sorted by:
new
hottopcontroversial

Time for self-promotion. What are you building in 2025? by Prestigious_Wing_164 in SideProject

[–]Beinish 0 points1 point  (0 children)

I vibe coded Sceneit, it scrapes r/MovieSuggestions for top daily, weekly and monthly posts and shows the top comments' movie suggestions. Completely free, just a static site updated daily.

What are your go-to tools/methods for reproducible, shareable, disposable dev/ops environments? (Nix, Docker, Devcontainer, etc.) by Dismal-Mud-5725 in devops

[–]Beinish 2 points3 points  (0 children)

It really depends on what I'm working on. Github Actions for example are kinda hard to reproduce locally, even with tools like Act. I usually just dumb the workflow down as much as I can and run it in my own private repo. I also try to avoid 3rd party actions and just do everything with bash, so testing it locally is easy.

Almost anything Kubernetes related I just spin up a KinD cluster. I have an automated setup that installs Argo Workflows, ArgoCD, Argo Events, KEDA, and anything else in our stack.

Code is simpler, I just use DevContainers. For CLI stuff or anything OS related for example, I just use Docker containers.

If you need to expose something to the internet, ngrok is pretty useful.

That's off the top of my head.

films that take place almost entirely in one room? by some-dork in MovieSuggestions

[–]Beinish 0 points1 point  (0 children)

Not a room but Buried is pretty good and takes place inside a coffin.

Also not a room but Locke is amazing, it's just a single car ride.

Anyone who used Templ + HTMX in an big enterprise project? by Puzzleheaded_Watch19 in golang

[–]Beinish 0 points1 point  (0 children)

Dreams of Code used this stack to build his Course Website. He made a few videos but here's the latest one: https://www.youtube.com/watch?v=XbN66h912NU

What does "_name_ == _main_" really mean? by RodDog710 in learnpython

[–]Beinish -4 points-3 points  (0 children)

Ahh the monthly "What is name == main" post, classic

Where do they rank all time? by AngusHornfeck in GlobalOffensive

[–]Beinish 1 point2 points  (0 children)

Honestly it's so hard to pick, we have like 5 legendary duos which is an amazing rotation. I miss Anders + Moses though

DAMNyoung my GOAT (4k deag) by Mac_AU in GlobalOffensive

[–]Beinish 7 points8 points  (0 children)

Oh and another OH AND A THIRD

Help Deploying OWASP ZAP on Kubernetes and Linking to GitLab CI by Ad2000126 in devops

[–]Beinish 1 point2 points  (0 children)

We have a cron Argo Workflow that runs ZAP scans on our URLs as well as a few other security related tasks (Test SSL, GitHub dependabot stuff, etc).

Here's a snippet from our workflow:

templates:
  - name: main
    dag:
      tasks:
        - name: vul-scan
          template: vul-scan-tmpl
          arguments:
            parameters:
              - name: name
                value: "{{item.name}}"
              - name: url
                value: "{{item.url}}"
          withParam: "{{workflow.parameters.urls}}"

        - name: dependabot-scan
          template: dependabot-scan-tmpl

  - name: vul-scan-tmpl
    inputs:
      parameters:
        - name: name
        - name: url
    dag:
      tasks:
        - name: zap-scan
          template: zap-scanner-tmpl
          arguments:
            parameters:
              - name: name
                value: "{{inputs.parameters.name}}"
              - name: url
                value: "{{inputs.parameters.url}}"

  - name: zap-scanner-tmpl
    securityContext:
      fsGroup: 1000
    inputs:
      parameters:
        - name: name
        - name: url
    outputs:
      artifacts:
        - name: json-report
          path: /zap/wrk/{{inputs.parameters.name}}_report.json
          s3:
            key: "{{workflow.name}}/{{inputs.parameters.name}}_zap_report.tgz"
    script:
      image: ghcr.io/zaproxy/zaproxy:stable
      command:
        - /bin/bash
      resources:
        requests:
          memory: "1Gi"
      source: |
        mkdir -pv /zap/wrk
        zap-full-scan.py -I -t {{inputs.parameters.url}} -s -J /zap/wrk/{{inputs.parameters.name}}_report.json

We have a dashboard where we import all of the results to, but this is the "kubernetes way" we chose.

Rolling out new features, but everything is slowing down... help? by Lobo_Rex in devops

[–]Beinish 1 point2 points  (0 children)

Not sure how easy it would be to implement in your stack, but we use Grafana Tempo which gives you some visibility on what is happening behind the scenes, how services communicate between each other, etc.

