#townhall

Town Hall Discussions

Archive: https://archive.sweetops.com/townhall/

2019-02-14

Erik Osterman
05:23:32 AM

@Erik Osterman set the channel purpose: Town Hall Discussions

Archive: https://archive.sweetops.com/townhall/

2018-11-06

06:23:26 PM

@ has joined the channel

2018-11-02

btai
11:54:24 PM

@btai has joined the channel

2018-10-13

Gaurav Ubnare
11:47:18 AM

@Gaurav Ubnare has joined the channel

2018-10-10

Raghu
01:16:05 PM

@Raghu has joined the channel

2018-10-05

Gabe
09:09:03 PM

@Gabe has joined the channel

2018-10-03

Steven
11:52:08 AM

@Steven has joined the channel

tamsky

wanted to ask about how things were going with CP and Atlantis

Erik Osterman

There are two hard blockers for using it:

Erik Osterman

1) https://github.com/runatlantis/atlantis/issues/249 (no response) - to support multiple instances of atlantis in diffferent accounts

Atlantis nodes in different accounts with one repository · Issue #249 · runatlantis/atlantis

We have a repository that contains our live terraform definitions for multiple accounts. We currently have 4 accounts and plan to have an Atlantis node in each account. We've tossed around the …

mrwacky

@Gabe - this one

Atlantis nodes in different accounts with one repository · Issue #249 · runatlantis/atlantis

We have a repository that contains our live terraform definitions for multiple accounts. We currently have 4 accounts and plan to have an Atlantis node in each account. We've tossed around the …

Erik Osterman
Adds support for specifying the atlantis.yaml filename on the server side by darrylb-github · Pull Request #310 · runatlantis/atlantis

This allows setting different configs for different instances of atlantis, which is useful when wanting to run different servers for production and staging. Our use case is to have separate product…

Erik Osterman

Erik Osterman

one left, and it’s ready for prime time: https://github.com/runatlantis/atlantis/issues/308

Restrict Plan or Apply to Github Teams or Github Users · Issue #308 · runatlantis/atlantis

what Allow operator to define a list of permitted users who can trigger atlantis commands why Currently, the only way to restrict access is by adding/revoking users from a repository altogether. We…

Erik Osterman

2) no way to scope who can run plan or apply other than revoking access to repo

Erik Osterman
07:02:49 PM

awesome name @tamsky

2
tamsky

for 2) you’d like to see github groups perform RBAC ?

Erik Osterman

i would be satisfied with a hardcoded list of usernames in the server

Erik Osterman

groups would be icing

tamsky

I’m really enjoying https://github.com/kislyuk/keymaker - and IAM groups <> UNIX groups

kislyuk/keymaker

Lightweight SSH key management on AWS EC2. Contribute to kislyuk/keymaker development by creating an account on GitHub.

tamsky

both of those blockers read to me as accurate and missing requirements. I could imagine bypassing 2) by having two Atlantis’s per stage, one RO other R+W.

Erik Osterman

Perhaps, but how would you scope the access to the r/w and r/o pipelines?

tamsky

at the oauth proxy?

Erik Osterman

oh, but all the interaction is via git comments

Erik Osterman

so what we really need is the google/kubernetes repo bot commands like

Erik Osterman

ok to test

tamsky

then I deserve a “whoops”

Erik Osterman

so i think technically, not too hard to extend

Erik Osterman

basically, validate git username is in some list

1
Erik Osterman

otherwise comment back and say not authorized

Erik Osterman

i’ve debated if we want to commit the resources to fix 1 & 2

Erik Osterman

we may just end up using codefresh for v1

Erik Osterman

prove the concept out

Erik Osterman

for example, with Zapier, i can act on a comment and trigger a pipeline via webhook

Erik Osterman

i go back and forth with atlantis b/c we still need to solve the same problem with kops and helm (not just terraform)

Erik Osterman

so i want a strategy that works well for all 3

1
Erik Osterman

@tamsky this was opened/closed today https://github.com/runatlantis/atlantis/pull/306/files

Support custom atlantis.yaml config filename on server side by darrylb-github · Pull Request #306 · runatlantis/atlantis

This allows repos to specify different atlantis configs that exist in the same repo, and supports running separate instances of atlantis for staging and production by pointing at different configs.

