#office-hours (2021-03)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2021-03-01

Matt Gowie avatar
Matt Gowie

Would be great to chat about rolling out GuardDuty using Cloud Posse tooling — I see ya’ll have some administration covered by turf and some covered by the terraform-aws-guardduty module so I’d like hear about how those two work together and what the proper Cloud Posse suggested approach is there.

cloudposse/turf

CLI Tool to help with various automation tasks (mostly all that stuff we cannot accomplish with native terraform) - cloudposse/turf

cloudposse/terraform-aws-guardduty

Terraform module to provision AWS Guard Duty. Contribute to cloudposse/terraform-aws-guardduty development by creating an account on GitHub.

2021-03-03

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:00:39 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Bart Coddens avatar
Bart Coddens

@Erik Osterman (Cloud Posse) How do you manage the s3state backend configuration when you have a project that uses multiple modules. I know you can use: https://github.com/cloudposse/terraform-aws-tfstate-backend for the general s3state bucket but how do you manage the seperate s3backen.tf files per submodule ? You cannot use variables in these files

cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…

1
oskar avatar


Hashicorp Kubernetes Provider - is it ready for prime-time yet? Targeting mainstream cloud platforms and managed k8s, is anyone inclined to share their best practices (e.g. multiple states “Infra” vs “Service deployments”, integration into CICD, etc)?

roth.andy avatar
roth.andy

Would like to get community feedback on this opinionated statement:

“Features are not considered done until our customers are getting value out of them”

Do you agree? Disagree? Not really care? I’m having a hard time finding something even vaguely resembling definitive either way when looking through Agile, DevOps, best practices, Medium articles, etc. There seem to be quite a few opinions out there.

Andy Miguel avatar
Andy Miguel

@roth.andy i’d say I disagree..

  1. What do we mean by value?  How is value defined and measured? We would need to agree on clear and fair parameters for “value” that’s applicable across every type of story/task. E.g. “it’s not done until it’s in production” isn’t always relevant to every task. If we’re saying something is not done until it’s been validated and handed off, that can be fair.. you can build objective criteria around that. if you ship something and the customer has gripes but agrees the core of the thing is there, then those gripes can become backlog items,  If you ship something and it’s way off from what was asked, then I would look at item 3 on this list. If you ship something, they accept the work but then never use it, that’s not the responsibility of the engineering team so they shouldn’t get penalized by having a never ending task/story/epic affecting their metrics.

  2. Done from whose perspective? The customer likely has no stake in the game whether something is ever considered done or not, but the engineering team needs this definable because they need to measure their output, they need to know the state of things, report on KPIs like time to resolve, and so on. 

  3. How is the feature conceptualized in the first place? Is the feature’s representation in the tool (e.g. Jira) specific enough where it’s reasonable to agree on a definition of done? 

Our general process at cloud posse is tasks are moved to done, then on status calls with customers we move them to an accepted status as they provide thumbs up. This is also after they’ve reviewed (or have been given plenty of time to review) the associated PRs and such.

roth.andy avatar
roth.andy


If we’re saying something is not done until it’s been validated and handed off
Handed off smells to me like a dev team throwing the feature over the wall to the ops team (which is my exact problem right now). In a DevOps mindset it doesn’t feel valid to me to call something done the minute I make it someone else’s problem.
Our general process at cloud posse is tasks are moved to done, then on status calls with customers we move them to an accepted status as they provide thumbs up
Are they giving a thumbs up based on looking at their production environment? Or the pre-prod/testing environment?

Andy Miguel avatar
Andy Miguel


Handed off smells to me like a dev team throwing the feature over the wall to the ops team (which is my exact problem right now). In a DevOps mindset it doesn’t feel valid to me to call something done the minute I make it someone else’s problem.
that could happen for sure. the DevOps mindset is harder to achieve if the org structure isn’t aligned to fostering it. I don’t know your org obviously but the minute you start talking about different teams, that’s a hurdle to getting that sense of shared ownership and investment you want your devs to have. I would definitely be interested to ask more questions/dig into this deeper next week if you’re on office hours

Andy Miguel avatar
Andy Miguel


Are they giving a thumbs up based on looking at their production environment? Or the pre-prod/testing environment?
the tasks can be environment specific so it depends

Andy Miguel avatar
Andy Miguel

obviously the smaller the scope the easier your work moves through your board

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

wow, this might be a marathon session today! lots of great questions. we’ll try to get to as many of them as possible.

