#random (2019-02)

Non-work banter and water cooler conversation

A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels. Archive: https://archive.sweetops.com/random/

2019-02-28

chrism avatar
chrism

They talked about the main rancher guy working on this mid last year; sounded like a real labour of love. Pretty neat

daveyu avatar
daveyu

.dev domains about to go on sale to the general public. https://get.dev

Hello .dev attachment image

.dev is a secure domain for developers and technology

chrism avatar
chrism

selling domains broke google domains

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha

2019-02-27

Nikola Velkovski avatar
Nikola Velkovski
k3s: Lightweight Kubernetes

Easy to install. A binary of less than 40 MB. Uses only 512 MB of RAM.

:--1:2

2019-02-26

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Cloudflare expands its government warrant canaries attachment image

When the government comes for your data, tech companies can’t always tell you. But thanks to a legal loophole, companies can say if they haven’t had a visit yet That’s opened up an interesting clause that allows companies to silently warn customers when the government turns up to …

2019-02-25

Maciek Strömich avatar
Maciek Strömich
Fargate Pricing in Context

Updated for the Jan 2019 Fargate price reductionOn Jan 7, 2019 AWS released a major price reduction for Fargate, reducing prices 35-50%. This is great news f…

Nikola Velkovski avatar
Nikola Velkovski

Click

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
tmrts/boilr

boilerplate template manager that generates files or directories from template repositories - tmrts/boilr

mrwacky avatar
mrwacky

neat

tmrts/boilr

boilerplate template manager that generates files or directories from template repositories - tmrts/boilr

mrwacky avatar
mrwacky

no commits since 2017 because it’s “done”, or because it’s “DONE”…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Is this still under active development? · Issue #65 · tmrts/boilr

I am intrigued by the idea, but it seems like there haven’t been any recent commits.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hrmmm good point

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@mumoshu :point_up_2:

golang1
antonbabenko avatar
antonbabenko

I use ’s cookiecutter

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

AT&T offers “fiber” in Pasadena, CA, but they cap it to 25mbit, which is like flashback to Y2K. Now, almost 20 years later I can’t believe that my LTE phone has 4x faster internet than “fiber”. It’s frankly embarrassing how slow our internet is here, but not because of technological limits; it’s due to greed.

loren avatar
loren

wut

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I just called AT&T to upgrade my internet. Was so excited to get fiber in my area.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Just was flabbergasted when they said that the max speed for our building is 25mbit. Currently we have cable and get 150mbit.

loren avatar
loren
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Where are you?

loren avatar
loren

washdc metro, verizon fios

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ya

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I had Fios before too. that was ncie

loren avatar
loren

it’s brilliant, and like $80/mo for new subscribers

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It just irks me when they advertise “fiber” and then sell you only 25mbit.

loren avatar
loren

yeah, that’s robbery

loren avatar
loren

saw something about project fi getting 5G shortly, via the sprint provider

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i’m in the process of moving everything over to Fi

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

very happy with it

loren avatar
loren

had for years now, got my SO and her brother on it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

blocker for me was iOS support

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

tablets, phones, etc

loren avatar
loren

highly recommend the FiSwitch app… at least around here it likes to pin to Sprint, even when the connection is awful. force it to tmobile and bam

loren avatar
loren

oh, iphone… not sure the dual-radio works there yet?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, we don’t get max advantage

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but we do get tmo

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

which sounds like that’s what I want anyways

loren avatar
loren

just depends on coverage for each network, some places sprint is fine/better, others tmobile

loren avatar
loren

being able to switch is really killer

loren avatar
loren

overseas coverage is great, too. no extra costs, no extra phone/sim, just use your phone as usual

me1249 avatar
me1249

Should come to Australia - I can get 2mbit ADSL which drops out all the time, or 10mbit LTE that usually drops down to 1mbit in peak hours

loren avatar
loren

i should start a satellite service and sell you my fios

2
me1249 avatar
me1249

haha - hopefully have 50mbit FTTN in the next few months

me1249 avatar
me1249

but it’s been “coming soon” for years

endofcake avatar
endofcake

Funny how in New Zealand, which is insanely far from just about everything, I can easily get 700-900 Mbit fibre (about 110 NZD). Never needed that much though.

anders avatar
anders

1Gbps for “free” (included in the rent in our building). Come to Sweden!

Maciek Strömich avatar
Maciek Strömich

a colleague of mine who just moved out of Pasadena to Downtown LA had a cable connection (I don’t know from which provider) which was giving him a fiber 100Mbps, because he moved cities the same ISP offers him 400Mbps for the price of the internet he was paying in Pasadena.

