#office-hours (2023-10)

“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours

Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!

https://cpco.io/slack-office-hours

Meeting password: sweetops

2023-10-01

Hans D avatar
minamijoyo/tfmigrate

A Terraform state migration tool for GitOps

Hans D avatar
cloudandthings/terraform-aws-clickops-notifier

Get notified when actions are taken in the AWS Console.

Pheagey Grean avatar
Pheagey Grean

This is ganna be helpful. TY @Hans D

cloudandthings/terraform-aws-clickops-notifier

Get notified when actions are taken in the AWS Console.

RB avatar

I’ve used this and it’s a little buggy

2023-10-03

0xFlatHeadFred avatar
0xFlatHeadFred

Hi. signed up to docs.cloudposee.com over the weekend, awaiting an administrator to approve access.

0xFlatHeadFred avatar
0xFlatHeadFred

oops misread invite email

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ah, those docs are reserved for customers

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

But our office hours are free :-)

0xFlatHeadFred avatar
0xFlatHeadFred

ah, my bad. alright thanks

0xFlatHeadFred avatar
0xFlatHeadFred

what do i need to do?

2023-10-04

SlackBot avatar
SlackBot
12:53:14 PM
SlackBot avatar
SlackBot
12:53:15 PM
Allan Swanepoel avatar
Allan Swanepoel

FYI:: NodeJs 16.x has been deprecated early from support due to security issues. The End-of-Life date for Node.js 16 was moved forward by seven months to coincide with the end of support of OpenSSL 1.1.1 on September 11th, 2023. Meanwhile AWS is still showing support on Lambda until Mar 11th next year.

The bigger issue might come from the packaging. As the node 18.x lambda container is shipped with version 3 of the AWS SDK

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:03 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Allan Swanepoel avatar
Allan Swanepoel
Bringing forward the End-of-Life Date for Node.js 16 | Node.js

Node.js® is a JavaScript runtime built on Chrome’s V8 JavaScript engine.

Nenna avatar

Links from today’s office hours:

https://github.com/hashicorp/terraform/releases/tag/v1.6.0 https://www.hashicorp.com/blog/terraform-1-6-adds-a-test-framework-for-enhanced-code-validation https://github.com/opentofu/opentofu/releases/tag/v1.6.0-alpha1 https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ https://github.com/getlago/lago/wiki/Open-Source-does-not-win-by-being-cheaper https://nodejs.org/en/blog/announcements/nodejs16-eol https://gallery.ecr.aws/search?searchTerm=cloudposse https://aws.amazon.com/about-aws/whats-new/2023/09/aws-app-runner-monorepos/ https://github.blog/changelog/2023-10-02-github-actions-apple-silicon-m1-macos-runners-are-now-available-in-public-beta/ https://github.blog/changelog/2023-09-18-increased-concurrency-limit-for-github-hosted-runners/ https://github.blog/changelog/2023-09-21-github-actions-force-cancel-workflows/ https://gist.github.com/AlexAtkinson/cd10b8855032cfb4eb76cd55cb882201 https://www.davefarley.net/ https://rig.dev/ https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops&tabs=yaml#hardware https://developer.apple.com/documentation/hypervisor https://www.apple.com/shop/buy-mac/mac-pro/rack https://flow.swiss/ https://actuated.dev/ https://ably.com/blog/aws-vpc-peering-vs-transit-gateway-and-beyond https://medium.com/@ramirezag/connecting-the-dots-of-ndots-in-kubernetes-12c096aca8d3 https://pracucci.com/kubernetes-dns-resolution-ndots-options-and-why-it-may-affect-application-performances.html https://repost.aws/knowledge-center/eks-dns-failure https://dev.to/mrkaran/dns-lookups-in-kubernetes-5cm1

Matthew James avatar
Matthew James

the ndots issue is something we’ve dealt with, changing ndots is covering up an underlying issue with your coreDNS implementation. There are better ways to tune it to solve your issue - dns failures are normal in coreDNS due to the way it checks the search domain - generally dns failures with EKS are due to route53 rate limiting coreDNS which you can change with the cluster proportional autoscaler. You should also set lameduck on coreDNS to make sure when coreDNS is terminated it drains from iptables of other nodes. https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/ is another tool that helps to avoid the overwhelming of coredns (AWS rate limits ENIs against route53 so you need to spread it out across lots of nodes if you have inefficient dns queries).

https://k8s.af/ -> good resource here on some of the ndots failures / coredns failures. I’d caution setting it to 1 because that’s gonnna break namespace lookups for pods communicating with other services in the cluster using the cleaner svc.namespace format

Using NodeLocal DNSCache in Kubernetes Clusters

FEATURE STATE: Kubernetes v1.18 [stable] This page provides an overview of NodeLocal DNSCache feature in Kubernetes. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

2023-10-05

Alex Atkinson avatar
Alex Atkinson
Elevate Security with Passkeys: A Better Way to Login | Dashlaneattachment image

Passkeys are a new, more secure way to log in to your accounts. Dashlane is here to help you understand what they are and how to use them.

