Прямо сейчас проходит AWS re:Invent, так что новостей об Амазоне будет ого-го.
Пока из самого интересного (субъективно):
- Amazon EKS on AWS Fargate Now Generally Available - теперь можно не париться ЕС2 нодами и просто кормить ямлы в кластер
- AWS launches Fargate Spot, save up to 70% for fault tolerant applications - гоняем всё тот же Фаргейт на спотах
- Announcing the Amazon ECS CLI v2 - про CLI теперь можно без Python и со встроенным SSO
P.S.: И ещё буквально две штуки, не связанные с Амазон. Однако, решил добавить в этот пост, чтобы не спамить.
- CrossGuard от Pulumi для управления политиками
- Thanos(хранилище метрики для Prometheus) вышел версией 0.9.0
#aws #iac #observability
Пока из самого интересного (субъективно):
- Amazon EKS on AWS Fargate Now Generally Available - теперь можно не париться ЕС2 нодами и просто кормить ямлы в кластер
- AWS launches Fargate Spot, save up to 70% for fault tolerant applications - гоняем всё тот же Фаргейт на спотах
- Announcing the Amazon ECS CLI v2 - про CLI теперь можно без Python и со встроенным SSO
P.S.: И ещё буквально две штуки, не связанные с Амазон. Однако, решил добавить в этот пост, чтобы не спамить.
- CrossGuard от Pulumi для управления политиками
- Thanos(хранилище метрики для Prometheus) вышел версией 0.9.0
#aws #iac #observability
Amazon
Amazon EKS on AWS Fargate Now Generally Available | Amazon Web Services
Starting today, you can start using Amazon Elastic Kubernetes Service to run Kubernetes pods on AWS Fargate. EKS and Fargate make it straightforward to run Kubernetes-based applications on AWS by removing the need to provision and manage infrastructure for…
HashiCorp рассказывают о TDD для инфраструктуры
А также доклад Евгения Брикмана об автоматизации тестирования инфраструктуры на InfoQ
#iac
А также доклад Евгения Брикмана об автоматизации тестирования инфраструктуры на InfoQ
#iac
HashiCorp
Test-Driven Development (TDD) for Infrastructure
Learn how to adapt TDD to deploying and configuring infrastructure.
Пока ждал заселения в отель, написал заметочку о своём опыте с Pulumi
Это такая штука, которая поддерживает языки общего применения для описания инфраструктуры
А ещё увидел, что в блоге не работает подсветка синтаксиса 😒
Надо будет поправить на досуге.
UPD: поправил про удалённое хранилище стейта по замечаниям из чата и добавил в конец пару ссылок
#iac #pulumi #typescript
Это такая штука, которая поддерживает языки общего применения для описания инфраструктуры
А ещё увидел, что в блоге не работает подсветка синтаксиса 😒
Надо будет поправить на досуге.
UPD: поправил про удалённое хранилище стейта по замечаниям из чата и добавил в конец пару ссылок
#iac #pulumi #typescript
В продолжение HashiCorp темы, тулзы для анализа Terraform кода от бати DevOps движения - Patrick Debois:
- Terrascan
- CheckOv
- Terrafirma
- TfSec
- Terraform-validator
От себя ещё добавлю
- tflint
- Terratest
- kitchen-terraform
Там в Twitter треде ещё больше вариантов - гляньте, кому интересно.
#iac #terraform #hashicorp
- Terrascan
- CheckOv
- Terrafirma
- TfSec
- Terraform-validator
От себя ещё добавлю
- tflint
- Terratest
- kitchen-terraform
Там в Twitter треде ещё больше вариантов - гляньте, кому интересно.
#iac #terraform #hashicorp
GitHub
GitHub - tenable/terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning…
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. - GitHub - tenable/terrascan: Detect compliance and securit...
История компании GSoft, которые используют Pulumi с CrossGuard в Azure
CrossGuard - это компонент Pulumi, который позволяет описывать политики кодом проверять их ещё до того, как ресурсы будут запущены в облаке
#iac #pulumi
CrossGuard - это компонент Pulumi, который позволяет описывать политики кодом проверять их ещё до того, как ресурсы будут запущены в облаке
#iac #pulumi
Medium
Safeguarding Your Azure Infrastructure With Pulumi’s Policies as Code
I recently ventured into Pulumi to see if it was a viable option to use as our Infrastructure as Code (IaC) tool and came across one of…
Репозитории Terraform AWS Modules теперь менеджатся с помощью Terraform
В статье есть ссылка на код для управления GitHub с помощью Terraform. Только учтите, что из-за квот GitHub на API запросы, управление множеством репозиториев может быть печальным.