2
Zoom avatar
Zoom
07:29:32 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:50 PM

Evan Pitstick has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:53 PM

Patrick Jahns has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:54 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:57 PM

David Lozano has joined Public “Office Hours”

Zoom avatar
Zoom
07:29:59 PM

Adam Crown has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:03 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:06 PM

Raymond Mazurik has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:07 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:10 PM

Jacob Evans has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:14 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:27 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:33 PM

mb Branski has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:45 PM

ASIS SETHI has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:56 PM

Jim G has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:56 PM

James Haughey has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:12 PM

Jeff Dyke has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:31 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:52 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:53 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:23 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:45 PM

15138278650 has joined Public “Office Hours”

mvensky avatar
mvensky

During the last 5 or so minutes of 3-Feb Eric mentioned that Cloudposse views things from 4 layers; infrastructure, shared services, application and…….. I missed the 4th; Anyone know what that might be?

Zoom avatar
Zoom
07:35:12 PM

Bart Coddens has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:28 PM

Oskar Maria Grande has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:19 PM

Kareem Shahin has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:45 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:57 PM

Jonas Steinberg has joined Public “Office Hours”

Zoom avatar
Zoom
07:37:17 PM
Zoom avatar
Zoom
07:38:35 PM

Michael Londeen has joined Public “Office Hours”

Zoom avatar
Zoom
07:38:49 PM

PePe Amengual has joined Public “Office Hours”

roth.andy avatar
roth.andy
Install Multicluster

Install an Istio mesh across multiple Kubernetes clusters.

Zoom avatar
Zoom
07:43:07 PM

Patrick Joyce has joined Public “Office Hours”

Zoom avatar
Zoom
07:43:15 PM

Brandon vh has joined Public “Office Hours”

Zoom avatar
Zoom
07:44:19 PM

Mazin Ahmed has joined Public “Office Hours”

Zoom avatar
Zoom
07:44:25 PM

Oskar Maria Grande has joined Public “Office Hours”

Zoom avatar
Zoom
07:44:54 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
07:46:52 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
07:51:20 PM

Imran Hussain has joined Public “Office Hours”

Zoom avatar
Zoom
07:51:53 PM

Colton Wrisner has joined Public “Office Hours”

Zoom avatar
Zoom
07:53:16 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:59:23 PM

Jonas Steinberg has joined Public “Office Hours”

Jonas Steinberg avatar
Jonas Steinberg

Regarding Geodesic: would you ever consider adding zsh+oh-my-zsh+powerlevel10k? I get having a container to spread around that has a bunch of tools in it but the shell itself lacks numerous convenient features of the shell combo above like sugary history lookup, command completion for kubectl, directional search through files directories, etc.. I’ve spent some time shaping this on Alpine using the geodesic image and it is somewhat a pain because alpine is not meant for such a terminal environment (natively). Nothing wrong with using alpine containers and in fact the powerlevel10k dev uses alpine to demo his stuff; but getting oh-my-zsh working on it including its plugins seems difficult via geodesic.

roth.andy avatar
roth.andy


exceedingly underwhelming and nothing what a serious terminal environment would actually look like
I disagree with this statement. So does Google.

https://google.github.io/styleguide/shellguide.html#which-shell-to-use
Restricting all executable shell scripts to bash gives us a consistent shell language that’s installed on all our machines.

styleguide

Style guides for Google-originated open-source projects

Jonas Steinberg avatar
Jonas Steinberg

@roth.andy see my edit. I specify several things which are missing from the shell that I think would make it much more convenient to use.

Jonas Steinberg avatar
Jonas Steinberg

@roth.andy Additionally: you don’t see the logic of what I was pointing out? (That’s a question). What I’m saying is what’s the point of having a shell you want everyone to use if the shell itself is not that sugary?