2019-02-24

drexler avatar
drexler

wow…it’s been a good winter season so far. This is coming from a vermonter who cant code whilst there’s an inch of the good fluffy stuff outside

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@drexler are you also in the bay area?

drexler avatar
drexler

nope. Over in VT.

OScar avatar
OScar

Vermont, is on my bucket list @drexler!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ditto

2019-02-23

amaury.ravanel avatar
amaury.ravanel

hey guys is any of you at the kubeday meetup today in Sunnyvale ? would love to meet you guys IRL ! raise your hand if so

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That would be great!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(I am based in #lax so can’t make it… trying to think who here is based near there)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@OScar is up in NorCal

OScar avatar
OScar
08:14:42 PM

San Francisco Bay Area, east bay. Yeah was partly raised here :)

OScar avatar
OScar
08:15:09 PM

Unfortunately I’m skiing up in Tahoe, or…fortunately!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Jealous

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Must be amazing up there

amaury.ravanel avatar
amaury.ravanel

Damn. I haven’t been skiing for years now I’m jealous too :)

James D. Bohrman avatar
James D. Bohrman

I’ve never been skiing. I’m not too sure my knees could handle it lol

OScar avatar
OScar
01:18:56 AM

It took me about 2 years to learn but once you got a handle on it, it’s amazing! Yeah I’m 48 now so gotta stay healthy in order to do this so I have a strict diet and fitness regimen. I’m trying to do this until I’m 80 at least :)

OScar avatar
OScar
01:20:47 AM
2
OScar avatar
OScar
01:22:26 AM
OScar avatar
OScar
01:23:16 AM

If any of you are ever planning a Tahoe trip, I welcome you on my place and give you a tour of the mountain and make sure you get the best experience!

loren avatar
loren

Love Tahoe

2
OScar avatar
OScar

if you make it up here this Winter, holler! I promise to ensure you get the best experience up here!

loren avatar
loren

Not in the cards this winter, unfortunately but thanks!

Ryan avatar

@OScar Sac here ( well El Dorado HIlls ). Go up to Tahoe often.

OScar avatar
OScar
02:19:42 AM

@Ryan: I’m up every weekend since my daughter is in the race team Tahoe league so I use it as an excuse to ski lots. Let me know when you’re planning on being up, our mountain is Alpine Meadows!

Ryan avatar

:–1:

2019-02-22

maarten avatar
maarten

Hi Everyone, I’m looking for a type of Daemon, which can collect shadowed http traffic, pulls a unique set of URI’s from what’s collected every hour or so, and replays it to a different webserver ( for cache population ).

maarten avatar
maarten
buger/goreplay

GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence…

antonbabenko avatar
antonbabenko

Yes, this is the one I’ve used a while ago for similar reason (it was a-la canary-deployments)

joshmyers avatar
joshmyers

Goreplay is awesome, have used before

chrism avatar
chrism

Go replay is nice; or nginx has a mirror config now

maarten avatar
maarten

Its a bit of a weird mission. I need to replay regular http traffic to ‘Rendertron’, a tool which converts dynamic html to static html with a headless chrome, for google search. As this is quite slow, I have caching in front of it, and I’m looking for a way to dynamically populate the cache by shadowing regular traffic ( Envoy ) to something what collects the requests, creates a unique set of URI’s, and triggers the same ‘Rendertron’.

antonbabenko avatar
antonbabenko

If delay is not an issue you can get GET urls from access-logs and process them async.

maarten avatar
maarten

Yep came to that thought It’s in ElasticSearch so, let’s use it

antonbabenko avatar
antonbabenko

In my recent case it was faster to just stress or wget through sitemap.xml

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, that’s also a good trick

OScar avatar
OScar

Just set my status with a Mexican flag - random indeed, but hey I am using the #random channel

2019-02-21

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Crazy pile up

Nikola Velkovski avatar
Nikola Velkovski

I saw this some time ago, really scary

Nikola Velkovski avatar
Nikola Velkovski
HashiCorp All-Day HashiTalks

Join me at HashiTalks- a 24-hour online event given, curated, and coordinated by community members across the global HashiCorp User Group community on 21 February.

antonbabenko avatar
antonbabenko

@Nikola Velkovski I do follow this closely, yes.

