#office-hours (2020-08)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2020-08-04
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Quick question - does anyone know if liveness probes continue to execute once a pod enters the Terminating
state? If they do, and if they fail, will the pod be forcibly terminated and/or rescheduled? (https://github.com/kubernetes/kubernetes/issues/52817 looks somewhat related to my question)
2020-08-05
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![sahil kamboj avatar](https://secure.gravatar.com/avatar/4c84027f1b085fadbc17cb463573f076.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0007-72.png)
need to know about future with k3s
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sahil kamboj has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nathaniel Alconcel has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Evgenii Prokofev has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eddie Wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tyler Stilwagen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcin Branski has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nigel Kirby has joined Public “Office Hours”
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
• Terraform AWS 3.0 Provider https://www.hashicorp.com/blog/announcing-v3-0-of-the-terraform-aws-provider/ https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-3-upgrade#region-attribute-is-now-read-only
• GitHub Actions Improve Workflows for Public Repos https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
• Datadog Operator for Kubernetes (finally!) https://www.fairwinds.com/blog/introducing-astro-managing-monitors-in-a-dynamic-environment-0
• Synthetic Monitoring Agent for Kubernetes https://github.com/Comcast/kuberhealthy
• Best Way to Support AWS Partitions (e.g. GovCloud, China, etc) https://github.com/cloudposse/docs/issues/492 (Example implementation)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gabriel Tam has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rb rb has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
rb rb has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Scott Rogers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrey Nazarov has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Scott Rogers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Blackwell has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Babajide Hassan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Mailing list vote for k3s to CNCF: https://lists.cncf.io/g/cncf-toc/topic/vote_k3s_for_sandbox/75908946?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,75908946
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Blackwell has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
what notes superlinter terrascan error is related to not supporting HCL2 yet. Issue already exist and feature should be soonish released accurics/terrascan#233
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Run tflint with reviewdog on pull requests to enforce best practices - reviewdog/action-tflint
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Learn how Doordash automated away some mundane code review tasks for infrastructure code.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Write tests against structured configuration data using the Open Policy Agent Rego query language - open-policy-agent/conftest
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Btw, @Erik Osterman (Cloud Posse) am I getting you right that you stopped using Atlantis?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
ya, not really using it in new engagements. pushing towards terraform cloud / enterprise.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
We still support atlantis for current customers and have many deployments of atlantis.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Just it doesn’t fit in a nice CI/CD workflow that promotes changes across multiple changes automatically in a pipeline
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
![Adam Blackwell avatar](https://avatars.slack-edge.com/2022-12-15/4527352804052_97936f81bdd1cc839a4b_72.jpg)
Do you know how much it might cost if a 200 person mostly opensource software organization were to onboard Terraform Enterprise.
![Adam Blackwell avatar](https://avatars.slack-edge.com/2022-12-15/4527352804052_97936f81bdd1cc839a4b_72.jpg)
Cool looking OPA solution: https://github.com/fugue/regula
Regula checks Terraform for AWS, Azure and GCP security and CIS compliance using Open Policy Agent/Rego - fugue/regula
![Marcin Brański avatar](https://secure.gravatar.com/avatar/7f3c56304d6e3adb7658889af56cd171.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0001-72.png)
Maybe worth a try to test terraform
with python
?
https://github.com/GoogleCloudPlatform/terraform-python-testing-helper#example-usage
This example looks really readable comparing to terratest
Simple Python test helper for Terraform. Contribute to GoogleCloudPlatform/terraform-python-testing-helper development by creating an account on GitHub.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Terraform Operator for Kubernetes. Contribute to hashicorp/terraform-k8s development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Zoom chat
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
(sorry everyone - I tend to not look at the zoom chat during the call)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-08-05 is now available.
2020-08-12
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eddie Wizelman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
venkata has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
There was a great discussion last time without too many questions, but if we’re looking for topics: it’d be great to chat through the solutions folks are using to solve the problem of disjointed terraform workflows.
