#office-hours (2023-09)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2023-09-02
2023-09-05
2023-09-06
Last time there was a mention about self-hosted n8n where someone mentioned Node-RED as an alternative. I believe it is worth to mention, that for some time there is tool called FlowFuse (https://flowfuse.com , self-hosted option available) which is positioned as a DevOps for Node-RED.
I was looking for flow fuse well. There’s quite a few players in this low-code environment
In this area I think windmill is also great, for more complex workloads, there is temporal.io
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://aws.amazon.com/about-aws/whats-new/2023/09/amazon-cloudwatch-eks-control-plane-vended-logs/ https://gitlab.com/fedora/legal/fedora-license-data/-/blob/main/data/BUSL-1.1.toml https://www.allthingsdistributed.com/2023/09/farewell-ec2-classic.html https://app.awsiconquiz.com/ https://github.com/orgs/community/discussions/16925#discussioncomment-6784644 https://dev.to/aws/aws-open-source-newsletter-171-4o49 https://github.com/opentffoundation/opentf https://www.oreilly.com/radar/radar-trends-to-watch-september-2023/ https://github.com/cncf/sandbox/issues/60 https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-s3-multivalue-answer-response-dns-queries/ https://github.com/ergomake/layerform https://github.com/github/roadmap/issues/821 https://github.com/github/roadmap/issues/823 https://github.com/cncf/sandbox/issues/60 https://aws.amazon.com/blogs/compute/aws-sam-support-for-hashicorp-terraform-now-generally-available/ https://aws.amazon.com/about-aws/whats-new/2023/09/amazon-cloudwatch-eks-control-plane-vended-logs/ https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-ses-email-delivery-engagement-history/ https://www.hashicorp.com/resources/what-is-multi-cloud-why-are-companies-adopting-it https://github.com/VTCSecureLLC/ace-android https://riemann.io/ https://typefully.com/iamvlaaaaaaad/observability-101-ZSaeSTX
2023-09-11
Are office hours changing to be an hour earlier from now on?
It shouldn’t be
Please confirm it’s at the same time. It should be 11:30 PT, 1:30 CT
Yes, that was the time… Hadn’t noticed the CT not ET
I’ll add to the mutli-cloud comment datadog is an example of an org that does that, they use GCP and AWS for various regions for a number of reasons (cost, HA etc).
2023-09-12
@here PSA
The old meeting ID will not be used 508587304
Please make sure you’ve registered for this week’s office hours. Future meetings (including this week’s) will use a new Zoom meeting ID and these calendar invites are sent via our Google Group ([email protected]).
Meetings are at the same time (11:30 am PT), but a new meeting link.
Registration is at cloudposse.com/office-hours
You can email me at [email protected] if you have any problems registering.
2023-09-13
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://domainnamewire.com/2023/09/08/squarespace-completes-google-domains-acquisition/ https://docs.aws.amazon.com/opsworks/latest/userguide/opscm-eol-faqs.html https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/?utm_source=tldrinfosec https://github.com/GSA/code-gov https://github.com/linkedin/school-of-sre https://github.com/nginx/unit https://earthly.dev/blog/shutting-down-earthly-ci/ https://cloud.google.com/blog/products/management-tools/introducing-infrastructure-manager-powered-by-terraform/ https://cloud.google.com/infrastructure-manager/docs/overview#<i class="em em-~"</i>text=you%20should%20be%20familiar%20with%20Terraform%2C%20which%20is%20an%20open%20source%20tool> https://www.usdigitalresponse.org/ https://opensourcesanjose.org/ https://dagger.io/ https://github.com/actions/actions-runner-controller/tree/master/charts/gha-runner-scale-set https://learnwardleymapping.com/ https://docusaurus.io/ https://github.com/just-the-docs/just-the-docs https://www.nuclino.com/ https://slab.com/ https://github.com/gollum/gollum https://www.algolia.com/ https://github.com/kovetskiy/mark https://stackoverflow.co/teams https://github.com/Erudika/scoold
MongoDBs docs are slick, but watch that license. https://github.com/mongodb/docs
Question for next time: AWS IAM Database Authentication – who has implemented it? What are you thoughts? Any alternatives that are open source or SaaS that are worth looking into? Not trying to solve the private network access problem – really just working to solve the RBAC DB access problem and not have to create / maintain postgres roles + passwords for every engineer who needs SQL access.