So that’s the main concern I have. And if you disagree with that then I’d like to understand why.

roth.andy avatar
roth.andy

I’m not a maintainer of Geodesic, so I can’t speak definitively on it, but I’d imagine that compatibility is more important than convenience to them.

roth.andy avatar
roth.andy

Bash is universal. zsh is one of many options that are all considered alternatives to bash

roth.andy avatar
roth.andy

If they add zsh, should they add ksh when someone who likes ksh better comes along and wants it?

roth.andy avatar
roth.andy

The beauty of Docker containers is you can use Geodesic as the base container in a dockerfile and do whatever you want with it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, the interactive shell, is just one piece of it. We use it as the base image for things like Atlantis, or steps in a pipeline that call helmfile, or helm, or kubectl.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’ll be honest, have serious FOMO/shell-envy of zsh/fish/etc and the power features of those. Just it’s not yet been a priority. I wouldn’t rule it out entirely, but @roth.andy is correct that bash is the most widely adopted shell. Tides are turning towards zsh, but I want to make sure don’t make a rash decision. Also, the terminal UI/UX has become a thing these days. Very hard to make it appealing for a wide audience (the audience that cares what the prompt looks like). I know inside our company, there’s a lot of different opinions on colors, characters/utf8, etc. No one can agree.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Zoom avatar
Zoom
08:11:55 PM

Imran Hussain has joined Public “Office Hours”

Zoom avatar
Zoom
08:12:21 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
08:15:30 PM

Robert Jackson has joined Public “Office Hours”

Zoom avatar
Zoom
08:20:36 PM

Michael Sew has joined Public “Office Hours”

Zoom avatar
Zoom
08:20:48 PM

Michael Sew has joined Public “Office Hours”

Mohammed Yahya avatar
Mohammed Yahya

@Erik Osterman (Cloud Posse) ^^

Matt Gowie avatar
Matt Gowie

Sadly… last commit to that alpha provider was at the beginning of December. I really hope that gets more steam — I could use that today (if it was reliable).

2

2021-03-04

2021-03-10

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
07:00:49 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Zoom avatar
Zoom
07:30:16 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:18 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:27 PM

Nicolás de la Torre has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:34 PM

Evan Pitstick has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:35 PM

Vicken Simonian has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:37 PM

Patrick Joyce has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:37 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:39 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:41 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:42 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
07:30:59 PM

Imran Hussain has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:07 PM

Naiman Daniels has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:20 PM

venkatamutyala has joined Public “Office Hours”

Zoom avatar
Zoom
07:31:42 PM

James Thalacker has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:13 PM

Joaquin Menchaca has joined Public “Office Hours”

Zoom avatar
Zoom
07:32:52 PM

Sam C has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:15 PM

Rahul has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:45 PM

Anton Babenko has joined Public “Office Hours”

Zoom avatar
Zoom
07:33:47 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
07:35:38 PM

Colton Wrisner has joined Public “Office Hours”

Zoom avatar
Zoom
07:36:22 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
07:37:58 PM

Cliff Williams has joined Public “Office Hours”

Zoom avatar
Zoom
07:39:57 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
07:40:15 PM

Pavel Z has joined Public “Office Hours”

Zoom avatar
Zoom
07:42:45 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
07:42:51 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
07:42:58 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:43:35 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
07:43:37 PM

15138278650 has joined Public “Office Hours”

Zoom avatar
Zoom
07:45:58 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:46:17 PM

Brandon vh has joined Public “Office Hours”

Zoom avatar
Zoom
07:46:43 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:47:31 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
07:48:54 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:50:31 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:54:38 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
07:57:23 PM

Kareem Shahin has joined Public “Office Hours”

Zoom avatar
Zoom
08:02:34 PM

Vicken Simonian has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
The Behavior-Driven Three Amigos

I recently learned who “The Three Amigos” are, even though I always practiced the mindset. This post explains how to bring ‘em into BDD.

Zoom avatar
Zoom
08:12:21 PM

Ola Ade has joined Public “Office Hours”

Zoom avatar
Zoom
08:24:21 PM

Cliff Williams has joined Public “Office Hours”

2021-03-12

2021-03-16

managedkaos avatar
managedkaos

Can we please discuss this during office hours this week? I’ve been waiting on this functionality for a while and I’m kicking the tires on it today. I’m trying it on an existing cluster and having some configuration issues. Might try the walkthrough the article gives just to see this working.

