https://pulumi.com logo
Join Slack
Powered by
<@UCDNTS2KE> FWIW I worry about that too, which is...
# general
c
@boundless-monkey-50243 FWIW I worry about that too, which is why the first rev of the k8s Helm/YAML classes were actually pure functions. @white-balloon-205 then yelled at me for this ( 🙂 ) and now we have classes.
b
(Objects, poor man's closures, closures, poor man's objects, etc)
I think there's a good argument for internal resources to be classes, even if it's a little weird (I haven't looked at the code yet but I'm guessing it'll make me a middle nervous). I mostly worry about it from a "me" perspective, building external/compositional resources out of base resources.
c
The thing that makes me nervous is I still don’t really understand how to use classes. 🙂
most of our external-facing aggregated classes extend 
ComponentResource
which is a class meant to be a semantically link a bunch of custom resource.
For example 
k8s.helm.Chart
is a component resource, combining all resources found in a Kubernetes chart.
b
I should look at that in depth. I haven't done more than skim the internals.
c
@boundless-monkey-50243 the main advantage is that they are rendered in the CLI like this: https://asciinema.org/a/199188?speed=7&amp;loop=1&amp;autoplay=1
which is nice.
i.e., nested
b
That makes sense
I come from a developer background, but I've been a DevOps consultant long enough to be extremely worried about giving ops types something too code-ish. But, at that same time, I go literally insane writing Terraform, so there is tension there
c
@boundless-monkey-50243 say more! I have been thinking of writing a set of babel extensions that restricts JS to a TF-like subset.
Then, if you want to switch to JS later, you can just flip the switch.
What do you think of that idea?
b
Hmm. My initial thought is "that makes me nervous." I mean, I think the real answer is "people who can't code can't do this job anymore".
Which is hard but I think it is probably true
c
What makes you nervous about it?
I was thinking it might a nice compromise. Give the ops team the pure subset of javascript, use JS for yourself.
b
I tend to think that folks who can't code are already going to write bad Terraform/restricted-JS.
c
you’re probably right.
b
Example: your restricted subset probably should have something like lodash.range
How does that get explained/surfaced? That sort of thing.
c
It could be configurable
it’s just a set of extensions that disable various features
b
I get that - it's more that, like, Terraform tried to restrict people and they are furiously backpedaling. "HCL is fine but we're going to just...fix...these things that we made endemic to using HCL over a programming language..."
I think you end up having to ask questions like "does restricted-JS allow...well...
if
?
c
That’s true, but that’s why I like the subset approach. If you get annoyed just turn off the extension and it turns into JS.
Unlike HCL which now has the highly unenviable task of becoming a real language.
b
I think you then get arguments between people like me and people who, tbh, probably lack the skill set needed to do this stuff in a modern environment (and that Pulumi probably won't get traction in legacy ones).
Are you a C++ programmer, by any chance?
'Cause now I'm remembering The Fights About Templates. ;)
c
The only experience I have with C++ is that I wrote about 80% of the code to make Mesos work on Windows
I feel like I don’t really know anything about C++ lol
b
Mesos. Woof
c
Once it was the new hotness.
b
I know. I got a book offer because I wrote two blog posts about standing it up in Vagrant
That was when I knew that...hmm...maybe a little bit rocky...
c
People used to go down the top contrib list and ask people on it to write books.
b
But yeah, when you make a configurable language, I think you just create arguments about what flags go on
I don't and won't use Babel for that reason
c
I still think that if your problem looks like an honest-to-god scheduling problem, like you need to schedule so that you don’t thrash your disk, you don’t really have another choice but Mesos. K8s certainly is not there.
Yeah, that makes sense.
b
TypeScript, strict mode, no arguments, done.
c
yeah me too pretty much
but then, I would also never use naked JS if I had a choice. 😉
b
S A M E
I wrote https://edboxes.com/tasktbotjs.html and it pained me that a bunch of people were like "but what about JavaScript?"
c
this is why we auto-load TS. People can write JS and not even know they’re using TS lol
b
"Remove all the types and you're done"
c
well anyway thanks for the feedback
you imght be right that we should focus on the growth area of developers who ops
b
IMO that is the growth area.
Until I took a FT job a couple weeks ago I ran a consultancy
There are two groups of people I have run into in my travels
The first are effectively clicky sysadmins pressganged into "the cloud"
(Aside: Azure seems designed for this audience. We use Azure. Cue sigh.)
The second are either old-school Perl-slingers or developers who fell into automaton and "devops"
c
hmmmm interesting.
b
The former are...in a way it reminds me of, like, late-2000s .net (disclaimer: former Mono guy) - if it's not from The Provider it is suspicious and wrong. Even Terraform has trouble getting into those shops. They're still hand-writing JSON.
c
That’s interesting. I will be curious to see how that audience changes as Kubernetes continues to take hold.
b
I think k8s is gonna hit the HCL problem, tbh
c
which problem?
b
YAML Ain't Mcomplex Lenough
I regularly want better interpolation or a for loop when generating k8s YAML
c
It already has. I come from a company called Heptio, which was founded by the founders of Kubernetes. One of the things that drew me to Pulumi is that I think the community tends to focus on very complex features when the vast majority of users trip over extremely simple things.
b
Yeah, totally.
c
So like, you update your nginx config, and update 
ConfigMap
. You’d expect all `Deployment`s referencing that to do a rollout. But they don’t. They just sit ther.e
Stuff like: literally how do I know if my rollout succeeded.
b
My beefs with Terraform are at the high and the low. At the high end, I don't trust how they build software. At the low, I just want a bleeping for loop
Which is weird, it's usually one or the other
c
lol
They care about workflows
I respect that. I don’t want it in my workflow though.
b
They care about prescribing workflows, imo
The best thing they ever did was Vagrant and (as a partially reconstructed Ruby snob) being able to do literally a million things with Vagrant is why
c
Vault!
I like vault.
b
I don't trust the way Hashicorp develops software enough to run Vault if I can at all avoid it.
AWS Parameter Store or Azure Key Vault + Teleport basically take care of things for me
c
Hmm, interesting, say more
can take to DM if you want, I’m just curious as an engineer.
I’ve always had an image of HC as being canny, shrewd engineers with good taste.
whose opinions I very much disagree with. 🙂
b
I mean, I've said it publicly elsewhere before. Mitchell has read it. I like him as a person a lot
My ops philosophy is "you can not have features but you must never break"
Terraform has had, like, replicable race conditions that would frag your state
c
terrifying.
what were they
b
You would just have resources erased from your state if a resource that took too long to create failed late
(SNS topics, among others)
c
I wrote our Kubernetes provider from scratch, and these are issues I am utterly, utterly terrified of
so you think they’re not careful?
b
Or like...in a patch release, they changed a validator for an AWS security group name in such a way that 1) was incorrect as per AWS, but 2) rendered invalid existing states
You literally could not read an existing state.
I think they're not careful and I think they don't ask the right questions. Knowing Cyrus directly and Matt and Joe by reputation, I do not have the same concerns here. ;)
c
ah.
yes they are the real deal
b
Yeah - I feel very good using Pulumi so far
Usually there is a least-bad argument but the stuff I've filed issues about are minor
c
we will screw things up though, at some point… for example the kubernetes stuff is just now emerging from nascency
but we do try to be careful
b
I'm sure - everyone does
c
hopefully nothing like that, though… that’s terrifying.
b
It's mostly how you recover imo
I have a reasonably high level of confidence that I will not find three separate companies who invented a profane portmeanteau about what Pulumi does to their state
Open in Slack
PreviousNext
Powered by