Bumping this thread / question for next week’s office hours
2023-09-14
Hey folks, my friend does have open source Earthfiles to share
For anyone looking for a larger and more meaningful example of using Earthly.dev: https://git.sr.ht/~nelsam/pnp-tools/tree/main/item/Earthfile
Also, if you want a full ci example in sr.ht , he has hel set up that way with https://git.sr.ht/~~~nelsam/hel/tree/main/item/Earthfile and https://git.sr.ht/~~~lsam/hel/tree/main/item/.build.yml if you want to see that. For small projects, sourcehut is pretty nice.
Also surpised the rollbar breach didn’t get mentioned on this today - for those using it make sure you rotate your tokens https://dataconomy.com/2023/09/14/rollbar-data-breach/
2023-09-17
although localstack is not 100% perfect, anyone got it running using atmos and as a separate stack/org (so side by side with normal aws stack)?
Yes. I was able to do it. However, I did so with at least two compromises.
• I disabled LocalStack’s IAM enforcement.
• I updated the [providers.tf](http://providers.tf) in any component module (aka the root module) that would be deployed to LocalStack. I updated so it would check if a TF variable localstack_enabled was true, it would explicitly set the service endpoints configurable in the AWS TF provider to point to LocalStack.
I haven’t used LS in nearly 2 years though. The solution I implemented worked well until we scaled out the number of lambda function we deployed to it (150+) and services we consumed (dozen plus including redis, rds, cognito). Even then it worked, but the overhead to deploy everything fresh could take 20+ minutes or much longer on some systems and may need to be retry if LS or TF had issues when provisioning everything. This wasn’t ideal for a dev-ex so we moved on. That said, LS is still best-in-class for the problem is solves.
Thanks. Looking at some bootstrapping work atm (orgs, accounts/account-map etc.)
2023-09-18
2023-09-20
@here office hours is starting in 30 minutes! Remember to post your questions here.
Join Zoom Meeting https://cloudposse.zoom.us/j/88609060289?pwd=cHlNSjkrbVNHeWphL0xrcHNUejV5UT09
Meeting ID: 886 0906 0289 Passcode: 157166
One tap mobile +13052241968,,88609060289# US +13092053325,,88609060289# US
Dial by your location
• +1 305 224 1968 US
• +1 309 205 3325 US
• +1 312 626 6799 US (Chicago)
• +1 646 558 8656 US (New York)
• +1 646 931 3860 US
• +1 301 715 8592 US (Washington DC)
• +1 689 278 1000 US
• +1 719 359 4580 US
• +1 253 205 0468 US
• +1 253 215 8782 US (Tacoma)
• +1 346 248 7799 US (Houston)
• +1 360 209 5623 US
• +1 386 347 5053 US
• +1 507 473 4847 US
• +1 564 217 2000 US
• +1 669 444 9171 US
• +1 669 900 6833 US (San Jose)
Meeting ID: 886 0906 0289
Find your local number: https://cloudposse.zoom.us/u/kcJY3rCz8A
Question for today if there’s time (will cross post): I have been looking into using Terraform with drift detection (Spacelift edition) to manage Security-relevant stuff and share visibility with InfoSec. So, group memberships, security rules etc. But there’s a hole around memberships (and possibly rules) added manually that aren’t in state so don’t get spotted as drift. Is there any clever way to catch these?
how about cloud custodian from capitalone?