Nikola Velkovski avatar
Nikola Velkovski

cool

Nikola Velkovski avatar
Nikola Velkovski

so what happened with the last talk I guess they had one device pointed at another

antonbabenko avatar
antonbabenko

Hard to explain but there are so many audio sources you can adjust to make it to work well. As we can hear @andrey.a.devyatkin figured out the way to make it to work and rocking right now!

Nikola Velkovski avatar
Nikola Velkovski

yup pretty good stuff

Nikola Velkovski avatar
Nikola Velkovski

Go go Anton!

:--1:1
joshmyers avatar
joshmyers

Sounds like the folks who bought Travis aren’t getting on so well

1
Nikola Velkovski avatar
Nikola Velkovski

Oh no, a colleague of mine went to work for them before the acquisition

Maciek Strömich avatar
Maciek Strömich
Once hailed as unhackable, blockchains are now getting hacked attachment image

More and more security holes are appearing in cryptocurrency and smart contract platforms, and some are fundamental to the way they were built.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Segment Startup Program | Segment attachment image

We’ve created a program to help early-stage startups collect and control their customer data for free for up to two years. Apply today.

:--1:1

2019-02-20

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:22:49 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lol. “groupon” for devops.

troll7
Ryan Ryke avatar
Ryan Ryke

what a steal

maarten avatar
maarten

damn

maarten avatar
maarten

I paid 30

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Learn DevOps in 7 days

Max Moon avatar
Max Moon

if only i had known

maarten avatar
maarten
08:22:24 PM
troll3

2019-02-19

ols avatar

Plus $11000 to make sure someonw doesn’t nab your domains seems like extortion to me

Nikola Velkovski avatar
Nikola Velkovski

yeah that sucks big time.

Nikola Velkovski avatar
Nikola Velkovski
The On-call Compensation Survey, 2019 | oncall.wtf

In January of 2019 we launched the On-call Compensation Survey, which aimed to surface how compensation for on-call is being applied across the Tech/IT secto…

2019-02-18

chrism avatar
chrism

Gotta love Google eh. Made it sound like they landgrabbed .dev to protect their own and everyone elses use of .dev as an internal domain for testing. Let the dust settle Grab for cash

Maciek Strömich avatar
Maciek Strömich

@chrism maybe they will give domains for free

1
Maciek Strömich avatar
Maciek Strömich

hehe

ols avatar

Wonder how much will break because of people’s /etc/hosts having .dev in them

Nikola Velkovski avatar
Nikola Velkovski

Hmm do people still update their hosts file ? I really don’t think it’s a good practice.

ols avatar

Yes, and agreed

Nikola Velkovski avatar
Nikola Velkovski

2019-02-16

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Rev your engines!

1
antonbabenko avatar
antonbabenko

Thanks, but after 28th of February

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
dakshshah96/awesome-startup-credits

A collection of awesome companies offering free/discounted plans for eligible startups - dakshshah96/awesome-startup-credits

:--1:1

2019-02-15

Abel Luck avatar
Abel Luck

hmm, using goofys to mount an s3 bucket to store configs is a good idea.

Abel Luck avatar
Abel Luck

currently we’re using a persistent ebs volume. this works well for a single instance you want to scale up or down. but breaks as soon as you want to run > 1 instance reading from the config.

stobiewankenobi avatar
stobiewankenobi

EFS is also a good candidate for this.

Maciek Strömich avatar
Maciek Strömich
Introducing draft pull requests - The GitHub Blog attachment image

You can now use draft pull requests to clearly tag when you’re coding a work in progress.

Nikola Velkovski avatar
Nikola Velkovski

yay

Nikola Velkovski avatar
Nikola Velkovski

But MAciej this is not funny man, random should be at least a bit funny

Nikola Velkovski avatar
Nikola Velkovski
02:11:47 PM
wannafly37 avatar
wannafly37

Anyone have any recommendations for a mac system-wide microphone mute in the status bar and/or touch bar? I see shush on the app store but it hasnt been updated in years

Maciek Strömich avatar
Maciek Strömich

@Nikola Velkovski

Maciek Strömich avatar
Maciek Strömich

@wannafly37 maybe it just works

Maciek Strömich avatar
Maciek Strömich

@wannafly37 you can create a simple apple script which does what you need (at least for a user that’s executing it):

tell application "System Events" to set volume input volume 0
Maciek Strömich avatar
Maciek Strömich

volume is an int between 0-100

wannafly37 avatar
wannafly37

Yea I thought about that but would really like some sort of visual indicator as to what that volume is currently set to

Maciek Strömich avatar
Maciek Strömich
SoundSource - A superior sound control attachment image

Get access to your Mac’s essential audio controls, right from the menu bar.

