forked from cloudfoundry/cf-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
add-persistent-isolation-segment-syslog-drain.yml
143 lines (138 loc) · 3.62 KB
/
add-persistent-isolation-segment-syslog-drain.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# DEPRECATED
---
- type: replace
path: /instance_groups/-
value:
name: isolated-adapter
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
networks:
- name: default
jobs:
- name: adapter
release: cf-syslog-drain
provides:
adapter_addrs: {as: isolated_adapter_addrs}
consumes:
reverse_log_proxy: {from: isolated_reverse_log_proxy}
properties:
scalablesyslog:
adapter:
tls:
ca: "((isolated_adapter_tls.ca))"
cert: "((isolated_adapter_tls.certificate))"
key: "((isolated_adapter_tls.private_key))"
cn: ss-adapter
bosh_dns: true
adapter_rlp:
tls:
ca: "((isolated_adapter_rlp_tls.ca))"
cert: "((isolated_adapter_rlp_tls.certificate))"
key: "((isolated_adapter_rlp_tls.private_key))"
cn: reverselogproxy
# scheduler
- type: replace
path: /instance_groups/name=scheduler/jobs/name=scheduler/consumes?
value:
adapter_addrs: {from: adapter_addrs}
- type: replace
path: /instance_groups/-
value:
name: isolated-scheduler
azs:
- z1
- z2
instances: 2
vm_type: minimal
stemcell: default
update:
serial: true
networks:
- name: default
jobs:
- name: scheduler
release: cf-syslog-drain
consumes:
adapter_addrs: {from: isolated_adapter_addrs}
properties:
scalablesyslog:
scheduler:
api:
url: https://cloud-controller-ng.service.cf.internal:9023
tls:
client:
ca: "((isolated_scheduler_client_tls.ca))"
cert: "((isolated_scheduler_client_tls.certificate))"
key: "((isolated_scheduler_client_tls.private_key))"
adapter_cn: "ss-adapter"
api:
ca: "((cc_tls.ca))"
cert: "((isolated_scheduler_api_tls.certificate))"
key: "((isolated_scheduler_api_tls.private_key))"
cn: "cloud-controller-ng.service.cf.internal"
# metron agent
- type: replace
path: /instance_groups/name=isolated-adapter/jobs/-
value:
name: loggregator_agent
release: loggregator-agent
consumes:
doppler: {from: isolated_doppler}
properties:
doppler:
addr: "isolated-doppler.service.cf.internal"
loggregator:
tls:
ca_cert: "((isolated_loggregator_tls_agent.ca))"
agent:
cert: "((isolated_loggregator_tls_agent.certificate))"
key: "((isolated_loggregator_tls_agent.private_key))"
# variables
- type: replace
path: /variables/-
value:
name: isolated_adapter_tls
type: certificate
options:
ca: isolated_loggregator_ca
common_name: ss-adapter
extended_key_usage:
- server_auth
- client_auth
- type: replace
path: /variables/-
value:
name: isolated_adapter_rlp_tls
type: certificate
options:
ca: isolated_loggregator_ca
common_name: ss-adapter-rlp
extended_key_usage:
- client_auth
- server_auth
- type: replace
path: /variables/-
value:
name: isolated_scheduler_client_tls
type: certificate
options:
ca: isolated_loggregator_ca
common_name: ss-scheduler
extended_key_usage:
- client_auth
- server_auth
- type: replace
path: /variables/-
value:
name: isolated_scheduler_api_tls
type: certificate
options:
ca: service_cf_internal_ca
common_name: ss-scheduler
extended_key_usage:
- client_auth
- server_auth