#office-hours (2022-12)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2022-12-01
2022-12-05
2022-12-07
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Jeremy White has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Alexandr Vorona has joined Public “Office Hours”
Roy Sprague has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
David Hawthorne has joined Public “Office Hours”
Maura Rowell has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
Michael Pursifull has joined Public “Office Hours”
Matteo Migliaccio has joined Public “Office Hours”
Guilherme Borges has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
Sharif N has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
Steven Kalt has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
Imran Hussian has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Susie Heilman has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Links from today’s call: https://github.com/step-security/wait-for-secrets?utm_source=tldrnewsletter https://github.blog/changelog/2022-12-06-github-actions-workflow-notifications-in-slack-and-microsoft-teams https://aws.amazon.com/blogs/compute/visualize-and-create-your-serverless-workloads-with-aws-application-composer/ https://aws.amazon.com/blogs/aws/announcing-amazon-codecatalyst-preview-a-unified-software-development-service/ https://www.cncf.io/announcements/2022/12/06/the-cloud-native-computing-foundation-announces-argo-has-graduated/ https://github.com/teaxyz/cli https://github.com/warptools/warpforge https://tea.xyz/tea.white-paper.pdf
thanks Linda
2022-12-14
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
Mike Jansen has joined Public “Office Hours”
Brian Pauley has joined Public “Office Hours”
Oskar Maria Grande has joined Public “Office Hours”
Hugo Samayoa III has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Luis Masaya has joined Public “Office Hours”
Greg Bouwens has joined Public “Office Hours”
Andy Roth has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
shreenu kumar has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Matt Gowie has joined Public “Office Hours”
Charles Smith has joined Public “Office Hours”
Tim Gourley has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Gabriel Boie has joined Public “Office Hours”
venkata mutyala has joined Public “Office Hours”
Soren Jensen has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
Arthur Dent has joined Public “Office Hours”
Mike Jansen has joined Public “Office Hours”
Marc Tamsky has joined Public “Office Hours”
Links from today’s call: https://github.com/tellerops/teller https://www.amazingcto.com/postgres-for-everything/ https://docs.github.com/en/actions/creating-actions/sharing-actions-and-workflows-from-your-private-repository https://webhook.site/ https://github.com/AppsFlyer/terra-crust https://www.reddit.com/r/kubernetes/comments/zg3te0/ai_is_the_future/ https://www.spectrocloud.com/blog/do-you-know-more-about-kubernetes-than-chatgpt/ https://www.reddit.com/r/kubernetes/comments/ziao4d/karpenter_consolidation_and_eks_node_viewer/ https://github.com/cloudposse/atmos/pull/274 https://github.com/gofireflyio/aiac https://banzaicloud.com/docs/bank-vaults/mutating-webhook/
2022-12-18
2022-12-20
Q: What are some good ways to update an application in argo with the new docker tag?
Some options…
• image updater sounds great and it’s on the roadmap to be added to argocd
• eventbridge watching docker pushes which triggering lambda container with a git library doing the replacement on values.yaml?
• CI mechanism building images does the replacement in values.yaml and makes a commit?
2022-12-21
@here office hours is starting in 30 minutes! Remember to post your questions here.
@Erik Osterman (Cloud Posse) looking to discuss the following (fyi I’m on a plane that is landing, but I should be fine via phone wireless and then 5G if necessary; may be a bit of background noise)
Assume TFC, Spacelift, env0, scalr and all the other terraform CIs are not an option, but you’d like to run terraform in something like circleci, gitlab, github actions, jenkins, whatever.
• how bad of an idea do people think this is for a relatively small product?
◦ 7 services
◦ examples of why this is bad are:
▪︎ if someone manually cancels a CI job during an apply things can get seriously borked
• I debated yesterday with RB on why someone would even cancel a CI job manually – apparently it is not entirely uncommon as evidenced by consulting experience on my own team, as well as:
◦ https://circleci.canny.io/cloud-feature-requests/p/prevent-a-job-from-being-cancelled-when-the-workflow-is-cancelled
• reasoning I’ve heard for why running TF in CI basically comes down to “because apply is heavily stateful (effectively) and ci is meant to not be stateful, at least to that extent
• potential solutions
◦ use github actions
◦ only do fmt, validate, init and plan in CI and then delegate to some other cloud service to actually run the apply (probably a long-running serverless function)
• have a centralized pipeline that gets kicked only for applies and basically tell everyone “don’t ever cancel this pipeline” ◦ my particular CI provider (CircleCI) doesn’t offer a great way to handle this afaik
• try to get even more budgeting for TFC or similar ◦ currently using TFC, not into Terraform management tools at all really, they are prohibitively expensive and we’re actually likely going to TFC Thanks so much!
actually having trouble joining from my phone so this may have to wait until next week
Ha. Yeah having problems connecting via cell which is my only option right now.
Here’s a PoC for doing it github actions. There’s problems with not having an app to provide advanced functionality, but it’s a very bare bones implementation of the basic functionalities:
• add a plan to a pr
• add a (janky) method for applying those changes
Was able to make it on!
Thanks @jimp
I’m planning on spending some time over the coming months to actually make a viable github action for terraform lifecycle
Nice one!
