#office-hours (2021-07)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2021-07-07
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vlad Ionescu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thayne Trevenen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Frank Scalzo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ossie Botu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Hawthorne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ian Bartholomew has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ossie Botu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Antarr Byrd has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Evan Pitstick has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yusuf Adeyemo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jeremy (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
vikram yerneni has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oliver Schoenborn has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Sorry everyone - my connection is too bad we had to end early.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
No worries! It happens to everybody!
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
no issue, although I’m glad because I missed it
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Thanks guys
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-07-08
![Eric Berg avatar](https://avatars.slack-edge.com/2022-02-23/3149638965779_b5a77c77548365fff07f_72.jpg)
I’d like to talk about approaches to distinguishing between (datadog) metrics from our internal services (EKS) and the infrastructure services, like DD agent, k8-cni, etc.
Obviously, one approach is to add a tag to each resource that identifies it as internal. Interested in hearing others’ experiences
2021-07-09
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
I believe we’ve talked about this before on office hours but I’m going to bring it up again as it’s still a topic that I feel doesn’t get enough attention:
How to manage Terraform dev/stage/prod releases when you’re utilizing terraform workspaces > the directory structure approach?
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
For my largest terraform project (couple dozen root modules), we utilize develop
, master
, and release
branches to add some release process around promoting changes. This works well in some regards, but it’s also difficult in that upgrading our automation to tf v1.0 for example requires that we roll everything forward as fast as possible because that change isn’t held in isolation on the branch.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Anyway, looking to refresh on this topic. And particularly hear about how CloudPosse handles it.
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
My company was using branches the same way when I arrived and I got us off it as fast as I could for those same reasons and moved to directory separation. It was an exhausting process managing promotion of changes across branches.
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
the most asked question, I would move away from branches and use folder separation, we also used dev
,qa
, and prod
branches before, it was a nightmare. suggest to only use features short-life branches and PRs for review the code added. everyone is talking about mono-repo
mono-branch
as single source of truth, with daily PRs.
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
now the magic happen in your CICD
, it should be smart to know which folder to apply in which order, you can control releasing by promoting changes through environments, with simple testing at the end of the delivery to make a perfect deployment.
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
I like the idea to apply git-flow
into Terraform
, but I guess only small part of it could be helpful in IaC
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
it was a nightmare
heavy emphasis on this
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah interesting that both of you have this position. I hear ya… though I don’t exactly know how I would make that fit into the SweetOps methodology. Will be a good topic for discussion.
2021-07-10
2021-07-12
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
question for next office-hours meeting: https://sweetops.slack.com/archives/CC38YGGUE/p1626093139033800
I have docker-compose to mange many solutions like gitlab, vault, jenkins, nexus, awx, selenium, nifi, spark, sonarqube, custom apps, pgadmin, portainer, minio
, and I need a solid reverse proxy to replace apache httpd
:
Nginx
Consul
Traefik
What you think about this?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
you forgot Varnish
I have docker-compose to mange many solutions like gitlab, vault, jenkins, nexus, awx, selenium, nifi, spark, sonarqube, custom apps, pgadmin, portainer, minio
, and I need a solid reverse proxy to replace apache httpd
:
Nginx
Consul
Traefik
What you think about this?
![jose.amengual avatar](https://secure.gravatar.com/avatar/32f267b819eac9e0ea6a8324b53064a0.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
which was built as a reverse proxy
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
Very excited to announce @AquaSecTeam has acquired @tfsec_dev! I will be joining Aqua along with @owenrum to work full-time on the project - watch this space! https://www.aquasec.com/news/aqua-security-acquires-tfsec/
2021-07-14
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Heath Snow avatar](https://avatars.slack-edge.com/2021-04-12/1977024442752_7dec17a382f488f1dfbc_72.jpg)
I’m curious what the test workflow looks like in the cloudposse Terraform repositories. Rather selfishly I want to finish up this PR and the feedback loop + testing methodology is keeping me from completing it (and thus I’m using a fork in the mean time). Not sure if this is the place to go about it.
