#office-hours (2022-11)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2022-11-02
Q: Before deploying to production/merging into the main branch: How do you test changes made to a service defined in terraform? (or other IaC).
I’d be interested in hearing how people approach the developer workflow for services defined with terraform, in particular how are changes (hopefully automatically, but perhaps manually) tested before they are merged into the main branch and/or deployed to production?
Terraform validation/planning are useful but don’t cover the service functionality. I’ve found Terratest great to test individual or small groups of terraform modules that deploy/undeploy quickly, but I’m wondering how folks approach higher-level or even end-to-end regression tests, in relatively complex services with resources potentially deployed cross-account.
@here office hours is starting in 30 minutes! Remember to post your questions here.
Oops. DST is evil and I won’t make it today
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Robert Jordan has joined Public “Office Hours”
Tony Scott has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Martin Weber has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
Robert Jordan has joined Public “Office Hours”
Leonor Daniel has joined Public “Office Hours”
Gabriel has joined Public “Office Hours”
David Hawthorne has joined Public “Office Hours”
Bridget Royer has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
Charles Smith has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Ralf Pieper has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Soren Jensen has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Maura Rowell has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
Jared Richards has joined Public “Office Hours”
Jared Richards has joined Public “Office Hours”
Mazin Ahmed has joined Public “Office Hours”
Ozzy has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
Maged Abdelmoeti has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
2022-11-03
Hey folks — Does anyone happen to know which office hours we discussed different branching strategies (e.g. trunk vs gitflow vs github flow etc) for infrastructure? We’ve talked about it a number of times in Office Hours, but I just went to go and search for it on YouTube and can’t seem to find it. I know it’s a long shot, but if anyone can point me towards that I’d appreciate it
2022-11-04
This might be kinda cool: https://investors.datadoghq.com/news-releases/news-release-details/datadog-acquires-cloudcraft-create-live-cloud-architecture
That’s very cool..
2022-11-05
2022-11-06
Does anyone here backup their git repos? If so what service do you use? My team and I do all of our development in the cloud via codespaces so unlike many development teams we don’t have a backup in the event we do a bad rebase or in the chance something were to happen to github.
Hi. Maybe having a code in two independent providers might be a solution for you. I’m not sure if Github allows you to do a repo mirroring but Gitlab does. https://docs.gitlab.com/ee/user/project/repository/mirror/
Some of my customers have been using this tool here: https://gitprotect.io/
Awesome. Thanks for sharing. I saw a few different vendors doing this but wasn’t sure which one to trust so i can just set it and forget it.
@venkata.mutyala just set it and forget it this is not a good approach. Backups need to be periodically tested otherwise, you will get a Schrödinger’s backup
1
You can also call the API for most common git providers and get a zip file, just in case you don’t trust anyone and want to create your own tool
ghorg => https://github.com/gabrie30/ghorg
ghorg clone privatet-org-here --scm=github --preserve-dir --token ghp_deadbeeftokenhere --path .
i was also looking to do this for codecommit, and conjured up my hackscript whicj looks like this:::
cat clone.sh
SRC_REG=us-east-1
echo "Getting repo names"
aws codecommit list-repositories --query "repositories[*].[repositoryName]" --output text --region $SRC_REG > REPO_LIST.txt
echo "" > REPO_HTTP.txt
for i in `cat REPO_LIST.txt`
do
echo "Getting HTTP URL for $i"
aws codecommit get-repository --repository-name $i --query "repositoryMetadata.cloneUrlHttp" --output text --region $SRC_REG >> REPO_HTTP.txt;
done
for j in `cat REPO_HTTP.txt`
do
echo "Cloning Repo "
git clone $j
done
for k in `ls -d */`
do
cd $k
git submodule update --init --recursive
cd ..
echo `pwd`
done
ghorg looks great!
Here is the script I’ve put together and plan to deploy as a cron:
#!/bin/bash
backup_unixtimestamp=$(date +%s)
function backup_github_org {
ORG_NAME=$1
echo "Backing up github.com/${ORG_NAME}"
docker run -v $(pwd):/root/ghorg <docker-image-here> ghorg clone ${ORG_NAME} --backup --clone-wiki --include-submodules --token ${GITHUB_PAT} --output-dir "${ORG_NAME}_${backup_unixtimestamp}"
}
backup_github_org githuborg1
backup_github_org githuborg2
@venkata.mutyala - I’ve also been playing with github actions oidc connection to AWS. My primary intent it to deploy a react site, but i guess the same workflow could be used to push the whole repo to S3 …..
