The Planet Crafter : un jeu de survie/craft/terraforming modeste techniquement mais qui te plonge parfaitement dans l'ambiance du délire. Prise en main top, on ne s'ennuie pas et l'exploration est top. Cerise sur le gâteau, on peut y jouer en solo ou multi jusqu'à 10.
Anyone familiar with terraform, GKE and enabling GCP services from TF?
Setting up a new project and trying to plan a GKE cluster. But I get this response saying the Kubernetes API hasn't be used or is disabled - well yes, it's a new project. But it's listed in the services for the project and should then get enabled like all the others, right 🤔
Google just asked if we could enable via the UI. But that's not the point. This is meant to be automated with TF.
While I’ll be following the #Linkerd / #CNCF drama with interest, this isn’t a rug pull like the #terraform license switch. #OpenSource means the source code is… well, open. That’s all. I’ve said it before: there’s no “spirit of open source” that always seems to put a ton of obligations on maintainers but never on users.
Doesn’t mean anyone has to be happy about the change, and I fully understand those who aren’t. But if it’s not in a license — OSS or commercial — it’s not an obligation.
@malin right, this is assuming the code was published in the first place. I don’t think I’ve seen a project that only distributed code on request, and I doubt anyone would want anything to do with that, lol. But you’re correct, it would be within their rights.
Anyone have a good write up/how-to for standing up #OpenPolicyAgent server? Looking at the documentation, I'm a bit lost on how to point it to rego files, and how to have my clients call OPA to evaluate their JSON.
My use case is kind of fun - have all my team's Terraform repos do a pre-merge OPA evaluation on the Terraform plan. I'd like to get away from bundling the rego with the repos - the developers could just change the accept criteria and hope nobody notices in the pull request.
So success looks like having a rego file on a remote opa server that will allow a user to POST a url with their terraform plan, and get back the results.
You'd likely have your policies live in a separate repo, and then have a build pipeline for that repo which called "opa build" to build a bundle from main and then push that to where you wanted it. That bundle could then be consumed by other pipelines for policy evaluation. If you make changes to that repo they'd immediately propagate to
@pezhore all consumers, i.e. other builds where Terraform plans are checked. This provides a nice decoupling of policy management from policy decision points and policy enforcement.
Happy to answer any questions, or if you'd rather get on a call, let me know :)
This is why I love #Renovate over #Dependabot: it picked up #Docker tags somewhere deep inside some #Helm chart, plus picked up all the Helm charts in my #TerraForm that need updating. Looks like I'll be updating everything tomorrow (well today since it's past midnight) 🎉🎉🎉#
@xahteiwi
I am not planning to. Source availability for an effort the size and scale of terraform seems good enough, and non-TF alternatives have been more awful and less well understood.
@xahteiwi Yes will be making the switch next week. Our usage is fairly simple, and we are pinned on the same version opentofu forked off, so not expecting much issues.