what Remove the requester/accepter provider configuration from the module. Update minimum Terraform version to 0.15.0 (using configuration_aliases wasn't working with 0.14.x) why Provider co…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ossie Botu has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Emile Fugulin has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yuri Lima has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sam C has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jailson Silva has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yusuf Adeyemo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Anere Faithful has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Holt has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thayne Trevenen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Gowie has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
imran.hussain has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brad Janke has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Denys has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Heath Snow has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Slayton has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Felipe Sakatauskas has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jailson Silva has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Stevan Arychuk has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
shreenu kumar has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Graziele Vasconcelos has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Charles Sperbeck has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Soham Dutta has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Fernando Sanz has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Has anyone heard any updates on when Kubernetes will fix the issue with Jobs and InitContainers?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Eric Berg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nick James has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Denys has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
emem umoh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaise Pabon has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Othman Musleh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![matt avatar](https://avatars.slack-edge.com/2018-07-25/406075857847_5022e8879911a823838f_72.jpg)
![sytten avatar](https://avatars.slack-edge.com/2019-03-01/564418310496_16e796635f1b40fcea36_72.jpg)
If I remember correctly it had trouble with path based, but host based works great
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
thanks, yes I’m looking for path based
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s session:
• https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/
• https://www.bschaatsbergen.com/behind-the-scenes-lambda
• https://github.com/helm/community/blob/main/hips/hip-0011.md
• https://aws.amazon.com/blogs/security/how-to-relate-iam-role-activity-to-corporate-identity/
• https://github.com/hashicorp/terraform-provider-aws/issues/20137
• https://www.aquasec.com/news/aqua-security-acquires-tfsec/
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rizky Ramadhan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
A V has joined Public “Office Hours”
![matt avatar](https://avatars.slack-edge.com/2018-07-25/406075857847_5022e8879911a823838f_72.jpg)
DataDog Tagging Best Practices: https://www.datadoghq.com/blog/tagging-best-practices/
![attachment image](https://imgix.datadoghq.com/img/blog/tagging-best-practices/tagging-hero-1.png?fit=crop&w=1200&h=630)
Learn how you can make the most of your tags in Datadog.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
[Managing Customer KMS Keys | Cloud Posse Explains](https://www.youtube.com/watch?v=t3Ecgx8NYkM) |
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
RE: aws-controllers-k8s - IAM is not supported, this was the biggest bummer for us and we gave up, moved all to terraform
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
Is your feature request related to a problem? With IAM Roles deploys we could implement https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html with CRDs and close the …
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
also if you read the thread - there’s really no way to implement it securely. You will end up giving a controller iam:*
which is a huge hole
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
I think this is the main showstopper there
![Tim Birkett avatar](https://avatars.slack-edge.com/2020-06-17/1195943326852_93709badec7475544cf0_72.jpg)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
wow, pretty useless without the ability to create IAM. In the end, we’re back to using something like terraform.
2021-07-15
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
@Matt Gowie order up^
2021-07-19
2021-07-21
![Adedapo Ajuwon avatar](https://secure.gravatar.com/avatar/6221137245c3d0fd49013023490dd63f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0018-72.png)
Hi all, new here. Looking forward to my first live office-hour talk. Cheers.
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
@here friendly reminder we have @Taylor Dolezal from HashiCorp demoing Waypoint today in office hours!
Hope to see you there
![attachment image](https://www.waypointproject.io/img/og-image.png)
Waypoint is an open source solution that provides a modern workflow for build, deploy, and release across platforms.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
How are people in our community handling drift In the Real World? Did anyone try driftctl? What “homebrew” solutions have community members in use at the moment?
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
Also found out about clairvoyance
the other day but I haven’t personally been able to test run it myself.
https://github.com/reulan/clairvoyance
Via corresponding hashicorp talk here: https://www.youtube.com/watch?v=zlwhw3YGlUc
Drift detection and reporting for Terraform. Contribute to reulan/clairvoyance development by creating an account on GitHub.
