aws-nuke VS kubefirst

To give this a slightly different spin:

--> "The best optimization is simply not spinning things up."

At least for local development and testing, as made possible by LocalStack (https://localstack.cloud), among other local testing solutions and emulators.

We've seen so many teams fall into the trap of "someone forgot to shut down dev resource X for a week and now we've racked up a $$$ bill on AWS".

What is everyone's strategy to avoid this kind of situation? Tools like `aws-nuke` (https://github.com/rebuy-de/aws-nuke) are awesome (!) to clean up unused resources, but frankly they should not be necessary in the first place.

We use nuke aws at work to remove any leftovers: https://github.com/rebuy-de/aws-nuke

You can use this tool on github to nuke all resources.

There's this. I haven't used it myself, but it looks to be pretty effective: https://github.com/rebuy-de/aws-nuke

At this scale, operations can take a lot of time, because there are multiple operational tasks that we need to do when AWS accounts are leaving the AWS Organization or Teams are nuking the AWS account, StackSets Instances get drifted, because not all required resources for compliance can be secured ( SCP Limitations ), existing AWS accounts are joining the AWS Organization and all mandatory StackSets needs to be deployed, and manual steps should be reduced to a minimum. Furthermore, there is no feature from the Service itself to gain an overview of the status of drifted Instances and the general health of your StackSet health and compliance.

Since you're using CDK already, have a way to configure the deployment of the whole thing to a per-developer test account; that's still gonna cost you, but you can bundle everything in an organization / organizational unit for billing purposes, and you can also schedule https://github.com/rebuy-de/aws-nuke to run nightly to clean these accounts from longer-running resources.

And by extension, https://github.com/rebuy-de/aws-nuke as well.

I can also recommend aws-nuke which is an easy to way to destroy in your account.

nothing blew up accidentally this week, but our team at kubefirst is falling more and more in love with aws-nuke. it's an open source command line tool that lets you basically reset an aws account back to an empty state. if you have an environment where you regularly practice your platform provisioning, you probably know that failed destroys while iterating on orchestration can leave junk behind pretty easily. aws-nuke has been so nice to be able to blow away everything in an aws account - and then we just run terraform in the account to get all our core infra back afterward. nice allowlist filters and dryrun detail work too. check them out.

this isn't just any typical friday for us though, this is the day that we've been awaiting forever!!! we're excited to announce that not only did we release a new awesome UI for the kubefirst instant gitops platform, and not only is it all still free and installs gitops platforms in minutes, and not only is it an incredible new user experience, but we even let you play our new video game flappy-kray during the cluster provisioning operation. 😱🚀🎮

[cofounder alert] Would love for you to consider our kubefirst instant gitops FOSS platforms. Fully managed K8S: our platform provisions managed kubernetes clusters in our cloud versions of the platform - or k3d clusters when running the platform locally Support for cross cloud and bare metal: we support aws, civo, vultr*, digitalocean*, and apply our k3d platform to bare metal stories, but our homelabs community is going in some neat new directions for bare metal k8s as well. Installation on new machines should be fully automatic: 100% - single command Terraform: all infra (terraform) and app config (argocd) is powered by a gitops repository that we give you, the tf is wired up and automated with atlantis, and your changes to the platform are a pull request away. love most of our tools, but hate a couple and want a bunch more - no problem, start here. --- stuff you didn't ask for: - application delivery with argo workflows preintegrated with github or gitlab with self hosted runners - secrets management, user management, and an oidc provider with hasicorp vault that's automatically configured throughout the platform. vault is our single source of truth for every secret throughout the platform (apps, iac, ci, etc) - cluster management: management of workload clusters (rancher like) will be release in 2.2 in a few weeks. we have to release our new ui first in 2.1 and that's expected in the next week or two. --- it seems like with the immediate cross cloud / hybrid needs you have, you may need more out of cluster management than we can offer today, but it's the focus for the next 2 releases. we're an open source free solution that's trying to solve a lot of the problems that you're up against, we have an active community and would love to help support your use case.

nothing blew up accidentally this week, but our team at kubefirst is falling more and more in love with aws-nuke. it's an open source command line tool that lets you basically reset an aws account back to an empty state. if you have an environment where you regularly practice your platform provisioning, you probably know that failed destroys while iterating on orchestration can leave junk behind pretty easily. aws-nuke has been so nice to be able to blow away everything in an aws account - and then we just run terraform in the account to get all our core infra back afterward. nice allowlist filters and dryrun detail work too. check them out.

we'll be looking into leveraging this technique at kubefirst - wondering if anyone here has other thoughts on the tech used in this piece or any FOSS alternatives we should be considering for container sig validation? this seems just about as frictionless as the discipline can get - but don't know what other gems might be out there in this space that folks may be flipping over.

at kubefirst we internally love both helm and kustomize. to build our instant oss gitops platforms we use both.

at kubefirst we build containers a lot - gitops ci pipelines are part of our instant oss platforms. i ran into this issue a few years ago that blew my mind and i haven't been able to reproduce until yesterday.

check us out if it sounds neat ⭐ https://github.com/kubefirst/kubefirst

Kubernetes: launch a service of your choosing, like Pritunl VPN. Dockerize it, create some helm charts for it, set it up in a CICD pipeline of your choosing. There's also a project called nebulous you might want to check out that aims to demonstrate k8s capabilities with a live env but it's very early stages. If you can do the former task in, say, DigitalOcean, you'll have a good head start. I can send you some additional "homework" you can work on if you'd like as well and the solution to the first task I mentioned just DM me.