wannafly37 avatar
wannafly37

That looks useful - I’ll try it thanks. Just tried https://github.com/pixel-point/mute-me and it actually seems to work OK - but 2.0 is still RC and I use zoom a lot - I’ll give it a week or so

pixel-point/mute-me

A simple Touch Bar app to mute/unmute your microphone - pixel-point/mute-me

maarten avatar
maarten

Anyone using Travis for deploying microservices ? I can’t seem to find global context environment variables. Would be interested in best practices! Cheers.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea, you can’t (we’ve been using travis for our terraform modules for years and have not seen this feature implemented)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Travis is

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

#codefresh has “Shared Configurations” that achieve this

James D. Bohrman avatar
James D. Bohrman

I’ve never used codefresh but I’ve been hearing really good things recently

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Definitely worth checking out if you’re looking for alternatives

Maciek Strömich avatar
Maciek Strömich

I’m married to Jenkins

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

HA Jenkins (open source) no fun

mrhen avatar
mrhen

Working with Jenkins feels like traveling back in time at least 10 years

mrhen avatar
mrhen

I’m hoping to start looking for an alternative soon-ish (probably 2019 Q2)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Jenkins X is a tad nicer, but yes, it still lacks the UX improvements of other CI/CD platforms

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@mrhen what options are you considering?

mrhen avatar
mrhen

Haven’t looked at options in depth. Our pipeline is currently GitHub -> Jenkins -> ECR / ECS. Promoting between ECS clusters is managed by an internal tool.

mrhen avatar
mrhen

What we need is a clean way to run tests through docker-compose after pulling from a GitHub PR.

mrhen avatar
mrhen

But keeping the Jenkins instance up and happy with Docker is getting old. I don’t like having a non-managed instance out there.

Maciek Strömich avatar
Maciek Strömich

@mrhen you can leverage jenkins git config plugin and spawn a new instance everytime a PR is being processed

Maciek Strömich avatar
Maciek Strömich

so you don’t have to run jenkins all the time

mrhen avatar
mrhen

Yeah, we could probably fix / improve our Jenkins setup but if we go through that effort I’m going to also look at alternatives. Frankly, nothing about Jenkins feels like it’s “helping” our pipeline. The only thing we really use it for is running docker-compose on a PR. It seems like there should be a simpler way to do manage that piece of the puzzle.

loren avatar
loren

since you’re using ECR/ECS, have you tried codebuild?

mrhen avatar
mrhen

No, but it’s on our radar. Have you used it?

loren avatar
loren

Quite a bit, though mostly with CodeCommit. They do, now (not when we started), have a native integration with GitHub to build on PRs

mrhen avatar
mrhen

Are you happy with it?

loren avatar
loren

Well, it gets the job done, without needing to run/operate any servers. The integration with CodeCommit is dramatically lacking

loren avatar
loren

We wrote our own integration/module to get CI for CodeCommit, https://github.com/plus3it/terraform-aws-codecommit-flow-ci

plus3it/terraform-aws-codecommit-flow-ci

Implement an event-based CI workflow on a CodeCommit repository - plus3it/terraform-aws-codecommit-flow-ci

mrhen avatar
mrhen

Ah, interesting

mrhen avatar
mrhen

Is CodeCommit more or less a replacement for GitHub?

loren avatar
loren

Yeah, but just the super basic source code repository bits. No status checks, no search, no real integrations, no forks(!)

mrhen avatar
mrhen

Ah, boo

loren avatar
loren

I wouldn’t use it if this customer had the ability to shell out for private GitHub repos in an org

mrhen avatar
mrhen

Yeah, we are happy enough with GitHub

mrhen avatar
mrhen

We used to use Jenkins for more stuff but at this point we’ve farmed off everything non-test related to other services

mrhen avatar
mrhen

And the docker containers build and run tests themselves

loren avatar
loren

I’d say give CodeBuild a try, at least. I think of it as a way to automatically run commands in a shell on some remote host, triggered by some kind of event.

mrhen avatar
mrhen

Cool; thx for the recommendation

loren avatar
loren

You get to define the commands to run in your buildspec, which you can keep in a file in your repo, or just in the definition of the CodeBuild project (not unlike jenkins)

2019-02-14

Abel Luck avatar
Abel Luck

and yet with all that, I still have to click boxes of fire hydrants, traffic lights and cross walks all day

1
Nikola Velkovski avatar
Nikola Velkovski

ols avatar

Yeah I was thinking that. If it’s so smart then why do I keep having to prove myself

ols avatar

Unless I give off robotic tendencies

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha, yea, that’s true - forgot about that and how often that happens

