forked from cloudfoundry/cf-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadd-persistent-isolation-segment-router.yml
92 lines (84 loc) · 2.81 KB
/
add-persistent-isolation-segment-router.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
# --- enable iso-seg smoke tests ---
- type: replace
path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/enable_isolation_segment_tests?
value: true
- type: replace
path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/isolation_segment_name?
value: persistent_isolation_segment
- type: replace
path: /instance_groups/name=smoke-tests/jobs/name=smoke_tests/properties/smoke_tests/isolation_segment_domain?
value: "iso-seg.((system_domain))"
- type: replace
path: /instance_groups/-
value:
name: iso-seg-router
azs:
- z1
instances: 1
vm_type: minimal
vm_extensions:
- iso-seg-cf-router-network-properties
stemcell: default
update:
serial: true
networks:
- name: default
jobs:
- name: gorouter
release: routing
properties:
nats:
tls_enabled: true
cert_chain: "((nats_client_cert.certificate))"
private_key: "((nats_client_cert.private_key))"
router:
isolation_segments:
- persistent_isolation_segment
routing_table_sharding_mode: segments
ssl_skip_validation: true
enable_ssl: true
ca_certs:
- ((diego_instance_identity_ca.ca))
- ((cc_tls.ca))
- ((uaa_ssl.ca))
backends:
cert_chain: ((gorouter_backend_tls.certificate))
private_key: ((gorouter_backend_tls.private_key))
tls_pem:
- cert_chain: "((router_ssl.certificate))"
private_key: "((router_ssl.private_key))"
status:
password: "((router_status_password))"
user: router-status
tls:
port: 8443
certificate: ((gorouter_lb_health_tls.certificate))
key: ((gorouter_lb_health_tls.private_key))
route_services_secret: "((router_route_services_secret))"
tracing:
enable_zipkin: true
routing_api:
enabled: true
uaa:
clients:
gorouter:
secret: "((uaa_clients_gorouter_secret))"
ca_cert: "((uaa_ssl.ca))"
ssl:
port: 8443
- type: replace
path: /instance_groups/name=router/jobs/name=gorouter/properties/router/routing_table_sharding_mode?
value: shared-and-segments
- type: replace
path: /instance_groups/name=router/jobs/name=gorouter/provides?/gorouter/as
value: router_primary
- type: replace
path: /instance_groups/name=api/jobs/name=routing-api/consumes?/gorouter/from
value: router_primary
- type: replace
path: /instance_groups/name=uaa/jobs/name=uaa/consumes?/router/from
value: router_primary
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/app_domains/-
value: "iso-seg.((system_domain))"