2022-11-07
2022-11-08
Today I learned about the cluster API: https://cluster-api.sigs.k8s.io/#why-build-cluster-api
Anyone here use it before?
In this article, you will find a visual explanation of how the Kubernetes API works. https://dev.to/danielepolencic/the-kubernetes-api-architecture-1pi9
That’s a good reference link. Thanks for sharing. The link i shared is in regards to a “Cluster API” project. It’s poorly named but basically it’s supposed to let you deploy a k8s cluster:
How can I consistently provision machines, load balancers, VPC, etc., across multiple infrastructure providers and locations?
How can I automate cluster lifecycle management, including things like upgrades and cluster deletion?
How can I scale these processes to manage any number of clusters?
SIG Cluster Lifecycle began the Cluster API project as a way to address these gaps by building declarative, Kubernetes-style APIs, that automate cluster creation, configuration, and management. Using this model, Cluster API can also be
I haven’t tried it myself but it sounds super cool
Anyone knows ways to test GitHub actions locally?
Learned about this recently but I haven’t tried it myself: https://github.com/nektos/act
Interesting. Thank you I will give it a try.
One thing that stops me often from using act is the lack of reusable workflows support. It also silently ignore some issues that make my GHA fail when run live. Not sure how much time act saves me really
I am looking for a good way to lint GHA manifests. For example a mistake I make often is forgetting to specify shell resulting in Required property is missing: shellwhich should be prevented by a local lint. I’m looking into using CUE lang for it. Anyone doing it already?
TIL about CUE!
2022-11-09
@here office hours is starting in 30 minutes! Remember to post your questions here.
Hey, we’ve been trying out Spacelift and it obviously rocks. It seems to think in pure Terraform so I would love to know/see how you dovetail it with Atmos, if possible. Thanks!
Would love to see that too
Thanks for the demo, Erik - looking forward to watching it back a few more times!
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
sri nandu has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Andrew Hall has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
Renesh G has joined Public “Office Hours”
Ralf Pieper has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
sri nandu has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Reed Hanger has joined Public “Office Hours”
Johnmary Odenigbo has joined Public “Office Hours”
Arthur Dent has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Dave Gregory has joined Public “Office Hours”
Johnmary Odenigbo has joined Public “Office Hours”
Dave Gregory has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Stelios Latsinoglou has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Yusuf has joined Public “Office Hours”
Having issues, implementing varnish cache for some next.js application on Kubernetes cluster. Anyone done that before, who can point me in the right direction. Thanks
I am using IBM helm for it but not sure where they are only podname that is ephemeral. https://ibm.github.io/varnish-operator/vcl-configuration.html
Tim Gourley has joined Public “Office Hours”
Michael Pursifull has joined Public “Office Hours”
Dave Gregory has joined Public “Office Hours”
Links from office hours: https://aws.amazon.com/about-aws/whats-new/2022/11/aws-cloudtrail-delegated-account-support-aws-organizations/ https://aws.amazon.com/about-aws/whats-new/2022/11/announcing-aws-resource-explorer/ https://github.com/orgs/community/discussions/31#discussioncomment-4048867 https://ossinsight.io/2022/#the-most-active-repositories https://cloudposse.com/careers/
2022-11-11
2022-11-12
2022-11-14
Really appreciated the Atmos+Spacelift demo last week! Any chance of something similar this week to demonstrate/explain the way you spin up a new AWS account in an org in the CloudPosse/SweetOps model? Thanks!
@Erik Osterman (Cloud Posse) https://github.com/cresta/atlantis-drift-detection
uses the new Atlantis Api and atlantis config validations
oh sweet! @RB
RB pointed out to me
2022-11-15
2022-11-16
FYI: I won’t make it to today’s call
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nicolás de la Torre has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Brian Choate has joined Public “Office Hours”
Michael Pursifull has joined Public “Office Hours”
Alex Atkinson has joined Public “Office Hours”
Jose Figueredo has joined Public “Office Hours”
Susie Heilman has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
Jan Niederhumer has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Kaya Winn has joined Public “Office Hours”
Charles Smith has joined Public “Office Hours”
Alex Siegman has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Arthur Dent has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
Stelios Latsinoglou has joined Public “Office Hours”
Jeremy White has joined Public “Office Hours”
Paul Bullock has joined Public “Office Hours”
Shaun Wang has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
I forgot to ask, does anyone know what the main reasons were for switching atmos docs to docusaurus (and what was the previous doc system used)?
