52 messages
Public "Office Hours" are held every Wednesday at 11:30 PST via Zoom. It's open to everyone. Ask questions related to DevOps & Cloud and get answers!
👉️ https://cpco.io/slack-office-hours
managedkaosover 2 years ago
Might be old news but first i’m seeing it: Replit is getting into app deployment/hosting. makes sense to me! 🤔
managedkaosover 2 years ago(edited)
This one is also interesting… Digital twins of all parts of the system along with integrated plans and applies… 🤔
https://www.youtube.com/watch?v=zyEOYl23pd8
https://www.youtube.com/watch?v=zyEOYl23pd8
Tyrone Meijnover 2 years ago
I will not be able to join, but found this an interesting article: https://blog.sicuranext.com/aws-waf-bypass/.
I therefore also had a couple of questions, hopefully you can represent the topic:
• What is the general opinion of AWS WAF? Do y'all think it's a mature product?
• Do you implement AWS WAF for your services or do you think there is a better product for it?
• If you implement AWS WAF, do you implement a lot of custom rules or only (mostly) the AWS Managed Rules?
I therefore also had a couple of questions, hopefully you can represent the topic:
• What is the general opinion of AWS WAF? Do y'all think it's a mature product?
• Do you implement AWS WAF for your services or do you think there is a better product for it?
• If you implement AWS WAF, do you implement a lot of custom rules or only (mostly) the AWS Managed Rules?
E
erikover 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 2 years ago
Links from today's office hours:
https://cybersecuritynews.com/aws-zenbleed-attacks/
https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-route-53-support-14-top-level-domains/
https://blog.sicuranext.com/aws-waf-bypass/
https://replit.com/site/deployments
https://www.youtube.com/watch?v=zyEOYl23pd8
https://codepal.ai/terraform-writer
https://docs.docker.com/compose/release-notes/#2200
https://nathanpeck.com/rethinking-infrastructure-as-code-from-scratch/
https://atmos.tools/
https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/
https://twitter.com/atoonk/status/1685858408082423808?s=19
https://www.fastly.com/blog/announcing-unified-origin-observability-across-fastly
https://www.namecheap.com/domains/handshake-domains/
https://ianix.com/pub/dnssec-outages.html
https://aws.amazon.com/security/security-bulletins/AWS-2023-004/
https://tailwindcss.com/docs/utility-first
https://aws.amazon.com/security/security-bulletins/AWS-2023-005/
https://www.theregister.com/2023/07/18/us_military_mali_email_typos/
https://www.youtube.com/watch?v=gd5uJ7Nlvvo
https://aws.amazon.com/builders-library/implementing-health-checks/
https://github.com/Netflix/Hystrix
https://www.supertenant.com/
https://dev.to/aws-builders/aws-alb-with-nginx-ingress-controller-1ofd
https://cybersecuritynews.com/aws-zenbleed-attacks/
https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-route-53-support-14-top-level-domains/
https://blog.sicuranext.com/aws-waf-bypass/
https://replit.com/site/deployments
https://www.youtube.com/watch?v=zyEOYl23pd8
https://codepal.ai/terraform-writer
https://docs.docker.com/compose/release-notes/#2200
https://nathanpeck.com/rethinking-infrastructure-as-code-from-scratch/
https://atmos.tools/
https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/
https://twitter.com/atoonk/status/1685858408082423808?s=19
https://www.fastly.com/blog/announcing-unified-origin-observability-across-fastly
https://www.namecheap.com/domains/handshake-domains/
https://ianix.com/pub/dnssec-outages.html
https://aws.amazon.com/security/security-bulletins/AWS-2023-004/
https://tailwindcss.com/docs/utility-first
https://aws.amazon.com/security/security-bulletins/AWS-2023-005/
https://www.theregister.com/2023/07/18/us_military_mali_email_typos/
https://www.youtube.com/watch?v=gd5uJ7Nlvvo
https://aws.amazon.com/builders-library/implementing-health-checks/
https://github.com/Netflix/Hystrix
https://www.supertenant.com/
https://dev.to/aws-builders/aws-alb-with-nginx-ingress-controller-1ofd
managedkaosover 2 years ago
Interesting “think piece” on IaC….
