Skip to content

Commit

Permalink
merge configure-log-cache-and-forward-metrics-via-mtls.yml into app-a…
Browse files Browse the repository at this point in the history
…utoscaler.yml manifest

also: remove ops file that sets nozzle shard id
  • Loading branch information
geigerj0 committed Jun 5, 2024
1 parent 4020c09 commit ce3d75b
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 142 deletions.
3 changes: 0 additions & 3 deletions ci/autoscaler/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ anchors:
operations/loggregator-certs-from-cf.yml
operations/add-extra-plan.yml
operations/set-release-version.yml
operations/configure-log-cache-and-forward-metrics-via-mtls.yml
operations/enable-metricsforwarder-via-metron-agent.yml
operations/remove-metricsserver.yml
operations/remove-metricsgateway.yml
Expand All @@ -24,7 +23,6 @@ anchors:
operations/loggregator-certs-from-cf.yml
operations/add-extra-plan.yml
operations/set-release-version.yml
operations/configure-log-cache-and-forward-metrics-via-mtls.yml
operations/enable-metricsforwarder-via-syslog-agent.yml
operations/remove-metricsserver.yml
operations/remove-metricsgateway.yml
Expand All @@ -37,7 +35,6 @@ anchors:
operations/add-postgres-variables.yml
operations/enable-nats-tls.yml
operations/loggregator-certs-from-cf.yml
operations/append-deployment-name-to-loggregator-nozzle-shard-id.yml
operations/postgres-persistent-disk.yml
operations/add-extra-plan.yml
operations/set-release-version.yml
Expand Down
1 change: 0 additions & 1 deletion ci/autoscaler/scripts/deploy-autoscaler.sh
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ ops_files=${OPS_FILES:-"${autoscaler_dir}/operations/add-releases.yml\
${autoscaler_dir}/operations/loggregator-certs-from-cf.yml\
${autoscaler_dir}/operations/add-extra-plan.yml\
${autoscaler_dir}/operations/set-release-version.yml\
${autoscaler_dir}/operations/configure-log-cache-and-forward-metrics-via-mtls.yml\
${autoscaler_dir}/operations/remove-metricsserver.yml\
${autoscaler_dir}/operations/remove-metricsgateway.yml\
${autoscaler_dir}/operations/enable-log-cache-via-uaa.yml\
Expand Down

This file was deleted.

110 changes: 0 additions & 110 deletions operations/configure-log-cache-and-forward-metrics-via-mtls.yml

This file was deleted.

