Frequently Asked Questions

General

What is DevOpsGenie?

DevOpsGenie is an enterprise-grade platform engineering toolkit. It packages the core components of a modern Internal Developer Platform (IDP) — cluster management, GitOps delivery, observability, security, and developer self-service — into a cohesive, opinionated, and maintainable toolkit for teams running workloads on Kubernetes and AWS EKS.

Is DevOpsGenie open source?

The DevOpsGenie CLI, Terraform modules, and Helm charts are open source under the Apache 2.0 license. Enterprise features (SSO, audit logging, multi-account federation, enterprise support) are available in the DevOpsGenie Platform tier.

What Kubernetes versions does DevOpsGenie support?

DevOpsGenie supports Kubernetes 1.27, 1.28, and 1.29 (the three most recent stable releases). Support for each new EKS version is added within 30 days of EKS GA availability.

Can I use DevOpsGenie with a non-EKS cluster?

The platform is optimized for Amazon EKS. Some components (IRSA, ALB Controller, EBS CSI) are AWS-specific. The GitOps, observability, and security layers are cloud-agnostic and can be used with GKE, AKS, or self-managed Kubernetes clusters.

Installation & Setup

How long does a first-time setup take?

From a blank AWS account to a running production cluster with the full platform stack:

Terraform apply (VPC + EKS): ~15–18 minutes
Platform install (ArgoCD + observability + security): ~8–10 minutes
Total: roughly 25–30 minutes

Do I need a management cluster?

No. The management components (ArgoCD, Gatekeeper, Alertmanager) run within your primary cluster by default. If you're managing 10+ clusters, we recommend a dedicated management cluster running in hub-spoke mode.

Can I use eksctl instead of Terraform?

Yes, but the DevOpsGenie Terraform modules provide significantly more configuration surface area, better drift detection, and GitOps-compatible state management. eksctl is convenient for sandbox clusters but not recommended for production.

What are the minimum node requirements?

For the platform stack itself (not application workloads):

Component Group	Min vCPU	Min Memory
System / add-ons	2	8 GiB
ArgoCD	1	2 GiB
Monitoring stack	2	4 GiB
Total platform overhead	5	14 GiB

We recommend a minimum of 3 × m6i.xlarge nodes for the platform components, separate from application workloads.

Kubernetes & EKS

Should I use Karpenter or Cluster Autoscaler?

Karpenter is strongly preferred for workload nodes. It provisions nodes faster (~60s vs 2–4 minutes), supports bin-packing, handles spot interruption gracefully, and reduces wasted capacity. Cluster Autoscaler is disabled on workload node groups when Karpenter is active.

Cluster Autoscaler is retained only for the system node group where platform components run.

How does DevOpsGenie handle cluster upgrades?

Cluster upgrades follow a blue/green node strategy:

New managed node group provisioned at the target version
Workloads migrated via controlled drain
Old node group terminated

Control plane upgrades happen independently and are managed by AWS. Run devopsgenie cluster upgrade --dry-run before any upgrade for a pre-flight compatibility report.

Can I use Fargate with DevOpsGenie?

Yes. Fargate profiles are supported for specific namespace/label combinations. Note that some components (Falco, Prometheus node-exporter) require host-level access and cannot run on Fargate. We recommend Fargate for short-lived batch workloads and EC2-backed nodes for stateful services and platform components.

CI/CD & GitOps

Which CI systems are supported?

DevOpsGenie is pipeline-agnostic. The GitOps pattern works with any CI system that can:

Build and push a container image
Commit an image tag update to a GitOps repository

Tested integrations include: GitHub Actions, GitLab CI, Tekton, Jenkins, and CircleCI.

How do I handle secrets in my GitOps repository?

Never commit plaintext secrets. Use:

External Secrets Operator + AWS Secrets Manager for runtime secrets
Sealed Secrets if you must store encrypted secrets in Git (not recommended for new deployments)
IRSA for AWS API access — no credentials required

ArgoCD says my app is "OutOfSync" but I haven't changed anything. What's wrong?

This usually indicates drift — the live cluster state differs from the Git manifest. Common causes:

A kubectl apply was run outside of GitOps
A Horizontal Pod Autoscaler modified the replica count (exclude .spec.replicas from sync)
A mutating admission webhook injected fields that aren't in Git

Enable selfHeal: true in the ArgoCD Application to automatically correct drift, or investigate and reconcile manually.

Security

Is DevOpsGenie SOC 2 compliant?

DevOpsGenie Platform (the managed SaaS offering) is SOC 2 Type II certified. When you deploy DevOpsGenie in your own AWS account, compliance posture depends on your configuration. The platform ships with controls aligned to CIS Kubernetes Benchmark 1.8 and AWS Well-Architected Framework.

How are secrets rotated?

Secrets stored in AWS Secrets Manager are rotated using Lambda rotation functions (built-in for RDS, or custom for other credentials). External Secrets Operator re-syncs Kubernetes Secrets on a configurable refreshInterval (default: 1 hour). For immediate rotation, trigger a devopsgenie secrets rotate --name <secret-name>.

What happens if OPA Gatekeeper blocks a deployment?

OPA Gatekeeper runs in Enforce mode by default. Blocked deployments will receive a clear error message describing which constraint was violated. To debug:

# View constraint violations
kubectl get constraints

# Get details on a specific violation
kubectl describe k8srequiredresources require-resource-limits

# Check Gatekeeper audit results
kubectl get constrainttemplate -o yaml

If you need an exception, you can add a namespace-level exclusion to the constraint, or escalate to your platform team for review.

Observability

How long is metrics data retained?

By default, Prometheus retains 15 days of metrics data in local TSDB. For longer retention, enable Thanos integration with an S3 bucket (see Observability Guide). Thanos supports query and retention across unlimited time ranges.

Can I use Datadog or New Relic instead of the built-in stack?

Yes. The built-in observability stack (Prometheus, Grafana, Loki) is the default and is included at no additional cost. If your organization already uses Datadog or New Relic, you can:

Install the respective Helm chart alongside the platform stack
Disable components you don't need in devopsgenie.yaml
Use OpenTelemetry Collector to fan out traces to multiple backends

Getting Support

Channel	Use For
GitHub Issues	Bug reports, feature requests
Discord	Community questions, sharing use cases
Email Support	Enterprise support, billing
Office Hours	Monthly live Q&A with the core team

General​

What is DevOpsGenie?​

Is DevOpsGenie open source?​

What Kubernetes versions does DevOpsGenie support?​

Can I use DevOpsGenie with a non-EKS cluster?​

Installation & Setup​

How long does a first-time setup take?​

Do I need a management cluster?​

Can I use eksctl instead of Terraform?​

What are the minimum node requirements?​

Kubernetes & EKS​

Should I use Karpenter or Cluster Autoscaler?​

How does DevOpsGenie handle cluster upgrades?​

Can I use Fargate with DevOpsGenie?​

CI/CD & GitOps​

Which CI systems are supported?​

How do I handle secrets in my GitOps repository?​

ArgoCD says my app is "OutOfSync" but I haven't changed anything. What's wrong?​

Security​

Is DevOpsGenie SOC 2 compliant?​

How are secrets rotated?​

What happens if OPA Gatekeeper blocks a deployment?​

Observability​

How long is metrics data retained?​

Can I use Datadog or New Relic instead of the built-in stack?​

Getting Support​