#office-hours (2022-05)
Meeting password: sweetops
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2022-05-01


Consistent delivery tool. Git as a single source of truth. Build, deploy to Kubernetes, stay in sync.

How many of you don’t commit .terraform.lock.hcl
to source control? I’ve read the docs but I’m still a bit confused on why i should use it over required_version
within my provider definition. OR, should i be using both?

I use both. I keep the lock file in source control so my CI builds are using the same versions I use locally.
2022-05-02

Sharing is caring. :)
TLDR: How do you achieve static IPs for a Root Domain hosted behind CloudFront without using Route53 Aliases?
Details: I am working with a client that started with a website running on a single EC2 instance. An Elastic IP (EIP) was associated with the instance. The IP was used to create A records in a third-party DNS for routing the root and the “www” endpoints to the instance.
[root.com](http://root.com), [www.root.com](http://www.root.com) → 3rd-party DNS (A) → EIP → EC2
After much refactoring, the site is now running behind CloudFront and an ALB. The CloudFront endpoint is published as a CNAME for the “www” endpoint and works great. The root, however, is still using the old EIP as a A record because you can’t use CNAMEs with the root.
[www.root.com](http://www.root.com) → 3rd-party DNS (CNAME)→ CloudFront → ALB
[root.com](http://root.com) → 3rd-party DNS (A)→ EIP → EC2 (Redir to www with NGINX)
Of course, the “easiest” (!) way to get the root domain pointed at CloudFront is to create an ALIAS record in Route53. Ha! I say “easiest” because moving the zone from the third-party DNS hosting into Route53 would take far too much effort for this one little redirect. For example, retraining people to use AWS instead of the DNS tool they have been using for years among many, many other potential snares and time sinks.
So I’ve looked at a couple solutions.
The current one works but I don’t want to have to run/manage an NGINX server for redirects. It’s also not highly available; if the server goes offline then redirects will fail. So use an ALB, right?
Since the IPs for ALBs change, but NLBs can have an EIP assigned to them, I tried assigning an EIP to a Network Load Balancer backed by an ALB that listens on ports 80 and 443. The listeners have a rule that redirects the request to “www”. I should add, content doesn’t need to be served from the root domain; it should all come from “www”.
[root.com](http://root.com) → 3rd-party DNS (A)→ EIP -> NLB -> ALB -> Redirect to WWW
This works for the most part but I feel like an NLB and and ALB for redirecting a request is overkill. I figure there has to be a better, cheaper solution. (this one is about $30/month not including traffic which should be pretty minimal)
So I looked at AWS Global Accelerator. This provides static IPs that can be pointed at a few different AWS resources; ALBs are there but sadly not CloudFront (AFAICT).
[root.com](http://root.com) → 3rd-party DNS (A)→ Global Accelerator -> ALB (live site!)
In my early exploration of this, its only working for HTTP requests… not for HTTPS requests. So if someone enters “https://root.com”, the redirect won’t ever happen. Bummer! This one is about $18/month not including traffic.
So before I settle on the EIP->NLB->ALB
approach, I ask the question: How do you achieve static IPs for a Root Domain hosted behind CloudFront without using Route53 Aliases?
2022-05-03

For office hours: easy-to-follow set of instructions for a strategy that minimizes the cost of NAT gateways in ec2. I’ve seen suggestions about using using a lambda to terminate the nat gateway once the deployment of the server is complete, switching to other gateway types like internet gateways, and using vpc endpoints. But these are quite overwhelming to me because I’m not an aws guru and the nat gateway endpoints are from a sample cloudformation template I used which doesn’t explicitly create the gateways… so feels like I can’t find their direct source.
2022-05-04


Amazon Elastic Kubernetes Service (Amazon EKS) is excited to introduce the Kubernetes resource view. You will now be able to see all Kubernetes API resource types running in your Amazon EKS cluster using the AWS Management Console for Amazon EKS, making it easier to visualize and troubleshoot your Kubernetes applications using Amazon EKS. Amazon EKS […]

Generate Crossplane Providers from any Terraform Provider


@here office hours is starting in 30 minutes! Remember to post your questions here.

Linda Pham has joined Public “Office Hours”

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Ralf Pieper has joined Public “Office Hours”

dag viggo lokoeen has joined Public “Office Hours”

Oscar Blanco has joined Public “Office Hours”

Mikael Fridh has joined Public “Office Hours”

Matt Calhoun has joined Public “Office Hours”

Allen Lyons has joined Public “Office Hours”

Scott Mathson has joined Public “Office Hours”

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Andrew Vitko has joined Public “Office Hours”

Michael Jenkins has joined Public “Office Hours”

Hmm weird the link isn’t working for me .

Rob Newsome has joined Public “Office Hours”

Jim C has joined Public “Office Hours”

Matt Gowie has joined Public “Office Hours”

Eric Berg has joined Public “Office Hours”

Linda Pham has joined Public “Office Hours”

Naija ninja has joined Public “Office Hours”

Lucas Andrade has joined Public “Office Hours”

Guilherme Borges has joined Public “Office Hours”

Michael Sew has joined Public “Office Hours”

Paul Bullock has joined Public “Office Hours”

Mohammed Almusaddar has joined Public “Office Hours”

Chocks Subramanian has joined Public “Office Hours”

Connor High has joined Public “Office Hours”

Abraham Quintero has joined Public “Office Hours”

Sherif Abdel-Naby has joined Public “Office Hours”

Benjamin Smith has joined Public “Office Hours”

Justin Davis has joined Public “Office Hours”


Mauricio Wyler has joined Public “Office Hours”

Isaac M has joined Public “Office Hours”

Isa Aguilar has joined Public “Office Hours”

Tim Gourley has joined Public “Office Hours”

Ehimah Obuse has joined Public “Office Hours”


Lens IDE for Kubernetes. The only system you’ll ever need to take control of your Kubernetes clusters. It’s open source and free. Download it today!

A reproducible Docker image build system for complex software stacks

I mentioned this in the context of possibly replacing it with dagger.io
A reproducible Docker image build system for complex software stacks

Amer Zec has joined Public “Office Hours”

Terraform module for public and private subnets provisioning in existing VPC

Andrew Thompson has joined Public “Office Hours”

2022-05-05

Would love to discuss this next week + hear from anybody who has had the chance to kick the tires. https://www.pulumi.com/docs/intro/languages/yaml/
An overview of how to use the Pulumi YAML config languages for infrastructure as code on any cloud (AWS, Azure, GCP, Kubernetes, etc.).

I’m in another Slack (https://randsinrepose.com/welcome-to-rands-leadership-slack/) and there’s a staff eng there from Pulumi who worked on this feature and is planning on doing an AMA sometime soon
An overview of how to use the Pulumi YAML config languages for infrastructure as code on any cloud (AWS, Azure, GCP, Kubernetes, etc.).
2022-05-07

Converts a Terraform module to a Helm Chart