2023-10-06

Jeremy White (Cloud Posse) avatar
Jeremy White (Cloud Posse)

Might be worth discussing https://github.com/updatecli/updatecli

updatecli/updatecli

A Declarative Dependency Management tool

2023-10-11

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:40 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

omerfsen avatar
omerfsen

I use colima instead of docker desktop but heard nice things about orbstack

2
1
Jeremy White (Cloud Posse) avatar
Jeremy White (Cloud Posse)

yeah. I’ve had zero problems using colima, and I used shared volumes all the time.

Jeremy White (Cloud Posse) avatar
Jeremy White (Cloud Posse)

but I’d also kick the tires on orbstack

Hans D avatar

love orbstak, esp with the additions of dns features

Hans D avatar

works nice on mac as well

omerfsen avatar
omerfsen
docker context use colima
omerfsen avatar
omerfsen
How I switched from Docker Desktop to Colima

Colima is a Docker Desktop alternative for macOS and Linux that’s now supported by DDEV.

omerfsen avatar
omerfsen

OrbStack is a way to run Docker containers on macOS; our developers have found it to be more lightweight, faster and simpler to set up and use than Docker Desktop and Colima

https://www.thoughtworks.com/radar/tools/orbstack#<i class="em em-~"</i>text=OrbStack%20is%20a%20way%20to,than%20Docker%20Desktop%20and%20Colima>.

OrbStack | Technology Radar | Thoughtworksattachment image

OrbStack is a way to run Docker containers on macOS; our developers have found it to be more lightweight, faster and simpler to set up […]

Nenna avatar

Links from today’s office hours:

https://github.com/aws-observability https://github.com/aws-observability/terraform-aws-observability-accelerator https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/ https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/ https://github.com/Homebrew/homebrew-core/pull/149678 https://github.blog/changelog/2023-10-05-github-actions-node_options-is-now-restricted-from-github_env/ https://www.bleepingcomputer.com/news/security/exploits-released-for-linux-flaw-giving-root-on-major-distros/ https://www.hashicorp.com/blog/terraform-ephemeral-workspaces-public-beta-now-available https://aws.amazon.com/about-aws/whats-new/2023/10/amazon-eks-support-kubernetes-versions-preview/ https://www.hashicorp.com/blog/infrastructure-security-lifecycle-releases-open-hashiconf-2023 https://www.hashicorp.com/blog/new-terraform-testing-and-ux-features-reduce-toil-errors-and-costs https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/ https://github.com/actions/setup-node/issues/356 https://www.theregister.com/2023/10/11/red_hat_closed_rhsa_announce/ https://www.theregister.com/2023/10/11/microsoft_documents_installing_linux/ https://orbstack.dev/ https://github.com/abiosoft/colima https://x.com/Docker/status/1709612076174356741?s=20 https://containers.dev https://devfile.io https://www.jetpack.io/devbox/ https://github.com/hashicorp/terraform-provider-aws/issues/33546#issuecomment-1739777113 https://www.fastly.com/blog/key-size-for-tls https://eclipse.dev/che/ https://devpod.sh https://www.gitpod.io http://devspace.sh https://coder.com https://codesandbox.io/ https://www.getcodeflow.com/# https://glitch.com/ https://replit.com/

1

2023-10-13

2023-10-16

2023-10-18

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:44 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

Rohan MB avatar
Rohan MB

Did office hours start? I keep seeing a “waiting for host to start the meeting”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Please make sure you’re using the right join link

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’ve moved to a new zoom meeting a couple months ago.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
LIVE DevOps "Office Hours" with Cloud Posseattachment image

Join Cloud Posse LIVE every Wednesday at 11:30 am PT on Zoom.