For example, I’ve got a project where we’re using RDS with a bunch of databases. The RDS instance is of course in private subnets and access is only grants to particular application SGs and a Bastion SG. We want to use the Postgres Terraform provider to provide bootstrapping of the databases and its extensions, roles, etc. Now the problem is that the Postgres provider can’t connect to RDS without an SSH tunnel through our Bastion instance. So my solution was to carve up our project into multiple terraform projects / directories and then when creating a new workspace / environment the flow is to:
terraform apply
the AWS infra in a particular directory — Creates RDS, Bastion, etc etc etc- Create the ssh tunnel to the RDS instance through the Bastion instance now that it’s up
- Go to the postgres terraform directory and then
terraform apply
there. This works, but I of course wonder if there is a better way and it’d be great to hear how others are tackling this type of thing!
![Aleksandr Fofanov avatar](https://secure.gravatar.com/avatar/9721f2f025d4ba8b6a66885e5da49af0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
@Matt Gowie I will take a shame to propose 2 hacky solutions to described problem
- If you are a terragrunt user and would like to use terraform’s native postgres provider, you can use before/after hooks to port-forward ssh port on bastion host to localhost using SSM Session Manager. Obviously this requires your bastion host to be registered with SSM Session Manager (SSM agent running on bastion host + certain IAM permissions attached to instance profile). So before hook starts port-forwarding, tf postgres provider in your module connects to RDS via ssh tunnel and provisions required resources. After hook stops port-forwarding and that’s it.
- You can use Lambda function deployed to your VPC/subnets to provision required resources. I have tf module with such lambda opensources on github. It doesn’t have support for SSL connections and pg extensions yet, but is able to provision databases and roles in RDS instances with pg and mysql engines.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
This is a good topic. Will discuss today!
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Aha ya’ll didn’t discuss during the last one — Cool. I had to drop early.
![joey avatar](https://secure.gravatar.com/avatar/9647cc34c02f9ce3bb4df4a6309335e8.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
so.. what’s the current best common practice for this specific use case?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Wow, this thread is a blast from the past!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I’d say a GitOps approach is the current best solution. E.g. self-hosted GitHub Action Runners that have network connectivity to your database. Run terraform on those runners, then it works out-of-the-box.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
@joey ditto what Erik said – Self hosting runners is usually the best option. Another option is to use Tailscale or a similar modern VPN / BeyondCorp tool to have your terraform runner gain access to your network before managing any internal network resources.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Victor Fondevilla has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nathaniel Alconcel has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Torsten Trzeciak has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Martin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marcos Soutullo Rodriguez has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Jackson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brian Tai has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gabriel Tam has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Geoff Weinhold has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Dan Meyers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Blackwell has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Blackwell has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Outside your door stands a line of a few hundred people. They are patiently waiting for you to answer their questions, complaints, pull requests, and feature requests. You want to help all of them, but for now you’re putting it off. Maybe you had a hard day at work, or you’re tired, or you’re just trying to enjoy a weekend with your family and friends. But if you go to , there’s a constant reminder of how many people are waiting:
When you manage to find some spare time, you open the door to the first person. They’re well-meaning enough; they tried to use your project but ran into some confusion over the API. They’ve pasted their code into a GitHub comment, but they forgot or didn’t know how to format it, so their code is a big unreadable mess. Helpfully, you edit their comment to add a code block, so that it’s nicely formatted. But it’s still a lot of code to read. Also, their description of the problem is a bit hard to understand. Maybe this person doesn’t speak English as a first language, or maybe they have a disability that makes it difficult for them to communicate via writing. You’re not sure. Either way, you struggle to understand the paragraphs of text they’ve posted. Wearily, you glance at the hundreds of other folks waiting in line behind them. You could spend a half-hour trying to understand this person’s code, or you could just skim through it and offer some links to tutorials and documentation, on the off-chance that it will help solve their problem. You also cheerfully suggest that they try Stack Overflow or the Slack channel instead. The next person in line has a frown on their face. They spew out complaints about how your project wasted 2 hours of their life because a certain API didn’t work as advertised. Their vitriol gives you a bad feeling in the pit of your stomach. You don’t waste a lot of time on this person. You simply say, “This is an open-source project, and it’s maintained by volunteers. If there’s a bug in the code, please submit a reproducible test case or a PR.” The next person has run into a very common error, with an easy workaround. You know you’ve seen this error a few times before, but can’t quite recall where the solution was posted. Stack Overflow? The wiki? The mailing list? After a few minutes of Googling, you paste a link and close the issue. The next person is a regular contributor. You recognize their name from various community forums and sibling projects. They’ve run into a very esoteric issue and have proposed a pull request to fix it. Unfortunately the issue is complicated, and so their PR contains many paragraphs of prose explaining it. Again, your eye darts to the hundreds of people still waiting in line. You know that this person put a lot of work into their solution, and it’s probably a reasonable one. The Travis tests