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
@oskar my team is using spacelift which has native drift detection. there is also an interesting connection between increasing drift and lack of environmental progression automation; in other words: the less automation between deployments from environment-to-environment…the more drift!
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
thanks for chipping in jonas i’ve heard good things about spacelift, thanks for recommending it. very much agree on the automation side - yet some contexts / apis / providers can at least run into some “transition time” and in some cases do simply provide better ux through their respective native gui interface in some maybe (?) rarer cases (specific example would be setting up an alert in newrelic or datadog). yet again i agree - eg a “gitops” cicd workflow definitely should best practice and a default (i.e. atlantis). by that there should - as a strong guideline - very seldom be any outside-of-terraform manipulation of infrastructure.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
i’m just asking to be looking at it from this “exceptional” perspective. maybe the alert example would be a good one to talk about!
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
@oskar you lost me lol. what now?
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
tl;dr there (unfortunately) are scenarios where even over a longer time we can regularly expect drift - e.g. setting something up through a very user friendly web interface for a specific resource comes to mind (e.g. complex alert plus rule in datadog). how do people in the community handle those kind of cases?
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
that is literally what spacelift does.
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
well that’s one feature.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
that’s awesome. will definitely look further into it for sure
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
right now we’re working on altering when drift_time > x.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
ok what does that mean exactly? are you talking about “auto-syncing” things after a while?
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
(or semi-auto)
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
it is not configuration management or eventually consistent: no.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
i see, will look into it thanks for the rec again
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Rupinder Dhariwal has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Taylor Dolezal has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adam Blackwell has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Scott Mathson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ian Bartholomew has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Scott has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Park has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jonas Steinberg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Patrick Joyce has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mikael Fridh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Benjamin Smith has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Ray Myers has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joel Castillo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Miles Monteleone has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thayne Trevenen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Antarr Byrd has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Genrich has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Matt Calhoun has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
17866946419 has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oskar Maria Grande has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David B has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Antoniou has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mazin Ahmed has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Murali Krishna Koppuravuri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Felipe Sakatauskas has joined Public “Office Hours”
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
KubeCon EU 2021 Deep Dive Session. Contribute to onlydole/waypoint-gitops development by creating an account on GitHub.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Satish U has joined Public “Office Hours”
![Mazin Ahmed avatar](https://avatars.slack-edge.com/2021-07-30/2342192988689_8837f656790950ffb075_72.jpg)
Question for today’s office hours: How do you use Git pre-hooks for identifying secrets on organization-level? I’m looking for ideas to detect sensitive commits before it’s committed and pushed to Github. Any ideas how would you approach this on org level?
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Winson Chan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Neil Gealy has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Arjun Venkatesh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Julian Severino has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
James Haughey has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Murali Krishna Koppuravuri has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Scott Mathson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Adeoye R has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaise Pabon has joined Public “Office Hours”
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
@David regarding your yaml question from earlier: I doubt waypoint natively reads YAML, but coincidentally that is precisely what cloud posse’s Atmos does. I assume you know that, but if not check it. It’s awesome.
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
So if you had the time you could get a yaml –> atmos(terraform) –> waypoint workflow going on. pretty sure.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Andy Miguel (Cloud Posse) power outage
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
ack
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
I won’t return probably
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Cc @matt
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Zachary Loeber has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yusuf Adeyemo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jim Park has joined Public “Office Hours”
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
@Erik Osterman (Cloud Posse): waypoint looks like a serverless deployment tool (like OpenFAAS)… am I right?