https://nathanpeck.com/rethinking-infrastructure-as-code-from-scratch/
https://nathanpeck.com/rethinking-infrastructure-as-code-from-scratch/
managedkaosover 2 years ago
E
erikover 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Alanis Swanepoelover 2 years ago
if you have time (this could become quite deep)
how do you protect against downfall and ras poisoning when working with multi-tenant environments (some cloud providers might be more prone to this than others, due to bad architechture)
how do you protect against downfall and ras poisoning when working with multi-tenant environments (some cloud providers might be more prone to this than others, due to bad architechture)
Jonathan Euniceover 2 years ago
Thoughts about using AWS WAF and/or (Advanced) Shield for rate-limiting / DOS protection? WAF rate limiting seems valuable; Advanced Shield seems potentially $$.
Nennaover 2 years ago
Links from today's office hours:
https://thenewstack.io/bram-moolenaar-author-of-the-open-source-vim-code-editor-has-died/
https://aws.amazon.com/blogs/aws/mountpoint-for-amazon-s3-generally-available-and-ready-for-production-workloads/
https://arstechnica.com/gadgets/2023/08/backblaze-probes-increased-annualized-failure-rate-for-its-240940-hdds/
https://www.warpstream.com/blog/kafka-is-dead-long-live-kafka
https://opensourcewatch.beehiiv.com/p/mirantis-unveils-k0smotron-opensource-streamlined-kubernetes-management-project
https://github.com/yonahd/kor
https://github.com/danswer-ai/danswer
https://github.com/28mm/blast-radius
https://www.theverge.com/2023/8/9/23824562/slack-redesign-app-dms-activity-later
https://venturebeat.com/programming-development/aws-unveils-build-a-new-accelerator-program-for-early-stage-startups-from-around-the-globe/
https://github.com/padok-team/burrito
https://github.com/kubernetes/kubernetes
https://github.com/Skarlso/crd-bootstrap
https://www.humblebundle.com/books/devops-2023-oreilly-books?charity=12390931
https://github.com/Isawan/terrashine
https://nrkbeta.no/2023/01/19/the-road-to-nrks-private-terraform-registry/
https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-eks-configure-efs-shared-file-storage/
https://aws.amazon.com/blogs/aws/new-improve-amazon-s3-glacier-flexible-restore-time-by-up-to-85-using-standard-retrieval-tier-and-s3-batch-operations/
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-datasync-copying-data-other-clouds/
https://downfall.page/
https://wired.me/technology/a-trippy-visualization-charts-the-internets-growth-since-1997/
https://aws.amazon.com/snowmobile/
https://www.wired.com/story/apple-new-password-manager-2fa-iphone-ipad/#intcid=_wired-bottom-recirc_ade29f42-cc7a-4779-bf6d-06662126039c_wired-content-attribution-evergreen
https://docs.cloudposse.com/reference/best-practices/terraform-best-practices/#docusaurus_skipToContent_fallback
https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-ec2-approach-to-preventing-side-channels.html
https://aws.amazon.com/security/security-bulletins/AWS-2023-005/
https://aws.amazon.com/security/security-bulletins/AWS-2023-006/
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
https://buildbot.net/
https://zuul-ci.org/docs/zuul/3.5.0/index.html
https://buck2.build
https://medium.com/@taleodor/using-monorepo-do-not-rebuild-unchanged-components-in-ci-c386e7c03426
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
https://thenewstack.io/bram-moolenaar-author-of-the-open-source-vim-code-editor-has-died/
https://aws.amazon.com/blogs/aws/mountpoint-for-amazon-s3-generally-available-and-ready-for-production-workloads/
https://arstechnica.com/gadgets/2023/08/backblaze-probes-increased-annualized-failure-rate-for-its-240940-hdds/
https://www.warpstream.com/blog/kafka-is-dead-long-live-kafka
https://opensourcewatch.beehiiv.com/p/mirantis-unveils-k0smotron-opensource-streamlined-kubernetes-management-project
https://github.com/yonahd/kor
https://github.com/danswer-ai/danswer
https://github.com/28mm/blast-radius
https://www.theverge.com/2023/8/9/23824562/slack-redesign-app-dms-activity-later
https://venturebeat.com/programming-development/aws-unveils-build-a-new-accelerator-program-for-early-stage-startups-from-around-the-globe/
https://github.com/padok-team/burrito
https://github.com/kubernetes/kubernetes
https://github.com/Skarlso/crd-bootstrap
https://www.humblebundle.com/books/devops-2023-oreilly-books?charity=12390931
https://github.com/Isawan/terrashine
https://nrkbeta.no/2023/01/19/the-road-to-nrks-private-terraform-registry/
