Cloud Posse DevOps "Office Hours" Podcast Erik Osterman

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:13] Red Hat open sources StackRox
https://techcrunch.com/2022/05/17/red-hat-open-sources-stackrox-the-kubernetes-security-platform-it-acquired-last-year/
[00:01:52] Easily Manage Access to Kubernetes
https://github.com/infrahq/infra
[00:03:40] Heroku CI and Review App Secrets Compromised (Dejavu?)
https://news.ycombinator.com/item?id=31417993
[00:04:56] AWS Control Tower can now use customer provided core accounts
https://aws.amazon.com/about-aws/whats-new/2022/05/aws-control-tower-now-use-customer-provided-core-accounts/
[00:07:41] AWS SSO delegated administration to a member account
https://aws.amazon.com/blogs/security/getting-started-with-aws-sso-delegated-administration/
[00:10:21] Yet Another Kubernetes Controller for Terraform (weaveworks, rancher, et al)
https://www.appvia.io/blog/self-service-of-cloud-resources
https://github.com/weaveworks/tf-controller
https://github.com/rancher/terraform-controller
[00:12:20] Terraform provider for Atlas Database Migrations 
https://atlasgo.io/blog/2022/05/04/announcing-terraform-providerx
[00:15:56] What does cloudposse use for ingress controller?
[00:24:41] I’m curious what kinds of patterns cloudposse has seen work for “On demand” environments, for microservices? 
[00:38:10] atmos.tools launched!
[00:39:33] Using Terraform to create a DB from scratch - how are we supposed to manage the DB passwords? 
[00:44:02] How would you set up IAM policies if starting from scratch? 
[00:46:42] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:27] VSCode edit any GitHub Repository
https://github.dev/cloudposse/geodesic
[00:06:19] GitHub Actions: Enhance your actions with job summaries
https://github.blog/changelog/2022-05-09-github-actions-enhance-your-actions-with-job-summaries
[00:07:25] Validate Stack Configurations in Atmos
https://github.com/cloudposse/atmos/releases/tag/v1.4.13
[00:08:33] Another Terraform Tool for Refactoring
https://github.com/craftvscruft/tfrefactor
[00:11:45] AWS Secrets Manager Publishes Usage Metrics to Amazon CloudWatch
https://aws.amazon.com/about-aws/whats-new/2022/05/aws-secrets-manager-publishes-usage-metrics-to-amazon-cloudwatch/
[00:12:21] Announcing the HashiCorp Releases API
https://www.hashicorp.com/blog/announcing-the-hashicorp-releases-api
[00:14:17] PR Feedback: Overhaul for IPv6 and flexibility 
https://github.com/cloudposse/terraform-aws-dynamic-subnets/pull/159
[00:17:50] Join discussions: VPC Endpoints and Transit Gateway
[00:25:55] DevOps Days - Ukraine Edition
[00:27:11] OtterTune scored big round of funding 
https://techcrunch.com/2022/05/10/2309852/
[00:28:55] CloudFlare SQL database announced
[00:34:00] Pulumi YAML - Would love to discuss this with anybody who has had the chance to kick the tires. 
[00:48:21] What API Gateways are you guys using for your Kubernetes clusters?
[00:58:50] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:17] Atmos Adds Vendoring - pull terraform root modules (or anything) from anywhere
https://github.com/cloudposse/atmos/pull/145
[00:07:30] Terraform 1.2 (RC1 just dropped) — adds pre/post conditions, bearer tokens
https://github.com/hashicorp/terraform/releases/tag/v1.2.0-rc1
[00:14:28] Amazon EKS web console adds Kubernetes Resource View
https://aws.amazon.com/blogs/containers/introducing-kubernetes-resource-view-in-amazon-eks-console/
[00:18:34] Werf: Consistent delivery tool
https://werf.io/
[00:26:32] Easy-to-follow set of instructions for a strategy that minimizes the cost of NAT gateways in ec2.
[00:36:00] How many of you don't commit .terraform.lock.hcl to source control?
[00:44:25] Explain to me how crossplane works? 
[00:53:35] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:29] Git.io shutting down 2022-04-29 (GitHub provides 4 days notice!!!)
https://github.blog/changelog/2022-04-25-git-io-deprecation/
[00:02:53] Cloud Posse build-harness: update links to cloudposse.tools/build-harness
https://github.com/cloudposse/build-harness/issues/314
[00:04:34] Google donates the Istio service mesh to the CNCF
https://techcrunch.com/2022/04/25/google-donates-the-istio-service-mesh-to-the-cloud-native-computing-foundation/
[00:05:05] AWS's Log4j patches blew holes in its own security
https://www.theregister.com/AMP/2022/04/20/aws_log4j_patches/
[00:05:42] Fairwinds Helmfile Alternative: declaratively manage multiple Helm chart releases
https://github.com/FairwindsOps/reckoner
[00:06:48] [2018] Kubernetes Edge Computing at Chick-fil-A
https://medium.com/@cfatechblog/edge-computing-at-chick-fil-a-7d67242675e2
[00:08:17] Finally, a terraform-registry-proxy for “airgapped” environments
https://github.com/jasonwbarnett/terraform-registry-proxy
[00:22:00] Aurora Serverless v1 is GA
[00:23:26] Use IAM to control access to a resource based on the account, OU or organization that contains the resource
https://aws.amazon.com/about-aws/whats-new/2022/04/iam-access-resource-organization/
[00:24:36] Karpenter workload consolidation/defragmentation
https://github.com/aws/karpenter/issues/1091
[00:29:37] How have folks automated AWS IAM Access Key + Secret Key rotation policies 
[00:34:23] Opinions and thoughts on K8s ingress controllers for high volume deployments. 
[00:42:25] What advice do you have for how to communicate expectations when people decide to use something brand new that is still super beta/rough, are having problems, and are annoyed that things aren't working?
[00:52:30] Are you doomed without a tool like Spacelift? 
[01:00:23] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show (https://cloudposse.com/office-hours/)

