#office-hours (2021-05)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2021-05-03
2021-05-04
Is terraform FIPS complaint?
terraform cloud?
FIPS compliance is usually required to in the context of encryption libraries. as far as I understand, the terraform binary itself is written in GO and you would have find providers that use FIPS compliant libraries, which aren’t used by default.
looks like some providers like oracle, have implemented fips encryption libraries at provider level: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/fips_compatible_terraform_provider.htm#fips_compatible_terraform_provider
looks like there is at least one AWS provider has FIPS encryption option: https://registry.terraform.io/modules/terraform-aws-modules/redshift/aws/latest#input_use_fips_ssl
It is maintained by @antonbabenko so he is probably the best person to ask on the topic.
Thank you both! We are doing stuff that requires FIPS compliance in Azure and GCP, what you mentioned above sounds aligned with what I have on googled online over the past few hours.
It appears compliance is as simple as saying it’s compliant but validation requires a full end to end review and then getting list here . During my search I found that the AWS provider promotes FIPS but it’s build process doesn’t seem to use a validated library. From what I can gather online, golang by default doesn’t have any validated libraries so an option is to use a drop in compiler replacement for the crypto libraries. One option is go-toolset from redhat and another is BoringCrypto from google. So if “compliance” requires a validated library then I don’t even thing the AWS provider is fully compliant.
2021-05-05
@here office hours is starting in 30 minutes! Remember to post your questions here.
How do I keep a failed pod from being terminated, so we can do forensic evals? can I set/remove labels to do that?
Kerri Rist (Cloud Posse) has joined Public “Office Hours”
Dhaval Dedhia has joined Public “Office Hours”
Parthasarathi S has joined Public “Office Hours”
Robert Jackson has joined Public “Office Hours”
Venkata Mutyala has joined Public “Office Hours”
Sam C has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Ian Bartholomew has joined Public “Office Hours”
Colton Wrisner has joined Public “Office Hours”
Tim Davis has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Jeremy (Cloud Posse) has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Ayrton Araújo has joined Public “Office Hours”
Kristopher Flint has joined Public “Office Hours”
Lionel LONKAP has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Hao Wang has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Leia Renée has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Scott Mathson has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Ray Myers has joined Public “Office Hours”
Michael Padgett has joined Public “Office Hours”
Joaquin Menchaca has joined Public “Office Hours”
Gonzalo Acosta has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Stan M has joined Public “Office Hours”
Jeremy Parker has joined Public “Office Hours”
Jeff Lanza has joined Public “Office Hours”
Jeff Vier has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
Question: ELK or Prometheus? Or Both where Prometheus is used for metrics and ELK is used for log collection and analysis? What is the suitable approach for central alerting?
They are two different things. Elasticsearch is first and foremost an indexer, while prometheus is a time series database.
We have both. ELK for logs, Prometheus for metrics, then Grafana which aggregates data from Prometheus and ElasticSearch
Loki might be considered as an alternative for logging
CNCF SIGs are TAGs now: https://github.com/cncf/toc/pull/654/files
tamsky has joined Public “Office Hours”
uwaila adams has joined Public “Office Hours”
Pod dump for forensics: https://github.com/keikoproj/kube-forensics and https://github.com/ThreatResponse/margaritashotgun
https://aws.github.io/aws-eks-best-practices/security/docs/incidents/ is also pretty nice
EphemeralContainers is an alpha Feature Gate (default false) available starting with 1.16 and according to the latest docs still alpha and defaulting to false through the current 1.21
Steven Hopkins has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Monitoring using Pixie: https://www.eksworkshop.com/intermediate/241_pixie/
jason thomas has joined Public “Office Hours”