https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-eks-configure-efs-shared-file-storage/
https://aws.amazon.com/blogs/aws/new-improve-amazon-s3-glacier-flexible-restore-time-by-up-to-85-using-standard-retrieval-tier-and-s3-batch-operations/
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-datasync-copying-data-other-clouds/
https://downfall.page/
https://wired.me/technology/a-trippy-visualization-charts-the-internets-growth-since-1997/
https://aws.amazon.com/snowmobile/
https://www.wired.com/story/apple-new-password-manager-2fa-iphone-ipad/#intcid=_wired-bottom-recirc_ade29f42-cc7a-4779-bf6d-06662126039c_wired-content-attribution-evergreen
https://docs.cloudposse.com/reference/best-practices/terraform-best-practices/#docusaurus_skipToContent_fallback
https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-ec2-approach-to-preventing-side-channels.html
https://aws.amazon.com/security/security-bulletins/AWS-2023-005/
https://aws.amazon.com/security/security-bulletins/AWS-2023-006/
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
https://buildbot.net/
https://zuul-ci.org/docs/zuul/3.5.0/index.html
https://buck2.build
https://medium.com/@taleodor/using-monorepo-do-not-rebuild-unchanged-components-in-ci-c386e7c03426
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Vlad Ionescu (he/him)over 2 years ago
Oh, also if you end up spending more than $3k on AWS WAF it is cheaper to just get Shield Advanced which covers the costs: https://blog.elva-group.com/how-to-save-thousands-of-dollars-on-aws-waf
Vlad Ionescu (he/him)over 2 years ago
if you're spending over $3000 per month on Web ACL and Rule fees, you can effectively cap those costs at $3000 and prevent them from spiraling further as your number of AWS accounts grows by subscribing to AWS Shield and enrolling your resources
Matthew Jamesover 2 years ago
Just gonna throw a comment in here, that AWS staff have confirmed to me on calls that EC2 does share cores, that's how we have stuff like burst unlimited etc (and as the commenter shared cpu steal). There is options to not share cores and have dedicated tenant hardware in EC2 (which sometimes can be a requirement for high security environments) see (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html).
AWS Nitro however is an AWS developed hypervisor that has hardware based security offloading that's designed to help keep tenants isolated from one another, and likely had optimisations of the cores itself to help reduce steal etc - it seems like they also some mitigations against this sidechannel style attacks in the nitro framework itself.
AWS Nitro however is an AWS developed hypervisor that has hardware based security offloading that's designed to help keep tenants isolated from one another, and likely had optimisations of the cores itself to help reduce steal etc - it seems like they also some mitigations against this sidechannel style attacks in the nitro framework itself.
Ashuover 2 years ago(edited)
here I am getting this error when calling this action, and I am testing with act locally
[Run test suits/build] ✅️ Success - Main Start stack
[Run test suits/build] ⭐️ Run Main Test
[Run test suits/build] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/9-composite-3.sh] user= workdir=
Creating my-app_run ... done
/bin/sh: 0: cannot open npm: No such file
| ERROR: 2
[Run test suits/build] ❌️ Failure - Main Test
[Run test suits/build] exitcode '2': failure
[Run test suits/build] ⭐️ Run Main Stop stacks
- name: Tests
uses: cloudposse/github-action-docker-compose-test-run@main
with:
file: ./docker-compose.yml
service: my-app
command: npm test[Run test suits/build] ✅️ Success - Main Start stack
[Run test suits/build] ⭐️ Run Main Test
[Run test suits/build] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/9-composite-3.sh] user= workdir=
Creating my-app_run ... done
/bin/sh: 0: cannot open npm: No such file
| ERROR: 2
[Run test suits/build] ❌️ Failure - Main Test
[Run test suits/build] exitcode '2': failure
[Run test suits/build] ⭐️ Run Main Stop stacks
PePe Amengualover 2 years ago
Matthew Jamesover 2 years ago
https://registry.terraform.io/providers/ansible/ansible/latest/docs not sure if this got covered previously but it seems like folks are having a crack at ansible provider for TF. This is kinda interesting to my team as we do a lot of local exec to run ansible to configure machines after creation esp for stuff that you don't want/cant point in an asg.
