svrc

while read newline
do
    new=$(date -d "$(echo "$newline" | sed -E 's/-([0-9][0-9])\.([0-9][0-9])\./ \1:\2:/')" '+%s')
    if [ "$old" ] && (( $new - $old > 20))
    then
        printf "%4i seconds gap before %s" "$((new - old))" "$newline"
    fi
    old=$new
done <check_liveness.log

svrc

Vmware Tanzu Kubernetes Grid and VMware Telco Cloud Automation

Welcome! This is a series of quick guides to setting up dev/test/lab environment with Tanzu Kubernetes Grid and/or with VMware Telco Cloud Automation.

This isn't a replacement for the official documentation but rather is a curated, streamlined set of "how tos" from several locations based on my experiences.

svrc

BOSH Links: Why and How

Audience: anyone in the BOSH ecosystem, whether you work on something open-source or proprietary

"BOSH Links" is a feature which simplifies how data is shared between BOSH-deployed jobs that need to collaborate with one another (e.g. a web server and its backing database). Like many BOSH things, the whole "BOSH Links" thing can seem counter-intuitive at first, and it may not be clear why things are the way they are. This note hopes to show some of the powerful benefits of BOSH Links, and provide examples and explanations that make things more intuitive.

1. Why?
2. BASIC: A simple problem statement
3. BASIC: Putting the puzzle pieces together
4. ADVANCED: But what about...

svrc

apiVersion: v1
kind: ServiceAccount
metadata:
  name: calico-node-cleanup
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: calico-node-cleanup

svrc

What does this GIST do or not do

1. Shows you how to use Istio 1.4.0 - 1.4.2 on Kubernetes 1.14+ with a modicum of runtime security for your workloads.
2. Specifically it installs Istio with CNI support, and allows the use of restrictive PodSecurityPolicies for your workloads. Istio 1.4.3 fixes this issue. However, this may still be useful due to a need to add a PSP privileged role to the Istio helm charts!
3. It is designed for VMware PKS, but doesn't require it ... (just change the CNI bin dir and excluded namespaces in values-cni.yml, also swap the ClusterRole pks-privileged and pks-restricted mentioned throughout these files with your own PSP roles).
4. It doesn't fix the need for Istio itself to run as root, but that should be fixed in a future Istio release as it's already fixed in trunk.
5. Update I've also included a workaround for the CNI race condition bug in Istio CNI if you're using a DaemonSet-based CNI. See istio/istio#14327

Prerequisites

svrc

sudo sed -i "s/AZ_NAME_FOR_AVAILABILITY_SETS = 'Availability Sets'.freeze/AZ_NAME_FOR_AVAILABILITY_SETS = 'null'.freeze/" /home/tempest-web/tempest/web/app/models/persistence/models/azure/azure_availability_zone.rb 
sudo service tempest-web restart

svrc

nodes-network.json
{
    "description": "Configurable Nodes Network IP Block",
    "name": "network-profile_nodes-ip-block",
    "parameters": {
        "node_ip_block_ids": [
            "2250dc43-63c8-4bb8-b8cf-c6e12ccfb7de", "3d577e5c-dcaf-4921-9458-d12b0e1318e6"
        ],
        "node_routable":true,
        "node_subnet_prefix":20

svrc

---
name: edge
director_uuid: ((director_uuid))
releases:
- name: haproxy
  version: latest
- name: networking
  version: latest
stemcells:
- alias: default

svrc

#!/bin/bash

# Azure Start/Stop CLI.   Starts or Stops all BOSH-provisioned VMs in a resource group.
# Requires the "Azure 2.0 CLI", aka az ; requires it to be logged in to your azure account

trap "exit" INT

if [ -z "$2" ]; then
  echo "Missing resource group"
  echo "USAGE: azure-bosh.sh [start|stop] [resource group]"

svrc

jobs:
- name: credhub-interpolate
  plan:
  - get: platform-automation-tasks
  - get: platform-automation-image
  - get: vars
  - task: credhub-interpolate
    image: platform-automation-image
    file: platform-automation-tasks/tasks/credhub-interpolate.yml
    input_mapping: