#office-hours (2021-02)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2021-02-03
@here office hours is starting in 30 minutes! Remember to post your questions here.
Kubernetes provider, unauthorized issue.
Sometimes kubernetes provider gives “unauthorized” error, causing the pipe line stop and exit. The problem happens randomly. The issue is discussed here.
https://github.com/terraform-aws-modules/terraform-aws-eks/issues/911#issuecomment-761715025
The root cause of the problem seems to be the too short validation period of the token, which is 15 minutes. Some times EKS creation times, exceed 15 minutes which invalidates the token.
I solved the problem using a dirty hack again with TG, using aws client tool in before hook.
Vlaad claims he solved the problem using Kubernetes provider 2.0 https://github.com/terraform-aws-modules/terraform-aws-eks/issues/911#issuecomment-771583572
@Vlad Ionescu (he/him)
Yup. Gimme 5 and I’ll join office hours
My above comment is in regards to the localhost issue, not the unauthorized one. I have no idea if using the v2 terrafrom-provider-kubernetes fixes the auth issue too or not. https://github.com/hashicorp/terraform-provider-kubernetes/issues/918 is still open so
Something to test!
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Tarlan Isaev has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Renée Leia has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
de la Torre Nicolás has joined Public “Office Hours”
Bruce Messick has joined Public “Office Hours”
venkatamutyala has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Patrick Jahns has joined Public “Office Hours”
mike dizon has joined Public “Office Hours”
Evan Pitstick has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Adrian Wnuk has joined Public “Office Hours”
Andrey Nazarov has joined Public “Office Hours”
Mahmoud Dolah has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Adam Crown has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
15139103984 has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
mvensky has joined Public “Office Hours”
Joaquin Menchaca has joined Public “Office Hours”
David Lundgren has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Julian Severino has joined Public “Office Hours”
KALYAN ALAMURU has joined Public “Office Hours”
Udit Dave has joined Public “Office Hours”
John Mitchell has joined Public “Office Hours”
Dennis Lipovsky has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
emem umoh has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Phil Sautter has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Kareem Shahin has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Imran Hussain has joined Public “Office Hours”
I like this attitude that dev and staging are also production, but for different users! Two thumbs up!
Oskar Maria Grande has joined Public “Office Hours”
Sony Francis has joined Public “Office Hours”
@Mohammed Yahya do you have a link to the flag you where referring to?
@Erik Osterman (Cloud Posse) ^^
makefile example:
init:
@echo $(ORANGE)"==> TF Init"
@terraform -chdir=$(DIR) init
upgrade:
@echo $(ORANGE)"==> TF Upgrade"
@terraform -chdir=$(DIR) init -upgrade=true
validate:
@echo $(ORANGE)"==> TF Validate"
@terraform -chdir=$(DIR) validate
plan:
@echo $(ORANGE)"==> TF Plan"
@terraform -chdir=$(DIR) plan
apply:
@echo $(RED)"==> TF Apply"
@terraform -chdir=$(DIR) apply -auto-approve
thanks!!
rajiv ranjan has joined Public “Office Hours”
Akshay Jain has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
New Zoom Recording from our Office Hours session on 2021-02-03 is now available.
2021-02-06
2021-02-09
2021-02-10
@here office hours is starting in 30 minutes! Remember to post your questions here.
Wow.. can I attend? (and, if yes, how?)
Go to https://cloudposse.com/office-hours to register and get the zoom link
Done, thanks
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Andrew L has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Dustin Van Buskirk has joined Public “Office Hours”
Renée Leia has joined Public “Office Hours”
Kostis Kapelonis has joined Public “Office Hours”
Matteo Migliaccio has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
Ian Groff has joined Public “Office Hours”
Maycon Santos has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Sam C has joined Public “Office Hours”
Kristopher Flint has joined Public “Office Hours”
Jeremy Branham has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Bill Clark has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Leo Zavala has joined Public “Office Hours”
Imran Hussain has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
15139103984 has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Sheldon Hull has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
Julian Severino has joined Public “Office Hours”
emem umoh has joined Public “Office Hours”
Manish Sawlani has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Udit Dave has joined Public “Office Hours”
Patrick Jahns has joined Public “Office Hours”
Pablo Costa has joined Public “Office Hours”
Andrey Nazarov has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Agree with @Mohammed Yahya . It was super cool concept, but it abstracts so much away you have to trust it as is, but once you start untangling all the cloudformation it was a bit concerning. Good for adhoc work/poc, but “devops” folks isn’t not for them imo
Mind me asking what this was related to - I totally forgot it again
AWS Copilot
Pretty cool to try but it took control of so much behind the scenes if the layout/template didn’t fit or needed tweaking it was imo harder than perhaps a good terraform module as the starting point (with a higher infra-as-code bar of entry required to build that of course)
Oliver Schoenborn has joined Public “Office Hours”
Blaise Pabon has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
Petros Kolyvas has joined Public “Office Hours”
Dennis Lipovsky has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
New Zoom Recording from our Office Hours session on 2021-02-10 is now available.
2021-02-11
2021-02-12
I’d like to spend 5 minutes next office hours discussing the merits of INVEST and taking the audience’s temperature on how they feel about it
@roth.andy this is a good way to evaluate how well a story was articulated. I’ve written tons of these for infrastructure teams and the best outcomes are always when it’s a collaborative process with the engineers doing the work. having a good template (e.g. what, why, etc. etc.) that drives the right conversation definitely helps makes that magic happen.
2021-02-15
2021-02-17
@here office hours is starting in 30 minutes! Remember to post your questions here.
Jaime Salcedo has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Vladimir Andreev has joined Public “Office Hours”
Matteo Migliaccio has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Zadkiel has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Victor Xu has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Andrey Nazarov has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Alexander Agent has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Alexander Agent has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Joe Hosteny has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
Rodrigo Quezada has joined Public “Office Hours”
15139103984 has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Joaquin Menchaca has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Robert Jackson has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
@Andy Miguel could you please share your article? I think I’ve already read it. But I want to check it out again.
Oskar Maria Grande has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
cody halovich has joined Public “Office Hours”
Bruno Chauvet has joined Public “Office Hours”
Mahmoud Dolah has joined Public “Office Hours”
tamsky has joined Public “Office Hours”
Michael Bottoms has joined Public “Office Hours”
Jay Zalowitz has joined Public “Office Hours”
@Erik Osterman (Cloud Posse) I’m losing faith https://github.com/awslabs/tecli
Vicken Simonian has joined Public “Office Hours”
what secret/keys management system you prefer to use?
Don’t know if this been reviewed previously but I came across this last week and its pretty cool at visualizing AWS resources: https://github.com/duo-labs/cloudmapper
How can one use terraform for marketplace with Azure, Google Cloud, AWS? I want to deploy distributed database (k8s or no k8s). AWS requires CFN for this. But I don’t know about Azure and GCP.
Tim Gourley has joined Public “Office Hours”
https://github.com/masterpointio/terraform-aws-client-vpn — I forked an AWS Client VPN module to make it a bit more friendly and then used this for a client. I’m still not a fan of VPNs though.
@Erik Osterman (Cloud Posse) if you ever want to move this to a cloudposse module , I’d be happy to donate it + move it when I’ve got some more time. It already using context.tf and would fit well in the library — just needs a bit of cleanup as I did it somewhat rushed for client.
Timely tweet
Office hours still going?
New Zoom Recording from our Office Hours session on 2021-02-17 is now available.
2021-02-24
@here office hours is starting in 30 minutes! Remember to post your questions here.
is there a standard way of “injecting” a template into helm charts before it’s parsed with helmfile? Can the kustomize features of helmfile use helpers defined in the chart?
Question: AWS CDK- What are your thoughts, especially if you’ve used any pattern-based code like https://github.com/cdk-patterns?tab=repositories for example (there are others).
Background: I recently tried to use CDK for a container project using some pattern-based code and found it difficult to wedge the code into a mold that fit my application (ports to the container on LB target groups along with heath checks, for example)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
Pierre Humberdroz has joined Public “Office Hours”
Vladimir Andreev has joined Public “Office Hours”
Evan Pitstick has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Omer Sen has joined Public “Office Hours”
Andrew L has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Matteo Migliaccio has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Leo Zavala has joined Public “Office Hours”
Aleksandr Fofanov has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
Omer Sen has joined Public “Office Hours”
Imran Hussain has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Nigel Kirby has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
Salvatore has joined Public “Office Hours”
15138278650 has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Neil Gealy has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
venkatamutyala has joined Public “Office Hours”
Jim G has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Question: what is the best place to propose a change to HCL2 language like: make enabling/disabling a resource/module a fist-class citizen in the language; eg a boolean metavariable called enabled so we’re not stuck with the count metavariable hack
Thanks I raised an issue there I’ll see what kind of response I get
yep that’s the one I raised
Patrick Joyce has joined Public “Office Hours”
Harold R has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Adam Crown has joined Public “Office Hours”
links from today’s announcements:
HashiCorp Prototype for Terraform Module Acceptance Terraform Testing See docs, and requires 0.15+ (alpha) https://github.com/hashicorp/terraform/pull/27873 https://github.com/hashicorp/terraform/pull/27873/files#diff-dd1cafe2a571c5e9f7b56d4d821e882c22d32b99f39260f53bd4e274b3550615
Terraform 0.15+ is shipping with support for undeclared variables values, but without the deprecation notice. https://github.com/hashicorp/terraform/issues/22004#issuecomment-783757089
Atlantis 0.17.0-beta shipped with basic support for OPA https://github.com/runatlantis/atlantis/releases/tag/v0.17.0-beta
Sponsor Cloud Posse / SweetOps / Office Hours for $1 / mo https://github.com/sponsors/cloudposse
Check out last week’s office hours on YouTube! https://www.youtube.com/c/cloudposse
Joaquin Menchaca has joined Public “Office Hours”
Mahmoud Dolah has joined Public “Office Hours”
I have question about using kustomize in helmfile
Denys has joined Public “Office Hours”
Blaisep has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
what are the pros and cons of using k8 over aws ECS and what are the differences when managing k8 with or without helm charts. are helm charts to pure k8 yaml the same that cloudposse tf modules are to creating plain hcl files with tf resources directly? is that an accurate comparison?
I had k8s question: what’s difference between pvc sotrageClassName or the annotation specifying storage-class, e.g. [volume.beta.kubernetes.io/storage-class](http://volume.beta.kubernetes.io/storage-class)
I just found my own answer, took some digging.
Blaisep has joined Public “Office Hours”
Denys has joined Public “Office Hours”
hashcorp was a bit slower with their release this week! missed the 11:30am PT cut off
2021-02-25
Was referred here, for this question. I have been looking for a CI/CD pipeline solution for terraform changes. But i do use TG, and would be willing to switch so there are more options. It seems like https://github.com/cloudposse/terraform-provider-utils#examples, can solve the problem of the simplicity in TG to go up two levels for .hcl files. One thing i make a ton of use out of is path_relative_to_include , this both allows me to set a single remote state at the top of every VPC (using aws) with key = "prod/${path_relative_to_include()}/terraform.tfstate". I have also been making use of the file system to drill into my yaml files, nodes and directories align (the merits of this could be argued), doing…
inputs = {
servers = local.servers[path_relative_to_include()]["servers"]
}
I’m more interested how you guys get around redefining the state file for each directory. I realize terragrunt can run multiple levels, but that’s really not a draw for me.
Thanks!
2021-02-26
Im going to cross post my #kubernetes question here. I’m quite sure someone already did it
I’m wondering if there are already some solutions for disaster recovery active-active K8S clusters where traffic can be partially switched and security is as granular to a pod level. I saw this https://portworx.com/kubernetes-disaster-recovery/ but not sure. Maybe some used anything like and can share some insights
https://sweetops.slack.com/archives/CBW699XE0/p1614342312005100
is that a Kubernetes concern ?
I imagine K8s holds your app
so a CDN/Global Accelerator/DNS layer is necesary outside of K8s
So yes and no. I think it touches both K8S and outside of K8S. Yeah, definitely DNS layer outside is necessary. But such DNS should be managed. I’m more about something that manages the state of DNS and know state of both clusters to know to which on switch the traffic.
Also let’s imagine we have 3 pods (P1, P2, P3) in cluster A and B. P1 can connect to P2 API. If everything is in the same cluster A it’s fine (network policy can prevent unwanted traffic) but when P2 switches to cluster B then I’m not sure how to prevent P3 from accessing it as just network layer K8S network policy/SG/NACL doesn’t cut it. The traffic can originate from any node/any port in other K8S cluster.
Maybe I’m overcomplicating and it should be done on app layer with API keys?
Thanks guys!
Seems that this vid https://youtu.be/7WwkSgIv0eE has no right channel audio.
2021-02-28
Questions for this week:
• offline Terraform testing using LocalStack or Moto, what is you thoughts/experience?