Sad part is they implemented this on the v1 AWS CLI instead of the v2 CLI which i already have installed. Why AWS? WHY!? Anyway, I’m able to run the v1 CLI in a virtualenv so that works.

Looking forward to hearing about the experience folks are having with this! https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

NEW – Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2 | Amazon Web Servicesattachment image

Today, we are announcing the ability for all Amazon ECS users including developers and operators to “exec” into a container running inside a task deployed on either Amazon EC2 or AWS Fargate. This new functionality, dubbed ECS Exec, allows users to either run an interactive shell or a single command against a container. This was one of […]

4

2021-03-17

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:01:07 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Bart Coddens avatar
Bart Coddens

Another question for the office hour today: how do you manage iam user login profiles (console passwords) with a team. The keybase key cannot and should not be shared among members in the team. What do you do if the original creator of the login profile leaves the company and the keybase key is deleted ? Do you taint the resource and recreate it ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’m light on prepared questions today

Zoom avatar
Zoom
06:30:00 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:09 PM

Oliver Schoenborn has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:13 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:21 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:32 PM

Cliff Williams has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:32 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:34 PM

Brandon vh has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:37 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:39 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:40 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:05 PM
Zoom avatar
Zoom
06:31:27 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:30 PM

Michael Holt has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:56 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:59 PM

mb Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:03 PM

Hao Wang has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:14 PM

15138278650 has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:33 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:00 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:34 PM

Nathaniel Selzer has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:08 PM

uwaila adams has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:22 PM

Mauricio Hernandez has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:04 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:48 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:31 PM

Vicken Simonian has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:02 PM

David Lozano has joined Public “Office Hours”

Matt Gowie avatar
Matt Gowie
masterpointio/ecsrun

Easily run one-off tasks against a ECS Task Definition - masterpointio/ecsrun

1
Zoom avatar
Zoom
06:43:14 PM

Obi Anyaoku has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:47 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:49:22 PM

Mazin Ahmed has joined Public “Office Hours”

Matt Gowie avatar
Matt Gowie

Makefile example for Michael:

decrypt-user-password:
	@if [[ "$(USER)" == "" ]]; then \
		echo "Please set USER to first_name.last_name prior to running 'make decrypt-user-password'" && exit 1; \
	fi;
	@PGP_KEY_JSON=$$(aws secretsmanager get-secret-value --secret-id terraform_iam_users_pgp_key | jq -r ".SecretString"); \
		export GPG_TTY=$(tty); \
		echo $$PGP_KEY_JSON | jq -r ".terraform_users_pgp_private_key" | gpg --import; \
		export PGP_PASSPHRASE=$$(echo $$PGP_KEY_JSON | jq -r ".terraform_users_pgp_passphrase"); \
		cd ./components/iam_infra; \
		export ENCRYPTED_PASSWORD=$$(terraform output --json | jq -r '.user_encrypted_passwords.value | .["$(USER)"]'); \
		export RAW_PASSWORD=$$(echo $$ENCRYPTED_PASSWORD | base64 --decode | gpg --decrypt --batch --passphrase $$PGP_PASSPHRASE); \
		printf "\nPrivate message $(USER) in Slack with the following:\n\n"; \
		echo "Hey, you got a fancy new AWS Login :cool-doge: Check out the info and guide below to get everything setup:"; \
		echo ""; \
		echo "AWS Account Setup Guide: REDACTED"; \
		echo "Console Login URL: REDACTED"; \
		echo "username: $(USER)"; \
		echo "password: $$RAW_PASSWORD";
Matt Gowie avatar
Matt Gowie

@Mike Martin

Mike Martin avatar
Mike Martin

Thank you!

np1
Zoom avatar
Zoom
06:59:03 PM

Antoine TAILLEFER has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:48 PM

Hao Wang has joined Public “Office Hours”

Zoom avatar
Zoom
07:02:56 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
07:04:47 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
07:05:48 PM

Mike Martin has joined Public “Office Hours”

Zoom avatar
Zoom
07:07:05 PM

Patrick Joyce has joined Public “Office Hours”

Zoom avatar
Zoom
07:18:57 PM

ASIS SETHI has joined Public “Office Hours”

Zoom avatar
Zoom
07:21:47 PM

Joaquin Menchaca has joined Public “Office Hours”

