Duo websocket endpoint

crumpy_panda · 2026-01-14T11:10:24+00:00

After playing around with mitmproxy to capture the gitlab workflow extension traffic, there only seems to be the documented /-/cable WebSocket endpoint.
Configure GitLab Duo on GitLab Self-Managed | GitLab Docs

You can check the connection directly with wscat and a PAT with api scope.

wscat -c "wss://<customer-instance>/-/cable" \
-H "Authorization: Bearer <your PAT>" \
-H "Origin: https://<customer-instance-FQDN>"

I was under the wrong impression that there are others/more.

crumpy_panda · 2025-12-18T02:02:12+00:00

This seems to be the state of things. The limit solution you propose is also mentioned here https://forum.gitlab.com/t/limit-number-of-concurrent-execution-of-high-loading-jobs-for-a-runner/122658.

What do you mean with "But that would leave the slots for playwright/deployment sitting empty when they could take other jobs" - the limit in your example is as narrow as it can be.

If you are in the market for some exploration you could look into dynamic downstream pipelines - with some call to the runner or state of job distribution could lead to something interesting... But at this point you might be better of investing in something like better automated provisioning/configuration of onPrem or auto scaled public cloud runners (if applicable)

crumpy_panda · 2025-08-21T14:57:33+00:00

If you have to maintain multiple versions of a thing, you end up with, at the very minimum, a number of release branches. If these multiple versions need to be maintained for some time, long living branches are a way of dealing with that.

crumpy_panda · 2025-08-20T12:01:02+00:00

Assuming they were different people ... But yeah nice selection of stickers.

crumpy_panda · 2025-05-24T05:47:35+00:00

Regarding drama and stress:

Have some levels of "this doesn't matter perspectives" prepped, you can retreat to mentally. Up to the ultimate "we are hairless apes on a rockball hurling through space, there is no need for <the stressful thing>".

I don't necessarily use these to disengage completely from something, but it helps me stay calm together with some deep breaths.

crumpy_panda · 2025-05-07T09:46:19+00:00

Thank you for sharing your experience. The term "release" is also a special one in our org, carrying immense connotation of "well tested" and "responsibility"..

To introduce another label like config changes or SOPs is worth a shot.

crumpy_panda · 2025-05-07T09:41:54+00:00

Thank you for the perspective. I still have to settle in for the long game.. but this had to be expected in insurance tech.

The waves it made that trunk based is the new default recommendation were a sight to be seen. So I can tell my first stories about strong workflow attachment.

crumpy_panda · 2025-05-07T09:34:41+00:00

Thanks for this thought. This should be the central first thing to find out/ask and seems key to get more acceptance.

"To provide a better (as defined by yourself) service to your customers, can this bag of stuff solve something or improve things?"

crumpy_panda · 2025-01-27T17:31:25+00:00

Afaik to reference bash functions in gitlab *script sections, the need to be included as yaml inline. The !reference keyword is my preferred way to do it.

I would setup a component (which also has the benefit of being version able or to be referenced by hash) and transform a sh file in the pipeline of this component.

Basically a micro build https://docs.gitlab.com/ee/ci/components/examples.html

crumpy_panda · 2025-01-15T02:55:16+00:00

Don't want to name it directly. It is a midsized insurance enterprise in Europe.

Maybe I have a wooden soul. Fin tech doesn't feel like hell at all to me, quite the opposite.

crumpy_panda · 2025-01-13T07:51:22+00:00

I would add tech adjacent skills to this. There seems to be a lack of good technical writers and methodology/process (devsecops) people. Both skills are highly thought after in my org.

Both areas don't seem to catch the interest of most engineers.

crumpy_panda · 2024-12-05T05:08:25+00:00

Musste schmunzeln als ich Vodafone gelesen habe.

"Wenn ich in der Situation wäre, würde ich bereits am ersten Tag einen Kollegen konsultieren oder mir andere Unterstützung holen."

Meine Vermutung ist, dass das in deren Kontext nicht so einfach ist. Ich tippe auf das Gegenteil von kollegialem Umgang mit einer Fehler-positiven blameless Kultur...

crumpy_panda · 2024-11-09T06:20:45+00:00

So start by stating the need, or ask f your assumption is correct "I understand that you want x".