![Mazin Ahmed avatar](https://avatars.slack-edge.com/2021-07-30/2342192988689_8837f656790950ffb075_72.jpg)
From what I understood, waypoint is like serverless, but 10x more dynamic, can be broader for K8S and other deployments
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
heh, well, this is the enigma of waypoint, it’s different things to different people
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
IMO, it’s honestly flat-out a CI/CD platform. It’s self hosted. It offers some “providers” (e.g. jenkins plugins). It handles build. It handles deploy. It handles release.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
So in otherwords, waypoint would be used to build, deploy, and release serverless apps, k8s apps, etc.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
it presents a clean HCL DSL for defining it (as opposed to the YAML approach favored by circle, github actions, gitlab ci, etc)
![Mazin Ahmed avatar](https://avatars.slack-edge.com/2021-07-30/2342192988689_8837f656790950ffb075_72.jpg)
It’s really interesting!! I’m definitely giving it a try, hopefully will be able to use it for production
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
![attachment image](https://www.datocms-assets.com/2885/1620083916-blog-library-product-waypoint-dark-gradient.jpg)
Waypoint runners perform builds, deployments, poll for Git repository changes, and allow deployments for any platform.
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
An event for the HashiCorp community of programmers, developers, and builders on Thursday, 22 July 2021.
![zadkiel avatar](https://secure.gravatar.com/avatar/ac34df8afa3827c17e9894bf6b169137.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0008-72.png)
Hey there, just chiming in to react to last week episode. Terragrunt knows how to provision S3 (and gcs) buckets by itself before triggering terraform. I love these podcasts, don’t stop!
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes, but at the same rate, it’s kind of awkward that we’re using terraform for IaC and yet the statebucket is not controlled by terraform
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
modifying that state bucket (e.g for compliance) in Terragrunt requires a PR to terragrunt, vs managing it in terraform https://github.com/cloudposse/terraform-aws-tfstate-backend
Terraform module that provision an S3 bucket to store the terraform.tfstate
file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - GitHub - c…
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-07-26
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
@here August 18th we will have another special edition of Office Hours!
@Taylor Dolezal will be returning to demo HashiCorp’s Boundary project. Please queue up your questions here and hope to see you there
![attachment image](https://www.boundaryproject.io/img/og-image.png)
Boundary is an open source solution that automates a secure identity-based user access to hosts and services across environments.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
[Waypoint Demo (AWS Lambda) | Cloud Posse Guest Speaker: Taylor Dolezal](https://www.youtube.com/watch?v=Kl2d2JMtnOo) |
2021-07-27
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
[Waypoint Demo 2 of 3 (Kubernetes) | Cloud Posse Guest Speaker: Taylor Dolezal](https://www.youtube.com/watch?v=8z852c0wtHY) |
![Thayne Trevenen avatar](https://avatars.slack-edge.com/2021-04-20/1967888631415_e59bbb43ee860dad762c_72.jpg)
Hey Y’all, I am going to start putting TF state files in S3, whats the best policy to be as safe as possible because TF hasn’t given us anything to help with secrets in FT state?
![Yoni Leitersdorf (Indeni Cloudrail) avatar](https://avatars.slack-edge.com/2020-08-26/1310888406231_2dc8c60843ac09dc06bb_72.jpg)
Don’t put secrets in TF :)
![Yoni Leitersdorf (Indeni Cloudrail) avatar](https://avatars.slack-edge.com/2020-08-26/1310888406231_2dc8c60843ac09dc06bb_72.jpg)
More specifically, move to using other mechanisms for secrets, such as AWS’s Secrets Manager.
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
[Waypoint Demo 3 of 3 (Minecraft on EKS!) | Cloud Posse Guest Speaker: Taylor Dolezal](https://www.youtube.com/watch?v=GQrWmGvGOP4) |
2021-07-28
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
no questions here today so far so i’m asking something a bit off-topic maybe: has anyone test-run opstrace as an alternative to other saas “o11y” offerings? if so how did it go and did you go further into production with it? thanks!
