#office-hours (2023-07)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2023-07-03
![Hans D avatar](https://secure.gravatar.com/avatar/4f534e0b78001931f441c8011a95edeb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0000-72.png)
For the upcoming office hours: Using the new TF import functionality to move existing infra into the atmos style stacks
2023-07-05
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![YoungChool Kim avatar](https://avatars.slack-edge.com/2023-06-20/5480668852704_00633db85356753abdce_72.png)
Hi! I am not sure if I can join the meeting, but a question I have is: What is the recommended way to remove the existing stacks where in the setting of:
• using atmos to generate vars and backend for each Terraform workspace
• with Atlantis configuration (per repo config) I appreciate any help you can provide.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
• with Atlantis configuration (per repo config)
Note, we now have GitHub Actions support with general feature convergence with Atlantis. If you’re starting from scratch, I recommend this approach.
![YoungChool Kim avatar](https://avatars.slack-edge.com/2023-06-20/5480668852704_00633db85356753abdce_72.png)
Thank you for the update! This is the document, right?
GitHub Actions
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Yes, however, I think we haven’t yet written the integration guide.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Dan Miller (Cloud Posse) can link you to what we have
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Atmos Terraform Plan
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Atmos Terraform Apply
![Dan Miller (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-08-12/2389147782305_5729c9d69c393852d209_72.jpg)
The documentation that I’ve written is still in PR review. I’ll link here once it’s published. Should be the EOD today
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
The Cloud Posse GitHub Action for “Atmos Terraform Plan” simplifies provisioning Terraform from within GitHub using workflows. Understand precisely what to expect from running a terraform plan from directly within the GitHub UI for any Pull Request.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
The Cloud Posse GitHub Action for “Atmos Terraform Apply” simplifies provisioning Terraform entirely within GitHub Action workflows. It makes it very easy to understand exactly what happened directly within the GitHub UI.
![YoungChool Kim avatar](https://avatars.slack-edge.com/2023-06-20/5480668852704_00633db85356753abdce_72.png)
Thank you for the update!
![Nenna avatar](https://avatars.slack-edge.com/2023-03-01/4881731218722_e0aeb49da15306dce6fd_72.jpg)
Links from today’s office hours:
https://github.com/common-fate/common-fate https://github.com/aws/containers-roadmap/issues/876#issuecomment-1546760257 https://github.com/shihanng/tfvar https://twitter.com/stefanprodan/status/1676216365819088899 https://twitter.com/stefanprodan/status/1676216365819088899 https://symops.com/ https://aws.amazon.com/blogs/security/temporary-elevated-access-management-with-iam-identity-center/ https://docs.datadoghq.com/logs/guide/forwarder/?tab=terraform https://github.com/fluxcd/flux2/releases/tag/v2.0.0
2023-07-07
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2023-07-11
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
Curious to see what folks are thinking about Datadog Workflow Automation and how they might use it. . Will you add automation to your monitoring?
Reminds me of PagerDuty’s acquisition of Rundeck to add automation to incident management. And yet, I don’t know of anyone that’s actually used PD+RD not saying no one’s applied it, I just don’t know anyone that has. Interested in hearing folks experience with this one as well.
https://www.datadoghq.com/blog/automate-end-to-end-processes-with-datadog-workflows/
![attachment image](https://imgix.datadoghq.com/img/blog/automate-end-to-end-processes-with-datadog-workflows/workflow-update-hero.png?fit=crop&w=1200&h=630)
Learn how to combine monitoring and workflow automation into a single, streamlined solution with Datadog Workflow Automation.
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
interesting product, seems it can be used for disaster recovery
![attachment image](https://imgix.datadoghq.com/img/blog/automate-end-to-end-processes-with-datadog-workflows/workflow-update-hero.png?fit=crop&w=1200&h=630)
Learn how to combine monitoring and workflow automation into a single, streamlined solution with Datadog Workflow Automation.
