sneal

Map App IDs to App Instances IDs for Windows cell

Find all the app instances running on the Windows Diego cell your interested in. You'll need to SSH into a regular Linux Diego cell to be able to run the cfdot command. Change the below to match the IP address of the Windows Diego cell you're inspecting.

cfdot actual-lrps | grep "192.168.2.20" | jq

sneal

Function Set-VMOvfProperty {
    <#
        .NOTES
        ===========================================================================
         Created by:    William Lam, Shawn Neal
         Organization:  VMware
         Blog:          www.williamlam.com, sneal@sneal.net
         Twitter:       @lamw, @snealnet
        ===========================================================================
        .DESCRIPTION

sneal

#!/usr/bin/env bash

brew install openssl@1.1
mkdir -p /usr/local/opt/openssl/lib/
ln -s /usr/local/opt/openssl@1.1/lib/libcrypto.1.1.dylib /usr/local/opt/openssl/lib/
ln -s /usr/local/opt/openssl@1.1/lib/libssl.1.1.dylib /usr/local/opt/openssl/lib/
pushd /usr/local/opt/openssl/lib/
ln -s libssl.1.1.dylib libssl.dylib
ln -s libcrypto.1.1.dylib libcrypto.dylib
popd

sneal

$ cat > ./cf_prod_tcp_vm_extension.yml <<YAML
vm-extension-config:
  name: cf_prod_tcp_vm_extension
  cloud_properties:
    nsxt:
      lb:
        server_pools:
        - name: cf-prod-tcp-router
YAML

sneal

Assuming you've already deployed a pod named helloworld running Nginx on the non-privileged port 8080, for example using the quay.io/bitnami/nginx image.

$ kubectl get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE   IP           NODE                                   NOMINATED NODE   READINESS GATES
helloworld   1/1     Running   0          36m   10.200.1.7   f0287b6b-f419-485c-9ea8-9fc6e21237af   <none>           <none>

Expose a new NodePort service:

sneal

Add Harbor CA Cert to Docker

Download the Harbor CA cert from the UI. Login to harbor, select Projects. Under the project you want to use select Repositories. Click the Registry Certificate button to download the cert. Add the downloaded Harbor CA cert to your system keychain.

$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Downloads/ca.crt

Restart docker daemon from system tray.

Push Nginx to Harbor

$ docker pull nginx:latest

sneal

Build Windows 2019 Image

This example assumes you're going to run the dotnet-environment-viewer sample application. Create a Dockerfile at the root of the application based on the aspnet framework image.

FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8

# The following installs and configured Windows Auth for the app (most apps won't need this)
RUN powershell.exe Add-WindowsFeature Web-Windows-Auth
RUN powershell.exe -NoProfile -Command Set-WebConfigurationProperty -filter /system.WebServer/security/authentication/AnonymousAuthentication -name enabled -value false -PSPath 'IIS:\'
RUN powershell.exe -NoProfile -Command Set-WebConfigurationProperty -filter /system.webServer/security/authentication/windowsAuthentication -name enabled -value true -PSPath 'IIS:\'

sneal

readonly FUGACIOUS_URL='https://fugacio.us/m'
readonly FUGACIOUS_MAX_VIEWS=3
readonly FUGACIOUS_HOURS='2'

createFugaciousSecret() {
  local user_password="${1}"

  response=$(curl \
    --silent \
    --request POST \

sneal

#!/bin/bash

# Script to populate all of the current environment's Concourse Credhub values
# based off the Terraform output

set -e

credhub_client_secret="$1"
[[ -z "$credhub_client_secret" ]] && { echo "Error: expected the client secret for credhub_admin_client"; exit 1; }

sneal

Let's Encrypt for Pivotal Platform w/Route53

Spin up a Docker container running Ubuntu

docker run -it ubuntu /bin/bash

Now from the running interactive shell we need to install certbot, the route53 plugin, and aws cli.