Прямо сейчас проходит AWS re:Invent, так что новостей об Амазоне будет ого-го.

Пока из самого интересного (субъективно):

- Amazon EKS on AWS Fargate Now Generally Available - теперь можно не париться ЕС2 нодами и просто кормить ямлы в кластер

- AWS launches Fargate Spot, save up to 70% for fault tolerant applications - гоняем всё тот же Фаргейт на спотах

- Announcing the Amazon ECS CLI v2 - про CLI теперь можно без Python и со встроенным SSO

P.S.: И ещё буквально две штуки, не связанные с Амазон. Однако, решил добавить в этот пост, чтобы не спамить.

- CrossGuard от Pulumi для управления политиками
- Thanos(хранилище метрики для Prometheus) вышел версией 0.9.0

#aws #iac #observability

HashiCorp рассказывают о TDD для инфраструктуры

А также доклад Евгения Брикмана об автоматизации тестирования инфраструктуры на InfoQ

#iac

​​Пока ждал заселения в отель, написал заметочку о своём опыте с Pulumi

Это такая штука, которая поддерживает языки общего применения для описания инфраструктуры

А ещё увидел, что в блоге не работает подсветка синтаксиса 😒
Надо будет поправить на досуге.

UPD: поправил про удалённое хранилище стейта по замечаниям из чата и добавил в конец пару ссылок

#iac #pulumi #typescript

В продолжение HashiCorp темы, тулзы для анализа Terraform кода от бати DevOps движения - Patrick Debois:
- Terrascan
- CheckOv
- Terrafirma
- TfSec
- Terraform-validator

От себя ещё добавлю
- tflint
- Terratest
- kitchen-terraform

Там в Twitter треде ещё больше вариантов - гляньте, кому интересно.

#iac #terraform #hashicorp

История компании GSoft, которые используют Pulumi с CrossGuard в Azure

CrossGuard - это компонент Pulumi, который позволяет описывать политики кодом проверять их ещё до того, как ресурсы будут запущены в облаке

#iac #pulumi

Репозитории Terraform AWS Modules теперь менеджатся с помощью Terraform

В статье есть ссылка на код для управления GitHub с помощью Terraform. Только учтите, что из-за квот GitHub на API запросы, управление множеством репозиториев может быть печальным.

Ещё из интересных нюансов: не все фичи доступны через API (что, кстати, странно). Например, новая фича с автоматическим удалением ветки при закрытии PR всё ещё не доступна. Я даже на форум им писал по этому поводу.

#iac #terraform #github

Из новостей: вышла версия Pulumi 2.0

Обещают улучшенную поддержку облачных провайдеров, новую документацию, тэги и фильтрацию для стэков, гибкие способы миграции с существующих IaC решений, policies as code, улучшенную поддержку тестов

#iac #pulumi

​​A bit of original content for you today.

I’ve wrote an article about my brief experiments with Crossplane.

This is a toolset, which allows you to manage infrastructure as Kubernetes objects.

I promised to write it up last year, but got a chance to actually publish it just now.

Hope you enjoy the reading!

#kubernetes #iac

I'm a bit late with this one. Last week we had a conference to do, so I actually missed a lot.

Pulumi reached the version 3. Congratulations! What's new:
- Automation API. So, now you can trigger it from some other place
- Native providers for Azure and GCP. No more Terraform provider wrappings, I guess
- SDK improvements for Go and Python
- Improvements for the paid users.

So, I guess it's time to give it another try? Last time I checked Pulumi (which was more than a year ago) it was still kinda raw.

Also, it might be a good thing for people, who are still running Terraform 0.11 and hope for an "easy" upgrade to 1.0. Just kidding

#iac #pulumi

And back to IaC.

Pulumi has presented an Automation API - a generic way to programmatically trigger Pulumi execution.

This API should ease for platform teams the development of self-service developers' portals.

The article contains examples of the Automation API usage as a WebUI, CLI, CI/CD systems' plugin, and even Jupiter notebook.


#iac #pulumi

I like it when articles on the Web start discussions. Although, sometimes such articles are just click bait, but you can figure it out based discussions they ignite.

Steve Smith wrote an article called "GitOps is a placebo", where he argues that GitOps haven't bought anything new to the table, because all its core concepts already existed in form of Continuous Delivery and Infrastructure as Code.