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:22] Terraform Experiment Update: Optional arguments in object variable type definition
https://github.com/hashicorp/terraform/issues/19898#issuecomment-1101853833
[00:02:22] GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (from Heroku & TravisCI)
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html
[00:05:53] Terraform Data Source for AWS Pricing Data
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/pricing_product
[00:06:26] How to Make 100K/year on GitHub Sponsors
https://calebporzio.com/i-just-hit-dollar-100000yr-on-github-sponsors-heres-how-i-did-it
[00:13:20] AWS Security Hub adds cross-Region security scores and compliance statuses
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-security-hub-cross-region-security-scores-compliance-statuses/
[00:15:58] FYI, AWS Single Sign-On is now HIPAA eligible
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-single-sign-on-hipaa-eligible/
[00:17:00] AWS Shield adds automatic application-layer DDoS mitigation for ALBs with WAF
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-shield-application-balancer-automatic-ddos-mitigation/
[00:23:01] Terraform + GitHub Actions & OIDC (via weekly.tf)
https://blog.symops.com/2022/04/14/terraform-pipeline-with-github-actions-and-github-oidc-for-aws/
[00:24:03] Hierarchical YAML Configurations in Terraform
https://github.com/lyraproj/hiera
[00:28:08] Rare Leakage of an S3 Stack Trace
[00:30:21] Cloud Posse “Activation Days”? Who is interested….
[00:32:27] What kind of a git repo structure do you recommend if I want to separate my terraform modules in repository?
[00:39:48] Are there any examples on the use of helmfile that showcase how one might use it in a "bigger" situation?
[00:54:53] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show (https://cloudposse.com/office-hours/)

Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. 

You can register here: https://cloudposse.com/office-hours

Join the conversation: 
https://slack.cloudposse.com/

Find out how we can help your company:
https://cloudposse.com/quiz
https://cloudposse.com/accelerate/

Learn more about Cloud Posse:
https://cloudposse.com
https://github.com/cloudposse
https://sweetops.com/
https://newsletter.cloudposse.com
https://podcast.cloudposse.com/

[00:00:00] Intro
[00:01:31] AWS Lambda Functions now support HTTPS Endpoints (e.g. Single-Function Microservices)
https://aws.amazon.com/blogs/aws/announcing-aws-lambda-function-urls-built-in-https-endpoints-for-single-function-microservices/
[00:12:04] AWS Provider version 4.0 Chaos. AWS Terraform Provider v4.9.0 was just released. 
https://github.com/hashicorp/terraform-provider-aws/issues/23106
https://github.com/hashicorp/terraform-provider-aws/blob/v4.9.0/CHANGELOG.md
[00:16:54] AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services
https://aws.amazon.com/about-aws/whats-new/2022/04/aws-data-transfer-price-reduction-privatelink-transit-gateway-client-vpn-services/
[00:18:08] GitHub Now Supports Organizational Profile Pages
https://github.com/github
[00:21:32] “Case Study” on the Longest (Atlassian) Outage of All Time! 2+ weeks OMG, 400+ customers
https://newsletter.pragmaticengineer.com/p/scoop-atlassian
[00:35:10] Azure Terrafy and AzAPI are Microsoft’s alternative to “Terraformer” (by google)
https://techcommunity.microsoft.com/t5/azure-tools-blog/announcing-azure-terrafy-and-azapi-terraform-provider-previews/ba-p/3270937
https://github.com/GoogleCloudPlatform/terraformer
[00:36:13] Scaling containers on AWS in 2022
https://www.vladionescu.me/posts/scaling-containers-on-aws-in-2022/
[00:51:17] Pros and cons of using the latest EKS AMIs or managing roll-out of new AMI releases manually? 
[00:57:10] How have folks automated AWS IAM Access Key + Secret Key rotation policies
[00:57:54] Outro 

#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#aws
Support the show (https://cloudposse.com/office-hours/)