31 messages
Public "Office Hours" are held every Wednesday at 11:30 PST via Zoom. It's open to everyone. Ask questions related to DevOps & Cloud and get answers!
๐๏ธ https://cpco.io/slack-office-hours
rohitalmost 2 years ago(edited)
office hours:
we have a goal to deliver a working helm project to a customer, so customer BYOI (brings your own infra), and we ask them to helm install our project. this normally works fine for simpler projects, but we're facing difficulties in ordering some of the k8s resources we want to create before we deploy our services AND ensuring the dependency helm charts (alb + fluent-bit) are setup PRIOR to our helm chart.
our flow right now looks like this:
1. install external helm chart (aws-load-balancer-controller)
2. install external helm chart (fluent-bit)
3. we install service-account.yaml before secret.yaml
4. run this vault script to ensure service account has access to vault to fetch secrets
5. helm install <our app> (2 jobs, service, deployment, and ingress.yaml)
6. we wait for restarts until "things eventually work out" (app restarts multiple times because jobs are not done)
this doesn't seem feasible managing all of this in helm. am i wrong? if not, what are my options here?
I looked into helmfile and splitting up our helm chart into 2 helm charts, where our main app will have
thank you!
we have a goal to deliver a working helm project to a customer, so customer BYOI (brings your own infra), and we ask them to helm install our project. this normally works fine for simpler projects, but we're facing difficulties in ordering some of the k8s resources we want to create before we deploy our services AND ensuring the dependency helm charts (alb + fluent-bit) are setup PRIOR to our helm chart.
our flow right now looks like this:
1. install external helm chart (aws-load-balancer-controller)
2. install external helm chart (fluent-bit)
3. we install service-account.yaml before secret.yaml
4. run this vault script to ensure service account has access to vault to fetch secrets
5. helm install <our app> (2 jobs, service, deployment, and ingress.yaml)
6. we wait for restarts until "things eventually work out" (app restarts multiple times because jobs are not done)
this doesn't seem feasible managing all of this in helm. am i wrong? if not, what are my options here?
I looked into helmfile and splitting up our helm chart into 2 helm charts, where our main app will have
dependencies in Chart.yaml to ensure deps are met, but AFAIK we can't "order" the dependency installs. or even writing a shell script that does this step by step.thank you!
E
erikalmost 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
A
Adnanalmost 2 years ago
Am I doing it wrong or did office hours not start yet?
Nennaalmost 2 years ago
Links from today's office hours:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
https://docs.localstack.cloud/tutorials/replicate-aws-resources-localstack-extension/
https://blog.cloudflare.com/python-workers
https://techcrunch.com/2024/03/31/why-aws-google-and-oracle-are-backing-the-valkey-redis-fork/amp/
https://www.infoworld.com/article/3714688/the-bizarre-defense-of-trillion-dollar-cabals.html
https://www.reddit.com/r/Terraform/comments/1bpfjjr/is_checkov_now_paywalled_by_palo_alto/
https://github.com/clivern/lynx
https://aws.amazon.com/about-aws/whats-new/2024/03/slack-connect-aws-sales-collaborate-customers-partners/
https://github.com/bridgecrewio/checkov-vscode/issues/141
https://artifacthub.io/packages/helm/codefresh-onprem/codefresh
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
https://docs.localstack.cloud/tutorials/replicate-aws-resources-localstack-extension/
https://blog.cloudflare.com/python-workers
https://techcrunch.com/2024/03/31/why-aws-google-and-oracle-are-backing-the-valkey-redis-fork/amp/
https://www.infoworld.com/article/3714688/the-bizarre-defense-of-trillion-dollar-cabals.html
https://www.reddit.com/r/Terraform/comments/1bpfjjr/is_checkov_now_paywalled_by_palo_alto/
https://github.com/clivern/lynx
https://aws.amazon.com/about-aws/whats-new/2024/03/slack-connect-aws-sales-collaborate-customers-partners/
https://github.com/bridgecrewio/checkov-vscode/issues/141
https://artifacthub.io/packages/helm/codefresh-onprem/codefresh
managedkaosalmost 2 years ago
Slackbotalmost 2 years ago
Slackbotalmost 2 years ago
managedkaosalmost 2 years ago
Randomly, another whiteboarding/diagramming app. this oneโs open source and embeddableโฆ.
