14 messages
Discussions related to https://github.com/cloudposse/geodesic
Archive: https://archive.sweetops.com/geodesic/
rssalmost 2 years ago(edited)
v2.10.0
🚀 Enhancements
Initial support for dark mode terminals @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2272818612" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/933"...
🚀 Enhancements
Initial support for dark mode terminals @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2272818612" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/933"...
rssalmost 2 years ago(edited)
v2.11.0 OpenTofu, Minor Breaking Changes
💥 Breaking Changes
OpenTofu
OK, not a breaking change, but we are excited about it:
we have made it easy to install OpenTofu into
Geodesic. At the command line or in your Dockerfile, just run:
Debian:
# We recommend pinning the version to ensure reproducibility
apt-get update && apt-get install tofu=1.6.2
Alpine:
# At this point, it seems there is only one version of OpenTofu available
# for Alpine, and a new version would be in a different...
💥 Breaking Changes
OpenTofu
OK, not a breaking change, but we are excited about it:
we have made it easy to install OpenTofu into
Geodesic. At the command line or in your Dockerfile, just run:
Debian:
# We recommend pinning the version to ensure reproducibility
apt-get update && apt-get install tofu=1.6.2
Alpine:
# At this point, it seems there is only one version of OpenTofu available
# for Alpine, and a new version would be in a different...
Erik Osterman (Cloud Posse)almost 2 years ago
rssalmost 2 years ago(edited)
v2.11.1
🚀 Enhancements
Dockerfile examples, Renovate config, color text bugfixes @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2285058498" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/939"...
🚀 Enhancements
Dockerfile examples, Renovate config, color text bugfixes @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2285058498" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/939"...
rssalmost 2 years ago(edited)
v2.11.2
🏗️ Build/Release Maintenance
PR & Release management maintenance @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2290499005" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/940"...
🏗️ Build/Release Maintenance
PR & Release management maintenance @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2290499005" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/940"...
jaysunalmost 2 years ago
been thinking about the best way to have a portable collection of devops tooling that I can use from any machine, and my favorite approaches so far have been
• geodesic
• devcontainers
• maaaaaaybe nix
any reasons I would pick one over the other? how are folks here handling multi aws assume role profiles effectively and kubeconfig ? .aws/config + kubeconfig files on the host machine? or baked into the containers?
• geodesic
• devcontainers
• maaaaaaybe nix
any reasons I would pick one over the other? how are folks here handling multi aws assume role profiles effectively and kubeconfig ? .aws/config + kubeconfig files on the host machine? or baked into the containers?
Marat Bakeevalmost 2 years ago
Is there any way to integrate
geodesic and leapp? I want to see which session I'm currently in -_- Even the account name would be helpful.rssover 1 year ago(edited)
v2.11.3
🚀 Enhancements
Fix colorized string in prompt @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2299175728" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/942"...
🚀 Enhancements
Fix colorized string in prompt @Nuru (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2299175728" data-permission-text="Title is private" data-url="https://github.com/cloudposse/geodesic/issues/942"...
M
Mike Croweover 1 year ago
Here's my solution for using aws-sso-cli as a replacement for Leapp with geodesic.
In the
This stores your interim credentials inside the docker container in plain JSON -- I know this is insecure, but I struggled with a generic way of using a key-vault inside docker that would be cross platform.
I then created a login script that I run this during initialization, so startup prompts me with a URL for AWS login (which I control-click), and then I loop thru and authenticate all the profiles I need in this session.
(NOTE:
When I'm complete, you can then see the expiration times by doing and
My
In the
profile.d folder (or .bashrc), copy the aws-sso-cli profile locally, changing it to headless mode:mkdir ~/.aws-sso
sed 's/open/print/g' /localhost/.aws-sso/config.yaml | sed '/SecureStore/d' > ~/.aws-sso/config.yaml
echo "SecureStore: json" >> ~/.aws-sso/config.yamlThis stores your interim credentials inside the docker container in plain JSON -- I know this is insecure, but I struggled with a generic way of using a key-vault inside docker that would be cross platform.
I then created a login script that I run this during initialization, so startup prompts me with a URL for AWS login (which I control-click), and then I loop thru and authenticate all the profiles I need in this session.
aws-sso --no-config-check
for f in PROFILE1 PROFILE2 PROFILE3; do
SHELL=/bin/bash aws-sso -L error --no-config-check eval -p $f > /dev/null
done
aws-sso list(NOTE:
SHELL=/bin/bash is needed just in profiile.d scripts before the SHELL environment variable has been set)When I'm complete, you can then see the expiration times by doing and
aws-sso list.My
~/.aws/config is populated like this:[profile pinnacle-data]
credential_process = /usr/bin/aws-sso -S "pinnacle" process --arn arn:aws:iam::########:role/AWSAdministratorAccess
region = us-east-1Erik Osterman (Cloud Posse)over 1 year ago
Thanks @Mike Crowe -remind me, does
aws-sso-cli invoke the browser for logins, or does it use a scraping technique?
Mike Croweover 1 year ago
Browser. But inside geodesic, my configuration simply prints out the link which you have to click in the console to fire up the browser.
Mike Croweover 1 year ago
So far, I found it to be on par with leapp and I really like using it. It even has the console function to open up a browser to the AWS console for the current profile