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

now i’ll just take offense when I see it next time

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

rather than thinking I was just helping the greater good disambiguate images

rms1000watt avatar
rms1000watt
Why I use Terraform for Templating Kubernetes – Christopher Stobie – Medium attachment image

I have never understood the value of Helm. There I said it. I may be ostracized by the K8’s community but I just do not like Helm. The…

stobiewankenobi avatar
stobiewankenobi

haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha biting my tounge

stobiewankenobi avatar
stobiewankenobi

Screw that, let’s hear some criticism/feedback.

stobiewankenobi avatar
stobiewankenobi

I’m curious how you avoid hard coding iam role arns in helm charts for kube2iam, or ACM arns for elb’s?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sure thing! As soon as I get back to keyboard :-)

stobiewankenobi avatar
stobiewankenobi

For example this: https://github.com/cloudposse/charts/blob/6e36a5bf1814838f6f52184851a655a82a59e136/incubator/kube2iam-kops/values.yaml#L6 expects you to just hard code a value. My thought is, use terraform to render values.yaml and pass it dynamically the arns.

cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

tolstikov avatar
tolstikov

2
2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
11:13:00 PM

Here’s why we need a tool like helm and why I don’t back any of the dozens of “kubernetes templating” approaches for deploying apps.

:--1:2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

TL;DW: helm is not about templating

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

helm is about package management and defining an interface for that which is “configuratino management tool agnostic”

stobiewankenobi avatar
stobiewankenobi

Yeah I agree with it’s model for those purposes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

1000s of ways exist to templatize and deploy resources on k8s

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but (1) thing exists today for keeping a registry of apps installed: helm

stobiewankenobi avatar
stobiewankenobi

Yes

stobiewankenobi avatar
stobiewankenobi

In my blog I talk about how you can use helm and my model together

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

terraform for k8s installation will work well within an organization

stobiewankenobi avatar
stobiewankenobi

Because I see the value of helm for versioning/history

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but not translate well across organizatinos

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and terraform for writing values.yaml is insufficient b/c the lack of conditinoals

stobiewankenobi avatar
stobiewankenobi

Can you share an example of what you’re talking about with that?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

stobiewankenobi avatar
stobiewankenobi

That’s not a values.yaml file?

stobiewankenobi avatar
stobiewankenobi

that’s helm templating is it not?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yep

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
roboll/helmfile

Deploy Kubernetes Helm Charts. Contribute to roboll/helmfile development by creating an account on GitHub.

stobiewankenobi avatar
stobiewankenobi

I see

stobiewankenobi avatar
stobiewankenobi

Terraform 0.12 will do all of this

stobiewankenobi avatar
stobiewankenobi

But sure, I get the value today of the complex templating if you have need for it

stobiewankenobi avatar
stobiewankenobi

Question for you, the biggest thing I was trying to solve/annoyance I have, is how everything is hardcoded

stobiewankenobi avatar
stobiewankenobi

IAM role arns for kube2iam, acm arns, etc…

stobiewankenobi avatar
stobiewankenobi

how do you get around hard coding values?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so terraform 0.12 + conditional templating of values will make it much more appealing as a way to install apps using helm

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that said, helmfile is still better

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

helmfile diff -> like terraform plan

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so the “terraform interface” for installing helm releases in 0.12 will look nice. then there are some implementation things I’d like to see before considering it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

there’s also the argument to be had that helm is like dpkg or rpm; we need a tool like apt-gt or yum that sits on top of it. terraform is not that tool IMO.

stobiewankenobi avatar
stobiewankenobi

I agree with that statement

stobiewankenobi avatar
stobiewankenobi

But I come back to my biggest gripe (not jsut with helm but with all templating tools not terraform)

stobiewankenobi avatar
stobiewankenobi




Question for you, the biggest thing I was trying to solve/annoyance I have, is how everything is hardcoded
IAM role arns for kube2iam, acm arns, etc… how do you get around hard coding values?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ENVs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so i think your gripe is with the stastic nature of values.yaml

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(btw, recommend not using kube2iam and instead moving to kiam)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

kube2iam will DoS AWS APIs and get them to block your account

stobiewankenobi avatar
stobiewankenobi

Ah I will look at kiam

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

stobiewankenobi avatar
stobiewankenobi

good to know, I haven’t had the issue with kube2iam yet, what scale do you hit that? We have around 10,000 pods atm