85 changes: 62 additions & 23 deletions templates/app-autoscaler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,20 +82,6 @@ addons:
deployment: ((deployment_name))
network: default
domain: bosh
- domain: *metricsgateway_domain
targets:
- query: '*'
instance_group: metricsgateway
deployment: ((deployment_name))
network: default
domain: bosh
- domain: *metricsserver_domain
targets:
- query: '*'
instance_group: metricsserver
deployment: ((deployment_name))
network: default
domain: bosh
# Cf internal names
- domain: nats.service.cf.internal
targets:
Expand Down Expand Up @@ -264,7 +250,7 @@ instance_groups:
ca_cert: ((!metricsserver_client_cert.ca))
client_cert: ((!metricsserver_client_cert.certificate))
client_key: ((!metricsserver_client_cert.private_key))
host: *metricsserver_domain
host: logcache
event_generator:
ca_cert: ((!eventgenerator_client_cert.ca))
client_cert: ((!eventgenerator_client_cert.certificate))
Expand Down Expand Up @@ -583,11 +569,12 @@ instance_groups:
client_key: ((!scalingengine_client_cert.private_key))
host: *scalingengine_domain
metricscollector:
ca_cert: ((!metricsserver_client_cert.ca))
client_cert: ((!metricsserver_client_cert.certificate))
client_key: ((!metricsserver_client_cert.private_key))
port: *metricsserverPort
host: *metricsserver_domain
use_log_cache: true
ca_cert: ((/bosh-autoscaler/cf/log_cache.ca))
client_cert: ((/bosh-autoscaler/cf/log_cache.certificate))
client_key: ((/bosh-autoscaler/cf/log_cache.private_key))
port: 8080
host: logcache
- name: route_registrar
release: routing
consumes:
Expand Down Expand Up @@ -630,10 +617,62 @@ instance_groups:
port: &metricsforwarderServerPort 6201
loggregator:
tls:
ca_cert: ((loggregator_tls_agent.ca))
cert: ((loggregator_tls_agent.certificate))
key: ((loggregator_tls_agent.private_key))
ca_cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.ca))
cert: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.certificate))
key: ((!metricsforwarder_autoscaler_metricsforwarder_loggregator_tls.private_key))
storedprocedure_db: *database
- name: loggr-syslog-agent
release: loggregator-agent
properties:
tls: # connection to syslog-agent
ca_cert: ((!loggr_syslog_agent_tls.ca))
cert: ((!loggr_syslog_agent_tls.certificate))
key: ((!loggr_syslog_agent_tls.private_key))
cache: # connection to syslog-binding-cache
tls:
ca_cert: ((!loggr_syslog_agent_cache_tls.ca))
cert: ((!loggr_syslog_agent_cache_tls.certificate))
key: ((!loggr_syslog_agent_cache_tls.private_key))
cn: loggr_syslog_binding_cache
# url: the value is automatically being generated if syslog-binding-cache is deployed https://github.com/cloudfoundry/loggregator-agent-release/blob/a5366d6d7c490417d12f990c1af0437a1feb067f/jobs/loggr-syslog-agent/templates/bpm.yml.erb#L60
metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration
ca_cert: ((!loggr_syslog_agent_metrics.ca))
cert: ((!loggr_syslog_agent_metrics.certificate))
key: ((!loggr_syslog_agent_metrics.private_key))
server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case
- name: loggr-syslog-binding-cache
release: loggregator-agent
consumes:
cloud_controller: { from: cloud_controller, deployment: cf } # required by job to resolve API URL https://github.com/cloudfoundry/loggregator-agent-release/blob/0e3340f17f94d06cb3d4c11d1553a9a2a5bfb891/jobs/loggr-syslog-binding-cache/templates/bpm.yml.erb#L4
properties:
tls: # connection to syslog-binding-cache api, e.g. /v2/aggregate & /v2/bindings
ca_cert: ((!loggr_syslog_binding_cache_tls.ca))
cert: ((!loggr_syslog_binding_cache_tls.certificate))
key: ((!loggr_syslog_binding_cache_tls.private_key))
cn: loggr_syslog_agent_tls
external_port: 9000
aggregate_drains: # connection to log-cache
- url: "syslog-tls://log-cache.service.cf.internal:6067?include-metrics-deprecated=true&ssl-strict-internal=true"
# reusing these certificates here is a workaround so that we don't need to generate own ones.
# the problem is that when we generate own certificates (see variables section of app-autoscaler.yml),
# we have no possibility to reuse the CA from CF to issue new certificates.
ca: ((/bosh-autoscaler/cf/log_cache_syslog_tls.ca))
cert: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.certificate))
key: ((/bosh-autoscaler/cf/syslog_agent_log_cache_tls.private_key))
metrics: # connection for metric scrapers, here are dummy values configured since the /metrics endpoint can't be disabled via configuration
ca_cert: ((!loggr_syslog_binding_cache_metrics.ca))
cert: ((!loggr_syslog_binding_cache_metrics.certificate))
key: ((!loggr_syslog_binding_cache_metrics.private_key))
server_name: metrics.config.is.required.by.job.specification.but.not.needed.in.our.case
api: # connection to CF cloud controller
# here are dummy values configured since there is no need to query the CC API for all bindings.
# if a customer wants to ever receive their own custom metrics in their own syslog-drain, we would need to configure this properly.
tls:
cn: api.tls.config.is.required.by.job.specification.but.not.needed.in.our.case
ca_cert: ((!loggr_syslog_binding_cache_api_tls.ca))
cert: ((!loggr_syslog_binding_cache_api_tls.certificate))
key: ((!loggr_syslog_binding_cache_api_tls.private_key))
polling_interval: 876000h # 100 years, workaround to basically never poll the cloud controller API
- name: loggregator_agent
release: loggregator-agent
consumes:
Expand Down

0 comments on commit ce3d75b

Please sign in to comment.