passed, and so you’re tempted to just say “LGTM” and merge the pull request. However, you’ve been burned by that before. In the past, you’ve merged a PR without fully evaluating it, and in the end it led to new headaches because of problems you failed to foresee. Maybe the tests passed, but the performance degraded by a factor of ten. Or maybe it introduced a memory leak. Or maybe the PR made the project too confusing for new users, because it excessively complicated the API surface. If you merge this PR now, you might wind up with even more issues tomorrow, because you broke someone else’s workflow by solving this one person’s (very edge-casey) problem. So you put it on the back burner. You’ll get to it later when you have more time. The next person in line has found a new bug, but you know that it’s actually a bug in a sibling project. They’re saying that this is blocking them from shipping their app. You know it’s a big problem, but it’s one of many, and so you don’t have time to fix it right now. You respond that this looks like a genuine issue, but it’s more appropriate to open in another repo. So you close their issue and copy it into the other repo, then add a comment suggesting where they might look in the code to start fixing it. You doubt they’ll actually do so, though. Very few do. The next person just says “What’s the status on this?” You’re not sure what they’re talking about, so you look at the context. They’ve commented on a lengthy GitHub thread about a long-standing bug in the project. Many people disagreed on the proper solution to the problem, so it generated a lot of discussion. There are more than 20 comments on this particular issue, and it would take you a long time to read through them all to jog your memory. So you merely respond, “Sorry, this issue has been open for a while, but nobody has tackled it yet. We’re still trying to understand the scope of the problem; a pull request could be a good start!” The next person is just a GreenKeeper bot. These are easy. Except that this particular repo has fairly flaky tests, and the tests failed for what looks like a spurious reason, so you have to restart them to pass. You restart the tests and try to remind yourself to look into it later after Travis has had a chance to run. The next person has opened a pull request, but it’s on a repo that’s fairly active, and so another maintainer is already providing feedback. You glance through the thread; you trust the other maintainer to handle this one. So you mark it as read and move on. The next person has run into what appears to be a bug, and it’s not one you’ve ever seen before. But unfortunately they’ve provided scant details on how the problem actually occurred. What browser was it? What version of Node? What version of the project? What code did they use to reproduce it? You ask them for clarification and close the tab. The constant stream After a while, you’ve gone through ten or twenty people like this. There are still more than a hundred waiting in line. But by now you’re feeling exhausted; each person has either had a complaint, a question, or a request for enhancement. In a sense, these GitHub notifications are a constant stream of negativity about your projects. Nobody opens an issue or a pull request when they’re satisfied with your work. They only do so when they’ve found something lacking. Even if you only spend a little bit of time reading through these notifications, it can be mentally and emotionally exhausting. Your partner has observed that you’re always grumpy after going through this ritual. Maybe you found yourself snapping at her for no reason, just because you were put in a sour mood. “If doing open source makes you so angry, why do you even do it?” she asks. You don’t have a good answer. You could take a break; in fact you’ve probably earned it by now. In the past, you’ve even taken vacations of a week or two from GitHub, just for your own mental health. But you know that that’s exactly how you ended up in this situation, with hundreds of people patiently waiting. If you had just kept on top of your GitHub notifications, you’d probably have a more manageable 20-30 to deal with per day. Instead you let them pile up, so now there are hundreds. You feel guilty. In the past, for one reason or another, you’ve really let issues pile up. You might have seen an issue that was left unanswered for months. Usually, when you go back to address such an issue, the person who opened it never responds. Or they respond by saying, “I fixed my problem by abandoning your project and using another one instead.” That makes you feel bad, but you understand their frustration. You’ve learned from experience that the most pragmatic response to these stale issues is often just to say, &…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
name: Dependabot-hack
on:
schedule:
# run everyday at 11:00
- cron: '0 11 * * *'
jobs:
Dependabot:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Update Terraform modules
uses: patrickjahns/dependabot-terraform-action@v1
with:
github_dependency_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
target_branch: 'master'
![Adam Blackwell avatar](https://avatars.slack-edge.com/2022-12-15/4527352804052_97936f81bdd1cc839a4b_72.jpg)
Github action for running dependabot on terraform repositories with HCL 2.0 - patrickjahns/dependabot-terraform-action
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
https://github.com/dependabot/dependabot-core/pull/1388 for the upstream PR
Fixes #1176 I opted for both hcl2json and terraform-config-inspect. hcl2json for terragrunt and terraform-config-inspect for tf 0.12 I wanted to go with terraform-config-inspect for both, but it di…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
pepe amengual has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
How a PR looks
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
^from some experiments
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
https://octobox.io for GitHub notification hell
Untangle your GitHub Notifications
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gabriel Tam has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Never miss a comment again. Track pull requests and issues across repositories, directly in your Notification Center or on any device.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Accelerate your GitHub workflow. Never miss a comment again. Track pull requests and issues across repositories, directly in your Notification Center or on any device.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Support mumoshu’s open source work
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes - aws/aws-controllers-k8s
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
This is reallly cool. I’ve been looking for something like this. Is this well endorsed or being phased out?
AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes - aws/aws-controllers-k8s
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
IIRC Service Broker is being phased out, and aws-controllers-k8s is in RFC for v2
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Terraform Operator for Kubernetes. Contribute to hashicorp/terraform-k8s development by creating an account on GitHub.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
CSI Driver for Amazon EFS https://aws.amazon.com/efs/ - kubernetes-sigs/aws-efs-csi-driver
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
Hey all - I’m trying to put together a career journey for SRE’s in our company. Does anyone have any examples? Whether public or you’d be willing to share?
![Mike Martin avatar](https://avatars.slack-edge.com/2020-02-05/940755534935_2259c2aed6bcbc52e117_72.jpg)
Almost like an internal job description…
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Might be useful to throw into the mix:
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Kubernetes projects that are no longer actively maintained - Kubernetes Retired
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-08-12 is now available.
2020-08-13
![Briet Sparks avatar](https://secure.gravatar.com/avatar/5f8d80c33863ce372b6e46083b299f1a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0022-72.png)
it’s insecure to set secrets via environment variables, so I’ve read, because they can be accessed by any user on the OS. So, it would make sense to inject secrets at image build time (assuming the use of containers) by the CI runner. Any thoughts on this?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
the point you bring up is correct regarding environment variables, but different companies will have different tolerances for this.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
secrets should absolutely not be injected at build time as then it’s on the image itself.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![vFondevilla avatar](https://avatars.slack-edge.com/2020-07-20/1264409839361_95bd4eea5ea6f16d291a_72.jpg)
We’re going via EnvVars when the code is a legacy one. If not, I’ve teached the devs to use the SDK for retrieving the passwords
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
I’ve done secret management at runtime, never at build time.
![dalekurt avatar](https://avatars.slack-edge.com/2022-06-16/3703363393968_abccd57f2124dd3b0f25_72.jpg)
The issue I see with build time secrets other than what Erik has highlighted is being able to make changes to the env var when needed without rebuilding the image.
![s_slack avatar](https://avatars.slack-edge.com/2020-09-20/1375444277730_12639a283934dec29897_72.png)
I’ve been thinking some of this and I’m wondering if secrets held in Kubernetes secrets are really more secure since it’s just encoded. You could also encrypt the secret and put it in k8s secrets but that is cumbersome to make changes. I’m still not sure what best practices are in k8s
2020-08-14
2020-08-15
2020-08-17
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
https://github.com/aws/containers-roadmap/issues/585 some update for office hours
Launch template support ability to launch managed nodes using a provided EC2 launch template. This will support multiple customization options for managed nodes including providing custom AMIs and …
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Update your nodes just like you update your deployments(rolling update) + custom eks ami using launch templates also now can change instance type within worker node group specs (ie no need to create new node group)
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Tag ec2 instances just like you tag worker node groups (finally we will have eks nodes with Name tag on AWS Console)
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Still no Spot support But it’s on the way!
![omerfsen avatar](https://secure.gravatar.com/avatar/b66c1225c52ce7769292f48c16d03f0f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0012-72.png)
Aws wont want us to use spot ;)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Does anybody know of a useful NOTES.txt file out there? The scaffold NOTES.txt is just noise to me, but I could see others coming up with some possibly useful information to stick in there. Quick google search didn’t turn up anything however.
