23 messages
Public "Office Hours" are held every Wednesday at 11:30 PST via Zoom. It's open to everyone. Ask questions related to DevOps & Cloud and get answers!
👉️ https://cpco.io/slack-office-hours
E
erikover 1 year ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 1 year ago
Links from today's office hours:
https://github.blog/changelog/2024-09-25-introducing-ci-cd-admin-a-new-pre-defined-organization-role-for-github-actions
https://github.com/estahn/k8s-image-swapper
https://www.linkedin.com/posts/marcinwyszynski_im-excited-to-celebrate-the-one-year-anniversary-activity-7246531545115607040-mn62?utm_source=share&utm_medium=member_desktop
https://github.com/kubewall/kubewall/
https://www.systeminit.com/blog-system-initiative-is-the-future
https://stakpak.dev/
https://www.reddit.com/r/Terraform/comments/1fsqzod/an_ide_for_infra_configurations_id_love_to_hear/
https://www.cursor.com/
https://www.theolognion.com/p/new-eslint-rule-string-backward-compatibility-considered-grammatically-incorrect
https://github.blog/changelog/2024-09-25-introducing-ci-cd-admin-a-new-pre-defined-organization-role-for-github-actions
https://github.com/estahn/k8s-image-swapper
https://www.linkedin.com/posts/marcinwyszynski_im-excited-to-celebrate-the-one-year-anniversary-activity-7246531545115607040-mn62?utm_source=share&utm_medium=member_desktop
https://github.com/kubewall/kubewall/
https://www.systeminit.com/blog-system-initiative-is-the-future
https://stakpak.dev/
https://www.reddit.com/r/Terraform/comments/1fsqzod/an_ide_for_infra_configurations_id_love_to_hear/
https://www.cursor.com/
https://www.theolognion.com/p/new-eslint-rule-string-backward-compatibility-considered-grammatically-incorrect
E
erikover 1 year ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Erik Osterman (Cloud Posse)over 1 year ago
Nennaover 1 year ago
Links from today's office hours:
http://cloudposse.com
https://visualsubnetcalc.com/
https://sq.io/
https://github.com/runatlantis/atlantis/releases/tag/v0.30.0
https://github.blog/changelog/2024-10-01-repository-level-actions-usage-metrics-public-preview
https://sweetops.slack.com/archives/CB6GHNLG0/p1727349217514679
https://github.com/opentofu/opentofu/issues/2034#issuecomment-2398410513
https://github.com/hashicorp/terraform-provider-aws/issues/39376
https://www.spiceworks.com/tech/tech-general/news/gitlab-explores-sale-datadog-google-potential-buyers/
https://www.harness.io/blog/harness-releases-gitness-open-source-git-platform
https://subversion.apache.org/
https://gitea.com/
https://www.harness.io/open-source
https://docs.atmosly.com/what-is-atmosly
http://cloudposse.com
https://visualsubnetcalc.com/
https://sq.io/
https://github.com/runatlantis/atlantis/releases/tag/v0.30.0
https://github.blog/changelog/2024-10-01-repository-level-actions-usage-metrics-public-preview
https://sweetops.slack.com/archives/CB6GHNLG0/p1727349217514679
https://github.com/opentofu/opentofu/issues/2034#issuecomment-2398410513
https://github.com/hashicorp/terraform-provider-aws/issues/39376
https://www.spiceworks.com/tech/tech-general/news/gitlab-explores-sale-datadog-google-potential-buyers/
https://www.harness.io/blog/harness-releases-gitness-open-source-git-platform
https://subversion.apache.org/
https://gitea.com/
https://www.harness.io/open-source
https://docs.atmosly.com/what-is-atmosly
PePe Amengualover 1 year ago
@Erik Osterman (Cloud Posse), you were right about Atlantis the first time, we did move to the CNCF github already, now is Slack and other things, we even added Fossa and Snyk and Dosu to our repos
Jonathan Euniceover 1 year ago
Just watched a bit of the HashiCorp live cast. Much to talk about there, but the “scaling up Terraform” with components, modules, and workflows seems to recapitulate Cloud Posse’s journey and solutions/approaches. Can’t wait to hear @Erik Osterman (Cloud Posse)’s take. Also, “deferred changes” seems magical but could be a train wreck, so… you’re up, Erik!
Michaelover 1 year ago
Good to see some positive security news: https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customer-now-use-passkeys-to-log-in/
Rishavover 1 year ago
Outta curiosity, how does one submit a topic or two for the office-hour? Be keen to see/hear a few highlights from the HashiConf as well.
