here is a question ive been struggling with for a while now. i am heading up the build-out of our own IDP. one of our first areas of focus is for our managed services and cloud teams to be able to consume validated and well-architected cloud modules (specifically AWS modules written in terraform).... currently we are using gitlab as our platform (trying to minimize the amount of work needed for an mvp) and it is really powerful as it has its own built-in terraform registry. but i was wondering if anyone had any other alternatives (not terraform cloud as we have already been using it and it is not fit-for-purpose lol)

THE day has come 😛latformcon:, we are making history today 📜. Welcome to the first ever PlatformCon! I hope to see you all during the kick-offs. Don’t forget to say hi in the comments. 🙂 Please find all the useful links for day 1️⃣ here in one place, so you don’t get lost 🙂 • • Talks to watch on demand or by tracks: ◦ Platform Stories ◦ Platform Tech ◦ Platform Design ◦ Platform Culture • Recommended paths: Fundamentals, Advanced, Management. • Have any questions? Reach out to support@platformcon.com or DM me or @Luca Galante Enjoy the (recordings) ride and make the most of this conference! 🙂

Hi 👋, I'm Nils from Humanitec. You might have seen my talk today about

Platform as code: code scaffolding in dynamic environments

. In this talk I have been demoing from this code repository. Have a look, if you like to dive into the details yourself. And let me know if you have any questions :)

hi, joern here with a talk about getting started with aws platform . i know way too much about aws iam / policies. amaa!

Hi! My name is Maciej. I will be happy to answer any questions about my comparison of Kubernetes and AWS ECS Fargate. If you have any other questions I am here too! :)

Hi all - I'm here too - my talk is this one. I'm happy to chat/answer questions:

Great talk @viktor but it seems you ran out of time. Can you share more resources on how to build such a IDP with Backstage, ArgoCD, Crossplane?

Hi everyone, I’ll be happy to answer any questions you may have regarding my talk:

Hello all, for those choosing open source databases and streaming infrastructure (e.g., Postgres, Kafka, OpenSearch) to back your IDP plz tune into our CTO & Co-Founder Heikki Nousiainen

Hi everyone, I’m here to answer any questions on my talk

👋🏽 hi everyone, I’ll be available on Slack during the USA office hours (1:30-3:30 PM ET) to answer any question regarding my talk The main takeaways from my talk: • Understand the need for an infrastructure-as-code (IaC) approach for databases and streaming platforms • Common IaC challenges; especially when handling unicorns like relational databases • How get started on the IaC journey (for your data infrastructure) Due to the time limitation, I couldn’t cover the hands-on demo but here’s the guide in case you’d like to try the demo on your own. Feel free to ask questions - either in this thread or DM 🙂

Hey Everyone ! My talk on Composable platforms is available for viewing here . It’s my first talk after a long break. It’s been fun trying to get back into it. Feel free to share your thoughts. I accept abuse and opinion equally ! Due to the shorter talk i couldn’t get into too much detail. If you’d like to know more I’m always available here on The Platform Engineering Slack !

Hey @Chris Vermeulen, great talk on Composable platforms 👍 - A few weeks ago I finished my Master Thesis which deals with a CD platform for the cloud-to-things computing continuum. A part of my work shows similarities towards your idea of composable platforms. The deployment targets are Kubernetes Clusters and developers are able to select and deploy "platform features" and their own applications via a simple catalog of Helm charts that is maintained by a platform operator team. You chose Terraform as an implementing technology (reasons are given in the talk). Howevery you only mention the actual interface for platform users only very briefly (e.g. here ). Do you have any demo repos or could you generally explain a little more around the interface that users are offered with in order to consume the composable platform building blocks? Is the idea just that they import the different Terraform "platform modules" they need? Are Terraform variables the main interface for configuration of the different components? In my master thesis the main interface for developers are the Helm value.yaml files, I would like to get know how this component interface would look like with our idea/concept.

Hello Everyone! My talk on modeling CI/CD workflows as DAGs and powering them with BuildKit, CUE and Dagger is available here: Hope it was helpful and informative! Will be available today for any follow up questions or comments, excited to talk with everyone 🙂

Hi @Erik Sipsma Thanks for your presentation. Dagger/Cue look like great tools! I've been experimenting with BuildKit + Docker. Everything is fine when the build succeeds. But when it fails, it is impossible to get the results e.g. failing tests report. Is it possible to get them when using Cue? There is even this issue on GitHub: https://github.com/moby/buildkit/issues/1421

@Dewan Ahmed, thanks for sharing, I get the point that click-ops shouldn’t be the goal. But what about all the cognitive load you put on people if everyone needs to know IaC and Terraform now? In many setups I’ve seen it’s just a pure mess. How to avoid this?

