#office-hours (2022-05)

Meeting password: sweetops

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cpco.io/slack-office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2022-05-01

sohaibahmed98 avatar
sohaibahmed98
Giterministic CLI tool | werfattachment image

Consistent delivery tool. Git as a single source of truth. Build, deploy to Kubernetes, stay in sync.

venkata.mutyala avatar
venkata.mutyala

How many of you don’t commit .terraform.lock.hcl to source control? I’ve read the docs but I’m still a bit confused on why i should use it over required_version within my provider definition. OR, should i be using both?

managedkaos avatar
managedkaos

I use both. I keep the lock file in source control so my CI builds are using the same versions I use locally.

1

2022-05-02

managedkaos avatar
managedkaos
08:08:56 PM

Sharing is caring. :)

TLDR: How do you achieve static IPs for a Root Domain hosted behind CloudFront without using Route53 Aliases?

Details: I am working with a client that started with a website running on a single EC2 instance. An Elastic IP (EIP) was associated with the instance. The IP was used to create A records in a third-party DNS for routing the root and the “www” endpoints to the instance.

[root.com](http://root.com), [www.root.com](http://www.root.com) → 3rd-party DNS (A) → EIP → EC2

After much refactoring, the site is now running behind CloudFront and an ALB. The CloudFront endpoint is published as a CNAME for the “www” endpoint and works great. The root, however, is still using the old EIP as a A record because you can’t use CNAMEs with the root.

[www.root.com](http://www.root.com) → 3rd-party DNS (CNAME)→ CloudFront → ALB [root.com](http://root.com) → 3rd-party DNS (A)→ EIP → EC2 (Redir to www with NGINX)

Of course, the “easiest” (!) way to get the root domain pointed at CloudFront is to create an ALIAS record in Route53. Ha! I say “easiest” because moving the zone from the third-party DNS hosting into Route53 would take far too much effort for this one little redirect. For example, retraining people to use AWS instead of the DNS tool they have been using for years among many, many other potential snares and time sinks.

So I’ve looked at a couple solutions.

The current one works but I don’t want to have to run/manage an NGINX server for redirects. It’s also not highly available; if the server goes offline then redirects will fail. So use an ALB, right?

Since the IPs for ALBs change, but NLBs can have an EIP assigned to them, I tried assigning an EIP to a Network Load Balancer backed by an ALB that listens on ports 80 and 443. The listeners have a rule that redirects the request to “www”. I should add, content doesn’t need to be served from the root domain; it should all come from “www”.

[root.com](http://root.com) → 3rd-party DNS (A)→ EIP -> NLB -> ALB -> Redirect to WWW

This works for the most part but I feel like an NLB and and ALB for redirecting a request is overkill. I figure there has to be a better, cheaper solution. (this one is about $30/month not including traffic which should be pretty minimal)

So I looked at AWS Global Accelerator. This provides static IPs that can be pointed at a few different AWS resources; ALBs are there but sadly not CloudFront (AFAICT).

[root.com](http://root.com) → 3rd-party DNS (A)→ Global Accelerator -> ALB (live site!)

In my early exploration of this, its only working for HTTP requests… not for HTTPS requests. So if someone enters “https://root.com”, the redirect won’t ever happen. Bummer! This one is about $18/month not including traffic.

So before I settle on the EIP->NLB->ALB approach, I ask the question: How do you achieve static IPs for a Root Domain hosted behind CloudFront without using Route53 Aliases?

2022-05-03

Naija Ninja avatar
Naija Ninja

For office hours: easy-to-follow set of instructions for a strategy that minimizes the cost of NAT gateways in ec2. I’ve seen suggestions about using using a lambda to terminate the nat gateway once the deployment of the server is complete, switching to other gateway types like internet gateways, and using vpc endpoints. But these are quite overwhelming to me because I’m not an aws guru and the nat gateway endpoints are from a sample cloudformation template I used which doesn’t explicitly create the gateways… so feels like I can’t find their direct source.