Ещё из интересных нюансов: не все фичи доступны через API (что, кстати, странно). Например, новая фича с автоматическим удалением ветки при закрытии PR всё ещё не доступна. Я даже на форум им писал по этому поводу.
#iac #terraform #github
В статье есть ссылка на код для управления GitHub с помощью Terraform. Только учтите, что из-за квот GitHub на API запросы, управление множеством репозиториев может быть печальным.
Ещё из интересных нюансов: не все фичи доступны через API (что, кстати, странно). Например, новая фича с автоматическим удалением ветки при закрытии PR всё ещё не доступна. Я даже на форум им писал по этому поводу.
#iac #terraform #github
Anton Babenko
"Terraform AWS modules" as a code
After several years of maintaining Terraform AWS modules on GitHub and making constant improvements in processes I decided to spend more time and improve things even further. I want other people to be involved and recognized also while I spend more time on…
Из новостей: вышла версия Pulumi 2.0
Обещают улучшенную поддержку облачных провайдеров, новую документацию, тэги и фильтрацию для стэков, гибкие способы миграции с существующих IaC решений, policies as code, улучшенную поддержку тестов
#iac #pulumi
Обещают улучшенную поддержку облачных провайдеров, новую документацию, тэги и фильтрацию для стэков, гибкие способы миграции с существующих IaC решений, policies as code, улучшенную поддержку тестов
#iac #pulumi
pulumi
Announcing Pulumi 2.0, Now with Superpowers
Today we are announcing Pulumi 2.0, a modern infrastructure as code platform with advanced capabilities including new languages, testing, and policy as code.
A bit of original content for you today.
I’ve wrote an article about my brief experiments with Crossplane.
This is a toolset, which allows you to manage infrastructure as Kubernetes objects.
I promised to write it up last year, but got a chance to actually publish it just now.
Hope you enjoy the reading!
#kubernetes #iac
I’ve wrote an article about my brief experiments with Crossplane.
This is a toolset, which allows you to manage infrastructure as Kubernetes objects.
I promised to write it up last year, but got a chance to actually publish it just now.
Hope you enjoy the reading!
#kubernetes #iac
I'm a bit late with this one. Last week we had a conference to do, so I actually missed a lot.
Pulumi reached the version 3. Congratulations! What's new:
- Automation API. So, now you can trigger it from some other place
- Native providers for Azure and GCP. No more Terraform provider wrappings, I guess
- SDK improvements for Go and Python
- Improvements for the paid users.
So, I guess it's time to give it another try? Last time I checked Pulumi (which was more than a year ago) it was still kinda raw.
Also, it might be a good thing for people, who are still running Terraform 0.11 and hope for an "easy" upgrade to 1.0. Just kidding
#iac #pulumi
Pulumi reached the version 3. Congratulations! What's new:
- Automation API. So, now you can trigger it from some other place
- Native providers for Azure and GCP. No more Terraform provider wrappings, I guess
- SDK improvements for Go and Python
- Improvements for the paid users.
So, I guess it's time to give it another try? Last time I checked Pulumi (which was more than a year ago) it was still kinda raw.
Also, it might be a good thing for people, who are still running Terraform 0.11 and hope for an "easy" upgrade to 1.0. Just kidding
#iac #pulumi
pulumi
Announcing Pulumi 3.0
Announcing Pulumi 3.0, the next major version of the Pulumi open source project.
And back to IaC.
Pulumi has presented an Automation API - a generic way to programmatically trigger Pulumi execution.
This API should ease for platform teams the development of self-service developers' portals.
The article contains examples of the Automation API usage as a WebUI, CLI, CI/CD systems' plugin, and even Jupiter notebook.
#iac #pulumi
Pulumi has presented an Automation API - a generic way to programmatically trigger Pulumi execution.
This API should ease for platform teams the development of self-service developers' portals.
The article contains examples of the Automation API usage as a WebUI, CLI, CI/CD systems' plugin, and even Jupiter notebook.
#iac #pulumi
pulumi
Build your perfect interface for the cloud: Automation API
Automation API brings the Pulumi modern IaC engine to any application
I like it when articles on the Web start discussions. Although, sometimes such articles are just click bait, but you can figure it out based discussions they ignite.
