-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy path710-rds-broker.yml
131 lines (123 loc) · 4.01 KB
/
710-rds-broker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
- type: replace
path: /releases/-
value:
name: rds-broker
version: 1.61.0
url: https://s3-eu-west-1.amazonaws.com/gds-paas-build-releases/rds-broker-1.61.0.tgz
sha1: 9fbe47bcbdb35c788db4513c6e829a969161264b
- type: replace
path: /instance_groups/-
value:
name: rds_broker
azs: [z1, z2]
instances: 2
vm_type: medium
vm_extensions:
- rds_broker
stemcell: default
networks:
- name: cf
- type: replace
path: /instance_groups/name=rds_broker/jobs?/-
value:
name: rds-metric-collector
release: rds-broker
properties:
rds-metric-collector:
aws:
aws_region: "((terraform_outputs_region))"
rds-broker:
broker_name: "((terraform_outputs_environment))"
db_prefix: "rdsbroker"
master_password_seed: ((secrets_rds_broker_master_password_seed))
loggregator:
ca_cert: "((loggregator_rds_metrics_collector.ca))"
client_cert: "((loggregator_rds_metrics_collector.certificate))"
client_key: "((loggregator_rds_metrics_collector.private_key))"
locket:
api_location: "locket.service.cf.internal:8891"
ca_cert: "((diego_locket_client.ca))"
client_cert: "((diego_locket_client.certificate))"
client_key: "((diego_locket_client.private_key))"
scheduler:
sql_metrics_collector_interval: 60
cloudwatch_metrics_collector_interval: 300
- type: replace
path: /instance_groups/name=rds_broker/jobs?/-
value:
name: rds-broker
release: rds-broker
properties:
rds-broker:
allow_user_provision_parameters: true
allow_user_update_parameters: true
allow_user_bind_parameters: true
aws_region: "((terraform_outputs_region))"
password: ((secrets_rds_broker_admin_password))
state_encryption_key: ((secrets_rds_broker_state_encryption_key))
db_prefix: "rdsbroker"
master_password_seed: ((secrets_rds_broker_master_password_seed))
broker_name: "((terraform_outputs_environment))"
cron_schedule: "0 12 * * *"
keep_snapshots_for_days: 35
host: "0.0.0.0"
port: 443
tls: ((secrets_rds_broker_tls_cert))
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_group_definitions/-
value:
name: rds_broker_instances
rules:
- protocol: tcp
destination: ((terraform_outputs_aws_backing_service_ip_range_start))-((terraform_outputs_aws_backing_service_ip_range_stop))
ports: '5432'
- protocol: tcp
destination: ((terraform_outputs_aws_backing_service_ip_range_start))-((terraform_outputs_aws_backing_service_ip_range_stop))
ports: '3306'
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_running_security_groups/-
value: rds_broker_instances
- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_staging_security_groups/-
value: rds_broker_instances
- type: replace
path: /variables/-
value:
name: secrets_rds_broker_admin_password
type: password
- type: replace
path: /variables/-
value:
name: secrets_rds_broker_master_password_seed
type: password
- type: replace
path: /variables/-
value:
name: secrets_rds_broker_state_encryption_key
type: password
- type: replace
path: /variables/-
value:
name: loggregator_rds_metrics_collector
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: loggregator_rds_metrics_collector
extended_key_usage:
- client_auth
- server_auth
alternative_names:
- loggregator_rds_metrics_collector
- type: replace
path: /variables/-
value:
name: secrets_rds_broker_tls_cert
type: certificate
update_mode: converge
options:
ca: broker_tls_ca
common_name: "rds-broker.service.cf.internal"
alternative_names:
- "rds-broker.service.cf.internal"