David Lozano avatar
David Lozano

would you pick teleport over strongdm now the teleport supports mysql and postgres?

managedkaos avatar
managedkaos

from AWS API Gateway:
When private DNS is enabled, you’re able to access your API via private or public DNS. (This setting doesn’t affect who can access your API, only which DNS addresses they can use.) However, you cannot access public APIs from a VPC by using an API Gateway VPC endpoint with private DNS enabled. Note that these DNS settings don’t affect the ability to call these public APIs from the VPC if you’re using an edge-optimized custom domain name to access the public API. Using an edge-optimized custom domain name to access your public API (while using private DNS to access your private API) is one way to access both public and private APIs from a VPC where the endpoint has been created with private DNS enabled.

1
jose.amengual avatar
jose.amengual

this is key statement :

However, you cannot access public APIs from a VPC by using an API Gateway VPC endpoint with private DNS enabled
jose.amengual avatar
jose.amengual

sorry that I interrupted you in the call

managedkaos avatar
managedkaos

no worries!

but what about this part?
Using an edge-optimized custom domain name to access your public API (while using private DNS to access your private API) is one way to access both public and private APIs from a VPC where the endpoint has been created with private DNS enabled.

managedkaos avatar
managedkaos

private DNS should work in this case?

jose.amengual avatar
jose.amengual

is you api endpoint, public or private?

managedkaos avatar
managedkaos

when i hopefully get it working, the endpoint would be private

jose.amengual avatar
jose.amengual

if the endpoint is private AFAIK you are forced to use the huge long name of the vpc endpoint

jose.amengual avatar
jose.amengual

I think the problem is that they somehow check the host header so if it does not match then it fails

managedkaos avatar
managedkaos

got it

jose.amengual avatar
jose.amengual

In my case I was using a private endpoint with and API policy to check which VPC the request was coming from

managedkaos avatar
managedkaos

yeah a vanity URL would be nice for this project so i keep pressing that way. if we have to use the machine named URL so be it

jose.amengual avatar
jose.amengual

and that combination did not work even when I used a cname to point to the vpc endpoint

1
jose.amengual avatar
jose.amengual

you could try to setup the private endpoint nd then cname a dns and see if it works

jose.amengual avatar
jose.amengual

I think it might work if you do not have custom policies

managedkaos avatar
managedkaos

ok. i will just try to get it working and then will hack on any improvements. something is better than nothing at this point

managedkaos avatar
managedkaos

i’ll circle back with the final implementation

jose.amengual avatar
jose.amengual

awesome

Zoom avatar
Zoom
09:03:41 PM

Antoine TAILLEFER has joined Public “Office Hours”

2021-03-24

Matt Gowie avatar
Matt Gowie

Reposting my question from a few weeks back in #kubernetes as I’m striking out on this one. We don’t need to talk about this in depth at all, but if anybody is managing a larger TCP service in production then I’d like to chat with you!

https://sweetops.slack.com/archives/CBW699XE0/p1614790261014800

Not exactly a Kubernetes question, but figured folks in this channel would know what I’m talking about exists — Does anyone know if there is a Network / TCP proxy tool out there that will do a manage-and-forward pattern (my own made up term for describing this) for long lived TCP connections?

I have a client running on K8s and one of their primary microservices holds long lived TCP socket connections with many thousands of clients through an AWS NLB. The problem is that whenever we do a deployment and update those pods the TCP connections require a re-connection which results in problems on the client side. So to provide an better experience for the clients we’re looking at what we can do to have those TCP connections always stay alive. My first thought is for a proxy layer that manages the socket connections with the client and then forwards socket connections to the actual service pods. That way even if the pods are swapped out behind the scenes, the original socket connection is still up and has no adverse affects on the clients.

Zachary Loeber avatar
Zachary Loeber

https://github.com/yannh/kubeconform <– cool little tool for validating kube manifests in pipelines worth a quick once over

yannh/kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources! - yannh/kubeconform

David Lozano avatar
David Lozano

Hi everyone, would like to hear what are the key points you consider when deciding to deploy your workloads on ECS EC2 or ECS Fargate. What would make you to pick Fargate even though it’s more expensive when running the tasks 24/7. Is the simplicity of scaling out/in the only factor influencing this decision?