Is kubernetes as complicated in other cloud providers , besides AWS ? Isthe answer here? This is from the talk,

Is Kubernetes the only option for your Platform? AWS EKS and ECS Fargate comparison.

Hello Everyone - My presentation on Software Supply Chain Security is here: https://platformcon.com/talk/a-different-kind-of-s3-first-line-security-of-the-supply-chain Hopefully you find it interesting and useful. I'm available to discuss and answer questions in this channel. Looking forward to getting your feedback and comments. Thanks!

Morning. I will be around live for the Q&A starting at 1230 CEST (GMT+2) if you have any questions regarding our Cilium migration. Other than that feel free to ask asynchronously as well in this 🧵 https://platformcon.com/talk/swapping-the-wheels-of-a-running-car-migrate-from-amazon-vpc-cni-to-cilium-in-kubernetes

Good morning everybody! Super excited for Day 2! (Still catching up on the talks from Day 1...) For those watching my talk on Building your first IDP with CDKTF and TypeScript, I'll be around for the whole day to answer your questions. Just be sure to tag my handle @Daniel Li. Enjoy! https://m.youtube.com/watch?v=QGoclcdBGco

Good Morning everyone :blob-waver:! I'll be around live for both Q&A sessions later today https://platformcon.com/talk/external-secrets-operator-the-secrets-management-toolbox-for-self-sufficient-teams feel free to ask questions in this 🧵 or PM me directly 🙂

@Moritz Johner - just finished your talk, first of all thanks for this awesome open source project and the time you and the other contributor put into it. I really like the idea of having a component abstracting away the different implementation quirks of the many secret management solutions out there. In our use case we are currently mainly connecting to HashiCorp Vault and using their agent injector (basically and admission web hook that adds a Vault agent to desired pods) in order to interact with our Vault clusters. One thing in particular that this solution enables us to do is the injection of external secrets as environment variables in Kubernetes without the need to persist them anywhere on the Kubernetes side (not in files, on the control-plane e.g. via Secrets nor in the pods ephemeral storage) - just an example for reference: https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example. From a security standpoint the secrets therefore are only stored in the memory segment of the pod where they would ultimately always end up if the application reads them in from any other source. Is such a "memory only" approach something that is possible to achieve with EOS? Or something that might be on the future roadmap?

Is anyone using Backstage to drive IaC with terraform and would like to share their experience?

Hello, everyone! I am around for any question you might have on the talk https://platformcon.com/talk/declarative-gitops-workflow-for-enabling-end-to-end-testing. Feel free to ask on this thread! :)

Hi all, I’m online most of the day to answer questions on my talk.

Solving the ‘Speed Paradox’ with Backstage and Cloudify: a Full-blown PaaS The Rise of the Internal Developer Platform (IDP) One potential solution to the speed paradox is the Internal Developer Platform (IDP). As its name suggests, an IDP provides a single place where developers can find all the resources needed to run their development environment. An IDP allows developers to speed up their development processes by offering improvements in: • Efficiency - simplifying the way developers get access to their development and testing infrastructure through a self-service experience; • Consistency - providing a consistent way in which developers consume infrastructure resources across teams • Visibility - providing a single place where developers can see all the development pipelines, workflows, and states that are associated with their specific environments. Watch Nati Shalom. our CTO, session at PlatfromCon -> Join our Slack Channel - > https://bit.ly/3muSKg6

Hi, I'm around today if you'd like to talk about virtual Kubernetes clusters or have questions about my talk, "Virtual clusters for Kubernetes: use cases." Things might be async at times as I have some meetings but I'm happy to chat 🙂

@Akshay Dongaonkar thanks for sharing these great insights on your homegrown

pangea.yaml

machinery. I like the one file to rule it all approach which looks quite condensed. If I understood your machinery correctly your python platfrom CLI only operates on the local definitions in the git repo of a particular service (or do you even run a mono repo strategy?). Afterwards the GitLab pipeline takes care of the heavy lifting and triggers the actual deployments. As you support multiple deployment targets, how do you handle authentication towards these different targets? Are there just GitLab CI variables per cluster or something along those lines? Do you have any tenancy baked into your machinery from the secret/cluster access side (if I got you correctly, the workloads in the end are separated via k8s namespaces)?