Steve Smith wrote an article called "GitOps is a placebo", where he argues that GitOps haven't bought anything new to the table, because all its core concepts already existed in form of Continuous Delivery and Infrastructure as Code.
And here is the reply to this article by Carlos Sanchez in the form of a Twitter thread.
Feel free to share your own thoughts on GitOps in our chat
#cicd #iac #gitops
Steve Smith wrote an article called "GitOps is a placebo", where he argues that GitOps haven't bought anything new to the table, because all its core concepts already existed in form of Continuous Delivery and Infrastructure as Code.
And here is the reply to this article by Carlos Sanchez in the form of a Twitter thread.
Feel free to share your own thoughts on GitOps in our chat
#cicd #iac #gitops
Twitter
Carlos Sanchez
"GitOps is a placebo" Interesting take but let me disagree with some points, a 🧵 twitter.com/SteveSmith_Tec…
Kris Nova's recent write up on Infrastructure as Code vs Infrastructure as Software
(also available on GitHub)
In short, we are used to manage our infrastructure with Turing incomplete configs like YAML. Since configs are too static, people invented some tooling on top of it. So, now you have a lot of templating for this.
On another hand, we can simply use modern day programming languages like Go, TypeScript, Python, etc. In this scenario infrastructure engineers can benefit from the entire ecosystem of a given language like test suites, IDE plugins, package management and so on.
In fact, these concepts are already used in various CDKs and Pulumi.
This article is not yet a definitive guide, rather just a thoughts material. You can join the discussion
- on Twitter
- on Reddit
#iac
(also available on GitHub)
In short, we are used to manage our infrastructure with Turing incomplete configs like YAML. Since configs are too static, people invented some tooling on top of it. So, now you have a lot of templating for this.
On another hand, we can simply use modern day programming languages like Go, TypeScript, Python, etc. In this scenario infrastructure engineers can benefit from the entire ecosystem of a given language like test suites, IDE plugins, package management and so on.
In fact, these concepts are already used in various CDKs and Pulumi.
This article is not yet a definitive guide, rather just a thoughts material. You can join the discussion
- on Twitter
- on Reddit
#iac
If you’re interested in Pulumi, here’s a tutorial on how to create a Lambda function that sends a daily email with Pulumi.
This is a nice small exercise, if you want to get familiar with the tool. Also, this tutorial uses Python, which is very popular in DevOps-ish circles.
#aws #pulumi #iac
This is a nice small exercise, if you want to get familiar with the tool. Also, this tutorial uses Python, which is very popular in DevOps-ish circles.
#aws #pulumi #iac
Travis Media
Pulumi AWS Tutorial: Create a Lambda Function That Sends You Morning Emails Via SNS - Travis Media
Learn how to use the Pulumi platform with AWS in this complete, ste-by-step guide. This tutorial will walk you through setting up a Pulumi stack, getting familiar with the API, and deploying and managing AWS infrastructure using Pulumi.
A nice article by a friend of mine on how to replace GNU Make with Invoke and Python. The nice part is that it goes beyond some simple “Hello world” examples.
I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.
As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.
#make #iac #automation
I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.
As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.
#make #iac #automation
Medium
Better make for automation
Everyone probably knows about make and Makefiles. Initially a build automation tool, it’s often used as wrapper around different tools to…
Well, it’s happening. Pulumi now supports YAML in GA.
Here are my thoughts about this. The imperative revolution didn’t happen. We haven’t suddenly started to define the infrastructure in TypeScript or Go. Also, it looks like both approaches can co-exist just fine, even as a part of a single tool.
I think that the second point is great, because the users (we) have more options. Smaller setups can benefit from a simpler declarative way, while more complicated installations can leverage the whole power of general purpose languages.
#iac #pulumi
Here are my thoughts about this. The imperative revolution didn’t happen. We haven’t suddenly started to define the infrastructure in TypeScript or Go. Also, it looks like both approaches can co-exist just fine, even as a part of a single tool.
I think that the second point is great, because the users (we) have more options. Smaller setups can benefit from a simpler declarative way, while more complicated installations can leverage the whole power of general purpose languages.
#iac #pulumi
pulumi
Pulumi YAML General Availability
Pulumi YAML 1.0 with IDE integration, full convert support, simpler function syntax and Kubernetes Operator embedding
With the whole AI hype going on, it's interesting to see how companies are trying to find an application for AI in their products.
Sometimes it's just pure hype, in my opinion. There are some
"AI-powered" tools that existed just fine without AI. However, I personally see three major areas for AI (LLMs to be precise) in the operational field:
- Taking over some boring tasks like writing some Bash, Makefiles and so on.