Darren Cunningham avatar
Darren Cunningham

not having to care about AMI/OS patching

(scanning the container image is still necessary, but that’s true either way)

2
this2
1
Darren Cunningham avatar
Darren Cunningham

IMO that pays for itself in regards to the straight up difference when comparing EC2

also, now that Fargate has Spot Pricing the gap is being closed

David Lozano avatar
David Lozano

very valid points @Darren Cunningham

Darren Cunningham avatar
Darren Cunningham

great job on the video @Vlad Ionescu (he/him) – really appreciate the callout about people costs and fully agree that a lot of teams overlook this and end up sinking hours in effort and opportunity loss in order to save on their monthly bill

1
1
Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

Thank you!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:49 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

roth.andy avatar
roth.andy

Built-in Pod Security Policies vs OPA? OPA is more work, but way more flexible. How to choose between them?

Or Azarzar avatar
Or Azarzar

aren’t pod security policies deprecated?

roth.andy avatar
roth.andy

Didn’t know that, thanks. That makes that decision easy

Or Azarzar avatar
Or Azarzar

yeah, we choose OPA with Gatekeeper.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Kubernetes Pod Security Policy Deprecation: All You Need to Knowattachment image

The Kubernetes Policy (PSP) will soon get deprecated, replaced with a Pod Security Standards (PSS). Learn how it affects your K8s security & why using an OPA-based admission controller is better.

Bart Coddens avatar
Bart Coddens

thanks for the suggestion to go for amazon sso, how do you manage the users and passwords inside amazon sso ? Via terraform as well ?

1
Zoom avatar
Zoom
06:29:51 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:10 PM

tyler stilwagne has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:11 PM

uwaila adams has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:11 PM

David Lozano has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:17 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:19 PM

Mahmoud Dolah has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:20 PM

Brian Stascavage has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:25 PM

Yuri Lima has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:31 PM

mb Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:35 PM

James Thalacker has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:55 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:09 PM

Mike Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:13 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:22 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:26 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:52 PM

Kristopher Flint has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:00 PM

Sam C has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:18 PM
Zoom avatar
Zoom
06:32:18 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:19 PM

Hugo Oliveira has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:21 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:21 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:28 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:58 PM

Brian Tai has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:15 PM

15138278650 has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:46 PM

Jaime S has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:06 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:18 PM

Cliff Williams has joined Public “Office Hours”

Matt Gowie avatar
Matt Gowie

If you want to learn more about Geodesic — we’ve got our first tutorial up on the docs site: https://docs.cloudposse.com/tutorials/geodesic-getting-started/

Zoom avatar
Zoom
06:39:14 PM

Akshay Jain has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:34 PM

Brandon vh has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:22 PM

Michael Sew has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:03 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:43:33 PM

Vicken Simonian has joined Public “Office Hours”

Zoom avatar
Zoom
06:48:01 PM

Naiman Daniels has joined Public “Office Hours”

Zoom avatar
Zoom
06:51:23 PM

Michael Holt has joined Public “Office Hours”

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)
Terraform Code Reviews: Supercharged with Conftest

Learn how Doordash automated away some mundane code review tasks for infrastructure code.

Zoom avatar
Zoom
06:59:05 PM

ASIS SETHI has joined Public “Office Hours”

Zoom avatar
Zoom
07:00:47 PM

Colton Wrisner has joined Public “Office Hours”

Zoom avatar
Zoom
07:01:35 PM

Mike Martin has joined Public “Office Hours”

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

~I know https://pullreminders.com was a thing for PR reminders/analytics~

Matt Gowie avatar
Matt Gowie

Seems gone now

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

Oh god. I did not see the banner

Zoom avatar
Zoom
07:02:58 PM

Patrick Joyce has joined Public “Office Hours”

Zoom avatar
Zoom
07:05:05 PM

Antoine TAILLEFER has joined Public “Office Hours”

Zoom avatar
Zoom
07:14:52 PM

Isa Aguilar has joined Public “Office Hours”

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

https://github.com/kubernetes/enhancements/issues/5#issuecomment-776043765:

For anyone following this ticket, PSPs will be deprecated in 1.21 with removal targeted for 1.25.
This is correct. We moved deprecation from 1.22 to 1.21 because we know that existing PSP API will not be losslessly backward compatible with a future replacement. PSP removal is staying at the previously planned 1.25.