2020-08-19
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
Question : Setting = No IAM authentication, Group limit on IAM is a problem, No SSO and all manually setup in a separated aws account Question: How do you go about managing all users, groups and adding SSO and MFA with assume role using TF or other tool ( AWS Organizations, Control Tower etc)( we have Keycloak and google)
![OliverS avatar](https://avatars.slack-edge.com/2020-04-30/1107989667377_3841766be8721753183c_72.jpg)
Question for today although I’m not sure I can attend live (are these recorded?): is there a way of allowing an AWS lambda to http a service running in same VPC behind an AWS classic LB that filters on IP addresses? In other words I have a classic LB that I want to configure to allow incoming traffic only from corp network (I have done that part), or from the Lambdas. I’m thinking that it cannot be done robustly (I would have to find WAN IP of the lambdas), instead I need to create internal LB that the Lambda will target. Any insight would be much appreciated!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
M Hunter has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jose Netto has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
venkata has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rob Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Vorona has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Dan Meyers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Christopher Picht has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrey Nazarov has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Gabriel Tam has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Igor Bronovskyi has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Pedro Torres has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kareem Shahin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
pepe amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Babajide Hassan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eddie Wizelman has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Contribute to cloudposse/terraform-opsgenie-incident-management development by creating an account on GitHub.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nigel Kirby has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaisep has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Jackson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Watson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rahul has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Drew Davies has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
O A has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Shoutout to https://github.com/haya14busa/action-bumpr which also does automatic releases I really like that action
Bump semantic version tag on merging Pull Requests with specific lables. - haya14busa/action-bumpr
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mike Drummond has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
For automatic comment /test all
: https://github.com/peter-evans/create-or-update-comment or Mergify / Pullapprove ( they both have options to post comments when something happens IIRC)
A GitHub action to create or update an issue or pull request comment - peter-evans/create-or-update-comment
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Ah yes @loren just tipped me off to mergify
A GitHub action to create or update an issue or pull request comment - peter-evans/create-or-update-comment
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ayrton Araújo has joined Public “Office Hours”
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2020/08/14/feature-img-748x630.png)
AWS Controllers for Kubernetes (ACK) is a new tool that lets you directly manage AWS services from Kubernetes. ACK makes it simple to build scalable and highly-available Kubernetes applications that utilize AWS services. Today, ACK is available as a developer preview on GitHub. In this post we will give you a brief introduction to the […]
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
I’ve heard Google has something similar (or will have). Will try to search for it.
![attachment image](https://d2908q01vomqb2.cloudfront.net/fe2ef495a1152561572949784c16bf23abb28057/2020/08/14/feature-img-748x630.png)
AWS Controllers for Kubernetes (ACK) is a new tool that lets you directly manage AWS services from Kubernetes. ACK makes it simple to build scalable and highly-available Kubernetes applications that utilize AWS services. Today, ACK is available as a developer preview on GitHub. In this post we will give you a brief introduction to the […]
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
Everybody does it It’s the new hotness. Pulumi and Terraform also have identical projects
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
![attachment image](https://sysdig.com/wp-content/uploads/kubernetes-1.19.png)
Kubernetes 1.19 is about to be released! And it comes packed with novelties. Here is the detailed list of what’s new in Kubernetes 1.19.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
A working place for multi-tenancy related proposals and prototypes. - kubernetes-sigs/multi-tenancy
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Terraform module that provisions an SSH TLS Key pair and writes it to SSM Parameter Store - cloudposse/terraform-aws-ssm-tls-ssh-key-pair
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
The Terraform plugin for the Dominos Pizza provider. - ndmckinley/terraform-provider-dominos
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
i should have asked this during office hours. doh.
https://sweetops.slack.com/archives/CCT1E7JJY/p1597864789200900
We use an office security group to allow ingress into our vpc. We’re approaching the 60 security group rule limit. What’s a good way to scale past this limit ?
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Have you asked AWS to increase the limit? They do that for a lot of limits… not sure about the SG one.
We use an office security group to allow ingress into our vpc. We’re approaching the 60 security group rule limit. What’s a good way to scale past this limit ?
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
nope, 60 is a hard limit
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
i think we may just be using the wrong tool for the job here. i think there might be a better solution for this than using security groups.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah that or continue using SGs but get a VPN for the office / team.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
I just learned about AWS VPN, but it seems insanely expensive if used at scale.