the prev site was not complete at all and it was using docusaurus v0.x (old version)
so it’s still docusaurus
ah ok thanks
any reason? or just curious
just curious, docusaurus looks great but there are so many good choices (gatsby, hugo, jekyll, docsify etc) so I’m always curious as to people’s reasons for picking one over the others.
there are many of those https://docusaurus.io/docs#comparison-with-other-tools. Docusaurus was easy to start with for us, it looks good, fast to compile and run, very configurable, and it has the power of React and MDX https://mdxjs.com/
Yeah I must say support for MDX is pretty cool.
There doesn’t seem to be a plugin for community feedback (votes, comments) other than giscus which requires voter/commenter to have a github account.
links from today’s call: https://github.blog/2022-11-15-the-journey-of-your-work-has-never-been-clearer/ https://spacelift.io/blog/spaces-by-spacelift https://github.blog/changelog/2022-11-14-github-actions-require-approval-for-running-workflows-from-private-forks/ https://docs.github.com/en/actions/migrating-to-github-actions/automating-migration-with-github-actions-importer https://github.com/cresta/atlantis-drift-detection http://terraform-provider-environment https://slack.engineering/how-we-use-terraform-at-slack/ https://atmos.tools/ https://cloudposse.com/careers/
2022-11-17
2022-11-18
2022-11-21
2022-11-22
Something interesting to cover tomorrow would be Karpenter’s newly-released Spot Instance Interruption-handling feature, which makes cost savings with spot instances more viable for critical workloads.
@Erik Osterman (Cloud Posse)
Could this not have been achieved before by using the https://github.com/aws/aws-node-termination-handler ?
Cool. I made notes about the fact that this may happen before we onboard Karpenter. Almost makes me happy I hadn’t rushed into it yet .
Isn’t that best that by waiting sometimes you actually safe T&E?
12022-11-23
@here office hours is starting in 30 minutes! Remember to post your questions here.
• EKS 1.24: https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-eks-eks-distro-support-kubernetes-version-1-24/
• Finch - Lima and nerdctl: https://aws.amazon.com/blogs/opensource/introducing-finch-an-open-source-client-for-container-development/
• Multiple MFA: https://aws.amazon.com/about-aws/whats-new/2022/11/aws-identity-access-management-multi-factor-authentication-devices/
• ALB forced per-AZ mode: https://aws.amazon.com/about-aws/whats-new/2022/11/application-load-balancers-turning-off-cross-zone-load-balancing-per-target-group/
• GA for AppSync resolvers: https://aws.amazon.com/blogs/aws/aws-appsync-graphql-apis-supports-javascript-resolvers/
• AppSync vulnerability patched: https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/
• Node.js 18 in Lambda: https://aws.amazon.com/about-aws/whats-new/2022/11/aws-lambda-support-node-js-18/
• Cross-account Step Functions: https://aws.amazon.com/about-aws/whats-new/2022/11/simplify-cross-account-access-aws-services-step-functions/
• SAM and Terraform: https://aws.amazon.com/blogs/compute/better-together-aws-sam-cli-and-hashicorp-terraform/ Since I know you’ll ask, here’s a list of interesting announcements
- interesting as defined by me, for #office-hours’ specific audience
Wow!
AWS Identity and Access Management now supports multiple multi-factor authentication (MFA) devices
Did anyone catch up with Terramate yet?
https://github.com/mineiros-io/terramate
Migrated everything to terramate 2 days after I found it. First spent 2 hours revisiting Terragrunt which I hadn’t touched in several years but realized quickly it didn’t help me… then I suddenly remembered I had seen Terramate announced a couple of months ago.
I’m getting prompted for a passcode
@Antarr Byrd sorry, I was so caught up and didn’t see this. Were you able to get in ?