Pod Security Policy · Issue #5 · kubernetes/enhancements

Feature Description Define policy objects that limit what security-related features pods and containers can use Primary contact (assignee): @tallclair Responsible SIGs: @kubernetes/sig-auth-feature…

roth.andy avatar
roth.andy
Kubernetes Pod Security Policy Deprecation: All You Need to Knowattachment image

The Kubernetes Policy (PSP) will soon get deprecated, replaced with a Pod Security Standards (PSS). Learn how it affects your K8s security & why using an OPA-based admission controller is better.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3 | Amazon Web Servicesattachment image

When you store data in Amazon Simple Storage Service (S3), you can easily share it for use by multiple applications. However, each application has its own requirements and may need a different view of the data. For example, a dataset created by an e-commerce application may include personally identifiable information (PII) that is not needed […]

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

Regarding the ECS AutoScaling + Capacity Providers question in chat: https://aws.amazon.com/blogs/containers/deep-dive-on-amazon-ecs-cluster-auto-scaling/ will answer the question! It goes super-in-depth on the topic, including how they talk to the ASG and why

Deep Dive on Amazon ECS Cluster Auto Scaling | Amazon Web Servicesattachment image

Introduction Up until recently, ensuring that the number of EC2 instances in your ECS cluster would scale as needed to accommodate your tasks and services could be challenging.  ECS clusters could not always scale out when needed, and scaling in could impact availability unless handled carefully. Sometimes, customers would resort to custom tooling such as […]

1

2021-03-31

David Lozano avatar
David Lozano

Hi everyone, would like to hear you opinion / experience using GitHub and GH actions vs AWS codeBuild, codePipeline and codeDeploy for CI/CD pipelines when source code is in Github and want to deploy to ECS.

Marcin Brański avatar
Marcin Brański

Using AWS products for cicd is nightmare. You can do it though and they do work but if you can choose then look for other solutions first.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:40 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Bart Coddens avatar
Bart Coddens

one question Erik, I will join the call as well. Howto migrate existing terraform configurations to a modular configuration, for example based on the cloudposse modules

Zoom avatar
Zoom
06:29:59 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:02 PM

Bart Coddens has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:08 PM

James Thalacker has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:12 PM

Michael Martin has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:17 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:22 PM

Neil Gealy has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:28 PM

Vlad Ionescu has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:31 PM

David Lozano has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:32 PM

Yonatan Koren has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:33 PM

Sam C has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:35 PM

mb Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:38 PM

ASIS SETHI has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:45 PM

Stan M has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:50 PM

Andy Roth has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:51 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:07 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:19 PM

Luis Masaya has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:28 PM

Andrey Nazarov has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:36 PM

Michael Jenkins has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:44 PM

imran.hussain has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:05 PM

Kristopher Flint has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:22 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:28 PM

Soham Dutta has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:33 PM

PePe Amengual has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:43 PM

Hugo Oliveira has joined Public “Office Hours”

Andrew Nazarov avatar
Andrew Nazarov

Please share the link here)

jose.amengual avatar
jose.amengual

all those “Public “Office Hours” are the links

Andrew Nazarov avatar
Andrew Nazarov

It was about atmos docs, sorry for such a fuzzy request). Andy has already shared:)

jose.amengual avatar
jose.amengual

ok

Andy Miguel avatar
Andy Miguel
cloudposse/terraform-cloudflare-zone

Contribute to cloudposse/terraform-cloudflare-zone development by creating an account on GitHub.

cloudposse/terraform-cloudflare-waf-rulesets

Contribute to cloudposse/terraform-cloudflare-waf-rulesets development by creating an account on GitHub.