AWS Virtual Private Network (AWS VPN) lets you establish a secure and private encrypted tunnel from your network or device to the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN.
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
ah i havent looked into that
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
we have all these office ips that we cannot consolidate cause they are all from our external vpn provider
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
it would be ideal if they provided us with a single ipcidr block but unfortunately, it’s 19 different ones
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
You could also have an office SG 1 and an office SG 2 couldn’t you? And then attach both to the resource that you’re looking to provide access?
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
ya that might be the easiest option
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
thanks Gowiem for your input!
![voron avatar](https://avatars.slack-edge.com/2020-05-28/1150336641139_5ed259bc80d6dde0a682_72.jpg)
Maybe reference SG2 from SG1, as SG may be nested
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
you could do that but when nested SGs you can’t use a SG id to allow connection in the Nested SG
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
only on the first level SG you can do that
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
hmm i dont think i have done that before. Let’s say that our office security group is split into 2 security groups. office (same name) and sg2.
then we reference sg2 in sg1 and sg1 will then absorb all of sg2’s rules ?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
yes
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
sg1 <– sg2 but sg2 is port and address only
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
the limitation I think is on when
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
sg1 <– sg2 and sg2 have SG ids as sources
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
that will not work
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
is basically a single level reference, you can’t cascade to multiple level sgs
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
ah I see so basically the SG1 that references a SG2 will only get SG2’s rules but they will not include SG2’s reference to SG3’s rules
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
oh ok that makes sense
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
exactly
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
so ok relevant too, AWS just increased my limit from 60 to 100 rules per sg
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
but but but, now I want to split my rules up into multiple security groups, and keep my current sg that contains all my rules as the parent sg
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
then this parent sg can reference sg1, sg2, and sg3
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
SGmain
• SG1
• SG2
• SG3
• etc
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
sigh…
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#security-group-rules
Another security group. This allows instances that are associated with the specified security group to access instances associated with this security group. Choosing this option does not add rules from the source security group to this security group.
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
it does no add them up but it does allow the connection
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
how the heck we did this back then????? we had like 300 rules
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
or we attached multiple SGs to the resource?????
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
ya you probably added multiple security groups
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I’m pretty sure this works but you can’t combine sg-ids with ports
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
i checked with aws support and they confirmed that it won’t work. they pointed me to the docs
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
but i haven’t tested it.
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
so SG-pepebullshit can’t have ports and sg-ids?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
ahh what they are saying is that if sg-pepebullshit could have a sg-id as source but that source can’t have other sg-ids as source
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
lol
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
unfortunately i cant attend today but food for thought for the next one
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-08-19 is now available.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Kubecon sessions should be available on YouTube in early September they say.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
2020-08-20
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
@loren has joined the channel
2020-08-26
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Kareem Shahin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eddie Wizelman has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here our devops #office-hours are starting now! join us on zoom to talk shop url//cloudposse.zoom.us/j/508587304) *password: sweetops
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sheldon Hull has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Vorona has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrey Nazarov has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ian Bartholomew has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
sri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Scott Rogers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Perumal Varadharajulu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nick James has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Drew Davies has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
nata lie has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Another GUI for K8s https://kui.tools/
Kui is an open-source, graphical terminal designed for developers.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
We’ve used Lens a bit. It was ok, but sloooow
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anton Shakh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Victor Avila has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Elkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Alex Siegman has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Victor Ma has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jawwad Yunus has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Wanderley Teixeira has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Robert Horrox has joined Public “Office Hours”
![voron avatar](https://avatars.slack-edge.com/2020-05-28/1150336641139_5ed259bc80d6dde0a682_72.jpg)
https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-eks-now-supports-udp-load-balancing-with-network-load-balancer/ we get UDP with load balancers in 2020
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Christopher Picht has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adedayo Akinpelu has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
https://blog.intive-fdv.com/a-comparison-between-packer-and-ecs-image-builder/#<i class="em em-~"</i>text=EC2%20Image%20Builder%20is%20relatively,them%20when%20creating%20different%20images>.
![attachment image](https://blog.intive-fdv.com/wp-content/uploads/2020/03/3-de-marzo.jpg)
Let’s consider the process of making a new server available to run our applications on: We have to follow several steps to be able to do that in production. We could divide this process into three main stages: Stage 1: Starting an Instance This phase covers all the necessary steps to run the application. It could also include updating security patches, …
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Crown has joined Public “Office Hours”
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
If we have time I want a 101 of your future go based task project framework you are working on. a teaser?