E
erikover 1 year ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 1 year ago
Links from today's office hours:
http://cloudposse.com
https://opensourcepledge.com/
https://www.bbc.com/news/articles/c8el64yyppro
https://mermaid-ascii.art/
https://github.com/hashicorp/terraform/pull/35661
https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customer-now-use-passkeys-to-log-in/
https://www.ftc.gov/news-events/news/press-releases/2024/10/federal-trade-commission-announces-final-click-cancel-rule-making-it-easier-consumers-end-recurring
https://docs.sweeting.me/s/archivebox-plugin-ecosystem-announcement
https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories
http://cloudposse.com
https://opensourcepledge.com/
https://www.bbc.com/news/articles/c8el64yyppro
https://mermaid-ascii.art/
https://github.com/hashicorp/terraform/pull/35661
https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customer-now-use-passkeys-to-log-in/
https://www.ftc.gov/news-events/news/press-releases/2024/10/federal-trade-commission-announces-final-click-cancel-rule-making-it-easier-consumers-end-recurring
https://docs.sweeting.me/s/archivebox-plugin-ecosystem-announcement
https://docs.github.com/en/enterprise-cloud@latest/repositories/creating-and-managing-repositories/about-repositories#about-internal-repositories
Rishavover 1 year ago
Many thanks for sharing your space at the last Office Hours, @Erik Osterman (Cloud Posse) et al, genuinely appreciate the time.
I brought a fair few Qs about Terraform provisioning pipelines with GitHub Action, to which you added plenty of depth and potential pitfalls to look out for.
Summarize plan outline
• Reviewing 1000s of lines of planned changes is simply not feasible, but a brief 1-liner like "Plan: 2 to add, 2 to change, 2 to destroy" fails to convey the scope of impact.
• A "middle-ground" outline would be preferable, which accounts for character limits within PR comments, while linking to the complete output log in the workflow job summary.
Plan file reuse with encryption
• Too often PRs are merged with
• While it's best practice to reuse the plan file from
Apply before OR after merge
• Whenever we choose to apply changes, we need a way to uniquely identify and fetch the appropriate plan file outside of
• In addition to
As promised, I managed to wrangle out a few hours over the weekend to pour over these problems, and address each one in turn. Drawn up my progress in a blog post—happy to share, if you'd like? (keen to not fall foul of any self-promotion rules!)
I brought a fair few Qs about Terraform provisioning pipelines with GitHub Action, to which you added plenty of depth and potential pitfalls to look out for.
Summarize plan outline
• Reviewing 1000s of lines of planned changes is simply not feasible, but a brief 1-liner like "Plan: 2 to add, 2 to change, 2 to destroy" fails to convey the scope of impact.
• A "middle-ground" outline would be preferable, which accounts for character limits within PR comments, while linking to the complete output log in the workflow job summary.
Plan file reuse with encryption
• Too often PRs are merged with
apply -auto-approve, which is optimistic at best, but liable to configuration drift from changes made outside the workflow.• While it's best practice to reuse the plan file from
plan command, storing and retrieving it between workflow runs isn't easy, let alone if it contains sensitive data.Apply before OR after merge
• Whenever we choose to apply changes, we need a way to uniquely identify and fetch the appropriate plan file outside of
pull_request context.• In addition to
push and pull_request_target events, support GitHub's native merge queue feature to conditionally merge the PR only if it applies successfully.As promised, I managed to wrangle out a few hours over the weekend to pour over these problems, and address each one in turn. Drawn up my progress in a blog post—happy to share, if you'd like? (keen to not fall foul of any self-promotion rules!)
E
erikover 1 year ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Matthew Clarkover 1 year ago
When running atmos commands to apply the first time, it fails due to "account already belonging to organization", unless we set
This error is occurring in the account-map IAM roles module which is pulling from full account map from account map module.
How would we go about debugging this? Still working our way around atmos, heh.
organization_enabled to false in accounts component in catalog stack. If we set this to false, it runs - we then just renamed the existing management account to core-root. Is core-root referencing the management account, or is there an expectation that core-root is another separate account? Once we get past that - the OUs/accounts exist, but when we apply account-settings it's implying the the account_name doesn't exist in local.account_org_role_arns. In your experience, is this likely an issue with what I mention above re: organizations, something running in the wrong workspace and by proxy not having access to the intended tfstate, or something else?This error is occurring in the account-map IAM roles module which is pulling from full account map from account map module.
full_account_map = {
"core-artifacts" = "<REDACTED>"
"core-audit" = "<REDACTED>"
"core-dns" = "<REDACTED>"
"core-identity" = "<REDACTED>"
"core-root" = "<REDACTED>"
}How would we go about debugging this? Still working our way around atmos, heh.
Bob Bergover 1 year ago
Could I get help on a PR review?
I previously opened an issue and flagged it as a bug, this was in August, https://github.com/cloudposse/terraform-datadog-platform/issues/100.
I submitted a pull request to fix said issue this past Monday, https://github.com/cloudposse/terraform-datadog-platform/pull/107.
Could I get some direction on where to take this and how to get it approved? It was a simple one-line-change that fixed the issue.
I previously opened an issue and flagged it as a bug, this was in August, https://github.com/cloudposse/terraform-datadog-platform/issues/100.
