#office-hours (2024-01)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2024-01-03
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.com/google/gvisor https://blog.lenot.re/a/introduction https://github.com/seal-io/hermitcrab https://arc.net/ https://orbstack.dev/blog/orbstack-1.3-cloudinit https://cursor.sh/ https://www.warp.dev/ https://zed.dev/ https://zed.dev/features https://www.doppler.com/ https://external-secrets.io/latest/ https://sadservers.com/scenarios https://cloud.google.com/blog/products/management-tools/sre-error-budgets-and-maintenance-windows https://github.com/euclid1990/google-sre-book/blob/master/Site%20Reliability%20Engineering.pdf https://github.com/euclid1990/google-sre-book/blob/master/ https://www.macincloud.com/ https://remmina.org/ https://www.youtube.com/watch?v=UTRBVPvzt9w&t=3612s
2024-01-08
Came across this tool when looking for ECS tooling. It tries to bring an k9s experience to ECS. Definitely not yet has parity, but also maintained by just a single person.
https://github.com/keidarcy/e1s
Hey @Erik Osterman (Cloud Posse) I’m just totally curious why this one didn’t make the list of announcements? Is it because it’s ECS related?
Sorry! I just missed it :-)
Looks cool
Will bring it up next week
2024-01-10
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://atmos.tools/integrations/github-actions/atmos-terraform-plan https://atmos.tools/integrations/github-actions/atmos-terraform-apply/ https://atmos.tools/integrations/github-actions/atmos-terraform-drift-detection https://atmos.tools/design-patterns/ https://www.infoq.com/news/2024/01/aurora-serverless-v1-retirement/ https://anvaka.github.io/map-of-github/#2.44/-25.68/-53.29 https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/ https://github.com/opentofu/opentofu/releases/tag/v1.6.0 https://github.com/gaia-app/gaia https://github.com/hcavarsan/kftray https://aws.amazon.com/blogs/networking-and-content-delivery/monitor-hybrid-connectivity-with-amazon-cloudwatch-network-monitor/ https://aws.amazon.com/blogs/mt/how-to-record-resource-configuration-changes-periodically-with-aws-config/ https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-eks-surfaces-cluster-health-status-details/ https://www.securityweek.com/major-it-crypto-firms-exposed-to-supply-chain-compromise-via-new-class-of-ci-cd-attack/ https://www.forbes.com/sites/daveywinder/2023/12/11/android-warning-1password-dashlane-lastpass-and-others-can-leak-passwords/?sh=329436b497db https://bambulab.com/en-us/a1 https://mafiaguy.medium.com/a-comprehensive-guide-to-iam-authentication-for-amazon-rds-instances-b1ac96c52233 https://github.com/KnifeMaster007/pgAuthProxy https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
2024-01-11
2024-01-13
2024-01-16
Follow-up on the topic - resolving ALB internal (/private) IPs inside VPC - Based on our last discussion I ran tests and was still never able to get anything other than public IP addresses from inside my VPC… I verified I was using the VPCs .2 resolver and that the DNS options were enabled for my VPC. (I did not re-test in a “default” VPC) I also did a bunch of googling, and searching thru forums. I did discover AWS provides some DNS prefixes for ALBs - the all.** prefix returns all IPs for a loadbalancer (perhaps more than what are currently active) and *<regionalzoneid>.** prefix (like us-east-1c.abc.com) which resolves the ALBs IPs only for the given zone. I then filed a support request to try to get an answer on the ALB private address resolution and the AWS response was - “Unfortunately, there are currently no DNS method you can use to get the private ip’s of a public load balancer. The dns of ALB will resolve to public ips only.* In order to get the private IP’s, you can find them in the “network interfaces” tab from the ENI’s of the ALB” Based on the discussion in office hours I’m expecting the private/public resolution feature may only apply to EC2 instance DNS, and not to ALB DNS. Providing this info here with the hope it helps someone in the future. Thanks for the suggestions on trying to get this to work. Regards, Tim
# Find the NLB by tag
data "aws_lb" "nlb" {
tags = {
"kubernetes.io/service-name" = ".........."