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
addendum for people who haven’t read about it yet. it’s very much centred around k8s - relying on cortex and loki. blog articles have a strong docker ~2013-ish vibe so beware - could be too good (marketing) for their own sake (yet).
https://github.com/opstrace/opstrace https://opstrace.com/blog/cloud-provider-integrations https://opstrace.com/blog/a-giant-leap-for-alerts
The Open Source Observability Distribution. Contribute to opstrace/opstrace development by creating an account on GitHub.
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
this looks like a whole grafana.com backend stack assembled in one project
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
yeah it would be awesome if only for helping run and maintain prometheus/grafana stacks but apparently can be much more and manageable (at least that seems to be the promise). pulling in cloud level events etc.
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
we’ve been doing cortex in-house for 1 year. A ton of efforts but it pays off. Grafana pricing for us was 10k+ month, while we packed it in under 1k
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
I’d love to see if that thing really gives a working opinionated setup
![cool-doge](/assets/images/custom_emojis/cool-doge.gif)
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
same same. very excited to learn about this project (again don’t know if it really is as good as it looks at first sight!)
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Thayne Trevenen has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Brandon vh has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Miguel (Cloud Posse) has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Oskar Maria Grande has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Hawthorne has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Michael Jenkins has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Tim Gourley has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Jonas Steinberg has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Blaise Pabon has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andy Roth has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Nick James has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Clayton Olley has joined Public “Office Hours”
![Andy Miguel (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-01-31/1681606086343_27574601efa96f8283e4_72.png)
links from today’s session:
• https://www.hashicorp.com/blog/mitchell-s-new-role-at-hashicorp
• https://github.com/Cigna/confectionery
• https://github.com/jckuester/awsls
• https://news.ycombinator.com/item?id=27974077
• https://github.com/cloudposse/terraform-aws-tfstate-backend
![attachment image](https://www.datocms-assets.com/2885/1592410820-mitchell-nyc.jpg)
Mitchell Hashimoto takes on a new individual contributor role at HashiCorp.
A library of rules for Conftest used to detect misconfigurations within Terraform configuration files - GitHub - Cigna/confectionery: A library of rules for Conftest used to detect misconfiguration…
A list command for AWS resources. Contribute to jckuester/awsls development by creating an account on GitHub.
Terraform Weekly
A simple and robust monitoring and live-debug platform for distributed environments, designed for developers.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Yusuf Adeyemo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mykola Lev has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mykola Lev has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
PePe Amengual has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Fernando Castillo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Luis Masaya has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Fernando Castillo has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Winson Chan has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Marc Slayton has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Joel Caceres has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://uploads-ssl.webflow.com/5da8820e7086598dc6830110/5f4579ec5e51244db5b24529_OG%20Image.png)
Instantly manage and monitor Kubernetes from your desktop.
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
reminds me the most: https://www.kubernetic.com/
Kubernetic is a brand new Desktop Client for Kubernetes that lets developers and ops manage their Kubernetes cluster(s) through a UI interface in a very simple way.
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
used for a long time - positive feedback
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://k8slens.dev/images/lens-og.png)
Lens IDE for Kubernetes. The only system you’ll ever need to take control of your Kubernetes clusters. It’s open source and free. Download it today!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
This week in Jonas’ world
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Abbot is the easiest way to add ChatOps to your Slack or Discord team. Add skills from our directory or create your own in C#, JavaScript, or Python.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
probably not as extensible as this open source chatbot framework though - have not put much time into it myself yet and i’m biased as a clojure fan. still: https://github.com/yetibot/yetibot
Extreme chatops bot for Slack and IRC New contributors welcome - GitHub - yetibot/yetibot: Extreme chatops bot for Slack and IRC New contributors welcome
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
wow… yeti looks amazing
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
yeah it totally is. if you are only a little into lisp you should check it out. and if you are into babashka (https://github.com/babashka/babashka) definitely check it out!