Kunalsing Thakurover 2 years ago
you need to put the ansible playbook inside terraform or use git provider to point to repos to fetch collection of playbook
Kunalsing Thakurover 2 years ago
yes instead of local-exec this is also good way to use it
E
erikover 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 2 years ago
Links from today's office hours:
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-enhanced-startups-featuring-aws-build/
https://github.com/containers/skopeo
https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
https://www.hashicorp.com/bsl
https://www.hashicorp.com/license-faq
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-service-catalog-hashicorp-terraform-cloud/
https://opentf.org/
https://github.com/opentffoundation/manifesto
https://spacelift.io/blog/hashicorps-license-change
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-proton-terraform-open-source/
https://snyk.io/blog/detect-infrastructure-drift-unmanaged-resources-snyk-iac/
https://github.com/cncf/foundation/issues/617
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-enhanced-startups-featuring-aws-build/
https://github.com/containers/skopeo
https://www.hashicorp.com/blog/hashicorp-adopts-business-source-license
https://www.hashicorp.com/bsl
https://www.hashicorp.com/license-faq
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-service-catalog-hashicorp-terraform-cloud/
https://opentf.org/
https://github.com/opentffoundation/manifesto
https://spacelift.io/blog/hashicorps-license-change
https://aws.amazon.com/about-aws/whats-new/2022/03/aws-proton-terraform-open-source/
https://snyk.io/blog/detect-infrastructure-drift-unmanaged-resources-snyk-iac/
https://github.com/cncf/foundation/issues/617
Vlad Ionescu (he/him)over 2 years ago
I'd argue OpenTF is also going
Kunalsing Thakurover 2 years ago
Why?
Alex Atkinsonover 2 years ago
I'm going to trademark "Open ClickOps"
Max Loburover 2 years ago
Did opentf ever get any answer from hashicorp?
E
erikover 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
elvis limover 2 years ago
Where to get the link to the office hours zoom session?
William Gallowayover 2 years ago(edited)
I tried to sign up for the office hours but i get a generic web error "invalid meeting id"
David Lozanoover 2 years ago(edited)
Hello,
maybe someone can give me some feedback on this question on today's office hours.
Can atmos projects be managed/deployed by spacelift?
maybe someone can give me some feedback on this question on today's office hours.
Can atmos projects be managed/deployed by spacelift?
Nennaover 2 years ago
Links from today's office hours:
https://github.com/opentffoundation/brand-artifacts
https://docs.cloudposse.com/components/library/aws/eks/cluster/#changelog
https://breadnet.co.uk/google-artifact-registry-virtual/
https://thenewstack.io/kubernetes-1-28-accommodates-the-service-mesh-sudden-outages/
https://www.reddit.com/r/kubernetes/comments/15yzi6a/cncf_announces_graduation_of_kubernetes/?share_id=mkkImgBMjLuYtFtqzv75g&utm_content=2&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1
https://github.com/patrickchugh/terravision
https://www.reddit.com/r/Terraform/comments/15uhlsk/i_added_autocompletion_to_target_you_can_do_it_too/
https://news.ycombinator.com/item?id=37199495
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-dedicated-local-zones/
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-appsync-javascript-all-resolvers-graphql-apis/
https://blogs.oracle.com/cloud-infrastructure/post/offering-a-sovereign-cloud-designed-for-the-european-union
https://github.com/hashicorp/terraform/blob/v1.5.6/LICENSE
https://www.hashicorp.com/license-faq#security-patch-backporting
https://registry.terraform.io/
https://github.com/opentffoundation/brand-artifacts
https://docs.cloudposse.com/components/library/aws/eks/cluster/#changelog
https://breadnet.co.uk/google-artifact-registry-virtual/
https://thenewstack.io/kubernetes-1-28-accommodates-the-service-mesh-sudden-outages/
https://www.reddit.com/r/kubernetes/comments/15yzi6a/cncf_announces_graduation_of_kubernetes/?share_id=mkkImgBMjLuYtFtqzv75g&utm_content=2&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1
https://github.com/patrickchugh/terravision
