Pull Request #4 · cloudposse/terraform-aws-ses

What Adds chatops commands &#39;/test all&#39; &#39;/test bats&#39; &#39;/test readme&#39; &#39;/test terratest&#39; Drops codefresh Drops slash-command-dispatch Removes codefresh badge Rebuild…

Brian avatar
Brian

Q: found a terraform-aws-kops-vault-backend repo and was wondering if you guys have an infrastructure where vault is running on a k8s cluster, with other k8s clusters authenticating and pulling secrets from that singular vault using a mutating webhook secrets injector

been using bank-vaults and have been unsuccessful communicating due to kops internal certs since we use AWS ACM to handle ssl

from vault:

login unauthorized due to: Post <https://CLUSTER/apis/authentication.k8s.io/v1/tokenreviews>: x509: certificate signed by unknown authority

trying to wrap my head around what certs are required and where, or how to debug since we’re terminating through ACM

David Medinets avatar
David Medinets

ElasticSearch plus Kibana

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
mapbox/cwlogs

Node.js stream-based access to CloudWatch Logs. Contribute to mapbox/cwlogs development by creating an account on GitHub.

Zoom avatar
Zoom
07:04:00 PM

Andrew Elkins has joined Public “Office Hours”

David Medinets avatar
David Medinets

Thanks, everyone. I need to signoff to get ready for a 4pm meeting.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Zoom avatar
Zoom
07:27:28 PM

Rahul Muraleedharan has joined Public “Office Hours”

Zoom avatar
Zoom
07:27:45 PM

Victor Fondevilla has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Versioning and Deploying Secrets

I am curious to understand how others manage their secret and sensitive info in conjunction with Terraform. Most of my use-cases with terraform are provisioning Infra (Usually AWS) and then Application resources that depend on the infra. Examples of Secrets: single-line strings passwords api-keys tokens multi-line strings ascii-armored pem files ascii license data binary license data I’ll explain the requirements I’m trying to fulfill and then currently how I achieve the success criter…

Brian avatar
Brian

thanks for the help!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Great video on multi-cloud. Basically, you don’t choose multi-cloud. Multi-cloud chooses you.

Zoom avatar
Zoom
08:44:42 PM

New Zoom Recording from our Office Hours session on 2020-07-01 is now available.

    keyboard_arrow_up