#office-hours (2024-10)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2024-10-02
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.blog/changelog/2024-09-25-introducing-ci-cd-admin-a-new-pre-defined-organization-role-for-github-actions https://github.com/estahn/k8s-image-swapper https://www.linkedin.com/posts/marcinwyszynski_im-excited-to-celebrate-the-one-year-anniversary-activity-7246531545115607040-mn62?utm_source=share&utm_medium=member_desktop https://github.com/kubewall/kubewall/ https://www.systeminit.com/blog-system-initiative-is-the-future https://stakpak.dev/ https://www.reddit.com/r/Terraform/comments/1fsqzod/an_ide_for_infra_configurations_id_love_to_hear/ https://www.cursor.com/ https://www.theolognion.com/p/new-eslint-rule-string-backward-compatibility-considered-grammatically-incorrect
2024-10-06
2024-10-09
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
http://cloudposse.com https://visualsubnetcalc.com/ https://sq.io/ https://github.com/runatlantis/atlantis/releases/tag/v0.30.0 https://github.blog/changelog/2024-10-01-repository-level-actions-usage-metrics-public-preview https://sweetops.slack.com/archives/CB6GHNLG0/p1727349217514679 https://github.com/opentofu/opentofu/issues/2034#issuecomment-2398410513 https://github.com/hashicorp/terraform-provider-aws/issues/39376 https://www.spiceworks.com/tech/tech-general/news/gitlab-explores-sale-datadog-google-potential-buyers/ https://www.harness.io/blog/harness-releases-gitness-open-source-git-platform https://subversion.apache.org/ https://gitea.com/ https://www.harness.io/open-source https://docs.atmosly.com/what-is-atmosly
@Erik Osterman (Cloud Posse), you were right about Atlantis the first time, we did move to the CNCF github already, now is Slack and other things, we even added Fossa and Snyk and Dosu to our repos
Thanks for setting the record straight
@jose.amengual this doesn’t seem to redirect https://github.com/runatlantis/atlantis
Nor indicate a fork in CNCF
Also, it doesn’t appear to be an organization underneatt the CNCF enterprise
you do not see this ?
runatlantis is the org
Atlantis is one repo
Fwiw, not seeing the banner
Interesting, I don’t see
maybe is because I’m owner
ya, could be
you are going to have to believe me
haha
so when you go here, do you see “Part of Cloud Posse”
I do but I’m a contributor
ya
what about this? https://github.com/istio
I see :
Ya, so I guess since you’re a member of their enterprise, you see it
2024-10-12
2024-10-15
Just watched a bit of the HashiCorp live cast. Much to talk about there, but the “scaling up Terraform” with components, modules, and workflows seems to recapitulate Cloud Posse’s journey and solutions/approaches. Can’t wait to hear @Erik Osterman (Cloud Posse)’s take. Also, “deferred changes” seems magical but could be a train wreck, so… you’re up, Erik!
Yes, I think they more or less borrowed our entire lexicon but can’t say we were first to use it either. Unfortunately, I haven’t watched it yet.
Good to see some positive security news: https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customer-now-use-passkeys-to-log-in/
Wow, I would never have imagined that many people would have set it up
2024-10-16
Outta curiosity, how does one submit a topic or two for the office-hour? Be keen to see/hear a few highlights from the HashiConf as well.
Post in this chat and we’ll try to bring it up, or attend live
Register at cloudposse.com/office-hours
Gotcha, thanks! I’ve already signed up and attended a few (looking forward to today’s one).
Particularly drawn in by this clip/video from yesterday, as I recently blogged about a cross-platforms GitHub Action which tries to make Terraform/Tofu provisioning pipeline a breeze.
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
http://cloudposse.com https://opensourcepledge.com/ https://www.bbc.com/news/articles/c8el64yyppro https://mermaid-ascii.art/ https://github.com/hashicorp/terraform/pull/35661 https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customer-now-use-passkeys-to-log-in/ https://www.ftc.gov/news-events/news/press-releases/2024/10/federal-trade-commission-announces-final-click-cancel-rule-making-it-easier-consumers-end-recurring https://docs.sweeting.me/s/archivebox-plugin-ecosystem-announcement https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories
great country allows users to cancel easily
and decentralized archives
2024-10-17
2024-10-20
Many thanks for sharing your space at the last Office Hours, @Erik Osterman (Cloud Posse) et al, genuinely appreciate the time.
I brought a fair few Qs about Terraform provisioning pipelines with GitHub Action, to which you added plenty of depth and potential pitfalls to look out for.
Summarize plan outline
• Reviewing 1000s of lines of planned changes is simply not feasible, but a brief 1-liner like “Plan: 2 to add, 2 to change, 2 to destroy” fails to convey the scope of impact.
• A “middle-ground” outline would be preferable, which accounts for character limits within PR comments, while linking to the complete output log in the workflow job summary.
Plan file reuse with encryption
• Too often PRs are merged with apply -auto-approve, which is optimistic at best, but liable to configuration drift from changes made outside the workflow.
• While it’s best practice to reuse the plan file from plan command, storing and retrieving it between workflow runs isn’t easy, let alone if it contains sensitive data.
Apply before OR after merge
• Whenever we choose to apply changes, we need a way to uniquely identify and fetch the appropriate plan file outside of pull_request context.