Native, fast starting Clojure interpreter for scripting - GitHub - babashka/babashka: Native, fast starting Clojure interpreter for scripting
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
I was raised on Lisp …but that was a very long time ago.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
haha it’s like riding the bicycle - never forget it really
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
there is not much to forget actually ;D
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Hao Wang has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Sheldon Hull has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mosh has joined Public “Office Hours”
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
Question: would like to know if anyone has used PGP to encrypt AWS access keys generated by the TF module for secret keys… what’s your experience been like?
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
related to secrets discussion
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
uwaila adams has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
I wouldn’t be much of a fanboy if I didn’t bring up K9s when there’s talk about K8s management GUIs
Kubernetes CLI To Manage Your Clusters In Style! - GitHub - derailed/k9s: Kubernetes CLI To Manage Your Clusters In Style!
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
David Hawthorne has joined Public “Office Hours”
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
question: how are people terraforming alerts specifically in the case where there are many identical underlying resources spread across numerous accounts or environments that require different threshold values? So to articulate a bit more: imagine you have 20 EKS clusters and you want to monitor something like host IO (or whatever): something that is going to vary from environment-to-environment and that you can’t just set defaults for. How are people handling this case? My approach is as follows, but I’d love to learn about something better or alternatives in general?
1. have a directory with yaml files each containing a single "alert"
2. in each yaml alert file have some non-environment specific values like "query" which will always be the same from cluster-to-cluster
3. have an "options" section which, basically/unfortunately, contains all the environmental specification, mainly the threshold values *for every environment*
4. loop through all these files using terraform fileset
5. yamldecode every file
6. put the name of the alert in a local tf object
7. add the non-environment specific options as a list
8. get all the environment specific stuff and add it to that object
9. iterate over all that with terraform each spinning up alerts in the process with names and environmental config
# example
name: istio-host-latency-alert
type: metric alert
query: |
avg(last_5m):top(top(avg:istio.mesh.request.duration.milliseconds.sum{cluster_name:${stage}} by {host}, 10, 'mean', 'desc')/top(avg:istio.mesh.request.duration.milliseconds.count{cluster_name:${eks_cluster}} by {host}, 10, 'mean', 'desc'),10,'mean','desc') > ${critical_threshold}
message: |
({{event.tags.cluster_name}}) Detected Host Latency Greater than 1 Second
escalation_message: ""
tags: []
options:
- dev:
notify_no_data: false
renotify_interval: 60
notify_audit: false
timeout_h: 60
include_tags: true
require_full_window: true
threshold:
critical: 1000
warning: 50
- qa:
notify_no_data: false
renotify_interval: 60
notify_audit: false
timeout_h: 60
include_tags: true
require_full_window: true
threshold:
critical: 1000
warning: 50
- client-test:
notify_no_data: false
renotify_interval: 60
notify_audit: false
timeout_h: 60
include_tags: true
require_full_window: true
threshold:
critical: 1000
warning: 50
...
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
looks sane to me. anything specific that bugs you there? if you look for other perspectives, i’m in the same mindspace unfortunately.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
very good question thanks for sharing. i really also like the “dynamic” view @marc slayton has on this as well. and to paraphrase maybe what you got at for the “static” approach you painted here jonas - not too many layers with the parametrization as @Erik Osterman (Cloud Posse) put it. and maybe also disregarding some of those differences to even simplify further as @roth.andy has said. hope i got this right. either way, thanks again very interesting topic to me as well.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
sound like good rules of thumb for the “static” view on this kind of “o11y” (charity majors probably disagrees indeed btw ).
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
ha, yeah.
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
sorry to hijack this thread again but @marc slayton somebody was asking about which APM solution you are using before the zoom closed. i’m also curious
![Max Lobur (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-07-20/2316891735296_3098d8d2760936592f52_72.jpg)
Any chance to have a global multiplier for an environment? Maybe a set of multipliers, say one for timeouts, another for RPMs. They you’d customize only multipliers. Of course you still should have a bypass to override a single value, when needed.
