In one of my apps, I'd like to ensure that users are running with the latest version, and recommend an upgrade if they aren't. Is that type of "telemetry" OK? Code is #OpenSource so it'll be easy to verify that it only calls GitHub to compare current version vs last released. Conditions:
Nothing is "sent" other than a GET request to GH to get latest version.
No data is collected — I don't even run the server.
It was somewhere around reading and writing the string “WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs” that my steadfast desire to avoid writing HCL at all costs, began to break down.
Thankfully, my gut instinct that "surely you can just stuff some fucking dict()s in here instead, so it looks way more like native AWS JSON” is panning out, which has – so far – saved me from immediately throwing #Pulumi in the trash.
In #Pulumi's defense, part of this hellscape can be laid at the feet of Terraform (whose provider is being wrapped) and especially AWS themselves, whose APIs provide the essential complexity.
Relatedly: AWS are also the ones deciding that you can't attach a firewall to a CDN distribution from the firewall side, only the CDN side 😩
Pulumi seems the obvious choice for me personally (I prefer the tradeoffs of internal DSLs, & certainly would rather write infra code in Python vs HCL).
But Pulumi has /exactly/ the same business-model risk OG TF had (freemium product controlled by a single commercial entity). Not sure I want to bet on its trajectory over the next 5-10 years!
After using Sops (https://github.com/getsops/sops) with #Pulumi for a little while, I've come to the conclusion that Sops---while a very useful tool---doesn't offer a great deal of additional value to a Pulumi-centric environment.
"Documentation, especially infrastructure related, is already often incorrect, hard to find, outdated or otherwise missing. While tools like #Pulumi#AI can provide value to some, filling the internet with unconfirmed, possibly hallucinated, answers is actually pretty malicious. And the longer it goes on, the worse it gets." https://www.theregister.com/2024/05/01/pulumi_ai_pollution_of_search/
I published a new blog post earlier today that shows how to selectively target resources for replacement when using #Pulumi. It's not hard at all, but it does use a command-line flag that perhaps might be a little less known. I hope that it's useful to someone!
#AWS#Pulumi#TerraForm frens I have a weird thing. I rearranged the security group configuration for an EC2 instance config so that it has four CIDR blocks per inbound rule. This is intended for a multi-subnet SQL Server WFCL. The only changes are adding CIDR blocks for a third node that's in a different subnet. This is 4 CIDR blocks total - 1 in us-west-2-lax-1a, 1 in us-west-2-lax-1b, 1 in us-west-2a, and a 10.x block. Only 3 CIDR blocks get added per inbound rule. Is there a limit in Pulumi?
Really useful stuff. Been trying to use it with #aws at work with some success. Might try to use it at home against my #proxmox instance or with my awesome #vps host (shameless plug for the wonderful https://tranquillity.se )
I would really like to overhaul my home computing. Definitely need to overhaul the networking but a combo of terraform and #ansible seems primo even if I have a few pets instead of cattle laying around.
We're reaching an era in infra ops where the giant corporation-owned tooling is closing its doors, and more open 2nd systems are being built like Kargo (from Argo creators), OpenTF (from Terraform users), and JetPorch (from Ansible creator).
To those who are concerned that I'm going to talk about nothing but #Hashicorp for weeks, don't be. I was harder on #RedHat, not because I think that Red Hat had done something worse (they didn't), but rather that I frankly care about Red Hat more. The shop where I work is also a Hashicorp customer, but that relationship is far more expendable, IMO, and I had hopes that some in Red Hat would hear and consider feedback where I generally don't believe that to be the case for Hashicorp.
One such opportunity may be for groups like #Ansible and #Pulumi to coordinate with #Apache and/or #CNCF to create a common, open standard around cloud and baremetal provider implementations that could be compatible with Pulumi and Ansible via Apache libcloud, breaking away from the vendor-centric HCL lock in that terraform mandated.
As I'm importing my cloud #Kubernetes cluster into #Terraform I want to look at a new ingress. Looking for something very lightweight, runs on both ARM64 and AMD64 so it can run on my cloud and home clusters for simpler management, and is easy to manage (the less work the better). What is everyone using?
@dragnucs Cool thanks! How does it map providers tho? Did a quick check but couldn't find all tools I'm using have providers in #pulumi that have providers in#terraform.
Pulumi is true open source, uses the Apache 2.0 license, and does not and never will depend on BSL-licensed software in any way, HashiCorp owned or otherwise.
We look forward to continuing to serve our customers, always with open source and our amazing, fast-growing community at our core.
Any insights how #fedora and #debian will handle the license change in #vagrant? I don't hope they would include BSL code in the distro, so… freeze the version of vagrant before the license change? Any prominent OSS fork already? #opensource#osi#license#freesoftware
I had a little trouble figuring out how to get #pulumi to output an AWS IAM secret key during stack creation, since Pulumi quite reasonably considers secret keys and similar fields to be sensitive. I wrote up how I did it, in case this is helpful to someone: https://kimvanwyk.co.za/accessing-protected-pulumi-outputs-with-a-pgp-key/
I want to build labs that a learner can spin up from a front facing website. I believe I need to learn Terraform to spin these up and collapse when done. Where do I start? #infrastructure#terraform#infrastructureascode#vmware
@Tmarsland Sorry for reviving an old post—have you looked at #Pulumi? It allows you to use a general-purpose programming language to define the infrastructure. More importantly, it makes it quite easy to create a front-end of sorts to automate Pulumi itself. Might be worth looking into! (Disclaimer: I work at Pulumi, but I was a user before I was an employee.)
Hi, I'm Scott. I've been a blogger since 2005, an author since 2009, & a podcast host since 2016. I've worked for companies like #EMC (acquired by Dell), #Nicira (acquired by #VMware), #Heptio (acquired by VMware), & #Kong; currently I'm working on the #DevRel team at #Pulumi. I post about #Linux, #Kubernetes, #AWS, #IaC, & other technical topics.
On the personal side, I'm a devoted husband, a loving father, & a Christian who strives to love instead of condemn.