ops file for enabling TLS on broker

moved from $meta/redis as it can be used generically [#162808676] Signed-off-by: Winna Bridgewater <[email protected]> Co-authored-by: Winna Bridgewater <[email protected]>
pivotal-cf · Feb 21, 2019 · a4342ec · a4342ec
1 parent 9c572c0
commit a4342ec
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/examples/deployment/operations/enable_broker_tls.yml b/examples/deployment/operations/enable_broker_tls.yml
@@ -0,0 +1,29 @@
+---
+- type: replace
+  path: /instance_groups/name=broker/jobs/name=broker/properties/tls?
+  value:
+    certificate: ((broker_cert.certificate))
+    private_key: ((broker_cert.private_key))
+
+- type: replace
+  path: /variables?/-
+  value:
+    name: broker_cert
+    type: certificate
+    options:
+      ca: ((broker_ca_credhub_path))
+      organization: pivotal
+      alternative_names:
+      - ((broker_uri))
+
+- type: replace
+  path: /instance_groups/name=broker/jobs/name=route_registrar/properties/route_registrar
+  value:
+    routes:
+    - name: ((broker_route_name))-tls
+      registration_interval: 20s
+      tls_port: 8080
+      uris:
+        - ((broker_uri))
+      server_cert_domain_san: ((broker_uri))
+