Jason Valencia has joined Public “Office Hours”
Links around eBPF (with pretty pictures):
• Falco: https://sysdig.com/blog/sysdig-and-falco-now-powered-by-ebpf/
• Pixie home page: https://pixielabs.ai/
• Cillium Home page: https://cilium.io/
• Article of diff solutions: https://cilium.io/
A nice article about philosoby of Alerting by Rob Ewaschuk, based on his observations while he was a Site Reliability Engineer at Google https://docs.google.com/document/d/199PqyG3UsyXlwieHaqbGiWVa8eMWi8zzAn0YfcApr8Q/edit#
shu-ha-ri 守破離
• 守 protect, obey - traditional wisdom - learning fundamentals, techniques, heuristics, proverbs
• 破 detach, digress - breaking with tradition - breaking with tradition—detachment from the illusions of self
• 離 leave, separate - transcendence - there are no techniques or proverbs, all moves are natural, becoming one with spirit alone without clinging to forms; transcending the physical
Related, found this, looks funny: https://www.scruminc.com/scaling-scrum-lufthansa-scrum-day-stuttgart-may-2017/
Gabriel Boie has joined Public “Office Hours”
Agility is Inefficient … Klaus Bucka-Lassen Closing Keynote GOTOpia Chicago April 20th, 2021 https://files.gotocon.com/uploads/slides/conference_44/1765/original/Agility%20is%20inefficient%20%28GOTOpia%29%20-%20Handout.pdf
https://www.harbott.com/why-squads-and-tribes-probably-wont-work/ Key quote:
"Even at the time we wrote it, we weren't doing it. It was part ambition, part approximation. People have really struggled to copy something that didn't really exist."
Joakim Sundén, agile coach at Spotify 2011–2017
2021-05-12
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Scott Mathson has joined Public “Office Hours”
Jacob Evans has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Kevin Ryan has joined Public “Office Hours”
Andrew Grube has joined Public “Office Hours”
Steven Hopkins has joined Public “Office Hours”
Harold R has joined Public “Office Hours”
Dave Hill has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Nate Selzer has joined Public “Office Hours”
Leo Zavala has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
katrina walker has joined Public “Office Hours”
Stevan Arychuk has joined Public “Office Hours”
Gilberto Michishita Junior has joined Public “Office Hours”
Sri has joined Public “Office Hours”
Venkata Mutyala has joined Public “Office Hours”
links from today’s announcements:
• https://www.infoq.com/news/2021/05/atlassian-open-devops/
John Mitchell has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Alex Siegman has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
Andrew Way has joined Public “Office Hours”
Igor Bronovskyi has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Isa Aguilar has joined Public “Office Hours”
mb Branski has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
• anthology - Private Terraform registry implementation as an alternative to the official registry.
• citizen - Private Terraform Module Registry
• terraform-simple-registry - Simple implementation of the Terraform registry protocols.
uwaila adams has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
would like to hear some thoughts on AWS ECS copilot if anyone has given it a try
Andrew Thompson has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Andrew Thompson has joined Public “Office Hours”
Here’s the beginning of the thread on Twitter about the different levels of answers for the same interview question that I mentioned:
https://twitter.com/QuinnyPig/status/1390802669321658369
Here’s the one I was talking about:
, I’m a fan of Corey Quinn also. I’ve been away for a few weeks, has @Erik Osterman (Cloud Posse): re-surfaced the discussion about k8s resource usage accounting?
The founder of cloudskiff contacted for feedback on driftctl (infra drift detection tool), https://github.com/cloudskiff/driftctl
Hi folks I’m part of the team. Happy to jump in whenever you discuss it
Just putting it out here if people want to try it and we can discuss it next office hour
2021-05-18
2021-05-19
I see that Hashicorp has v0.2 of Boundary (https://www.boundaryproject.io/). Maybe worth discussing in office hours and see if anyone has used it.
I’m definitely interested in app runner. reminds me of GCP Cloud Run which is a super simple way to get a container image running in no time flat (in my experience).
@here office hours is starting in 30 minutes! Remember to post your questions here.