And here is the reply to this article by Carlos Sanchez in the form of a Twitter thread.

Feel free to share your own thoughts on GitOps in our chat

#cicd #iac #gitops

Kris Nova's recent write up on Infrastructure as Code vs Infrastructure as Software

(also available on GitHub)

In short, we are used to manage our infrastructure with Turing incomplete configs like YAML. Since configs are too static, people invented some tooling on top of it. So, now you have a lot of templating for this.

On another hand, we can simply use modern day programming languages like Go, TypeScript, Python, etc. In this scenario infrastructure engineers can benefit from the entire ecosystem of a given language like test suites, IDE plugins, package management and so on.

In fact, these concepts are already used in various CDKs and Pulumi.

This article is not yet a definitive guide, rather just a thoughts material. You can join the discussion
- on Twitter
- on Reddit

#iac

If you’re interested in Pulumi, here’s a tutorial on how to create a Lambda function that sends a daily email with Pulumi.

This is a nice small exercise, if you want to get familiar with the tool. Also, this tutorial uses Python, which is very popular in DevOps-ish circles.

#aws #pulumi #iac

A nice article by a friend of mine on how to replace GNU Make with Invoke and Python. The nice part is that it goes beyond some simple “Hello world” examples.

I think using a tool like Invoke or Rake is beneficial. Yet, I still use GNU Make in many places mostly because it’s available almost everywhere out of the box.

As a bonus you can also check out the Task tool - yet another task automation tool written in Go. It uses YAML for configuration, therefore it’s declarative, but you know… YAML. Also, using a full fledged programming language obviously provides more features and flexibility.

#make #iac #automation

Well, it’s happening. Pulumi now supports YAML in GA.

Here are my thoughts about this. The imperative revolution didn’t happen. We haven’t suddenly started to define the infrastructure in TypeScript or Go. Also, it looks like both approaches can co-exist just fine, even as a part of a single tool.

I think that the second point is great, because the users (we) have more options. Smaller setups can benefit from a simpler declarative way, while more complicated installations can leverage the whole power of general purpose languages.

#iac #pulumi

With the whole AI hype going on, it's interesting to see how companies are trying to find an application for AI in their products.

Sometimes it's just pure hype, in my opinion. There are some
"AI-powered" tools that existed just fine without AI. However, I personally see three major areas for AI (LLMs to be precise) in the operational field:

- Taking over some boring tasks like writing some Bash, Makefiles and so on.
- Observability: basically explaining alerts to humans and suggest possible solutions. Perhaps, even apply those suggestions.
- Knowledge management. LLM can answer reoccurring questions instead of a support person. You can even try to teach a model based on your internal documentation and so on.

And here are some practical implementations in some of those areas:

- GitLab’s new security feature uses AI to explain vulnerabilities to developers
- Pulumi AI that writes IaC for you.

P.S. The news about GitLab came from our chat. So, if you have any interesting news to share, do not hesitate to join!

#ai #gitlab #pulumi #iac

Another article from our subscribers.

My experience migrating my infrastructure from Terraform to Pulumi is a story of the IaC migration to… well, Pulumi. A nice thing about this article is that it has some concrete examples of code as well as recommendations out of experience.

Yet, the final thoughts are somewhat questionable. For example, the claim that Pulumi is faster without any measurements.

BTW, I also wrote an article about Pulumi 3 years ago. It’s obviously outdated today but it’s interesting to observe how the project evolves.

P.S. If you want to share an article or just have a casual conversation, do not hesitate to join our chat (chat is in Ukrainian).

#pulumi #terraform #iac

Infrastructure as Code and Configuration Management topics are old and boring. It seems like it's almost impossible to have anything conceptually new in this domain, except some drama around licensing.

Yet, in this blogpost Nathan Peck (he works in AWS, IIRC) argues that we could do it differently and that we could do it better.

The core idea is that instead of writing some YAML or DSL to define various resources and then try to group them somehow, we could leverage the same approach that Web technologies took. More specifically, "decorating" objects with properties provided separately. Similarly to what CSS does to HTML.

There's also a discussion of this post on Hacker News

#iac

I'm no Azure user - this thing came from the chat.

Azure has a collection of verified modules for Terraform and Bicep (their own IaC tool).

So, if you happened to work with Azure, check it out! Maybe, it could make your life a bit easier.

#iac #terraform #azure