release-engineeringArchived
6 messages
CI/CD Discussions
Archive: https://archive.sweetops.com/release-engineering/
lorenover 5 years ago
More options for running GitHub actions during a pull request initiated from a fork.... https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
DJover 5 years ago
Is anyone else in this Slack using GitLab?
Andrew Rothover 5 years ago(edited)
I’m currently working on a Terraform module that needs to create a Kubernetes cluster as well as deploy some helm charts to it. I need it to be as “production-ready” as possible. What’s the best approach right now for using Terraform to deploy things to Kubernetes?
For further context, the module will spin up AWS resources (EC2 instances, security groups, etc), then use the Terraform RKE provider to create the k8s cluster. Here’s an example from Rancher that is close to what I want to do, but they clearly say that it is not meant for production. Here’s my repo if you want to follow along with my progress. I’m working in the
While not a set-in-stone requirement, if at all possible, I would like to avoid requiring any
Terraform Helm Provider?
I don’t know much about it, though it looks to have decently good support
1. Does it require
2. Is it being used anywhere successfully in production?
Terraform Helmfile Provider?
Probably not much more than an honorable mention since it is so new, but I do ❤️ pretty much anything @mumoshu touches 😁
1. Does it require
Local-exec using helm/helmfile in an idempotent way?
Some of my colleagues do this, but I believe it is just too crude to use in production
Terraform Shell Provider?
This feels like a souped-up version of local-exec that at least gives me better lifecycle management (thanks @mumoshu for linking to it in the helmfile provider docs)
Flux Helm Operator?
the Flux project has a Helm operator that looks really nice. I’d need to get the operator installed, and then need to figure out the best way to get the CRDs applied, but it looks like it has nice potential
For further context, the module will spin up AWS resources (EC2 instances, security groups, etc), then use the Terraform RKE provider to create the k8s cluster. Here’s an example from Rancher that is close to what I want to do, but they clearly say that it is not meant for production. Here’s my repo if you want to follow along with my progress. I’m working in the
feature/initial_dev branch.While not a set-in-stone requirement, if at all possible, I would like to avoid requiring any
local-exec or dependencies on any local installed tools other than Terraform.Terraform Helm Provider?
I don’t know much about it, though it looks to have decently good support
1. Does it require
helm to be installed on the machine running Terraform?2. Is it being used anywhere successfully in production?
Terraform Helmfile Provider?
Probably not much more than an honorable mention since it is so new, but I do ❤️ pretty much anything @mumoshu touches 😁
1. Does it require
helm, helmfile, helm-diff, helm-git, etc to be installed on the machine running Terraform? (If I am reading correctly, the answer is yes)Local-exec using helm/helmfile in an idempotent way?
Some of my colleagues do this, but I believe it is just too crude to use in production
Terraform Shell Provider?
This feels like a souped-up version of local-exec that at least gives me better lifecycle management (thanks @mumoshu for linking to it in the helmfile provider docs)
Flux Helm Operator?
the Flux project has a Helm operator that looks really nice. I’d need to get the operator installed, and then need to figure out the best way to get the CRDs applied, but it looks like it has nice potential
Yoni Leitersdorf (Indeni Cloudrail)over 5 years ago(edited)
Anybody here using tfscan, checkov, or something else in their CI/CD to spot security issues in TF code? If you are, or are considering doing it, can you share how you do it, and what do you do with the results?
madoover 5 years ago
I use openscap to scan image.
B
Barak Schosterover 5 years ago
@Barak Schoster has joined the channel