https://excalidraw.com/
https://github.com/excalidraw/excalidraw
https://excalidraw.com/
https://github.com/excalidraw/excalidraw
E
erikalmost 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Alanis Swanepoelalmost 2 years ago
Interesting read - https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability
Nennaalmost 2 years ago(edited)
Links from today's office hours:
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
https://containerssh.io/v0.5/
https://goteleport.com/blog/teleport-community-license/
https://github.com/opentofu/registry/issues/301
https://www.infoworld.com/article/3714980/opentofu-may-be-showing-us-the-wrong-way-to-fork.html
https://www.linkedin.com/posts/opentofuorg_opentofu-project-was-recently-made-aware-activity-7182147077496344576-jsDQ/?utm_source=combined_share_message&utm_medium=member_android
https://gource.io/
https://github.com/charmbracelet/freeze
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/main/docs/migration-v3-v4.md
https://github.com/seal-io/hermitcrab
https://runtipi.io/
https://github.com/charmbracelet/glow
https://masterpoint.io/updates/opentofu-early-adopters/
https://aws.amazon.com/lightsail/
https://noxon.cc/@jeff/112157251058272180
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
https://containerssh.io/v0.5/
https://goteleport.com/blog/teleport-community-license/
https://github.com/opentofu/registry/issues/301
https://www.infoworld.com/article/3714980/opentofu-may-be-showing-us-the-wrong-way-to-fork.html
https://www.linkedin.com/posts/opentofuorg_opentofu-project-was-recently-made-aware-activity-7182147077496344576-jsDQ/?utm_source=combined_share_message&utm_medium=member_android
https://gource.io/
https://github.com/charmbracelet/freeze
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/main/docs/migration-v3-v4.md
https://github.com/seal-io/hermitcrab
https://runtipi.io/
https://github.com/charmbracelet/glow
https://masterpoint.io/updates/opentofu-early-adopters/
https://aws.amazon.com/lightsail/
https://noxon.cc/@jeff/112157251058272180
Alanis Swanepoelalmost 2 years ago
AWS Ref architecture for wordpress - https://github.com/aws-samples/aws-refarch-wordpress
Slackbotalmost 2 years ago
Slackbotalmost 2 years ago
Ranjithalmost 2 years ago
Question for #office-hours
We are trying to automate the service deployment process in AWS using terraform/terragrunt. Currently the Services are deployed in ECS. We are starting to use Atlantis for Pull Request automation.
Once a new Service version is deployed in the integration environment and tested, we want the same version to be automatically deployed in different regions of the production environment.
We want the automated tests for each Service to be run against the new deployed version to validate the deployment.
There should be a bake time in each region/environment. Only after validating the health of the deployment in that region/environment, it should be propagated to the next region/environment.
The Service should be rolled back to the earlier version in case of any test failures or increase in error rates during the bake period.
We are trying to understand how different teams have implemented something similar for AWS.
Is AWS Step Functions a good mechanism to orchestrate these steps for automating service deployment? Are there other options that folks have successfully implemented?
Please let us know...
We are trying to automate the service deployment process in AWS using terraform/terragrunt. Currently the Services are deployed in ECS. We are starting to use Atlantis for Pull Request automation.
Once a new Service version is deployed in the integration environment and tested, we want the same version to be automatically deployed in different regions of the production environment.
We want the automated tests for each Service to be run against the new deployed version to validate the deployment.
There should be a bake time in each region/environment. Only after validating the health of the deployment in that region/environment, it should be propagated to the next region/environment.
The Service should be rolled back to the earlier version in case of any test failures or increase in error rates during the bake period.
We are trying to understand how different teams have implemented something similar for AWS.
Is AWS Step Functions a good mechanism to orchestrate these steps for automating service deployment? Are there other options that folks have successfully implemented?
Please let us know...