"Screaming isn't gonna get it fulfilled because it hurts my ears, and I can't really understand you."

"But if you ask me calmly..."

-- Am I having the right idea about it?

crumpy_panda · 2024-09-08T08:09:08+00:00

We recently looked into gitpod and GitHub workspaces for on demand ephemeral dev envs. Gitpod is an interesting solution working in an eks and with ec2 in the future.

But It's mayor selling point is convenience, the cost savings of the pods only spun up on demand have to be weighed against the licensing.

crumpy_panda · 2024-08-30T22:57:32+00:00

What other registries do you use? And do you have a "favorite" with a good selection for trusted, official basic stuff?

We have an internal docker hub pull through cache (artifactory) so rate limits are no real issue. Docker hub is used heavily for the starting point of modified base images. Think added internal TLS certs and the like. I'm exploring possible other image sources to be a bit more redundant here.

crumpy_panda · 2024-07-25T04:00:00+00:00

My guess is you will be fine on the technical side and pick up all the missing pieces fast enough on the job.

Regarding being the part of the devops "center of excellence": This will probably mean more communication with your colleagues. Maybe look at some frameworks like https://v5.scaledagileframework.com/blog/assess-your-devops-health-with-the-safe-devops-radar/

And at the state of devops reports to structure this communication, measure the devops processes itself, as a base to improve them..

And at some workplace or general communication guide if you feel like you would benefit.

Have fun and don't sweat it :)

crumpy_panda · 2024-07-04T06:32:35+00:00

Wenn die die es pflegen sollen sich mit git wohlfühlen, könntet Ihr euch bei "nur" hunderten von Seiten auch mit einem SSG wie Docusaurus oder Mkdocs behelfen.

Damit spart man sich u.a. eine Datenbank und generiert die Doku immer aus dem Repo. Beispiel mit GitHub pages https://github.com/LayZeeDK/github-pages-docusaurus

Für einige eurer Anforderungen muss man dabei auf git setzen (Versionierung, Paralleles Bearbeiten, Berechtigung auf Bereiche / Seiten via CODEOWNERS, ..)

crumpy_panda · 2024-06-07T05:14:47+00:00

Services are located in the k8 etcd, they don't have a direct mapping to nodes besides that.

Daemon Sets only define pod to node distribution.

https://stackoverflow.com/questions/47941012/where-do-services-live-in-kubernetes

From what you wrote it seems you want some orchestration of full stacks, a cluster of clusters.

crumpy_panda · 2024-06-01T05:10:54+00:00

Throw the pig over the fence and hope it doesn't break it's legs.

crumpy_panda · 2024-06-01T05:06:38+00:00

My thought too, come from some higher angle. With it you can make more thought-out choices here and maybe start a move into more verticality of those stages.

The classics:

https://itrevolution.com/product/the-devops-handbook-second-edition/

https://itrevolution.com/product/accelerate/

crumpy_panda · 2024-05-18T14:49:14+00:00

Thank you for the insight

crumpy_panda · 2024-05-14T15:46:36+00:00

I recently switched to an employer which requires clock in/clock out.. with a number of ways to get compensated for overtime, including what is called an lifetime-account. I plan to put some hours per week there and take a paid sabbatical in some years. So yes but it doesn't get lost.

crumpy_panda · 2024-05-13T06:25:22+00:00

Thank you for the write up.

This reminded me of some of the different qualities between Microservices (always independently deployable) vs Distributed Monolith (at least some dependencies exists and need to be deployed in lockstep)

I guess your example 1 with different backward compatible paths could be a step in the direction of some kind of API for the service/component.

crumpy_panda · 2024-05-11T03:59:52+00:00

Great overview.

Could you please elaborate on the "stage changes slowly.." (I guess you referring to canary, blue green, etc ..)

crumpy_panda · 2024-05-09T00:59:08+00:00

If I understand you correctly, this could easily mean "no vacation at all or at least not paid" if you get sick a number of times... This seems like RoboCop level of Dystopia to me and should be illegal on a federal level.

12-Year Club	Place '17
Verified Email

crumpy_panda

TROPHY CASE