@Mikael Fridh I am bummed I wasn’t able to convince you to try https://atmos.tools
It would be helpful to understand some of your deciding factors
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Allan Mohr has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Mikael Fridh has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Alex Atkinson has joined Public “Office Hours”
Reed Hanger has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Michael Pursifull has joined Public “Office Hours”
Precious has joined Public “Office Hours”
Max Lobur has joined Public “Office Hours”
Brett Seals has joined Public “Office Hours”
Guillermo Gutierrez has joined Public “Office Hours”
Jeremy Bouse has joined Public “Office Hours”
Ben Smith (Cloud Posse) has joined Public “Office Hours”
Charles Smith has joined Public “Office Hours”
Yusuf has joined Public “Office Hours”
Antarr Byrd has joined Public “Office Hours”
Steven Vargas has joined Public “Office Hours”
Dave Gregory has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
For continuity, the issue to watch is https://github.com/aws/containers-roadmap/issues/876
Links from today’s office hours: https://github.com/tailscale/github-action https://tailscale.com/blog/2021-05-github-actions-and-tailscale/ https://www.robert-jensen.dk/posts/2022-using-github-actions-with-tailscale-to-deploy-locally https://gist.github.com/AlexAtkinson/73b8fde4c010e5983cfc22e0928dfc5c https://sweetops.slack.com/archives/CHDR1EWNA/p1669114607374279 https://sweetops.slack.com/archives/CHDR1EWNA/p1669231281395509?thread_ts=1669230039.133869&cid=CHDR1EWNA https://aws.amazon.com/about-aws/whats-new/2022/11/aws-identity-access-management-multi-factor-authentication-devices/ https://github.com/kubeshark/kubeshark https://github.com/busser/tftree https://blog.cloudflare.com/terraforming-cloudflare-at-cloudflare/ https://github.blog/changelog/2022-11-22-webhook-enhancements-for-environment-protection-rules/ https://docs.github.com/en/developers/webhooks-and-events/webhooks/receiving-webhooks-with-the-github-cli
2022-11-26
2022-11-27
2022-11-28
2022-11-29
Anyone here using self-hosted opensearch in production over elasticsearch? I’m considering it as my centralized logging solution for kubernetes. I was also considering Loki but it seems a little immature right now.
might be overkill but if youre platform agnostic from a performance perspective, google big query smashes everything I have seen for performance at scale for seaching/processing data
loki is quite mature and much easier to maintain than es/os. also support of object storages for long term is major advantage
Thanks John, I am trying to stay kubernetes friendly. I’ll take a second look at Loki. I read it doesn’t work well with large data sets however being able to offload data into object storage sounds prettty compelling. I wasn’t across that feature. Thanks for highlighting it Ihor.
2022-11-30
@here office hours is starting in 30 minutes! Remember to post your questions here.
- What do you think of AWS KMS External Key Store announcement, and what are some of the use-cases you can think of?
What’s it cost to buy an HSM? can i roll my own with a mini pc?
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Dave Gregory has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Guillermo Gutierrez has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Charles Smith has joined Public “Office Hours”
Robert Jordan has joined Public “Office Hours”
David Hawthorne has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Henrik Huitti has joined Public “Office Hours”
Max Lobur has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
Amer Zec has joined Public “Office Hours”
PePe Amengual has joined Public “Office Hours”
Sherif Abdel-Naby has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Alex Siegman has joined Public “Office Hours”
Ajibola Oladele has joined Public “Office Hours”
Amer Zec has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
rik broers has joined Public “Office Hours”
Reminds me of a knock knock joke:
Knock, knock.
< Who’s there?
…
…
…
…
…
…
…
… java.
Gabriel Boie has joined Public “Office Hours”
Links from today’s call: https://github.com/bflad/tfproviderlint https://github.com/awslabs/terraform-iam-policy-validator https://aws.amazon.com/about-aws/whats-new/2022/11/aws-config-rules-support-proactive-compliance/ https://aws.amazon.com/blogs/aws/new-fully-managed-blue-green-deployments-in-amazon-aurora-and-amazon-rds/ https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-cloudfront-continuous-deployment-support/ https://aws.amazon.com/blogs/aws/new-accelerate-your-lambda-functions-with-lambda-snapstart/ https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-security-lake-preview/ https://aws.amazon.com/blogs/aws/introducing-vpc-lattice-simplify-networking-for-service-to-service-communication-preview/ https://aws.amazon.com/about-aws/whats-new/2022/11/announcing-amazon-opensearch-serverless-preview/ https://aws.amazon.com/about-aws/whats-new/2022/11/aws-announces-lower-latencies-amazon-elastic-file-system/ https://www.osohq.com/ https://www.microsoft.com/en-us/research/publication/description-cedar-language/ https://www.keycloak.org/