- Observability: basically explaining alerts to humans and suggest possible solutions. Perhaps, even apply those suggestions.
- Knowledge management. LLM can answer reoccurring questions instead of a support person. You can even try to teach a model based on your internal documentation and so on.
And here are some practical implementations in some of those areas:
- GitLab’s new security feature uses AI to explain vulnerabilities to developers
- Pulumi AI that writes IaC for you.
P.S. The news about GitLab came from our chat. So, if you have any interesting news to share, do not hesitate to join!
#ai #gitlab #pulumi #iac
Sometimes it's just pure hype, in my opinion. There are some
"AI-powered" tools that existed just fine without AI. However, I personally see three major areas for AI (LLMs to be precise) in the operational field:
- Taking over some boring tasks like writing some Bash, Makefiles and so on.
- Observability: basically explaining alerts to humans and suggest possible solutions. Perhaps, even apply those suggestions.
- Knowledge management. LLM can answer reoccurring questions instead of a support person. You can even try to teach a model based on your internal documentation and so on.
And here are some practical implementations in some of those areas:
- GitLab’s new security feature uses AI to explain vulnerabilities to developers
- Pulumi AI that writes IaC for you.
P.S. The news about GitLab came from our chat. So, if you have any interesting news to share, do not hesitate to join!
#ai #gitlab #pulumi #iac
TechCrunch
GitLab’s new security feature uses AI to explain vulnerabilities to developers
Developer platform GitLab today announced a new AI-driven security feature that uses a large language model to explain potential vulnerabilities to developers, with plans to expand this to automatically resolve these vulnerabilities using AI in the future.
Another article from our subscribers.
My experience migrating my infrastructure from Terraform to Pulumi is a story of the IaC migration to… well, Pulumi. A nice thing about this article is that it has some concrete examples of code as well as recommendations out of experience.
Yet, the final thoughts are somewhat questionable. For example, the claim that Pulumi is faster without any measurements.
BTW, I also wrote an article about Pulumi 3 years ago. It’s obviously outdated today but it’s interesting to observe how the project evolves.
P.S. If you want to share an article or just have a casual conversation, do not hesitate to join our chat (chat is in Ukrainian).
#pulumi #terraform #iac
My experience migrating my infrastructure from Terraform to Pulumi is a story of the IaC migration to… well, Pulumi. A nice thing about this article is that it has some concrete examples of code as well as recommendations out of experience.
Yet, the final thoughts are somewhat questionable. For example, the claim that Pulumi is faster without any measurements.
BTW, I also wrote an article about Pulumi 3 years ago. It’s obviously outdated today but it’s interesting to observe how the project evolves.
P.S. If you want to share an article or just have a casual conversation, do not hesitate to join our chat (chat is in Ukrainian).
#pulumi #terraform #iac
There and back again
My experience migrating my infrastructure from Terraform to Pulumi
I always intended this blog to contain a mix of technical and business posts. Here's the first technical piece. If that's not your cup of tea then you should probably stop reading right here, and go for a nice walk outside instead :).
Still here? Coo...
Still here? Coo...
Infrastructure as Code and Configuration Management topics are old and boring. It seems like it's almost impossible to have anything conceptually new in this domain, except some drama around licensing.
Yet, in this blogpost Nathan Peck (he works in AWS, IIRC) argues that we could do it differently and that we could do it better.
The core idea is that instead of writing some YAML or DSL to define various resources and then try to group them somehow, we could leverage the same approach that Web technologies took. More specifically, "decorating" objects with properties provided separately. Similarly to what CSS does to HTML.
There's also a discussion of this post on Hacker News
#iac
Yet, in this blogpost Nathan Peck (he works in AWS, IIRC) argues that we could do it differently and that we could do it better.
The core idea is that instead of writing some YAML or DSL to define various resources and then try to group them somehow, we could leverage the same approach that Web technologies took. More specifically, "decorating" objects with properties provided separately. Similarly to what CSS does to HTML.
There's also a discussion of this post on Hacker News
#iac
Nathanpeck
Rethinking infrastructure as code from scratch
Recently I’ve been thinking a lot about infrastructure complexity, and the current state of infrastructure as code.
This is problem space that many talented people are tackling.
This is problem space that many talented people are tackling.
I'm no Azure user - this thing came from the chat.
Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).
So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.
#iac #terraform #azure
Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).
So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.
#iac #terraform #azure