https://besterry.com/tags/sre/Recent content in Sre on Besterry — Linux & DevOps NotesHugoen-usSun, 22 Dec 2024 00:00:00 +0000https://besterry.com/posts/incident-response-playbook/Sun, 22 Dec 2024 00:00:00 +0000https://besterry.com/posts/incident-response-playbook/<p>Most incident playbooks end up as wiki pages nobody reads during an actual incident. Here&rsquo;s what survives contact with a real 3am pager.</p> <h2 id="the-first-five-minutes">The first five minutes</h2> <p>One person is the Incident Commander (IC). If that&rsquo;s not clear, declare yourself IC.</p> <ol> <li>Acknowledge the page</li> <li>Post in #incidents: &ldquo;Incident: [brief]. I am IC.&rdquo;</li> <li>Start a timeline document (even just a text file)</li> <li>Check public status page — update if user-visible</li> </ol> <p>Don&rsquo;t dig into the problem yet. Set up the command structure first.</p>https://besterry.com/posts/observability-pyramid/Tue, 10 Dec 2024 00:00:00 +0000https://besterry.com/posts/observability-pyramid/<p>The three pillars of observability are talked about a lot. Which one to reach for depends on the question you&rsquo;re answering.</p> <h2 id="metrics-for-is-it-broken-and-how-much">Metrics: for &ldquo;is it broken and how much&rdquo;</h2> <p>Aggregated numerical data over time. Good for:</p> <ul> <li>Dashboards and alerts</li> <li>Trends (is latency increasing week-over-week?)</li> <li>Capacity planning</li> </ul> <p>Not good for:</p> <ul> <li>Explaining why a specific request was slow</li> <li>Finding causality between events</li> </ul> <p>Stack: Prometheus + Grafana remains the default. OpenTelemetry Metrics if you want vendor-neutral instrumentation.</p>https://besterry.com/posts/postgres-backup-strategies/Sun, 18 Aug 2024 00:00:00 +0000https://besterry.com/posts/postgres-backup-strategies/<p>A backup you can&rsquo;t restore isn&rsquo;t a backup. After losing data once (fortunately from a test environment), here&rsquo;s the framework I apply now.</p> <h2 id="the-three-levels-of-recovery">The three levels of recovery</h2> <ol> <li><strong>Point-in-time recovery (PITR)</strong>: Restore to any second in the last N days. Requires WAL archiving + base backups.</li> <li><strong>Daily snapshots</strong>: Restore to yesterday&rsquo;s 3am state. Simple, cheap, 24h RPO.</li> <li><strong>Logical dumps</strong>: Restore specific tables or data subsets. Useful for selective recovery.</li> </ol> <p>Most production databases should have all three.</p>https://besterry.com/posts/k8s-troubleshooting/Mon, 22 Jul 2024 00:00:00 +0000https://besterry.com/posts/k8s-troubleshooting/<p>When PagerDuty wakes you up about a Kubernetes cluster issue, the first 10 minutes matter. Here is the runbook I work through before anything else.</p> <h2 id="get-your-bearings">Get your bearings</h2> <p>First, confirm what&rsquo;s actually broken from the user side. Check the status page or synthetic monitor. Many &ldquo;outages&rdquo; are monitoring issues, not real problems.</p> <h2 id="cluster-level-check">Cluster-level check</h2> <pre><code>kubectl get nodes kubectl top nodes </code></pre> <p>Look for NotReady nodes and resource pressure. If multiple nodes are down, the problem is probably infrastructure — check the cloud provider console.</p>https://besterry.com/posts/prometheus-alerts/Mon, 10 Jun 2024 00:00:00 +0000https://besterry.com/posts/prometheus-alerts/<p>Most alerts are noise. The hardest part of monitoring is deciding what NOT to alert on. Here is the framework I use.</p> <h2 id="rule-1-every-alert-must-be-actionable">Rule 1: Every alert must be actionable</h2> <p>If you get paged and there is nothing to do, the alert should not exist. Either fix the root cause, automate the response, or let it be a metric trend instead of a page.</p> <h2 id="rule-2-alert-on-user-visible-symptoms">Rule 2: Alert on user-visible symptoms</h2> <p>Instead of HighCPUUsage, prefer HighRequestLatency. CPU usage high with good latency means the system is working as designed. Latency high means users are hurting.</p>