My Technical Blog

A collection of how-tos, mostly *nix, mostly in the cloud

Concourse CI on Kubernetes (GKE), Part 6: Concourse & Vault: Backup & Restore

Recreating the Cluster We want to recreate our cluster while preserving our Vault and Concourse data (we want to recreate our GKE regional cluster as a zonal cluster to take advantage of the GKE free tier which saves us $74.40 per month). Note: when we say, “recreate the cluster”, we really mean, “recreate the cluster”. We destroy the old cluster, including our worker nodes and persistent volumes. Backup Vault In the following example, our storage path is /vault/data, but there’s a chance that yours is different....

January 8, 2022 · 4 min · Brian Cunnie

Disk Controller Benchmarks: VMware Paravirtual's vs. LSI Logic Parallel's

Is it worth switching your VMware vSphere VM’s SCSI (small computer system interface) from the LSI Logic Parallel controller to the VMware Paravirtual SCSI controller? Except for ultra-high-end database servers (> 1M IOPS ( input/output operations per second)), the answer is “no”; the difference is negligible. Our benchmarks show that VMware’s Paravirtual SCSI (small computer system interface) controller offered a 2-3% performance increase in IOPS (I/O (input/output) operations per second) over the LSI Logic Parallel SCSI controller at the cost of a similar decrease in sequential performance (both read & write)....

November 19, 2021 · 4 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 5: Vault

In our previous post, we configured our GKE Concourse CI server, which was the capstone of the series. But we were wrong: this post is the capstone in the series. In this post, we install Vault and configure our Concourse CI server to use Vault to retrieve secrets. Installation Most of these instructions are derived from the Hashicorp tutorial, Vault on Kubernetes Deployment Guide. Create a DNS A record which points to the IP address of your GKE load balancer....

November 18, 2021 · 7 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 4: Concourse

In our previous post, we configured our GKE (Google Kubernetes Engine) to use Let’s Encrypt TLS certificates. In this post, the capstone of our series, we install Concourse CI. Installation These instructions are a more-opinionated version of the canonical instructions for the Concourse CI Helm chart found here: https://github.com/concourse/concourse-chart. First Install: with Helm We use helm to install Concourse. We first add the Helm repo, and then install it....

September 1, 2021 · 5 min · Brian Cunnie

Concourse CI on Kubernetes (GKE), Part 3: TLS

In our previous blog post, we configured ingress to our Kubernetes cluster but were disappointed to discover that the TLS certificates were self-signed. In this post we’ll remedy that by installing cert-manager, the Cloud native certificate management tool. Disclaimer: most of this blog post was lifted whole cloth from the most-excellent cert-manager documentation. We merely condensed it & made it more opinionated. Installation Let’s add the Jetstack Helm Repository:...

August 11, 2021 · 4 min · Brian Cunnie