:question: : what is the best practice to get Terraform to pick up changes to modules? I am finding that unless I remove the .terraform/modules/x` directory where the module is installed to force a new download/install, TF may or may not pick up changes to an unpinned module.
did you try terraform get -update?
nope! TIL!
thanks
Michael Jenkins has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Mike Marseglia has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Joe Hosteny has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
links from today’s session:
• https://www.hashicorp.com/blog/default-tags-in-the-terraform-aws-provider
• https://alex.kaskaso.li/post/terraform-plan-rce
• https://finance.yahoo.com/news/aws-announces-general-availability-aws-231000856.html
• https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
• https://github.com/hashicorp/terraform-provider-aws/pull/14714
Jeff Lanza has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Brandon vh has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Vicken Simonian has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Scott Mathson has joined Public “Office Hours”
Anton Babenko has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Mike Marseglia has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Isa Aguilar has joined Public “Office Hours”
Michael Londeen has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Jacob Evans has joined Public “Office Hours”
Joaquin Menchaca has joined Public “Office Hours”
Nick James has joined Public “Office Hours”
Igor Bronovskyi has joined Public “Office Hours”
Steven Hopkins has joined Public “Office Hours”
Steven Hopkins has joined Public “Office Hours”
Jeff Lanza has joined Public “Office Hours”
Alex Siegman has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Michael Padgett has joined Public “Office Hours”
Joe Hosteny has joined Public “Office Hours”
Prasanna Venkataraman has joined Public “Office Hours”
David Lozano has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
Rashid has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Terraform question, you upgrade new minor version of terraform, and suddenly, when doing terraform apply, it wasn’t to recreate your VPC, EKS, etc. Will this ever be fixed? Example, v0.12.30 to v0.12.31.
Hao Wang has joined Public “Office Hours”
Emile Fugulin has joined Public “Office Hours”
Reverse Proxy web caching looks interesting, can work with nginx, apache, traefik… https://github.com/Darkweak/Souin
Pasted that a few days ago, https://github.com/cloudskiff/driftctl wanted to know if people used it on large production system
would like to hear some thoughts on AWS ECS copilot if anyone has given it a try
2021-05-20
2021-05-21
2021-05-24
2021-05-25
2021-05-26
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Florain Drescher has joined Public “Office Hours”
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Gilberto Michishita Junior has joined Public “Office Hours”
links from today’s announcements:
• https://www.techradar.com/news/why-system-backups-no-longer-shield-against-ransomware
Tim Gourley has joined Public “Office Hours”
James Haughey has joined Public “Office Hours”
emem umoh has joined Public “Office Hours”
Stevan Arychuk has joined Public “Office Hours”
Patrick Joyce has joined Public “Office Hours”
Brian Ojeda has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Wilson Chan has joined Public “Office Hours”
Amelia Graycen has joined Public “Office Hours”
Mohammed Yahya has joined Public “Office Hours”
looks like my connection died again
Andrey Nazarov has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
- AWS Container Day @ DockerCon!
Stan M has joined Public “Office Hours”
Hao Wang has joined Public “Office Hours”
DockerCon’21 is starting tomorrow:)) https://docker.events.cube365.net/dockercon-live/2021
Michael Jenkins has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Mazin Ahmed has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Rajiv Ranjan has joined Public “Office Hours”
Joe Hosteny has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
imran.hussain has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
ASIS SETHI has joined Public “Office Hours”
Older presentation video/review for copilot video: https://www.youtube.com/watch?v=Ay8iUFWzF4U. There was a new Copilot video today at AWS Container Day. It should be up on YouTube tomorrow
Jailson Silva has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Copilot pipeline link, as requested: https://github.com/aws/copilot-cli/blob/da8967617d9d0d299d1e03e4559aa15367ae62c6/site/content/docs/concepts/pipelines.en.md
Anybody have experience restoring RDS snapshots, using Terraform? I’m just starting to look into this and I’m wondering how subsequent TF applies are impacted by setting snapshot_identifier , but what about subsequent applies? I saw some comments about setting ignore_changes for snapshot_identifier , whcih I’m thinking I should include as a variable for the TF, to manage it that way, rather than the data aws_db_snapshot source
I did before and it always recreated the RDS instance no matter what snapshot_identifier is used
it should be a bug
David Lozano has joined Public “Office Hours”
Blaise Pabon has joined Public “Office Hours”
A V has joined Public “Office Hours”
question 1, how to use for_each with TF?
uwaila adams has joined Public “Office Hours”