Posts

Is it worth switching your VMware vSphere VM’s SCSI (small computer system interface) from the LSI Logic Parallel controller to the VMware Paravirtual SCSI controller? Except for ultra-high-end database servers (> 1M IOPS ( input/output operations per second)), the answer is “no”; the difference is negligible. Our benchmarks show that VMware’s Paravirtual SCSI (small computer system interface) controller offered a 2-3% performance increase in IOPS (I/O (input/output) operations per second) over the LSI Logic Parallel SCSI controller at the cost of a similar decrease in sequential performance (both read & write). Additionally the Paravirtual SCSI controller (pvscsi) had a slight reduction in CPU (central processing unit) usage on the host (best-case scenario is 3% lower CPU usage). ...

In our previous post, we configured our GKE Concourse CI server, which was the capstone of the series. But we were wrong: this post is the capstone in the series. In this post, we install Vault and configure our Concourse CI server to use Vault to retrieve secrets. Installation Most of these instructions are derived from the Hashicorp tutorial, Vault on Kubernetes Deployment Guide. Create a DNS A record which points to the IP address of your GKE load balancer. In our case, we created vault.nono.io which points to 104.155.144.4. ...

In our previous post, we configured our GKE (Google Kubernetes Engine) to use Let’s Encrypt TLS certificates. In this post, the capstone of our series, we install Concourse CI. Installation These instructions are a more-opinionated version of the canonical instructions for the Concourse CI Helm chart found here: https://github.com/concourse/concourse-chart. First Install: with Helm We use helm to install Concourse. We first add the Helm repo, and then install it. We take the opportunity to bump the default login time from 24 hours to ten days (duration=240h) because we hate re-authenticating to our Concourse every morning. Replace gke.nono.io with your DNS record: ...

In our previous blog post, we configured ingress to our Kubernetes cluster but were disappointed to discover that the TLS certificates were self-signed. In this post we’ll remedy that by installing cert-manager, the Cloud native certificate management tool. Disclaimer: most of this blog post was lifted whole cloth from the most-excellent cert-manager documentation. We merely condensed it & made it more opinionated. Installation Let’s add the Jetstack Helm Repository: ...

In our previous blog post, we set up our Kubernetes cluster and deployed a pod running nginx, but the experience was disappointing—we couldn’t browse to our pod. Let’s fix that by deploying the nginx Ingress controller. Acquire the External IP Address (Elastic IP) We’ll use the Google Cloud console to acquire the external address [external address] for our load balancer. Navigate to VPC network → External IP addresses → Reserve Static Address: ...