https://www.reddit.com/r/Terraform/comments/15uhlsk/i_added_autocompletion_to_target_you_can_do_it_too/
https://news.ycombinator.com/item?id=37199495
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-dedicated-local-zones/
https://aws.amazon.com/about-aws/whats-new/2023/08/aws-appsync-javascript-all-resolvers-graphql-apis/
https://blogs.oracle.com/cloud-infrastructure/post/offering-a-sovereign-cloud-designed-for-the-european-union
https://github.com/hashicorp/terraform/blob/v1.5.6/LICENSE
https://www.hashicorp.com/license-faq#security-patch-backporting
https://registry.terraform.io/
managedkaosover 2 years ago
OK this one has me very, very interested. I’ve always thought of Excel as the perfect tool to bridge engineering and business tasks. This would make it that much more awesome. 🥹
managedkaosover 2 years ago
venkataover 2 years ago
Seanover 2 years ago
For the office hours links: https://aws.amazon.com/blogs/containers/amazon-vpc-cni-now-supports-kubernetes-network-policies/
E
erikover 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 2 years ago
Links from today's office hours:
https://fig.io/blog/post/fig-joins-aws
https://aws.amazon.com/blogs/containers/amazon-vpc-cni-now-supports-kubernetes-network-policies/
https://opentf.org/announcement
https://twitter.com/opentforg/status/1696913055576387599
https://twitter.com/brikis98/status/1696453969118113902
https://www.youtube.com/watch?v=HzBA6FIn_Bo
https://github.com/opentffoundation/manifesto
https://sweetops.slack.com/archives/CB6GHNLG0/p1693385471811699
https://n8n.io/
https://github.com/cube2222/octosql
https://www.theverge.com/2023/8/22/23841167/microsoft-excel-python-integration-support
https://jetporch.substack.com/
https://jetporch.substack.com/p/template-module-finished-a-look-inside
https://github.com/containers/skopeo
https://blogs.vmware.com/management/2023/08/aa-august-release.html
https://www.tines.com/
https://nodered.org/
https://humanitec.com/products/score
https://oam.dev/
https://fig.io/blog/post/fig-joins-aws
https://aws.amazon.com/blogs/containers/amazon-vpc-cni-now-supports-kubernetes-network-policies/
https://opentf.org/announcement
https://twitter.com/opentforg/status/1696913055576387599
https://twitter.com/brikis98/status/1696453969118113902
https://www.youtube.com/watch?v=HzBA6FIn_Bo
https://github.com/opentffoundation/manifesto
https://sweetops.slack.com/archives/CB6GHNLG0/p1693385471811699
https://n8n.io/
https://github.com/cube2222/octosql
https://www.theverge.com/2023/8/22/23841167/microsoft-excel-python-integration-support
https://jetporch.substack.com/
https://jetporch.substack.com/p/template-module-finished-a-look-inside
https://github.com/containers/skopeo
https://blogs.vmware.com/management/2023/08/aa-august-release.html
https://www.tines.com/
https://nodered.org/
https://humanitec.com/products/score
https://oam.dev/
Matt Gowieover 2 years ago
Office hours topic for next week: What are folks using for using internal dev documentation / wikis? A client has their docs split across many areas and we're looking to help them with this. I started to reach for GitHub's Wiki, but quickly realized it is no where near as full featured as I would like. Would love to hear of the free + open source options that are easy to use and enable simple, private access for dev teams.
Omer Senover 2 years ago
Guys have a question for ArgoCD or actually how to install helm release on different variables for different environments. So I think for ArgoCD we can provide different values.yaml file for each env but..
1. so configuration switches are ok so we can use different values.yml for each environment. (or there may be other things which i am not aware hence this message?)
2. What about Secrets? How you make sure argocd installs secrets securely or how do you handle secrets on an ArgoCD managed k8s env and installing helm charts requires secrets
1. so configuration switches are ok so we can use different values.yml for each environment. (or there may be other things which i am not aware hence this message?)
2. What about Secrets? How you make sure argocd installs secrets securely or how do you handle secrets on an ArgoCD managed k8s env and installing helm charts requires secrets
Omer Senover 2 years ago
For cm and secrets change i will
Use reloader stakater
Use reloader stakater