Adding the Git Revision to a Docker Image

Spring Boot makes it quite easy to find the Git revision of a running application. You add a Gradle plugin and the revision is added to the Actuator’s info endpoint. What it doesn’t do though is publish the Git revision as part of the SBOM or OCI metadata. That requires some manual work.

Continue reading →

File Name Too Long

When trying to build the Spring Boot source code, I ran into a strange problem: The Gradle build terminated with several “File name too long” exceptions. I knew that the ext4 filesystem I was using has limits – 4064 characters for the entire path and 255 characters for each segment. But I didn’t seem to hit that limit. Something strange was going on.

Continue reading →

Testing Alertmanager

When a Prometheus alerting rule fires, the Prometheus server sends a notification to the Alertmanager, which is then responsible for processing that alert further, i.e. by routing it to an appropriate alerting channel (e-mail, Slack, …). In order to test the Alertmanager configuration, it is useful to trigger alerts directly via Alertmanager’s API. That API is not documented on the Prometheus website, but it’s easy enough to figure out how it works.

Continue reading →

Playing with WebAuthn

On the internet today, our online accounts are exposed to a lot of risks. Leaked passwords from break-ins at major Internet properties or phishing attacks have lead to many account breaches. In order to protect my high-value accounts, I have either enabled two-factor authentication or I use federated sign-in, delegating to an account that has 2FA enabled (usually Google).

Recently, the FIDO industry association and the W3C have come up with WebAuthn, an open standard to promote passwordless sign-in using hardware tokens. If you run Android 7 or newer, you can use your phone as a token, and I have additionally bought a hardware Security Key from Yubikey to give this a try.

Continue reading →

Using Kubectl Printers and Plugins

Even though we have plenty of metrics and dashboards at work, I use the kubectl command line tool a lot for looking at resources and for troubleshooting. Because the defaults don’t always display the information that I need, I often use the kubectl printer mechanisms. In many cases, this is flexible enough so that I don’t have to write a custom script against the Kubernetes API.

Continue reading →

Monitoring Log Statements in Go

Good monitoring and alerting are essential for running services in production. As a Java developer, I’m a bit spoiled by my platform of choice, Spring Boot 2. Thanks to Micrometer it provides out of the box instrumentation for HTTP requests, data sources, caches, memory, threads, logging, and many more. When playing with Go, I found the experience less than ideal, to say the least.

Continue reading →

Additional Workspaces in Gnome

I use Gnome on Ubuntu 18.04 with static workspaces and switch between them using keyboard shortcuts – for example, ALT+1 takes me to workspace one. Unfortunately, using the graphical settings editor, I was only able to assign keyboard shortcuts to the first four workspaces. After a bit of research and playing with gconf-editor, I found the command line to achieve what I need.

Continue reading →

Retries Can Kill You

In a large-scale distributed system, it’s inevitable that some requests will fail. Even if your collaborating systems work perfectly, sooner or later you will experience temporary network issues and other intermittent errors. That’s why a lot of people try to paint over this issue by implementing retries in their applications. Unfortunately, if it’s not done properly, this can cause serious stability problems.

Continue reading →