@Matt Calhoun, I’m presuming you will open source your terraform GitHub action? When might we except a release?
If Matt’s already invested hundreds of hours, I’m confident it will be exceptional. I’ll scrap my plans and adapt what he’s building!
Yea, the repos should be public soon, even if the full solution isn’t baked.
What is the cost for running a ton of github actions?
Self hosted runners are “free” except for your operating cost
Oh, right, I forgot about the self-hosted bit.
Yea, the repos should be public soon, even if the full solution isn’t baked.
@Erik Osterman (Cloud Posse) 
if this has happened, any pointers where to go digging and put the pieces together ?
As for the main topic of this thread, i’ll go and watch the recording from Dec 21st before adding my thoughts
I believe we have some of them up, but the usage isn’t documented
@matt
A very basic version of the workflows running atmos in GHA is up at https://github.com/cloudposse-sandbox/demo-full-workflow, but it’s definitely lacking documentation, full testing, and handling the edge cases. We’re working right now to polish some of that, but it will likely be several more weeks until that’s in better shape (publically).
thank you both
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Michael Jenkins has joined Public “Office Hours”
Andrew Brown has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Alex Siegman has joined Public “Office Hours”
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Matt Calhoun has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
Jim Park has joined Public “Office Hours”
dag viggo lokoeen has joined Public “Office Hours”
Jeremy White has joined Public “Office Hours”
Sean Turner has joined Public “Office Hours”
Soren Jensen has joined Public “Office Hours”
Joe Caulfield has joined Public “Office Hours”
Hao Wang has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Michael Sew has joined Public “Office Hours”
Robert Jordan has joined Public “Office Hours”
Jonas Steinberg has joined Public “Office Hours”
Isa Aguilar has joined Public “Office Hours”
Oliver Schoenborn has joined Public “Office Hours”
Sherif Abdel-Naby has joined Public “Office Hours”
Andrew Hall has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
@Isa Aguilar make sure you post your repo here. I’m guessing folks would like to see what you’ve done so far. (most folks likely missed it in the call)
Links from today’s call: https://atmos.tools/cli/commands/describe/affected https://github.com/jassics/security-study-plan https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/ https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-eks-supports-aws-privatelink/ https://aws.amazon.com/about-aws/whats-new/2022/12/aws-storage-gateway-terraform-modules-amazon-s3-file-gateway/ https://aws.amazon.com/about-aws/whats-new/2022/12/aws-control-tower-concurrent-account-provisioning-operations/ https://github.blog/changelog/2022-12-15-secret-scanning-is-now-available-for-free-on-public-repositories/ https://spacelift.io/blog/introducing-notification-policies https://github.com/sponsors/cloudposse https://github.com/terraform-aws-modules/terraform-aws-eks https://github.com/hashicorp/terraform-aws-hashicorp-vault-eks-addon https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html https://aws.amazon.com/blogs/aws/new-aws-marketplace-for-containers-now-supports-direct-deployment-to-amazon-eks-clusters/ https://www.runatlantis.io
2022-12-22
2022-12-24
2022-12-26
2022-12-28
@here office hours is starting in 30 minutes! Remember to post your questions here.
Hi @Erik Osterman (Cloud Posse) We encountered some terrafrom state disorder on the prod and dev env.
When we run terraform plan for dev, say, we will get warning like the screenshot below, seems the passwords and something else are different with the cloud, but it’s bad for us to regenerate the passwords, which means we need to change all those setting for credential for all our services, we need to find out a solution to solve this problem, and making minimum impact on other cloud infrastructures. Any clue to what caused this will be welcomed.
We need to understand a bit more about your environment to be able to help you. What modules or components are you using? What versions? What is your terraform state backend? Are you using atmos? How are you applying the changes? etc
Erik Osterman (Cloud Posse) has joined Public “Office Hours”
Roy Sprague has joined Public “Office Hours”
Vlad Ionescu has joined Public “Office Hours”
Linda Pham (Cloud Posse) has joined Public “Office Hours”
Brian Choate has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
Robert Jordan has joined Public “Office Hours”
Isaac M has joined Public “Office Hours”
Ben Smith (Cloud Posse) has joined Public “Office Hours”
Eric Berg has joined Public “Office Hours”
Zachary Loeber has joined Public “Office Hours”
Andrew Vitko has joined Public “Office Hours”
AJ Junior has joined Public “Office Hours”
Hao Wang has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
Salvador Montiel has joined Public “Office Hours”
Links from today’s office hours: https://github.com/cloudposse/atmos/pull/283 https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ https://www.zdnet.com/article/patch-now-serious-linux-kernel-security-hole-uncovered/ https://github.com/opencost/opencost https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/ https://kubernetes.io/blog/2022/12/20/validating-admission-policies-alpha/ https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-memorydb-redis-reserved-nodes/ https://aws.amazon.com/about-aws/whats-new/2022/12/aws-compute-optimizer-amazon-ecs-services-aws-fargate/ http://www.paulgraham.com/makersschedule.html https://globaldatanet.com/tech-blog/terraform-pipeline-with-gitlab-ci-and-oidc-for-aws https://github.com/helm/community/blob/main/hips/hip-0011.md https://spiffe.io/ https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/postgresql_role https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html