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Actually it’s sad to see that there is no future for Kontena. There were cool.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Afaik Kontena tools were written in Ruby;)
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Definitely. The catch is i think the tooling we are talking about is more a “make file” type of framework that is a replacement.
Potentially could run a “build” that runs on windows, mac, linux, etc and full cross platform compatibility with a single binary for example. It’s a different approach rather than lots of other dependencies
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
For me, the hard part for me to evaluate this will be ensuring all my powershell based tasks don’t require massive reworking. I’m looking forward to learning more on this.
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Not Lens though)
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Somebody might find this useful https://cuelang.org/
Validate and define text-based and dynamic configuration
![muhaha avatar](https://secure.gravatar.com/avatar/7e1ca5556c93ef5c54d819a3f3f3444a.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0016-72.png)
Nice ! Thanks, can I use json schema with cuelang ?
Validate and define text-based and dynamic configuration
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Oh, so maybe go-releaser for your tasks and you’d have a single binary easily for all project. Super interesting.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
raphael francis has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
MT has joined Public “Office Hours”
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Great teaser. excited. As long as I can figure out how not to start from scratch and use perhaps some of my powershell 7 stuff, i’m going to try it!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
raphael francis has joined Public “Office Hours”
![Andrew Nazarov avatar](https://avatars.slack-edge.com/2021-06-09/2146832855878_fbb84e3b2832cc494a93_72.jpg)
Cool! That’s what I wanted to ask. How do you bootstrap things at Cloud Posse))
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
look at their build-harness repo. super cool concept
![kareem.shahin avatar](https://secure.gravatar.com/avatar/e3523be2d3654c14fff5c08f953e9fc7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
Had to hop off. Couldn’t find the ECS thread about setting env vars but outside of pulling them down from SSM programmatically in the app’s entrypoint you can directly reference them in SSM in the task definition
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
also checkout cloudposses ecs task module as you can use terraform module inputs to generate the json. I think that’s super cool!
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
I use InvokeBuild (Cross platform, and like Make on steroids), but the caveat is that you need apt install powershell for example. A precompiled binary provides consistency in multiple environments + also be able to run the same task in a build with no rework.
if this is too early to adopt and you have flexibility for considering powershell (object based vs text based is the main difference) then InvokeBuild is also great
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
general info on the Visual Studio Code “Task Explorer” i mentioned. Find it super helpful to ease of use. Wasn’t talking about a language server, but making dev experience super smooth to execute the same thing you run in build for example.
This is just a json “runner” built into vscode that calls a command. Would love to see a variant2 runner added in future. Play button to run, grouping of tasks and more.
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Keep up the great work
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
New Zoom Recording from our Office Hours session on 2020-08-26 is now available.
2020-08-27
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
For the DockerHub new limit thingie: https://twitter.com/pgarbe/status/1298280715575087108
Worried about the upcoming DockerHub rate limits? I build an CDK Construct that you an use to sync important images to ECR. https://github.com/pgarbe/cdk-ecr-sync
![bbhupati avatar](https://secure.gravatar.com/avatar/1e1bc2ed657d2ff203c7003ad87f22b8.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Hello guys, I’m trying to install lens in centos 7.6(64-bit) using snap (https://snapcraft.io/install/kontena-lens/centos) and installation is successful, but when i run kontena-lens it gives below /snap/kontena-lens/110/kontena-lens: error while loading shared libraries: libgtk-3.so.0: cannot open shared object file: No such file or directory sudo yum provides libgtk-3.so.0 Last metadata expiration check: 031 ago on Fri 28 Aug 2020 0651 AM UTC. gtk3-3.22.30-3.el8.i686 : GTK+ graphical user interface library Repo : @System Matched from: Provide : libgtk-3.so.0
gtk3-3.22.30-3.el8.i686 : GTK+ graphical user interface library Repo : rhel-8-appstream-rhui-rpms Matched from: Provide : libgtk-3.so.0
sudo yum install gtk3-3.22.30-3.el8.i686 -y
after installing all dependency packages still getting same error any suggestion on this ?
Get the latest version of Lens for on CentOS - Lens - The Kubernetes IDE