Release v0.15.0-rc1 · hashicorp/terraform

0.15.0-rc1 (Unreleased) ENHANCEMENTS: backend/azurerm: Dependency Update and Fixes (#28181) BUG FIXES: core: Fix crash when referencing resources with sensitive fields that may be unknown (#2818…

Sponsor @cloudposse on GitHub Sponsors

Cloud Posse is a DevOps Accelerator that helps companies own their infrastructure in record time by building it with you and then showing you the ropes. Everything we do is 100% Open Source under A…

2
2
Zoom avatar
Zoom
06:34:39 PM

Zachary Loeber has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:40 PM

mb Branski has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:23 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:28 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:45 PM

Sony Francis has joined Public “Office Hours”

Zoom avatar
Zoom
06:39:58 PM

Andrew Thompson has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:04 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:40:46 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:41:49 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:10 PM

Gilberto Junior has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:53 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:07 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:46 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:49 PM

Blaisep has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:49 PM

rizky ramadhan has joined Public “Office Hours”

Zoom avatar
Zoom
06:47:08 PM

Fernando Sanz has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
AWS for GitHub Actions

AWS for GitHub Actions has 13 repositories available. Follow their code on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
aws-actions/aws-codebuild-run-build

Run a AWS CodeBuild project as a step in a GitHub Actions workflow job. - aws-actions/aws-codebuild-run-build

Zoom avatar
Zoom
06:48:30 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
06:48:35 PM

Phil Sautter has joined Public “Office Hours”

Vlad Ionescu (he/him) avatar
Vlad Ionescu (he/him)

Example of logs in GitHub Checks, something that CirlceCI could do but doesn’t: https://github.com/brigadecore/brigade/pull/914/checks?check_run_id=130703731

Log unhandled rejection with error message by radu-matei · Pull Request #914 · brigadecore/brigade

closes #913 What this PR does / why we need it: This PR logs the error message when an error is thrown but not handled. One area I&#39;d like to dig a bit deeper is around the different log levels,…

Zoom avatar
Zoom
06:53:55 PM

Mohammed Yahya has joined Public “Office Hours”

Zoom avatar
Zoom
06:54:22 PM

Hao Wang has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
aws-actions/amazon-ecs-deploy-task-definition

Registers an Amazon ECS task definition and deploys it to an ECS service. - aws-actions/amazon-ecs-deploy-task-definition

1
Zoom avatar
Zoom
06:57:23 PM

uwaila adams has joined Public “Office Hours”

Zoom avatar
Zoom
06:57:36 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:02:15 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:04:49 PM

Jailson Silva has joined Public “Office Hours”

Zoom avatar
Zoom
07:05:34 PM

Joaquin Menchaca has joined Public “Office Hours”

Zoom avatar
Zoom
07:05:40 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:06:32 PM

Florain Drescher has joined Public “Office Hours”

Hao Wang avatar
Hao Wang

a quick question, is terraform import similar to google’s terraformer?

roth.andy avatar
roth.andy

no. terraformer actually generates terraform code, terraform import just imports existing resources into terraform state

1
Hao Wang avatar
Hao Wang

got it, hmm, interesting

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
GoogleCloudPlatform/terraformer

CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code - GoogleCloudPlatform/terraformer

Zoom avatar
Zoom
07:10:15 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:11:36 PM

Michael Londeen has joined Public “Office Hours”

Andrew Nazarov avatar
Andrew Nazarov

In addition to terraformer if you are on GCP now you can do something like

gcloud alpha resource-config bulk-export --project my-project --resource-format=terraform

to export your resources in TF format

https://cloud.google.com/sdk/gcloud/reference/alpha/resource-config/bulk-export

Zoom avatar
Zoom
07:14:48 PM

Florain Drescher has joined Public “Office Hours”

Hao Wang avatar
Hao Wang

clickops, it is an innovation lol

Zoom avatar
Zoom
07:19:07 PM

Florain Drescher has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…

Zoom avatar
Zoom
07:21:32 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:22:21 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:23:41 PM

Florain Drescher has joined Public “Office Hours”

Zoom avatar
Zoom
07:24:23 PM

Florain Drescher has joined Public “Office Hours”

Andrew Nazarov avatar
Andrew Nazarov

What was the tool? Stitch?

Andrew Nazarov avatar
Andrew Nazarov
Stitch: Simple, extensible ETL built for data teams

All your data. Where you want it. In minutes. Stitch is a cloud-first, developer-focused platform for rapidly moving data. Hundreds of data teams rely on Stitch to securely and reliably move their data from SaaS tools and databases into their data warehouses and data lakes.

    keyboard_arrow_up