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

here’s how we parameterize the iam roles

stobiewankenobi avatar
stobiewankenobi

Even with external-iam-role, where are you getting that value?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you have one pod that specifies the wrong role, kube2iam will keep hitting that

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you have lots of machines, it will keep retrying since every machine keeps it’s own cache

stobiewankenobi avatar
stobiewankenobi

Ah..but I never have that, since it’s always templated with remote state from tf

stobiewankenobi avatar
stobiewankenobi

Still great to know about the DOS

stobiewankenobi avatar
stobiewankenobi

I will look at kiam

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’ve encountered it. very nasty. encountered it with multiple customers across accounts.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Kiam: Iterating for Security and Reliability – Paul Ingles – Medium attachment image

Kiam bridges Kubernetes’ Pods with Amazon’s Identity and Access Management (IAM). It makes it easy to assign short-lived AWS security…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this explains all the problems quite well

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, the security architecture of kube2iam is much less desireable

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

basically, every node that needs to assume roles has at the host level admin permissions

stobiewankenobi avatar
stobiewankenobi

Awesome, thanks for the refs. I will read that and checkout kiam

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

with kiam it’s a agent/server model

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and then check out our helmfiles for installing it

stobiewankenobi avatar
stobiewankenobi

Back again to the hard coding, even with env vars, where are you getting the env vars from?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

chamber

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

SSM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so you can write those parameters to SSM via terraform

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(don’t get me wrong, I love the tight interconnectedness inside of the terraform ecosystem)

stobiewankenobi avatar
stobiewankenobi

So you’re taking terraform -> ssm -> env var -> helm values.yaml

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just we don’t have the privileges

stobiewankenobi avatar
stobiewankenobi

Why not just terraform -> values.yaml?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

because of conditionals

stobiewankenobi avatar
stobiewankenobi

Ah OK

stobiewankenobi avatar
stobiewankenobi

Got it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(and because we started before the helm provider!)

stobiewankenobi avatar
stobiewankenobi

For me, I haven’t had issues with complex conditionals with k8s configs, but you guys build more than I do for more people in a more unique per case basis.

stobiewankenobi avatar
stobiewankenobi

But I see the value there

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

terraform+helm w/ (future) better values templating will eventually be more tempting

stobiewankenobi avatar
stobiewankenobi

Awesome

stobiewankenobi avatar
stobiewankenobi

Really excellent to hear more about this

stobiewankenobi avatar
stobiewankenobi

Interesting how you guys do terraform -> ssm -> env var

stobiewankenobi avatar
stobiewankenobi

That’s an interesting model.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hehe, sorry, I preach a lot - part of the business

stobiewankenobi avatar
stobiewankenobi

I had wondered how others were avoiding hard coding

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and have a lot of strong opinions required to guide a ship through stormy waters.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

stobiewankenobi avatar
stobiewankenobi

Yeah I get it dude, I have to do the same thing.

stobiewankenobi avatar
stobiewankenobi

I love the conversation and debate!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yep! that was a good session.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

stobiewankenobi avatar
stobiewankenobi

Thanks dude!

loren avatar
loren

I like the pattern with SSM, it’s kind of like terraform remote state, but feels more granular

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i like that it’s interoperable with other tools

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

via chamber

loren avatar
loren

Bonus!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so we’re using terraform to write a lot of settings for kops to SSM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then we call chamber exec kops -- kops ....

loren avatar
loren

I started using s3 as a key/value store for similar reasons a while back

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

with chamber?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

…we’re about to try that

loren avatar
loren

No, just where ssm was not an option… A way to store values and make them available easily while controlling access tightly

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s nice they added support for S3

loren avatar
loren

People think of s3 as a place for storing files, but it’s all blobs all the way down. Can write most anything to a key

loren avatar
loren

I’d not be surprised if ssm were just a specialized frontend for s3

stobiewankenobi avatar
stobiewankenobi

That’s interesting @loren

stobiewankenobi avatar
stobiewankenobi

I have also done that use case

stobiewankenobi avatar
stobiewankenobi

I thought I was weird for doing that

stobiewankenobi avatar
stobiewankenobi

You just made my day

stobiewankenobi avatar
stobiewankenobi

PRE SSM Param Store/Secret Manager

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hehe, i think many of us did

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we did that, and then used goofys to mount S3 as a filesystem

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(actually still have support for that in geodesic)

stobiewankenobi avatar
stobiewankenobi

OH man I never mounted s3 as a fs

stobiewankenobi avatar
stobiewankenobi

too slow the 1 time I tried it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s come a long way