Links from today’s office hours:
https://news.google.com/search?q=Mgm&hl=en-US&gl=US&ceid=US%3Aen https://news.ycombinator.com/item?id=37570407 https://docs.aws.amazon.com/cloudhsm/latest/userguide/cloudhsm_mgmt_util-getHSMInfo.html https://www.prnewswire.com/news-releases/caviums-liquidsecurity-hsm-enables-hybrid-cloud-users-to-synchronize-keys-between-aws-cloudhsm-and-private-clouds-300631079.html https://www.wired.com/video/watch/tech-support-hacker-answers-penetration-test-questions-from-twitter https://opentofu.org/ https://www.linuxfoundation.org/press/announcing-opentofu https://github.com/opentofu/registry https://registry.opentofu.org/ https://akuity.io/blog/introducing-kargo/ https://www.prnewswire.com/news-releases/urbancode-announces-the-launch-of-terraform-161831135.html https://github.com/UrbanCode/terraform/blob/master/LICENSE https://www.cloudbees.com/newsroom/cloudbees-launches-most-significant-scalability-functionality-jenkins https://dataconomy.com/2023/09/14/rollbar-data-breach/ https://pulpproject.org/about-pulp-3/ https://github.com/hashicorp/terraform/issues/13022 https://tmsearch.uspto.gov/bin/showfield?f=toc&state=4801%3Ad3ogud.1.1&p_search=searchss&p_L=50&BackReference=&p_plural=yes&p_s_PARA1=&p_tagrepl%7E%3A=PARA1%24LD&expr=PARA1+AND+PARA2&p_s_PARA2=terraform&p_tagrepl%7E%3A=PARA2%24COMB&p_op_ALL=AND&a_default=search&a_search=Submit+Query&a_search=Submit+Query https://jenkins-x.io/ https://www.firefly.ai/ https://github.com/kr8s-org/kr8s https://github.com/lensapp/lens https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/ https://github.com/cloudfoundry-attic/lattice-release https://nats.io/
2023-09-21
anyone have done something like this: https://www.youtube.com/watch?v=MKc9r6xOTpk
/cloudfront-us-east-2.images.arcpublishing.com/reuters/H32KIETGHJMGNPRCC2IO5NXKPU.jpg)
2023-09-25
Anyone here using self-hosted github enterprise? If so, any tips/wisdom you could share?
I’m exploring the option of going self-hosted because we have heavy amounts of automation using github and when their API’s have errors it causes a real disruption for some of our development workflows.
What makes you think your self-hosted solution will be more reliable?
I am under the impression that I will have control with this approach for when I want API updates to hit me. Of course this doesn’t mean I don’t risk new issues from self-hosting, hence this question to better understand the other risks/issues I may experience.
A little more context on our issue: I think the errors we are having right now are probably because of a backend change/update. When we make an API request using terraform more than half the time it throws a 401 error. We don’t do anything and it suddenly works again. Something feels non deterministic and I assume it’s an issue on their backend. I’ve got a ticket open with them but it’s already been close to a day without much traction (totally possible they just immediately come back and say it’s fixed now). We also updated our GitHub terraform provider to the latest version to try and resolve the error but that didn’t do much. Our terraform has been working fine for months so this feels like GitHub issues for our enterprise/tenant.
We also barely spend a couple hundred a month on GitHub so our support options are pretty much through the front door support.
If anyone has any input on github premium support offerings that would be great.
I haven’t been enjoying GH since MS bought them. Might just be me, but my perception is that it’s a lot more unstable since. Checkout https://about.gitea.com/.
Yeah i’m sure as part of that purchase they are migrating things to Azure now
Thanks
2023-09-26
2023-09-27
@here office hours is starting in 30 minutes! Remember to post your questions here.
Have a Q re GH actions: https://sweetops.slack.com/archives/CQA2BH8AG/p1695688892594209
That was fun
Links from today’s office hours:
https://www.reuters.com/markets/deals/cisco-acquire-splunk-28-billion-2023-09-21/ https://clickhouse.com/blog/clickhouse-keeper-a-zookeeper-alternative-written-in-cpp https://aws.amazon.com/about-aws/whats-new/2023/09/amazon-eks-distro-kubernetes-version-1-28/ https://www.bleepingcomputer.com/news/security/github-repos-bombarded-by-info-stealing-commits-masked-as-dependabot/amp/ https://www.esecurityplanet.com/applications/okta-breaches/ https://techcrunch.com/2023/09/21/oh-gitness-harness-launches-gitness-an-open-source-github-competitor/ https://aws.amazon.com/about-aws/whats-new/2023/09/amazon-ec2-block-public-access-machine-images/ https://github.com/hyperdxio/hyperdx https://www.scalr.com/blog/get-started-with-opentofu-by-installing-from-source https://github.com/nat-henderson/terraform-provider-dominos/pull/21 https://ai.invideo.io/ https://dagger.io/ https://inlets.dev/ https://github.com/beezlabs-org/cloudflare-tunnel-operator https://github.com/adyanth/cloudflare-operator https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/connect-private-networks/ https://medium.com/@penquestr/libwebp-the-new-log4j-3e932b35bdcb