forked from cloudfoundry/cf-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecure-service-credentials.yml
115 lines (115 loc) · 3.08 KB
/
secure-service-credentials.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
- type: replace
path: /releases/-
value:
name: credhub
sha1: 648658efdef2ff18a69914d958bcd7ebfa88027a
url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=1.9.3
version: 1.9.3
- type: replace
path: /instance_groups/-
value:
azs:
- z1
- z2
instances: 2
jobs:
- consumes:
consul_client:
from: consul_client_link
consul_common:
from: consul_common_link
consul_server: nil
name: consul_agent
properties:
consul:
agent:
services:
credhub: {}
release: consul
- name: credhub
properties:
credhub:
authentication:
mutual_tls:
trusted_cas:
- ((application_ca.certificate))
uaa:
ca_certs:
- ((uaa_ca.certificate))
url: https://uaa.service.cf.internal:8443
verification_key: ((uaa_jwt_signing_key.public_key))
authorization:
acls:
enabled: true
data_storage:
database: credhub
host: sql-db.service.cf.internal
password: ((credhub_database_password))
port: 3306
require_tls: false
type: mysql
username: credhub
encryption:
keys:
- active: true
encryption_password: ((credhub_encryption_password))
provider_name: internal-provider
providers:
- name: internal-provider
type: internal
tls: ((credhub_tls))
release: credhub
name: credhub
networks:
- name: default
stemcell: default
vm_type: minimal
- type: replace
path: /instance_groups/name=database/jobs/name=mysql/properties/cf_mysql/mysql/seeded_databases/-
value:
name: credhub
password: ((credhub_database_password))
username: credhub
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers?/trusted_ca_certificates/-
value: |
((credhub_ca.certificate))
((uaa_ca.certificate))
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs2-rootfs-setup/properties?/cflinuxfs2-rootfs/trusted_certs
value: |
((application_ca.certificate))
((credhub_ca.certificate))
((uaa_ca.certificate))
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api?/ca_cert
value: ((credhub_ca.certificate))
- type: replace
path: /variables/-
value:
name: credhub_encryption_password
type: password
- type: replace
path: /variables/-
value:
name: credhub_database_password
type: password
- type: replace
path: /variables/-
value:
name: credhub_ca
options:
common_name: credhubServerCa
is_ca: true
type: certificate
- type: replace
path: /variables/-
value:
name: credhub_tls
options:
alternative_names:
- credhub.service.cf.internal
- credhub.((system_domain))
ca: credhub_ca
common_name: credhub.((system_domain))
type: certificate