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

though this is not for databases

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s great for simple configs

stobiewankenobi avatar
stobiewankenobi

Sure.

stobiewankenobi avatar
stobiewankenobi

Huh, good to know.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kahing/goofys

a high-performance, POSIX-ish Amazon S3 file system written in Go - kahing/goofys

:--1:1
stobiewankenobi avatar
stobiewankenobi

Nice

stobiewankenobi avatar
stobiewankenobi

love the name too

loren avatar
loren

at one point, i created a module for storing an arbitrary map of keys/values in s3 but never published it… would use it to store both inputs and outputs so they’re queryable outside terraform

loren avatar
loren
variable "create_keystore" {
  description = "Controls whether to create the keystore"
  default     = true
}

variable "bucket_name" {
  description = "Name of the keystore S3 bucket, must already exist"
  type        = "string"
  default     = ""
}

variable "key_value_map" {
  description = "Map of S3 keys and values"
  type        = "map"
  default     = {}
}

variable "tags" {
  description = "A map of tags to add to the S3 objects"
  type        = "map"
  default     = {}
}

locals {
  keys = "${keys(var.key_value_map)}"
}

resource "aws_s3_bucket_object" "this" {
  count = "${var.create_keystore ? length(local.keys) : 0}"

  bucket       = "${var.bucket_name}"
  key          = "${local.keys[count.index]}"
  content      = "${jsonencode(var.key_value_map[local.keys[count.index]])}"
  content_type = "application/json"
  tags         = "${var.tags}"
}
loren avatar
loren

of course limitations of tf <0.12 results in fun resource cycles on the keys, which is why i never published it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Will 0.12 really fix the count of problems? Guess I am not getting my hopes up

loren avatar
loren

I know they’ve said it will make improvements at least, where it should know the number of elements in the count when the plan is generated

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
05:22:02 AM

@Erik Osterman (Cloud Posse) set the channel purpose: A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels. Archive: https://archive.sweetops.com/random/

2019-02-13

maarten avatar
maarten
2
1
pecigonzalo avatar
pecigonzalo

I would appreciate some feedback https://github.com/segmentio/chamber/pull/187

DRAFT: Add search command by pecigonzalo · Pull Request #187 · segmentio/chamber

This is a draft implementation of a search command. In many cases we need to search for services and we have to fallback to aws ssm which is ok, but it could be a good idea to implement this simple…

joshmyers avatar
joshmyers

@pecigonzalo Nice!

joshmyers avatar
joshmyers

Looks great, only think I could suggest is maybe some tests as some of the other commands have

pecigonzalo avatar
pecigonzalo

Yeah, its on the todo, im waiting first for confirmation they want that change

joshmyers avatar
joshmyers

Makes sense :–1:

pecigonzalo avatar
pecigonzalo

I dont want to build the tests and S3 support and get a rejection

joshmyers avatar
joshmyers

true dat

joshmyers avatar
joshmyers

ah spotted your TODO. Looks nice!

:--1:1
pecigonzalo avatar
pecigonzalo

If you liked that, you should like this even better https://github.com/segmentio/chamber/pull/188

Add support to export as Terraform Variables by pecigonzalo · Pull Request #188 · segmentio/chamber

A popular use case for chamber is to use it to provide secrets to Terraform, the format is fairly similar to dotenv but with stripping of TF_VAR_ if present. This last part ensures support for havi…

2
joshmyers avatar
joshmyers

Nice

joshmyers avatar
joshmyers
cloudposse/tfenv

Transform environment variables for use with Terraform (e.g. HOSTNAMETF_VAR_hostname) - cloudposse/tfenv

pecigonzalo avatar
pecigonzalo

Yeah, i quite like it and actually it was out of the same frustration

pecigonzalo avatar
pecigonzalo

I was going to use tfenv but was worth PRing chamber direcly as we use it in our workflow

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

just be cautious about writing secrets to disk

pecigonzalo avatar
pecigonzalo

Yeah, that is why we do both, but you can also do

<(chamber export this secret -f dotenv)
pecigonzalo avatar
pecigonzalo

to pass it as input

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

-f dotenv does not work

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if your envs have new lines \n (e.g. TLS certs)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so I’ve had to use the sh -c 'export -p' pattern

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

they tend to linger around

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

which defeats the purposes/advantages of chamber

Nikola Velkovski avatar
Nikola Velkovski

Wow “We do know they ask your browser to draw an invisible image”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, pretty insane

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


virtual machine uses their own language, which they encrypt twice.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


language is decoded with a key that is changed by the process of reading the language, and the language also changes as it is read.

