Posts

Concourse CI/CD (continuous integration/continuous delivery) can create multi-platform Docker images. This blog post describes how. A multi-platform docker image is one that contains “variants for different architectures”. Docker images are often created for a single architecture (“instruction set architecture” or “ISA”), typically Intel’s/AMD’s x86-64, but with the advent of ARM64-based offerings such as AWS’s Graviton and Apple’s M1/M2, It’s becoming more common to build multi-platform images to avoid the heavy emulation performance penalty (typically >10x) when running an image on a different architecture. Multi-platform images enable a developer, for example, to run a container just as fast on their Apple M1 laptop as their GCP (Google Cloud Platform) Kubernetes cluster. ...

Quickstart First, create your key and your CSR (Certificate Signing Request). In the following example, we are creating a CSR for our vCenter host, “vcenter-80.nono.io”: CN=vcenter-80.nono.io # "CN" is the abbreviation for "Common Name" openssl genrsa -out $CN.key 3072 openssl req \ -new \ -key $CN.key \ -out $CN.csr \ -sha256 \ -subj "/C=US/ST=California/L=San Francisco/O=nono.io/OU=homelab/CN=${CN}/emailAddress=brian.cunnie@gmail.com" \ -config <(cat <<EOF [ req ] distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = ${CN} EOF ) You’ll have two files, vcenter-80.nono.io.key and vcenter-80.nono.io.csr. ...

Network Diagram. We want to maximize the throughput from the blue box (the client) to the green box (HAProxy) Summary We were able to push through almost 450 MB/sec through HAProxy (which terminated our SSL) by carefully matching our 4-core HAProxy with 2 x 4-core Gorouters (which were on a much slower ESXi host). Results Bandwidth MB/second Configuration 201.27MB 1 HAProxy: 1 vCPU 136.47MB 1 HAProxy: 2 vCPUs 270.56MB 2 Gorouters: 1 vCPU 350.48MB 2 Gorouters: 2 vCPUs 447.49MB 1 HAProxy, 2 Gorouters: 4 vCPUs 0. HAProxy with 1 vCPU HAProxy had only 1 vCPU during this iteration, and the CPU was maxed to 100% during the test (according to htop). We suspect that TLS was the culprit for much of the traffic: HAProxy terminated TLS traffic inbound, and initiated TLS to the Gorouters. ...

The Cloud Foundry Acceptance Tests are the gold standard to test the proper functioning of your Cloud Foundry deployment. This guide tells you how to run them. When in doubt, refer to the README. Quick Start cd ~/workspace/ git clone git@github.com:cloudfoundry/cf-acceptance-tests.git cd cf-acceptance-tests . ./.envrc cp example-cats-config.json cats-config.json export CONFIG=cats-config.json cf api api.cf.nono.io # or whatever your Cloud Foundry's API endpoint is cf login -u admin cf create-space -o system system # don't worry if it's already created cf t -o system -s system cf enable-feature-flag diego_docker # necessary if you're running the Docker tests (`"include_docker": true`) cf enable-feature-flag service_instance_sharing # necessary if you're running the sharing tests (`"include_service_instance_sharing": true`) If you don’t have the Cloud Foundry CLI (command line interface), follow the installation instructions. Install the latest version (v8). ...

Recreating the Cluster We want to recreate our cluster while preserving our Vault and Concourse data (we want to recreate our GKE regional cluster as a zonal cluster to take advantage of the GKE free tier which saves us $74.40 per month). Note: when we say, “recreate the cluster”, we really mean, “recreate the cluster”. We destroy the old cluster, including our worker nodes and persistent volumes. Backup Vault In the following example, our storage path is /vault/data, but there’s a chance that yours is different. If it is, replace occurrences of /vault/data with your storage path: ...