Super cool! I've been planning integrating https://runops.io/ to VSCode for a while and most of the delay is related to having to write Javascript. I like your wrapping of the VSCode js API. I'll use as inspiration for creating the Runops extension using cljs in the near future. Super exciting that I can do something like this for VS code now: https://andrios.co/articles/spacemacs-cheatsheet/#elisp-func...
@andriosr
From 8/8/2016, 2:09:33 PM till now, @andriosr has achieved 262 Karma Points with the contribution count of 140.
Recent @andriosr Activity
So cool!! Will try it
I have no idea on how this works, even after watching the video and reading the whole landing page. What is the difference from a regular linter? What sorts of problems would it catch?
Not sure how this is Better than loom. I like the privacy part, but is that it?
AWS ECS vs. Kubernetes kubectl exec commands
1 points • 0 comments
I think it can’t get easier than https://runops.io
No VPN, DNS, IPs, and so on; and get to the same result: any device accessing resources in private networks, besides a few extra features.
Yes, Rundeck is nice, but has its downsides. We have a lot of companies migrating from it. Runops is the perfect alternative :)
This is great, thanks for sharing! We handle most of these in Runops itself, but you can also use your existing CM tool and leverage only the UX and automations from Runops. We have APIs and webhooks that enables you to extend Runops, one company is doing this and integrating Runops to ServiceNow.
This is an interesting way to put it. Yes, you could say it's an API Gateway for Cloud tools. I like it!
I agree with many of these points, here are some thoughts on how we deal them:
> Most enterprises are wary of handing over control to a vendor
Great point, we do have the Enterprise version, which is self-hosted.
> Do you find a lot of Lisp/Clojure devs out there for when you need to expand?
We won't hire engineers based on the language they know, but instead in general engineering skills, and they can learn Clojure here (already worked for the first one:)
> You still have to audit those things
Yes we do, but mostly to trigger alerts if anything happens there and to show that the accesses are either from Runops or the applications during audits. This is way lighter than relying on these as the source of truth for trails.
I'm curious about the Change Management features you think are missing. We do have review workflows and other CM-related features I didn't add here, this demo shows some of it: https://see.runops.io/videos/demo
Teleport is a fantastic tool. The main difference are: 1) Runops doesn't require you to have tools (kubectl, psql, etc) installed locally and don't download temporary credentials to access resources, commands execute in the Cloud. 2) Runops has synchronous reviews workflows on the command/intent level, again as opposed to getting an open session for a period of time. 2) We automatically remove sensitive data from the results of every command. 4) Runops uses Git as the source of truth for the audit trails.
Glad to hear we could help in the future, feel free to reach out any time. We would love to hear more about your use cases and the alternatives you guys have in mind to improve the PCI assessment results. We support Azure :)
It was a combination of multiple things. The first customer came from the newsletter I run called SRE Teams (https://sreteams.substack.com). Others came from intros from my network and from reaching out to people I thought we could help. When I was running the DevOps team at Pismo we used to organize meetups and knowledge sharing sessions with other companies having similar problems, this also helped.
Yes, I like your definition. We don't have certifications yet, but the team has done the biggest ones before we are keeping everything ready to get them. We should start the processes in the next couple of months. That being said, not all certifications require all software you use to also have the certifications. I understand this is critical for PCI, where anything with access to the data is also scope, but for SOC2 this is not the case. Most of our customers today are fintech, we are very transparent about our architecture and how we do things with our customers, that is where the trust come from. We the best solutions available to deal with things like storing credentials and sensitive data. That being said, you can always opt for the self-hosted enterprise version.
Yes, we have a lot of work to do on our landing page to better explain these points. It's early days, but we will get there! Here is some light on them:
It's cloud hosted, and we do support self-hosting for enterprises. The code is not open-source. We support Okta, Google, and other OAuth providers for Authentication. For Authorization we have the concept of Targets, which are abstractions of your cloud resources to users/developers. Say you have a Mysql database, you can create a read-only Target and let everyone use it, and create a second Target for the same database with write access. In the second Target you require reviews from tech leads, or let selected groups run queries.
Curiously I started in the dev team and migrated to infra in an attempt to fix things :)
I've done that and can relate to the problem! It's common for Kubernetes, where you never know which cluster kubectl is pointing to. The Target (what we can where you are running things), is one of the options in the CLI. So you have to at least provide: the Target and the script to run a command. This way you always know where you are running things, it's something like this:
runops tasks create --target mysql-demo --script 'select * from dundermifflin.customers;
Launch HN: Runops (YC W21) – A better cloud shell for production apps
97 points • 23 comments
I'm glad AWS is working on this. It's a big problem and companies are not facing it. Wrote about it here: https://andrios.co/articles/oneoffs
But CloudShell is yet too narrow of a solution, I'm sure they will improve it over time, but a few problems with todays' release:
1) It only tracks bash commands. What if I write a quick Python one-off script and run it from a file? CloudTrail will never get the content of such script. This is script will get lost at the end of my session. What about Git for storing code?
2) Only works in the browser. The browser has it's good parts, but during incident resolution speed is critical. Getting a prompt without my local shell history, aliases, binaries, and many others, will make it slower to resolve incidents. One might say it's for a good reason, but we can do better.
3) Only works with AWS. This is a big problem as many companies are in the process of migrating to AWS, with services running within their own servers. Companies will use CloudShell to investigate edge cases, most of the time during incidents, engineers need fast access to all resources. Using a different solution for each type of resource won't help.
4) Hard to audit. If you ever tried using CloudTrail, you know what I'm talking about. And again, companies will need different solutions if they don't run only in AWS.
5) No review workflow support. If you only allow platform and SRE to access infrastructure, this is fine. But if you really want to bring ownership of problems to developers (DevOps), they need a way to get this level of access without risking production. This comes in the form of experts reviewing (instead of running) commands and scripts faster that the regular Github Pull Request workflow.
There are more, but I'm still happy with the product. AWS saying that you need one-off solutions no matter how much automation you have will help us move to a future where companies treat one-off scripts as first class citizens.
If you are interested in a solution that solves the problems I pointed out and many more, check out RunOps: https://www.loom.com/share/ea25027e73c94aa395f3e0ab70b71f0e
One-off scripts: DevOps last mile
8 points • 1 comments
site design / logo © 2022 Box Piper