}
}
# Find the NLB private IPs by searching/filtering the ENIs
locals {
nlb_name = data.aws_lb.nlb.name
nlb_arn = data.aws_lb.nlb.arn
nlb_id = element(reverse(split("/", local.nlb_arn)), 0)
}
data "aws_network_interfaces" "nlb" {
filter {
name = "description"
values = [format("ELB net/%s/%s", local.nlb_name, local.nlb_id)]
}
}
locals {
nlb_network_interface_ids = sort(data.aws_network_interfaces.nlb.ids)
}
# Lookup a network interface in each AZ to find its private IP
data "aws_network_interface" "nlb" {
count = length(var.availability_zones)
id = local.nlb_network_interface_ids[count.index]
}
locals {
nlb_network_interface_private_ips = data.aws_network_interface.nlb[*].private_ip
}
# Attach the NLB private IPs to the public ALB Target Group
resource "aws_lb_target_group_attachment" "nlb" {
count = length(local.nlb_network_interface_private_ips)
target_group_arn = var.alb_target_group_arn
target_id = local.nlb_network_interface_private_ips[count.index]
availability_zone = "all"
port = var.kubernetes_service_port
}
something like this works to find the private IPs of an internal NLB (can be used for ALB as well)
Nice example! I guess a risk is that if it scaled out we would need to re-run the terraform to collect new IPs? (99.9% of the cases that TF would be fine… and if my ALBs are scaling out I may have other problems ;))
2024-01-17
@here office hours is starting in 30 minutes! Remember to post your questions here.
Anyone played with cilium CNI in AWS? planning to test the waters soon!
Ha you may want to use other channels, I played with it and Cilium has many advanced products based on eBPF
Links from today’s office hours:
https://cloud.google.com/blog/products/networking/eliminating-data-transfer-fees-when-migrating-off-google-cloud/?hl=en https://github.com/vanna-ai/vanna https://github.com/cloudposse/atmos/releases/tag/v1.54.0 https://github.com/keidarcy/e1s https://www.hashicorp.com/blog/testing-hashicorp-terraform https://isovalent.com/blog/post/cisco-acquires-isovalent/ https://cilium.io/ https://region-comparison-tool.com/ https://docs.atuin.sh/ https://cron.com/blog https://github.com/github/roadmap/issues/592 https://repost.aws/knowledge-center/rds-postgresql-connect-using-iam https://github.com/derailed/k9s https://boostsecurity.io/
2024-01-18
2024-01-22
2024-01-24
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.com/cloudposse/.github https://kener.ing/ https://github.com/cloudposse/terraform-aws-components/tree/main/modules/glue https://github.com/cloudposse-github-actions/screenshot https://github.com/cloudposse/ https://github.com/cloudposse/atmos https://github.com/cloudposse/geodesic https://github.com/cloudposse/atmos/releases/tag/v1.55.0 https://gds.blog.gov.uk/2024/01/17/how-we-migrated-our-postgresql-database-with-11-seconds-downtime/ https://www.reddit.com/r/Terraform/comments/19arrun/comment/kinusdl/?utm_source=reddit&utm_medium=web2x&context=3 https://github.com/weaveworks/tf-controller/issues/1166#issuecomment-1904892837 https://github.com/haoliangyu/terrac https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-kubernetes-version-1-29/ https://atmos.tools/ https://www.reddit.com/r/Terraform/comments/19arrun/comment/kinusdl/?utm_source=reddit&utm_medium=web2x&context=3 https://www.reddit.com/r/Terraform/comments/19egjs3/thoughts_on_opentofu/ https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html https://github.com/cloudposse/terraform-null-label https://github.com/cloudposse/example-app-on-ecs/ https://github.com/cloudposse/example-app-on-lambda-with-gha https://www.terraformupandrunning.com/ https://www.hashicorp.com/license-faq https://opentofu.org/manifesto/ https://atmos.tools/design-patterns/
2024-01-27
2024-01-29
2024-01-30
2024-01-31
@here office hours is starting in 30 minutes! Remember to post your questions here.
I’ll actually get to join y’all today
wondering how much opentofu is now actually used in the wild, production or testing ?
and terraform test (the 1.6+ functionality): experiences, pros/cons/limitations
Links from today’s office hours:
https://spacelift.io/blog/introducing-kubernetes-native-workers https://spacelift.io/blog/spacelift-workerpool-operator https://github.com/terraform-docs/terraform-docs/pull/749 https://github.com/cloudposse/atmos/pull/525 https://www.reddit.com/r/Terraform/comments/1adu65j/tenv_terraform_and_opentofu_version_manager/ https://github.com/inkdrop-org/inkdrop-visualizer https://github.com/patrickchugh/terravision/ https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#specifying-the-theme-an-image-is-shown-to https://github.com/cncf/sandbox/issues/81 https://github.com/cncf/sandbox/issues/60#issuecomment-1906533500 https://www.ubicloud.com/use-cases/github-actions https://spectrum.ieee.org/ai-domains https://hackingthe.cloud/terraform/terraform_ansi_escape_evasion/?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-158-terraform-ansi-escape-implementing-soft-data-contracts-for-terraform-stacks https://github.com/getseabird/seabird https://github.com/terraform-docs/terraform-docs/pull/749 https://www.stefanjudis.com/notes/how-to-define-dark-light-mode-images-in-github-markdown/ https://www.linkedin.com/feed/update/urn<i class="em em-li"</i>activity:7158536938554028032/> https://www.k8studio.io/