2023-07-12
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Posted in r/kubernetes by u/dshurupov • 16 points and 9 comments
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![party_parrot](/assets/images/custom_emojis/party_parrot.gif)
![fast_parrot](/assets/images/custom_emojis/fast_parrot.gif)
![nyan_parrot](/assets/images/custom_emojis/nyan_parrot.gif)
![fiesta_parrot](/assets/images/custom_emojis/fiesta_parrot.gif)
![aws](/assets/images/custom_emojis/aws.png)
![cool-doge](/assets/images/custom_emojis/cool-doge.gif)
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
https://github.com/GlueOps/terraform-module-provider-versions https://github.com/GlueOps/terraform-registry-proxy cc: @BATeller @Erik Osterman (Cloud Posse)
![BATeller avatar](https://avatars.slack-edge.com/2023-06-26/5473571273031_a7bc1539e6b4682a6592_72.png)
Thank you!
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Anytime. Docs are a bit light but if you need any help with either let me know. Happy to jump on a call and walk you through it.
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
OH, almost forgot. There is something called network mirror that you may want to read up on. It requires modifying your .terraformrc
but in theory you could point your terraform applies to use some folder path for all the providers. the .terraformrc
is something that the terraform cli will pick up. I believe for TFC it requires self-hosted agents and with spacelift i believe it’s supported.
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
We never looked at it because we didn’t want to self-hosted agents
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
will this work in a version controled modules structure ?
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
for example if I add this to my vpc module that is tagged 1.2.3 and I want to update the providers versions when I will apply the infra for VPC 1.2.3 that will automatically take the latest versions for all the providers, right ?
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Yes, I believe it should work in those situations. I’ve personally been using it at the same level as my modules so that if something were to go wrong I could branch the repo (https://github.com/GlueOps/terraform-module-provider-versions) and point back to alternative versions quickly.
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
so the provider versions module is always used in the other module with the latest version
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
if i would want to version this module as well, my problem of creating multiple pr’s for each sub module repo will be back to square 1
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Yeah, so in my situation we assume that we can move all of our stack together to the latest versions (https://github.com/GlueOps/terraform-module-provider-versions). If one part of our stack has an issue we rollback and keep everything on the older version until we can resolve that issue. One situation where we have had to rollback is with the tfe provider for terraform cloud: https://github.com/GlueOps/terraform-module-provider-versions/blob/main/versions.tf#L43 rather than try and fix the issue we are looking to migrate off to spacelift or another solution.
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Also, when we do our updates, we go through all the usages of our modules and ensure a plan works cleanly. We also do a plan before the updates to ensure there is no pending drift/changes.
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
got it
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
thanks
![Bogdan Mihaescu avatar](https://secure.gravatar.com/avatar/722589c14961a630fea3fd5c864e6125.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
so no way for you to create a new env with older providers
![Jeremy White (Cloud Posse) avatar](https://avatars.slack-edge.com/2022-10-14/4236950492513_ceab13cebd77d26f2ef6_72.jpg)
Something that bothered me recently, I guess I’ll ask in case there is time: Has anyone found a linter that will enforce deprecation warnings on outputs? That is, if you make a module that consumes deprecated outputs of another tfstate, the linter warns or even fails the module.
![BATeller avatar](https://avatars.slack-edge.com/2023-06-26/5473571273031_a7bc1539e6b4682a6592_72.png)
I haven’t. Typically at the workspace level (and also at the module level) we output maps, lists, or variables. So its purposefully structured and narrowed scope. Because of this I don’t think there’d be a way to even know if the related resource or attribute is depreciated, at least from the perspective of the workspace calling the remote state (or the calling module).
However, you may be able to write a custom rule with tflint to achieve this?