Erik Osterman

Addresses (1)

ankur
02:52:08 AM

@ankur has joined the channel

2018-10-02

mallen
07:26:35 PM

@mallen has joined the channel

2018-09-26

Arkadiy
05:48:23 PM

@Arkadiy has joined the channel

2018-09-20

mrwacky
04:14:57 PM

@mrwacky has joined the channel

06:46:58 PM

@ has joined the channel

2018-09-19

Erik Osterman

@antonbabenko @ @Igor Rodionov

antonbabenko
Cloudcraft – Draw AWS diagrams

Draw AWS diagrams with Cloudcraft: Snap together components like EC2s and ELBs on an isometric grid

Igor Rodionov
cloudposse/charts

The “Cloud Posse” Distribution of Kubernetes Applications - cloudposse/charts

cloudposse/helmfiles

Comprehensive Distribution of Helmfiles. Works with helmfile.d - cloudposse/helmfiles

Erik Osterman
modules.tf - Get your infrastructure as code delivered as Terraform modules

Your infrastructure as code delivered as Terraform modules

tamsky
Docker + Kubernetes: Holy Grail for Software Distribution and Deployment

Wed, Sep 19, 2018, 6:30 PM: Please join us for the fifth of the Orange County ACM Chapter’s 2018 bi-monthly evening program series.Agenda6:30 PM Doors Open & Networking7:00 PM Announcements and Presen

Erik Osterman
IOpipe - monitor, observe, and profile AWS Lambda functions

Full observability and dev tools for building, shipping, and running serverless applications on AWS Lambda. Profiling, Monitoring, Logging, Metrics.

Erik Osterman
06:57:55 PM
Erik Osterman
AWS X-Ray – Distributed Tracing System

AWS X-Ray helps you debug and analyze your microservices applications with request tracing so you can find the root cause of issues and performance bottlenecks.

tamsky

how I tail CW Logs: # aws-vault exec customername --no-session -- awslogs get Apache_Site_Access_Log-stage ALL --watch

Erik Osterman
jorgebastida/awslogs

AWS CloudWatch logs for Humans™. Contribute to jorgebastida/awslogs development by creating an account on GitHub.

antonbabenko

AWS Lambda function in Python3 which is generating code from cloudcraft diagrams is here - https://github.com/antonbabenko/modules.tf-lambda/

antonbabenko/modules.tf-lambda

Infrastructure as code generator - from visual diagrams created with http://Cloudcraft.co to Terraform - antonbabenko/modules.tf-lambda

tamsky

Also meant to ask everyone on the call after Erik mentioned the SSH-via-SSM-agent: what do folks think about AWS’s latest closed-source agent:

  • “unified” aws cloudwatch agent (written in golang, based on available debug symbols)
Erik Osterman

can you share a link?

tamsky

Previous versions of the agent were either in perl or python.

Erik Osterman

wonder why it’s closed source

1
Erik Osterman

doesn’t seem merited

tamsky

I’ve had a back-n-forth with CW team (via support) and they have no plan to release the source. Just wondering why this doesn’t raise more eyebrows.

Erik Osterman

wonder if it’s just a timing thing. that they didn’t have time to clean it up for release.

Erik Osterman

…wow no plan

tamsky

debug symbols tell me they’re using internal-only golang libraries

tamsky

so they’d have to opensource those bits first

aknysh
07:18:21 PM

@aknysh has joined the channel

antonbabenko

Good news @tamsky. I also didn’t know about it before.

tamsky

it = ?

antonbabenko

it = CW agent in go

1
antonbabenko

too late here for me %)

loren

i’ve used the cloudwatch agent and like it more than their prior tooling around cloudwatch

Erik Osterman

loren

sorry i missed the meeting

2018-09-18

08:02:05 PM

@ has joined the channel

2018-09-05

Erik Osterman
09:16:43 PM

@Erik Osterman has joined the channel

Erik Osterman
09:16:43 PM

@Erik Osterman set the channel purpose: Town Hall Discussions

antonbabenko
09:16:43 PM

@antonbabenko has joined the channel

09:16:43 PM

@ has joined the channel

Igor Rodionov
09:16:43 PM

@Igor Rodionov has joined the channel

09:16:44 PM

@ has joined the channel

loren
09:16:44 PM

@loren has joined the channel

tamsky
09:17:00 PM

@tamsky has joined the channel

    keyboard_arrow_up