I submitted a pull request to fix said issue this past Monday, https://github.com/cloudposse/terraform-datadog-platform/pull/107.
Could I get some direction on where to take this and how to get it approved? It was a simple one-line-change that fixed the issue.
Nennaover 1 year ago
Links from today's office hours:
https://github.com/fidelity/kconnect
https://terraform.tf/
https://neon.tech/blog/why-does-everyone-run-ancient-postgres-versions
https://www.infoq.com/articles/cell-based-architecture-distributed-systems/
https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-eks-application-recovery-controller-arc/
https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-aurora-global-database-writer-endpoint/
https://blog.cloudflare.com/expanding-our-support-for-oss-projects-with-project-alexandria/#empowering-the-open-source-community
https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile#adding-a-member-only-organization-profile-readme
https://github.com/orgs/github/projects/4247?pane=issue&itemId=65252371&issue=github%7Croadmap%7C963
https://dev.to/rdhar/enhance-terraformtofu-automation-with-github-action-29be
https://docs.aws.amazon.com/filegateway/latest/files3/what-is-file-s3.html
https://aws.amazon.com/blogs/aws/amazon-file-cache-a-high-performance-cache-on-aws-for-your-on-premises-file-systems/
https://docs.aws.amazon.com/storagegateway/
https://aws.amazon.com/iam/roles-anywhere/
https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip
https://docs.github.com/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps
https://github.com/fidelity/kconnect
https://terraform.tf/
https://neon.tech/blog/why-does-everyone-run-ancient-postgres-versions
https://www.infoq.com/articles/cell-based-architecture-distributed-systems/
https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-eks-application-recovery-controller-arc/
https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-aurora-global-database-writer-endpoint/
https://blog.cloudflare.com/expanding-our-support-for-oss-projects-with-project-alexandria/#empowering-the-open-source-community
https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile#adding-a-member-only-organization-profile-readme
https://github.com/orgs/github/projects/4247?pane=issue&itemId=65252371&issue=github%7Croadmap%7C963
https://dev.to/rdhar/enhance-terraformtofu-automation-with-github-action-29be
https://docs.aws.amazon.com/filegateway/latest/files3/what-is-file-s3.html
https://aws.amazon.com/blogs/aws/amazon-file-cache-a-high-performance-cache-on-aws-for-your-on-premises-file-systems/
https://docs.aws.amazon.com/storagegateway/
https://aws.amazon.com/iam/roles-anywhere/
https://repost.aws/knowledge-center/block-s3-traffic-vpc-ip
https://docs.github.com/apps/creating-github-apps/about-creating-github-apps/about-creating-github-apps
E
erikover 1 year ago
@here office hours is starting in 30 minutes! Remember to post your questions here.
Nennaover 1 year ago
Links from today's office hours:
https://github.com/cloudposse/atmos/pull/751
https://github.com/caarlos0/mdtree
https://benjdd.com/aws/
https://docs.cloudposse.com/layers/eks/design-decisions/decide-on-default-storage-class/
https://www.arguingwithalgorithms.com/posts/cursor-review.html
https://github.com/cloudposse/atmos/pull/738
https://github.com/cloudposse/atmos/pull/731
https://github.com/cloudposse/atmos/pull/735
https://aws.amazon.com/about-aws/whats-new/2024/10/aws-amplify-amazon-s3-static-website-hosting/
https://aws.amazon.com/about-aws/whats-new/2024/10/aws-iam-identity-center-simplifies-calls-services-single-identity-context/
https://github.com/cloudandthings/terraform-aws-clickops-notifier?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-197-state-in-iac-tools-terragrunt-1-0-enabling-security-guardrails-aws-eks-access-entries-debug-your-infrastructure
https://coderabbit.ai/
https://www.elastic.co/enterprise-search/workplace-search
https://github.com/cloudposse/atmos/pull/751
https://github.com/caarlos0/mdtree
https://benjdd.com/aws/
https://docs.cloudposse.com/layers/eks/design-decisions/decide-on-default-storage-class/
https://www.arguingwithalgorithms.com/posts/cursor-review.html
https://github.com/cloudposse/atmos/pull/738
https://github.com/cloudposse/atmos/pull/731
https://github.com/cloudposse/atmos/pull/735
https://aws.amazon.com/about-aws/whats-new/2024/10/aws-amplify-amazon-s3-static-website-hosting/
https://aws.amazon.com/about-aws/whats-new/2024/10/aws-iam-identity-center-simplifies-calls-services-single-identity-context/
https://github.com/cloudandthings/terraform-aws-clickops-notifier?utm_source=www.weekly.tf&utm_medium=referral&utm_campaign=issue-197-state-in-iac-tools-terragrunt-1-0-enabling-security-guardrails-aws-eks-access-entries-debug-your-infrastructure
https://coderabbit.ai/
https://www.elastic.co/enterprise-search/workplace-search