E
erikalmost 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaalmost 2 years ago
Links from today's office hours:
https://www.cnbc.com/2024/04/17/aws-stops-selling-snowmobile-truck-for-cloud-migrations.html
https://aws.amazon.com/blogs/aws/amazon-cloudwatch-internet-weather-map-view-and-analyze-internet-health/
https://gregoryszorc.com/blog/2022/08/08/achieving-a-completely-open-source-implementation-of-apple-code-signing-and-notarization/
https://neon.tech/blog/neon-ga
https://library.tf/
https://docs.cloudposse.com/reference/terraform-in-depth/terraform-unknown-at-plan-time/
https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
https://opentofu.github.io/legal-documents/2024-04-03%20HashiCorp%20C%26D/OpenTofu%20C&D%20-%20Redacted.pdf
https://www.theregister.com/AMP/2024/04/12/linux_foundation_opinion/
https://github.com/hashicorp/terraform/releases/tag/v1.8.0
https://github.com/hashicorp/terraform/issues/34984#top
https://github.com/hashicorp/terraform/releases/tag/v1.9.0-alpha20240404
https://masterpoint.io/updates/opentofu-early-adopters/
https://tea.xyz
https://www.cnbc.com/2024/04/17/aws-stops-selling-snowmobile-truck-for-cloud-migrations.html
https://aws.amazon.com/blogs/aws/amazon-cloudwatch-internet-weather-map-view-and-analyze-internet-health/
https://gregoryszorc.com/blog/2022/08/08/achieving-a-completely-open-source-implementation-of-apple-code-signing-and-notarization/
https://neon.tech/blog/neon-ga
https://library.tf/
https://docs.cloudposse.com/reference/terraform-in-depth/terraform-unknown-at-plan-time/
https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
https://opentofu.github.io/legal-documents/2024-04-03%20HashiCorp%20C%26D/OpenTofu%20C&D%20-%20Redacted.pdf
https://www.theregister.com/AMP/2024/04/12/linux_foundation_opinion/
https://github.com/hashicorp/terraform/releases/tag/v1.8.0
https://github.com/hashicorp/terraform/issues/34984#top
https://github.com/hashicorp/terraform/releases/tag/v1.9.0-alpha20240404
https://masterpoint.io/updates/opentofu-early-adopters/
https://tea.xyz
managedkaosalmost 2 years ago
Slackbotalmost 2 years ago
Slackbotalmost 2 years ago
Omer Senalmost 2 years ago
Hi, for helm templating which tool are you using ? still helmfile? (i used helmsman before but i didn't like it) .. I used ArgoCD before but this case i need to use something like helm.. cli
E
erikalmost 2 years ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaalmost 2 years ago
Links from today's office hours:
https://www.hashicorp.com/blog/introducing-the-infrastructure-cloud
https://1-7-0-beta1.opentofu.pages.dev/docs/language/state/encryption/
https://www.reuters.com/markets/deals/ibm-nearing-buyout-deal-hashicorp-wsj-reports-2024-04-23/
https://github.com/goreleaser/nfpm
https://www.engadget.com/slack-rolls-out-its-ai-tools-to-all-paying-customers-120045296.html
https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner
https://slack.engineering/our-journey-migrating-to-aws-imdsv2/
https://github.com/orgs/aws-ia/repositories?q=cfn
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.newscientist.com/article/2150350-a-tech-destroying-solar-flare-could-hit-earth-within-100-years/
https://www.reddit.com/r/ipad/comments/fre1pe/zoom_meeting_sounds_cant_be_muted/
https://1-7-0-alpha1.opentofu.pages.dev/docs/language/state/encryption/
https://github.com/kayac/ecspresso
https://aws.github.io/copilot-cli/
https://www.hashicorp.com/blog/introducing-the-infrastructure-cloud
https://1-7-0-beta1.opentofu.pages.dev/docs/language/state/encryption/
https://www.reuters.com/markets/deals/ibm-nearing-buyout-deal-hashicorp-wsj-reports-2024-04-23/
https://github.com/goreleaser/nfpm
https://www.engadget.com/slack-rolls-out-its-ai-tools-to-all-paying-customers-120045296.html
https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner
https://slack.engineering/our-journey-migrating-to-aws-imdsv2/
https://github.com/orgs/aws-ia/repositories?q=cfn
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.newscientist.com/article/2150350-a-tech-destroying-solar-flare-could-hit-earth-within-100-years/
https://www.reddit.com/r/ipad/comments/fre1pe/zoom_meeting_sounds_cant_be_muted/
https://1-7-0-alpha1.opentofu.pages.dev/docs/language/state/encryption/
https://github.com/kayac/ecspresso
https://aws.github.io/copilot-cli/
Erik Osterman (Cloud Posse)almost 2 years ago(edited)
OpenTofu reaches 20K stars, more than Pulumi.
venkataalmost 2 years ago
managedkaosalmost 2 years ago
For the Windows folksโฆ ๐ซก
https://www.theverge.com/2024/4/30/24144183/arc-browser-windows-launch-features-availability
https://www.theverge.com/2024/4/30/24144183/arc-browser-windows-launch-features-availability