Nikola Velkovski avatar
Nikola Velkovski

I was suspecting that they check the mouse movements like trying to get to the box is not a movement done in one go, but this…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, seems like they sample everything they can, encode it in an image, then use ML+AI to identify anomalies.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


Almost everyone on the Internet uses something owned by Google – search, mail, ads, maps – and as you know Google Tracks All Of Your Things. When you click that checkbox, Google reviews your browser history to see if it looks convincingly human.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

freggin crazy

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so basically, clicking on the box is just a gimmick.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

the second you land on that page, they basically know who you are, and if you do normal “human” stuff.

1

2019-02-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

up vote us!

:--1:4
kritonas.prod avatar
kritonas.prod

It almost sounds like a bad joke.. But this resonates quite a bit with (fortunately short lived) past experiences.

joshmyers avatar
joshmyers

fuuuuuuuck

joshmyers avatar
joshmyers

Big reddit0r, will chime in on this one

2019-02-11

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Metabase, An Uber Co-founder's New Big Data Startup, Raises $13M

Metabase, the latest startup to spin out of Expa, raises $13 million from a number of investors.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We love metabase

Nikola Velkovski avatar
Nikola Velkovski

oh yeah, it’s one hell of a software

2019-02-09

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

2019-02-08

rms1000watt avatar
rms1000watt
09:05:30 PM

bumping into this stud muffin on the net

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lol

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s amazing how often this is happening to me now too

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

most recently in chamber

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i think we have 3-4 members here opening PRs there

2019-02-07

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
sergiitk/pagerbeauty

PagerDuty on-call widget for monitoring dashboard. DataDog and Grafana compatible - sergiitk/pagerbeauty

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
06:32:36 PM

2019-02-06

Richy de la cuadra avatar
Richy de la cuadra
09:02:44 PM

any body knows a method for get picture object contour (cars ,vehicles) to get somethig like this?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Vectorization?

Richy de la cuadra avatar
Richy de la cuadra
Raj-08/tensorflow-object-contour-detection

A tensorflow implementation of object-contour-detection with fully convolutional encoder decoder network - Raj-08/tensorflow-object-contour-detection

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

do you need to do this programmatically or just a one-off

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i do this all the time for one-offs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

there are (a) some good ios apps (b) vectorizer for osx

Richy de la cuadra avatar
Richy de la cuadra

programmatically, i try to make a car photo assistant app for help to the people get awesome pictures for the stock,

2019-02-05

chrism avatar
chrism
Fuck Off As A Service

FOAAS provides a modern, RESTful, scalable solution to the common problem of telling people to fuck off.

2
2
chrism avatar
chrism

Handy in a day to day sort of way

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
foqal/slack-moderator

Moderation for Slack communities is hard. Here is a bot to help - foqal/slack-moderator

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@michal.matyjek

:--1:1

2019-02-04

daveyu avatar
daveyu
Scaling Hashicorp with Armon Dadgar and Mitchell Hashimoto - Software Engineering Daily

Hashicorp was founded seven years ago with the goal of building infrastructure tools for automating cloud workflows such as provisioning, secret management, and service discovery. Hashicorp’s thesis was that operating cloud infrastructure was too hard: there was a need for new tools to serve application developers. Hashicorp founders Mitchell Hashimoto and Armon Dadgar began releasing

2019-02-03

michal.matyjek avatar
michal.matyjek

whatever happened in kubernetes.slack.com slack channel(s) right now…. wtf is wrong with some people

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

what happened?

michal.matyjek avatar
michal.matyjek

spam on couple channels with NSFW content

michal.matyjek avatar
michal.matyjek

started by someone doing @channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

wow, that’s horrible

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

there’s no good mechanism to prevent that in slack.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome to the woes of IRC moderation. hope we can stave that off for a while.

2019-02-02

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Insurance Company Says NotPetya is An "Act of War" - Refuses to Pay

Earlier this month, I read a fascinating story from CPO Magazine and another from ZDNet about the refusal of Zurich American Insurance Company to pay out a $100 million claim from consumer packaged goods company Mondelez, which was one of…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Helping To Build Cloudflare, Part 2: The Most Difficult Two Weeks

It’s always best to speak plainly and honestly about the situation you are in. Or as Matthew Prince likes to put it “Panic Early”. Long ago I started a company in Silicon Valley which had the most beautiful code.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

“Panic Early”

1
    keyboard_arrow_up