![Nenna avatar](https://avatars.slack-edge.com/2023-03-01/4881731218722_e0aeb49da15306dce6fd_72.jpg)
Links from today’s office hours:
https://github.com/kubernetes/kubernetes/pull/116429 https://www.awsdocsgpt.com/ https://fly.io/blog/litefs-cloud/ https://factoryfactoryfactory.net/ https://www.hashicorp.com/blog/terraform-apply-as-code-the-multispace-pattern https://tacosprice.com/ https://github.com/diggerhq/tacoscalculator https://www.datadoghq.com/blog/automate-end-to-end-processes-with-datadog-workflows/ https://kubevirt.io/2023/KubeVirt-v1-has-landed.html https://seths.blog/2005/03/dont_shave_that/ https://github.com/charmbracelet/mods https://cruft.github.io/cruft/ https://warpforge.io/ https://earthly.dev/ https://masterpoint.io/updates/passing-on-crossplane/ https://medium.com/gitlab-magazine/multi-cloud-maturity-model-2de185c01dd7
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
2023-07-19
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![BATeller avatar](https://avatars.slack-edge.com/2023-06-26/5473571273031_a7bc1539e6b4682a6592_72.png)
https://github.com/hashicorp/terraform/releases/tag/v1.6.0-alpha20230719 just got released an hour ago. Terraform will be moving terraform test
out of experimental
![Nenna avatar](https://avatars.slack-edge.com/2023-03-01/4881731218722_e0aeb49da15306dce6fd_72.jpg)
Links from today’s office hours:
https://news.apache.org/foundation/entry/save-open-source-the-impending-tragedy-of-the-cyber-resilience-act https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent https://www.bleepingcomputer.com/news/security/google-cloud-build-bug-lets-hackers-launch-supply-chain-attacks/amp/ https://techcrunch.com/2023/07/17/microsoft-lost-keys-government-hacked/ https://github.blog/changelog/2023-07-13-github-actions-oidc-integration-with-aws-no-longer-requires-pinning-of-intermediate-tls-certificates https://github.blog/changelog/2023-07-13-github-actions-oidc-integration-with-aws-no-longer-requires-pinning-of-intermediate-tls-certificates https://www.bleepingcomputer.com/news/security/github-goes-passwordless-announces-passkeys-beta-preview/ https://twitter.com/iamvlaaaaaaad/status/1681036216685191168 https://aws.amazon.com/about-aws/whats-new/2023/07/aws-codebuild-github-actions/ https://docs.aws.amazon.com/codebuild/latest/userguide/action-runner.html https://statusgator.com/ https://endoflife.date/amazon-eks https://www.youtube.com/watch?v=AbSehcT19u0 https://steampipe.io/
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Steampipe is like the old saw
or az interactive
, but using sql commands
2023-07-20
2023-07-23
2023-07-24
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
Question for office hours:
How do you folks handle dependencies between repos? For example,
I update Repo A and cut a release/tag. Repo B needs to be updated with the tag from Repo A and then a release gets cut for Repo B. Repo C needs to be updated with the tag from repo B.
Also, there are situations where Repo B will have a release not dependent on Repo A and there are situations where Repo C will not have a release dependent on Repo A or B.
Are there any solutions for this? or do folks usually handroll their own automation to make this easier?
![Mike Shade avatar](https://avatars.slack-edge.com/2023-06-26/5508476598928_797571a3df012fdfb9c7_72.jpg)
I try to avoid chained dependencies like that as best as possible. Otherwise using solutions like dependabot, renovate, which can watch private repos for new releases and create a PR for apps that consume them.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Perfect question for today’s special guest.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![venkata.mutyala avatar](https://avatars.slack-edge.com/2022-01-10/2935964026964_e3525ee61170d7dc3198_72.png)
2023-07-26
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@here office hours is starting in 30 minutes! Remember to post your questions here.
![Maksym Vlasov avatar](https://avatars.slack-edge.com/2023-07-26/5640450830373_db3d79b9efe1103b3f45_72.jpg)
MEND Renovate Hi folks. Today I will talk about MEND Renovate and show Advanced usage patterns
Sharable Config Presets for Renovatebot, especially useful for DevOps folks
![Jeremy White (Cloud Posse) avatar](https://avatars.slack-edge.com/2022-10-14/4236950492513_ceab13cebd77d26f2ef6_72.jpg)
we ran out of time, but was going to ask if anyone has used github.com/nikita-skobov/monorepo-git-tools (mgt
)
![Nenna avatar](https://avatars.slack-edge.com/2023-03-01/4881731218722_e0aeb49da15306dce6fd_72.jpg)
Links from today’s office hours:
https://github.com/SpotOnInc/renovate-config https://tinyurl.com/cp-renovate https://github.com/SpotOnInc/renovate-config/ https://www.youtube.com/watch?v=l28pukLJvss&list=PLIsz9zLIWsDI71mpnceqPivLAX4kiWEOE https://grem1.in/post/terraform-lockfiles-maxymvlasov/ https://github.com/antonbabenko/pre-commit-terraform https://docs.renovatebot.com https://github.com/renovatebot/.github/blob/main/default.json https://github.com/kelseyhightower/nocode https://medium.com/forto-tech-blog/automated-versioning-of-terraform-modules-with-github-actions-semver-style-800f91ed5037
![SweetOps avatar](/assets/images/custom_emojis/sweetops.png)