• In addition to push and pull_request_target events, support GitHub’s native merge queue feature to conditionally merge the PR only if it applies successfully.
As promised, I managed to wrangle out a few hours over the weekend to pour over these problems, and address each one in turn. Drawn up my progress in a blog post—happy to share, if you’d like? (keen to not fall foul of any self-promotion rules!)
That would be great
Please share
2024-10-21
2024-10-23
@here office hours is starting in 30 minutes! Remember to post your questions here.
When running atmos commands to apply the first time, it fails due to “account already belonging to organization”, unless we set organization_enabled to false in accounts component in catalog stack. If we set this to false, it runs - we then just renamed the existing management account to core-root. Is core-root referencing the management account, or is there an expectation that core-root is another separate account? Once we get past that - the OUs/accounts exist, but when we apply account-settings it’s implying the the account_name doesn’t exist in local.account_org_role_arns. In your experience, is this likely an issue with what I mention above re: organizations, something running in the wrong workspace and by proxy not having access to the intended tfstate, or something else?
This error is occurring in the account-map IAM roles module which is pulling from full account map from account map module.
full_account_map = {
"core-artifacts" = "<REDACTED>"
"core-audit" = "<REDACTED>"
"core-dns" = "<REDACTED>"
"core-identity" = "<REDACTED>"
"core-root" = "<REDACTED>"
}
How would we go about debugging this? Still working our way around atmos, heh.
This is a better question for our Customer Workshop this afternoon.
heads up @Ben Smith (Cloud Posse) @Dan Miller (Cloud Posse) for workshop later
Assuming this is in regards to apply the account component on initial creation, you may need to import the existing organization into Terraform if it was manually created already
I believe we have docs on that, checking
aws organizations describe-organization
atmos terraform import account --stack core-gbl-root 'aws_organizations_organization.this[0]' 'o-7qcakq6zxw'
Hey sorry my power went out. But this was great progress. I’ll keep digging into it as time permits and will send you guys order of operations on how I got it into this state
Thanks! it might be helpful (hopefully things are already git controlled) but try re-vendoring (will overwrite local files) components. Our Components work with the right outputs - that might help reset to what was working before TF typechanges.
By removing the account from accounts.yaml, the “bad” account should be removed from output of account-map as well, from TF side of things, you should be good
Could I get help on a PR review?
I previously opened an issue and flagged it as a bug, this was in August, https://github.com/cloudposse/terraform-datadog-platform/issues/100.
I submitted a pull request to fix said issue this past Monday, https://github.com/cloudposse/terraform-datadog-platform/pull/107.
Could I get some direction on where to take this and how to get it approved? It was a simple one-line-change that fixed the issue.
@Bob Berg #pr-reviews is the place
This is a best effort by a small team. We appreciate your persistence, and we’ll get to it when we can.
Cool, thanks for the reply. This is my first time contributing to any public repository, so I’m not really sure how it goes. I have no problem waiting patiently for people’s time to free up. Thanks again for the reply.
Oh that’s great! Thanks for jumping in and taking a stab at it.
I created a task for it: DEV-2707: Review PR addressing Advanced Scheduling for Datadog Synthetics Non-Functional
It will sit in our backlog until we can get to it, as we can not promise on the ETA
Links from today’s office hours:
https://github.com/fidelity/kconnect https://terraform.tf/ https://neon.tech/blog/why-does-everyone-run-ancient-postgres-versions https://www.infoq.com/articles/cell-based-architecture-distributed-systems/ https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-eks-application-recovery-controller-arc/ https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-aurora-global-database-writer-endpoint/ https://blog.cloudflare.com/expanding-our-support-for-oss-projects-with-project-alexandria/#empowering-the-open-source-community https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile#adding-a-member-only-organization-profile-readme https://github.com/orgs/github/projects/4247?pane=issue&itemId=65252371&issue=github%7Croadmap%7C963 https://dev.to/rdhar/enhance-terraformtofu-automation-with-github-action-29be https://docs.aws.amazon.com/filegateway/latest/files3/what-is-file-s3.html https://aws.amazon.com/blogs/aws/amazon-file-cache-a-high-performance-cache-on-aws-for-your-on-premises-file-systems/ https://docs.aws.amazon.com/storagegateway/ https://aws.amazon.com/iam/roles-anywhere/ https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip https://docs.github.com/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps
2024-10-30
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.com/cloudposse/atmos/pull/751 https://github.com/caarlos0/mdtree https://benjdd.com/aws/ https://docs.cloudposse.com/layers/eks/design-decisions/decide-on-default-storage-class/ https://www.arguingwithalgorithms.com/posts/cursor-review.html https://github.com/cloudposse/atmos/pull/738 https://github.com/cloudposse/atmos/pull/731 https://github.com/cloudposse/atmos/pull/735 https://aws.amazon.com/about-aws/whats-new/2024/10/aws-amplify-amazon-s3-static-website-hosting/ https://aws.amazon.com/about-aws/whats-new/2024/10/aws-iam-identity-center-simplifies-calls-services-single-identity-context/ https://github.com/cloudandthings/terraform-aws-clickops-notifier?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-197-state-in-iac-tools-terragrunt-1-0-enabling-security-guardrails-aws-eks-access-entries-debug-your-infrastructure https://coderabbit.ai/ https://www.elastic.co/enterprise-search/workplace-search