#release-engineering (2018-12)

jenkins_ci All things CI/CD. Specific emphasis on Codefresh and CodeBuild with CodePipeline.

CI/CD Discussions

Archive: https://archive.sweetops.com/release-engineering/

2018-12-19

mumoshu avatar
mumoshu
08:37:11 PM

@mumoshu has joined the channel

2018-12-18

Gabe avatar
Enabling Actions on Public Repositories attachment image

Get started with one of our guides, or jump straight into the API documentation.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@mumoshu

Enabling Actions on Public Repositories attachment image

Get started with one of our guides, or jump straight into the API documentation.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this would also be pretty nice

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

nice

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

has anyone created a useful GitHub Action?

antonbabenko avatar
antonbabenko

I have not, but I saw Actions yesterday in action with one of my customers for real terraform commands… looks very cool, though not yet ready for many real use-cases

Gabe avatar

i was messing around to make on for terraform fmt

davidvasandani avatar
davidvasandani
hashicorp/terraform-github-actions

GitHub Actions For Terraform. Contribute to hashicorp/terraform-github-actions development by creating an account on GitHub.

Nikola Velkovski avatar
Nikola Velkovski

Niiice , what about docker layer caching and actions, if that works it would be just awesome.

2018-12-13

joshmyers avatar
joshmyers

hmm, I’ve stored the root tokens for auto unseal before in an HSM, that the Vault nodes have read access to

joshmyers avatar
joshmyers

This wasn’t a kubernetes/helm deployment.

joshmyers avatar
joshmyers

It was a complex PCI environment (AWS) and Vault was in usage for the PKI backend. HA Vault instances came up, auto init, unseal, create their own certs for TLS between clients and them, and then start doling out certs to instances in the environment as they come up

2018-12-12

endofcake avatar
endofcake

Anyone working with Hashicorp Vault? Keen to hear how you tackle the deployment pipeline.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(me too)

joshmyers avatar
joshmyers

deployment of vault itself?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also, vault+helm

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we did a poc earlier this year and did envconsul as PID1 in our containers

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(envconsul is like chamber for vault)

endofcake avatar
endofcake

I deployed Vault itself with the community Helm chart (had to heavily modify it, which wasn’t an ideal experience). The first issue is that Vault needs to be initialised (if it’s the first time you are deploying it), and also unsealed. These steps are tricky to automate, which makes having ephemeral Vaults a challenge (cloud backed auto-unseal is not an option, HSM might be, but not right now).

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


cloud backed auto-unseal is not an option

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it is now - was just released to CE

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

maybe not supported by terraform modules yet

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

supports KMS based unsealing

endofcake avatar
endofcake

The second issue is deploying configuration such as policies, auth methods etc. Right now we’re using Terraform, but authenticating is a problem.

endofcake avatar
endofcake

Yeah, I know it exists, that’s why I’m saying it’s not an option for us - we’re running on prem.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ohhhhhhhh

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

on prem

endofcake avatar
endofcake

Heavily regulated financial environment. It’s a thing.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

heh, I bet.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@justin.dynamicd might have more to contribute

    keyboard_arrow_up