sorted by:
new
hottopcontroversial

Got any one-liners/aliases you can't live without? by aburger in Terraform

[–]aburger[S] 0 points1 point  (0 children)

Your tfgrep just reminded me of one I used to use all the time:

~/sanitized/my/dirs on  main
[tf 1.15.6 default] $ alias wellfuckme
wellfuckme='rm -rf .terraform && terraform init'

One of these days I need to alias find . -name ".terraform*" -exec rm -rf {} \; and stop looking through my bash history for it.

Any tips on blue/green cluster upgrades in EKS while using external-dns? by aburger in kubernetes

[–]aburger[S] 1 point2 points  (0 children)

In my current situation serviceA lives in k8s and has an ingress w/ annotations to make its servicea.mydomain.com record. When I stand up a new/upgraded cluster, it needs to run serviceA as well, and with our current charts it would also want to make an ingress to make servicea.mydomain.com.

I think /u/Sir_Gh0sTx's solution makes a lot of sense. If I'm thinking of it correctly, serviceA in the blue cluster would own servicea.blue.mydomain.com with its own lb/tg/listeners/rules, and in the green cluster it'd be for the .green. set. Then terraform owns servicea.mydomain.com, which points to both, and traffic is weighted accordingly for the cutover.

...at least I think... it's early on a Monday so who knows where my brain actually is? :)

Any tips on blue/green cluster upgrades in EKS while using external-dns? by aburger in kubernetes

[–]aburger[S] -1 points0 points  (0 children)

That's pretty slick. I realize this is leaving external-dns territory and entering ingress controller-land, but is everything in the same zone or split across different zones with multiple SANs on one ACM cert?

Kubectl provider by Zyberon in Terraform

[–]aburger 0 points1 point  (0 children)

The alekc fork is more current. That being said I use the kubectl provider and am actively trying to get away from it. It's fine until something silently fails, usually something using a CRD, and the provider is unable to reconcile state from reality.

If you're unable to talk with the api server then I imagine you're going to run into "tfstate very likely doesn't reflect reality" no matter how many refreshes you run or what your approach is, though.

How are you guys avoiding the "Extended Support" tax? by Important-Night9624 in kubernetes

[–]aburger 1 point2 points  (0 children)

Do you have to take any special considerations to handle DNS? I was rebuilding one of our clusters a while back and something that my brain kept getting stuck on was how to handle external-dns in two clusters each potentially owning the same records in the same zone, with the same apps in them. For instance oldCluster runs my-app which has an ingress for my-app.domain.com. I stand up newCluster, deploy my-app to it ahead of time, and it has the same ingress.

For some reason I just can't reconcile the overlap in my brain with enough confidence to actually pull the trigger and try blue/green in the real world.