Nenna avatar

Links from today’s office hours:

https://techcrunch.com/2023/10/17/amazon-passkey-sign-in/amp/ https://www.thestack.technology/hashicorp-ceo-predicts-oss-free-silicon-valley-unless-the-open-source-model-evolves/ https://youtu.be/pKpfuB634eo https://docs.google.com/presentation/d/1nXjoWkX5Deo07hdzLzd8DJdcAF7R-aP4T2lJWVXORpE/edit#slide=id.g28d402d7da4_0_137 https://github.com/kislerdm/opentofu-stats https://github.blog/changelog/2023-10-12-repository-rules-public-beta-history-import-export/ https://opentofu.org/blog/opentofus-new-office-hours https://aws.amazon.com/about-aws/whats-new/2023/10/amazon-msk-replicator-cross-same-region-data-replication/ https://aws.amazon.com/about-aws/whats-new/2023/10/pgactive-active-active-replication-extension-postgre-sql-amazon-rds/ https://tembo.io/blog/introducing-terraform-provider-for-tembo/ https://support.dashlane.com/hc/en-us/articles/7888558064274-Passkeys-in-Dashlane https://www.env0.com/blog/opentofu-alpha-launches-try-it-out-in-just-3-clicks https://www.theregister.com/2023/10/18/amazon_reported_to_spend_1b_on_365/ https://tiledb.com/blog/tiledb-closes-series-b-to-advance-the-vision-of-the-modern-database https://docs.tiledb.com/main/ https://github.com/cloudposse/github-action-atmos-terraform-drift-detection https://atmos.tools/category/github-actions https://docs.cloudposse.com/github-actions/ https://www.modsecurity.org/ https://zerossl.com/ https://registry.terraform.io/modules/awolski/ecs-traefik/aws/latest https://aws.amazon.com/blogs/aws/new-for-app-runner-vpc-support/ https://devcenter.heroku.com/categories/deploying-with-docker https://github.com/aws/amazon-ecs-cli https://www.smarthomebeginner.com/crowdsec-traefik-bouncer/ https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-creating-container-services https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/ https://www.vladionescu.me/posts/scaling-containers-on-aws-in-2022/ https://aws.amazon.com/blogs/aws/lightsail-containers-an-easy-way-to-run-your-containers-in-the-cloud/

2023-10-19

Hao Wang avatar
Hao Wang
HashiCorp CEO predicts OSS-free Silicon Valley unless...attachment image

Says Linux Foundation’s OpenTofu adoption “tragic”

Hao Wang avatar
Hao Wang

Linux Foundation is still too commercial. If it can be successful, it only means Linux Foundation is not a good fit

HashiCorp CEO predicts OSS-free Silicon Valley unless...attachment image

Says Linux Foundation’s OpenTofu adoption “tragic”

Hao Wang avatar
Hao Wang

but not OSS

Max Lobur (Cloud Posse) avatar
Max Lobur (Cloud Posse)

Linux Foundation’s OpenTofu adoption “tragic” wishful thinking

Hao Wang avatar
Hao Wang

This CEO will be gone soon, he doesn’t understand OSS LOL

1
Hao Wang avatar
Hao Wang

OSS license is a protection to OSS software but not a weapon to OSS software

Hao Wang avatar
Hao Wang

these people are weaponizing OSS, evil

2023-10-20

SlackBot avatar
SlackBot
10:18:20 AM
SlackBot avatar
SlackBot
10:18:20 AM

2023-10-23

SlackBot avatar
SlackBot
12:53:24 AM
1
SlackBot avatar
SlackBot
12:53:24 AM
1

2023-10-25

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:00:34 PM

@here office hours is starting in 30 minutes! Remember to post your questions here.

jimp avatar

Sigh. so much SEO fail.

1
1
Hao Wang avatar
Hao Wang

Radius is confusing branding lol

Clayton Olley avatar
Clayton Olley

that was the first thing I thought of when I saw the name…

Hao Wang avatar
Hao Wang

lol I thought AAA is revived by M$?

2023-10-26

2023-10-27

managedkaos avatar
managedkaos

Have you reconsidered the cost of managed cloud services to the point of deciding to exit? https://world.hey.com/dhh/the-price-of-managed-cloud-services-4f33d67e

The price of managed cloud services

One of the common objections to our cloud exit has been that we shouldn’t have expected good outcomes from a lift’n’shift operation. That the real value of the cloud is in managed services and new architectures, not just running the same software on rented cloud instances. It’s basically the “you’re holding it wrong” argument for the c…

1
    keyboard_arrow_up