![Michael Holt avatar](https://secure.gravatar.com/avatar/ec3398867e94ba1bd748809ffb16d868.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
I missed the office hours yesterday so didn’t see this until I was watching the recording but this is actually exactly the rabbit hole I started down just yesterday for AWS Cloudwatch Alarms. I’m approaching this using the CloudPosse YAML Config module and the built in Parameters variable.
![Michael Holt avatar](https://secure.gravatar.com/avatar/ec3398867e94ba1bd748809ffb16d868.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
The only thing I haven’t figured a solution out for yet is setting default parameter values if not set in var.parameters
![Michael Holt avatar](https://secure.gravatar.com/avatar/ec3398867e94ba1bd748809ffb16d868.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0005-72.png)
This is what my YAML File looks like:
ConsumedReadCapacityUnits:
metric_name: "ConsumedReadCapacityUnits"
metric_namespace: "AWS/DynamoDB"
treat_missing_data: "ignore"
comparison_operator: ${ConsumedReadCapacityUnits_comparison_operator}
description: ${ConsumedReadCapacityUnits_description}
metric_value: ${ConsumedReadCapacityUnits_metric_value}
evaluation_periods: ${ConsumedReadCapacityUnits_evaluation_periods}
period: ${ConsumedReadCapacityUnits_period}
statistic: ${ConsumedReadCapacityUnits_statistic}
threshold: ${ConsumedReadCapacityUnits_threshold}
dimensions:
TableName: ${ConsumedReadCapacityUnits_TableName}
And I pass this into the YAML Config module:
parameters = {
ConsumedReadCapacityUnits_TableName = "terraform-registry-touching-gorilla"
ConsumedReadCapacityUnits_threshold = "1"
ConsumedReadCapacityUnits_period = "300"
ConsumedReadCapacityUnits_evaluation_periods = "1"
ConsumedReadCapacityUnits_metric_value = "1"
ConsumedReadCapacityUnits_description = "Alarms when ."
ConsumedReadCapacityUnits_statistic = "Average"
ConsumedReadCapacityUnits_comparison_operator = "GreaterThanOrEqualToThreshold"
}
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Florain Drescher has joined Public “Office Hours”
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
@Erik Osterman (Cloud Posse) this is what I have automatically initialized on each repo. I also have the CI checks run this too. It’s not perfect but it helps.
Gitleaks with lefthook (I’ve stopped using pre-commit framework as lefthook is super fast). https://github.com/sheldonhull/ci-configuration-files/blob/06f539315716d7a04fbf4ffbfd2e53e906729ef1/lefthook.secrets.yml#L4-L7
This repo will contain some general configuration files for usage with pre-commit, linting, and others that I might want to drop into a new repo. - ci-configuration-files/lefthook.secrets.yml at 06…
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Vicken Simonian has joined Public “Office Hours”
![Jonas Steinberg avatar](https://avatars.slack-edge.com/2021-03-03/1824689926756_a1b82d7b3ccd202e0a10_72.png)
Prevents you from committing secrets and credentials into git repositories - GitHub - awslabs/git-secrets: Prevents you from committing secrets and credentials into git repositories
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Git secrets is good too! It’s another layer and can be a global hook. I think “shift left” by having it checked locally is ideal. However, the final source is really the CI action so no one can bypass by accident
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
All my projects have a go-task/make command to start work. task init
. This also installs the hooks
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Not perfect, but this ensures any new repo has the required policies “self setup”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mohammed Yahya has joined Public “Office Hours”
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
This is what my init command looks like. I never leave projects “barebones” I use a way less pretty version like build harness that ensures tools are setup with no fuss/complexity.