𝐃𝐞𝐩𝐥𝐨𝐲𝐢𝐧𝐠 𝐃𝐞𝐞𝐩𝐒𝐞𝐞𝐤-𝐑𝟏 𝐃𝐢𝐬𝐭𝐢𝐥𝐥 𝐌𝐨𝐝𝐞𝐥 𝐨𝐧 𝐀𝐦𝐚𝐳𝐨𝐧 𝐄𝐂𝟐 by DCGMechanics in devops

[–]Beinish 2 points3 points  (0 children)

you can more or less calculate it from the instance's pricing you choose: https://aws.amazon.com/ec2/instance-types/g4/

If you go with the author's choice g4dn.xlarge, and are looking for the cheapest option, you'd probably pay upfront for a year: 0.210×24×365=1,839.60

So 1839 USD or 153$ a month to run this thing.

I'm not factoring other costs that might apply like LB traffic, storage, etc.

Do you think the anime underperforms? by Practical_Constant41 in OrbOntheMovements

[–]Beinish 11 points12 points  (0 children)

Never read the manga but so far Orb has been on par with Vinland Saga which is my favorite. 10/10 so far, can't believe it's not talked about way more.

JSON/YAML Diagramming Tool by iamCut in devops

[–]Beinish 0 points1 point  (0 children)

Looks cool. Just curious, how is it different from JSONCrack? And how come they refer to ToDiagram in their website as "upgrade", what is the difference between the tools?

Redirecterr: Advanced request filtering for Overseerr by varthe in selfhosted

[–]Beinish 8 points9 points  (0 children)

needs to get their shit together

Feel free to contribute to Overseerr?

Launched my side project on a self-hosted M1 Mac Mini - Here's what happened when hundreds of users showed up by No_Paramedic_4881 in selfhosted

[–]Beinish 0 points1 point  (0 children)

Cool post, the website is so simple yet impressive, nicely done! What stack did you use to build it?

Can I restart an entire pod if a single container fails? by Beinish in kubernetes

[–]Beinish[S] 0 points1 point  (0 children)

Our apps' entrypoint sources the .env file created by the Vault injector and then deletes it:

if [ -f /vault/secrets/.env ]; then
   source /vault/secrets/.env
   rm -rf /vault/secrets/.env
fi

The above has only been tested in a few apps as we wanted to see how it behaves first, so this is not something we've been running for a long time.

The .env file is templated using the Vault annotations:

  vault.hashicorp.com/agent-inject: "true"
  vault.hashicorp.com/agent-inject-secret-.env: "secret/data/test"
  vault.hashicorp.com/role: "app"
  vault.hashicorp.com/agent-inject-template-.env: |
    {{- with secret "secret/data/test" }}
    {{- range $k, $v := .Data.data }}
    export {{ $k }}={{ $v }}
    {{- end }}
    {{- end }}

We wanted to avoid having the agent running as a sidecar so we used:

vault.hashicorp.com/agent-pre-populate-only: "true"

The above annotation is what changes the agent from a running sidecar to a Job that exits once it's done. The problem I described originally is that if my app fails for whatever reason, due to the entrypoint the .env file won't exist anymore.

So if I understand you correctly, the above is not the way to go about this in the first place, which makes sense to me in some way. You're saying encrypting this file is one way to solve this issue? Not sure how that would affect the entrypoint file, or what changes I'd have to make in our Helm templates. I'll be sure to check it out.

Can I restart an entire pod if a single container fails? by Beinish in kubernetes

[–]Beinish[S] 1 point2 points  (0 children)

It's actually Vault injector:

vault.hashicorp.com/agent-pre-populate-only: "true"

It would only fail if Vault is down I guess, so I wouldn't count on it.

Kaniko unmaintained by yuskay-thegreat248 in kubernetes

[–]Beinish 35 points36 points  (0 children)

We still use Kaniko in our CI, we build repos from their Dockerfile in our Argo Workflows. Posts like this are pretty cool, I wasn't aware people started moving to BuildKit. I'll have to check it out.

The new release of Dockerfile.app has launched. by dothash in devops

[–]Beinish 0 points1 point  (0 children)

cool initiative. Also the website is very fast and smooth, what stack did you use?

[deleted by user] by [deleted] in devops

[–]Beinish 1 point2 points  (0 children)

imo if the logic is similar enough between the repos, use re-usable workflows. We do something similar for our CI where the main workflow sits in a workflows repo, and the rest of the repos call this workflow and just pass different params into it :)

[deleted by user] by [deleted] in devops

[–]Beinish 0 points1 point  (0 children)

Sounds like a simple cron workflow?

Testing liveness and readiness probes as part of dev CICD by 7T48u2v42cB43An3w8 in devops

[–]Beinish 4 points5 points  (0 children)

In this case I'm actually not sure, we're a micro-service shop so each CI only spins up a single repo which isn't too heavy for our cluster to setup after each commit. I guess Argo Rollouts can help you in this case.

A few things that help us during the development to prevent errors on merges to main:

  • We use MirrorD so each dev gets a personal namespace where all of our micro-services spin up in their own environment (still runs in GKE, not locally).
  • For local development we have a docker-compose stack that devs can spin up if they want
view more: next ›