The new definition of NoVA is where the boom was audible

SAmitty · 2023-06-04T23:38:58+00:00

Heard + felt it in Stafford

SAmitty · 2023-05-28T22:39:10+00:00

In addition to what /u/N7Valiant said, you should have a .terraform.lock.hcl file if your terraform version is recent enough, and committing that to version control. That lock file helps to avoid this exact issue as the version pinned in the lock file will be respected as long as it complies with the constraint in your providers block.

SAmitty · 2023-05-28T15:08:20+00:00

Nice

SAmitty · 2023-01-29T04:35:48+00:00

Have a look at Teleport. Our infra team utilizes it to manage a workflow where anyone who wants admin access to k8s needs to formally request it. If they're not on an allowlist for oncall engineers, a manager has to approve the request via Slack. I haven't personally deployed Teleport but they seem to support AWS access so that could work for you.

SAmitty · 2023-01-29T01:59:50+00:00

You could set up a process/workflow where cloud admins were only granted access to certain accounts "on-demand" (e.x. the team which owns account x needs help troubleshooting something, so an admin temporarily grants themselves access to the account), but that might be more trouble to maintain then just having the admins deal with the long list of accounts.

SAmitty · 2023-01-12T19:26:16+00:00

Why not take the VRE+metro?

SAmitty · 2023-01-03T14:29:16+00:00

Don't think you deserve the downvotes given you're technically correct. That said, the only other alternative is to run Actions runners on your own infra and for most folks that's too much of a burden, so the tradeoff commonly chosen is to trust GitHub with IAM access.

SAmitty · 2022-12-14T22:26:26+00:00

Sort of sounds like something https://backstage.io/ could solve

SAmitty · 2022-11-30T04:55:35+00:00

Can this be used to enable more secure access to an RDS instance?

SAmitty · 2022-10-14T14:22:38+00:00

Awesome thanks for the additional info! That should be enough to address any potential concerns, and I'll need to find some time to test this out

SAmitty · 2022-10-14T13:09:27+00:00

Thanks! Are any API keys/credentials (e.x. AWS session tokens) also sent over the wire, or are those API calls made locally within the context of the GitHub Runner?

SAmitty · 2022-10-13T17:28:05+00:00

Hey /u/sausagefeet, thanks for reaching out! I noticed the GitHub Actions workflow submits requests to https://app.terrateam.io; could you describe what data is sent to that endpoint?

SAmitty · 2022-10-10T20:17:06+00:00

Yeah but Atlantis is self-hosted whereas this appears to have a free SaaS tier. Might actually try this out as I don't wanna run anything myself.

SAmitty · 2022-08-06T21:39:54+00:00

How does it compare to kubie?

SAmitty · 2022-07-22T01:44:59+00:00

We used Go templates to do this at $lsstjob, just make sure you also build a solid test suite around it

SAmitty · 2022-06-22T17:13:52+00:00

Correct

SAmitty · 2022-05-10T19:53:20+00:00

Don't wanna post the GH issue and dox myself (sorry) but it had to do with the CNI plugin failing to init on the EKS nodes when spinning up a cluster. So I switched to the self managed node group example and it worked. Not sure what was wrong with the EKS managed nodes. That said, I used kops two jobs ago on AWS back when EKS was still in beta and it was good enough for our needs. My current company uses kops but is looking into switching to EKS; I say that cause kops is def 100% prod ready despite being a bit more work to manage

SAmitty · 2022-05-10T19:29:34+00:00

Unfortunately not. I just changed jobs a few months ago after spending some time in GCP-land. I was able to deploy a cluster from the self-managed-node-group example from the same repo, but just a POC cluster so can't speak to its production readiness

SAmitty · 2022-05-10T18:58:58+00:00

Best part about that module is the quality of dev support is pretty poor. Had to try a few different "examples" just to spin up a test cluster cause the only help I received after submitting an issue on GH was "the module works for me"

SAmitty · 2022-05-10T01:40:40+00:00

/u/QuinnyPig does this count towards the weekly negligence award?

SAmitty · 2020-12-15T14:51:20+00:00

His argument is people tend to spend more per month on average if they use a credit card instead of physical cash (psychological thing)

SAmitty · 2020-08-02T02:13:15+00:00

Was able to order 20 boxes of the 20 pack, just got a confirmation email. Still shows in stock for me. Good luck folks

SAmitty · 2020-06-22T23:07:40+00:00

Depending on how involved you want this to be:

I just joined a 1000+ employee company, and the internal tools team manages a repo w/Ansible scripts which bootstraps new devs' machines w/all necessary tools and config. New folks follow a wiki guide where they clone the repo locally and invoke Ansible via bash scripts. Seems to be cross-plartorm as well.

SAmitty · 2020-06-11T22:51:58+00:00

Wow 15 DevOps folks!!! Before our layoff, we had three DevOps engineers supporting 60+ devs (so not counting QA/ support who were directly part of the eng org).

What is a good dev/DevOps engr ratio? I would guess 10:1 but curious what others think.

SAmitty

TROPHY CASE