1

2022-05-04

Mohammed Yahya avatar
Mohammed Yahya
Introducing Kubernetes Resource View in Amazon EKS console | Amazon Web Servicesattachment image

Amazon Elastic Kubernetes Service (Amazon EKS) is excited to introduce the Kubernetes resource view. You will now be able to see all Kubernetes API resource types running in your Amazon EKS cluster using the AWS Management Console for Amazon EKS, making it easier to visualize and troubleshoot your Kubernetes applications using Amazon EKS. Amazon EKS […]

2
Mohammed Yahya avatar
Mohammed Yahya
crossplane/terrajet

Generate Crossplane Providers from any Terraform Provider

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:28 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Zoom avatar
Zoom
06:01:31 PM

Linda Pham has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:37 PM

Andy Miguel (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:47 PM

Ralf Pieper has joined Public “Office Hours”

Zoom avatar
Zoom
06:29:55 PM

dag viggo lokoeen has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:17 PM

Oscar Blanco has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:28 PM

Mikael Fridh has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:43 PM

Matt Calhoun has joined Public “Office Hours”

Zoom avatar
Zoom
06:30:54 PM

Allen Lyons has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:00 PM

Scott Mathson has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:08 PM

Erik Osterman (Cloud Posse) has joined Public “Office Hours”

Zoom avatar
Zoom
06:31:42 PM

Andrew Vitko has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:09 PM

Michael Jenkins has joined Public “Office Hours”

Naija Ninja avatar
Naija Ninja

Hmm weird the link isn’t working for me .

Zoom avatar
Zoom
06:32:43 PM

Rob Newsome has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:49 PM

Jim C has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:50 PM

Matt Gowie has joined Public “Office Hours”

Zoom avatar
Zoom
06:32:56 PM

Eric Berg has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:06 PM

Linda Pham has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:09 PM

Naija ninja has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:13 PM

Lucas Andrade has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:17 PM

Guilherme Borges has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:22 PM

Michael Sew has joined Public “Office Hours”

Zoom avatar
Zoom
06:33:22 PM

Paul Bullock has joined Public “Office Hours”

Zoom avatar
Zoom
06:34:39 PM

Mohammed Almusaddar has joined Public “Office Hours”

Zoom avatar
Zoom
06:35:50 PM

Chocks Subramanian has joined Public “Office Hours”

Zoom avatar
Zoom
06:36:13 PM

Connor High has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:15 PM

Abraham Quintero has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:16 PM

Sherif Abdel-Naby has joined Public “Office Hours”

Zoom avatar
Zoom
06:37:59 PM

Benjamin Smith has joined Public “Office Hours”

Zoom avatar
Zoom
06:38:26 PM

Justin Davis has joined Public “Office Hours”

Zoom avatar
Zoom
06:42:41 PM

Mauricio Wyler has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:39 PM

Isaac M has joined Public “Office Hours”

Zoom avatar
Zoom
06:44:41 PM

Isa Aguilar has joined Public “Office Hours”

Zoom avatar
Zoom
06:46:42 PM

Tim Gourley has joined Public “Office Hours”

Zoom avatar
Zoom
06:47:39 PM

Ehimah Obuse has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Lens | The Kubernetes IDEattachment image

Lens IDE for Kubernetes. The only system you’ll ever need to take control of your Kubernetes clusters. It’s open source and free. Download it today!

mfridh avatar
avirshup/DockerMake

A reproducible Docker image build system for complex software stacks

mfridh avatar

I mentioned this in the context of possibly replacing it with dagger.io

avirshup/DockerMake

A reproducible Docker image build system for complex software stacks

Zoom avatar
Zoom
07:07:34 PM

Amer Zec has joined Public “Office Hours”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC

1
Zoom avatar
Zoom
07:09:09 PM

Andrew Thompson has joined Public “Office Hours”

2022-05-05

Matt Gowie avatar
Matt Gowie

Would love to discuss this next week + hear from anybody who has had the chance to kick the tires. https://www.pulumi.com/docs/intro/languages/yaml/

Pulumi YAML

An overview of how to use the Pulumi YAML config languages for infrastructure as code on any cloud (AWS, Azure, GCP, Kubernetes, etc.).

2
Eric Luria avatar
Eric Luria

I’m in another Slack (https://randsinrepose.com/welcome-to-rands-leadership-slack/) and there’s a staff eng there from Pulumi who worked on this feature and is planning on doing an AMA sometime soon

Pulumi YAML

An overview of how to use the Pulumi YAML config languages for infrastructure as code on any cloud (AWS, Azure, GCP, Kubernetes, etc.).

2022-05-07

sohaibahmed98 avatar
sohaibahmed98
appvia/tf2helm

Converts a Terraform module to a Helm Chart

    keyboard_arrow_up