sneal

$ cat > ./cf_prod_tcp_vm_extension.yml <<YAML
vm-extension-config:
  name: cf_prod_tcp_vm_extension
  cloud_properties:
    nsxt:
      lb:
        server_pools:
        - name: cf-prod-tcp-router
YAML

sneal

Assuming you've already deployed a pod named helloworld running Nginx on the non-privileged port 8080, for example using the quay.io/bitnami/nginx image.

$ kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP           NODE                                   NOMINATED NODE   READINESS GATES
helloworld   1/1     Running   0          36m   10.200.1.7   f0287b6b-f419-485c-9ea8-9fc6e21237af   <none>           <none>

Expose a new NodePort service:

sneal

Add Harbor CA Cert to Docker

Download the Harbor CA cert from the UI. Login to harbor, select Projects. Under the project you want to use select Repositories. Click the Registry Certificate button to download the cert. Add the downloaded Harbor CA cert to your system keychain.

$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Downloads/ca.crt

Restart docker daemon from system tray.

Push Nginx to Harbor

$ docker pull nginx:latest

sneal

Build Windows 2019 Image

This example assumes you're going to run the dotnet-environment-viewer sample application. Create a Dockerfile at the root of the application based on the aspnet framework image.

FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8

# The following installs and configured Windows Auth for the app (most apps won't need this)
RUN powershell.exe Add-WindowsFeature Web-Windows-Auth
RUN powershell.exe -NoProfile -Command Set-WebConfigurationProperty -filter /system.WebServer/security/authentication/AnonymousAuthentication -name enabled -value false -PSPath 'IIS:\'
RUN powershell.exe -NoProfile -Command Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath 'IIS:\'

sneal

readonly FUGACIOUS_URL='https://fugacio.us/m'
readonly FUGACIOUS_MAX_VIEWS=3
readonly FUGACIOUS_HOURS='2'

createFugaciousSecret() {
  local user_password="${1}"

  response=$(curl \
    --silent \
    --request POST \

sneal

#!/bin/bash

# Script to populate all of the current environment's Concourse Credhub values
# based off the Terraform output

set -e

credhub_client_secret="$1"
[[ -z "$credhub_client_secret" ]] && { echo "Error: expected the client secret for credhub_admin_client"; exit 1; }

sneal

Let's Encrypt for Pivotal Platform w/Route53

Spin up a Docker container running Ubuntu

docker run -it ubuntu /bin/bash

Now from the running interactive shell we need to install certbot, the route53 plugin, and aws cli.

sneal

create-transport-node-profile

This task creates a nsx-t transport node profile.

inputs:

• nsx-t-installation: a git resource containing this repo's tasks

params:

• NSXT_MANAGER_URL: where nsx-t manager lives, eg nsxmgr-01.haas-417.example.com
• NSXT_ADMIN_USERNAME: eg admin

sneal

#!/usr/bin/env bash
set -eo pipefail

# hello-world                      latest              ef872312fe1b        3 months ago        910 B
# hello-world                      latest              ef872312fe1bbc5e05aae626791a47ee9b032efa8f3bda39cc0be7b56bfe59b9   3 months ago        910 B

# debian                           latest              f6fab3b798be        10 weeks ago        85.1 MB
# debian                           latest              f6fab3b798be3174f45aa1eb731f8182705555f89c9026d8c1ef230cbf8301dd   10 weeks ago        85.1 MB

# check if essential commands are in our PATH

sneal

#
# Postfacto, a free, open-source and self-hosted retro tool aimed at helping
# remote teams.
#
# Copyright (C) 2016 - Present Pivotal Software, Inc.
#
# This program is free software: you can redistribute it and/or modify
#
# it under the terms of the GNU Affero General Public License as
#