init:dev:
desc: initialize tools for a developer, but not required for CI
cmds:
- |
dotnet --list-sdks || echo -e "{{ .red}} :small_red_triangle: dotnet-tools not available. Please install manually the first time here: <https://dotnet.microsoft.com/download> and then run command again {{.nocolor}}"
mkdir -p {{ .TOOLS_DIRECTORY }} || echo -e "{{ .dark_gray}}:arrows_counterclockwise: skipped creating {{ .TOOLS_DIRECTORY }} directory per already exists {{.nocolor}}"
# Uninstall manually
export PATH="$PATH:{{ .HOME }}/.dotnet/tools"
dotnet tool install --global GitVersion.Tool || dotnet tool update --global GitVersion.Tool # && echo -e "{{.green}} :white_check_mark: gitversion tool installed{{.nocolor}}"
# If gitversion gives problems with docker commands then evaluate just running as dotnettool
lefthook install
see last line. The init = always sets up whatever i know is important
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
That’s from https://taskfile.dev/#/ which I use wherever I’d use make (cross platform, parallelism, file watcher, very simple structure, and basic templating). This is nice for basics. It’s my current goto though I’m exploring other things like Atmos too
A task runner / simpler Make alternative written in Go
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
if you remove the cross-platform requirement you seem to be having would you be able to unbiasedly recommend it over make still? even if you / your team knows make well?
A task runner / simpler Make alternative written in Go
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
thanks for sharing btw. i didn’t know taskfile.dev
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Personally I think Make is the default simply because it’s always been there. I don’t see any advantage in it. Wasn’t intended as a devops task runner tool, was meant for C development, so lots of clunky work arounds for devops usage.
Imo, a single curl bootstrap of task means it’s super easy to get going and if I had to pick it would be a no brainer for me
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
got it, so to paraphrase to you a more modern take. i would agree.
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
You get basic templating too and cross platform support can’t be discounted even if no one uses it yet, cause you never know!
version: '3'
includes:
build: ./Taskfile_{{OS}}.yml
You can use templating and fingerprint work for incremental builds. https://taskfile.dev/#/usage?id=by-fingerprinting-locally-generated-files-and-their-sources
The CI jobs in 3 seoncs bootstrap with snap install –classic task or whatever it is and you are good.
A task runner / simpler Make alternative written in Go
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
that is nice. thanks, will check it out.
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
Give this a shot as a starter sometime.
It’s NOT perfect. If you have Python devs then use a python task runner, Go use mage, etc.. If you need something instead of Make though, it’s fantastic.
I did a starter write up (have more in the ci-configuration repo i linked in main room), but as I started I tried to note some of the nice base configurations I setup. I plan on improving too with vars.yml
instead of embedding the color formatting into the main taskfile.
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
![oskar avatar](https://avatars.slack-edge.com/2021-01-22/1651023266503_fe69dd475eeeffc5ed1d_72.jpg)
very nice - coming up on my reading list - thanks for sharing again
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
@Erik Osterman (Cloud Posse) If we get any time at the end of call, would love to know…
- Any starter repo for using variant to run workflow of terraform stacks?
Doing a quick day of work to try and see if I can get away from Terragrunt without a big huge effort on my pilot project and can flip over to this instead.
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Mykola Lev has joined Public “Office Hours”
![Zoom avatar](/assets/images/custom_emojis/zoom.png)
Andrew Thompson has joined Public “Office Hours”
![roth.andy avatar](https://avatars.slack-edge.com/2019-09-18/753707271651_6f58c1cbab3c77754f58_72.jpg)
Huge +1 from me and my team for taskfile.dev. We use it extensively across almost all of our projects
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
For those interested….. https://github.com/cloudposse/atmos/blob/master/example/stacks/workflows.yaml
This is example.
Universal Tool for DevOps and Cloud Automation (works with terraform, helm, helmfile, istioctl, etc) - atmos/workflows.yaml at master · cloudposse/atmos
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Contribute to cloudposse/tutorials development by creating an account on GitHub.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Blaise Pabon avatar](https://secure.gravatar.com/avatar/9db34d0c21fdaf687b05eff5422bd7cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0014-72.png)
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2021-07-29
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
[Terraform State Security | Cloud Posse Explains](https://www.youtube.com/watch?v=xw0iPkYGKQM) |