Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Continue to split diego-cells #863

Merged
merged 1 commit into from
Jun 20, 2024
Merged

Continue to split diego-cells #863

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions bosh/opsfiles/diego-cell-consumes-provides.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Needed because the isolation segment(s) exist
# Use distinct vxlan policy links for tenant cells
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa
value: {as: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa
value: {from: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa
value: {from: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables
value: {as: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config
value: {from: cni_config_tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config
value: {as: cni_config_tenant}

12 changes: 12 additions & 0 deletions bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
- type: remove
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter

- type: remove
path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter

- type: remove
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter


### This makes sure that absolute-cpu-entitlement is still emitting in addition to newer cpu_entitlement
8 changes: 0 additions & 8 deletions bosh/opsfiles/diego-cpu-entitlement.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,4 @@
---
- type: remove
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter

- type: remove
path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter

- type: remove
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter

- type: remove
path: /instance_groups/name=diego-api/jobs/name=bbs/properties/loggregator/app_metric_exclusion_filter
Expand Down
261 changes: 261 additions & 0 deletions bosh/opsfiles/diego-rds-certs-diego-cell.yml
View file
Open in desktop

Large diffs are not rendered by default.

7 changes: 2 additions & 5 deletions bosh/opsfiles/diego-rds-certs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/-
value: &rds-ca |-
path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/-
value: |-
# rds-ca-2015-root.pem - expired 3/2020 but still in use some instances
-----BEGIN CERTIFICATE-----
MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx
Expand Down Expand Up @@ -258,6 +258,3 @@
-----END CERTIFICATE-----


- type: replace
path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/-
value: *rds-ca
14 changes: 14 additions & 0 deletions bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# This file exists to remove CredHub Secured Service Credential Delivery which
# is now on by default in cf-deployment >=4.x.

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates
value:
- ((diego_instance_identity_ca.ca))
- ((uaa_ssl.ca))

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs
value:
- ((diego_instance_identity_ca.ca))
- ((uaa_ssl.ca))
11 changes: 0 additions & 11 deletions bosh/opsfiles/disable-secure-service-credentials.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,3 @@
- type: remove
path: /variables/name=uaa_clients_cc_service_key_client_secret

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates
value:
- ((diego_instance_identity_ca.ca))
- ((uaa_ssl.ca))

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs
value:
- ((diego_instance_identity_ca.ca))
- ((uaa_ssl.ca))
11 changes: 11 additions & 0 deletions bosh/opsfiles/log-levels-diego-cell.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level?
value: error

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level?
value: error

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level?
value: error
12 changes: 0 additions & 12 deletions bosh/opsfiles/log-levels.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level?
value: error

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level?
value: error

- type: replace
path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level?
value: error

- type: replace
path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_event_logging?/enabled
value: true
3 changes: 3 additions & 0 deletions bosh/opsfiles/meta-data-v2-diego-cell.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- type: replace
path: /instance_groups/name=diego-cell/vm_extensions/-
value: meta-data-v2
3 changes: 0 additions & 3 deletions bosh/opsfiles/meta-data-v2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
- type: replace
path: /instance_groups/name=diego-cell/vm_extensions/-
value: meta-data-v2
- type: replace
path: /instance_groups/name=diego-platform-cell/vm_extensions/-
value: meta-data-v2
28 changes: 0 additions & 28 deletions bosh/opsfiles/platform-cells.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,34 +186,6 @@
path: /instance_groups/name=diego-platform-cell/jobs/name=rep/properties/diego/rep/placement_tags?/-
value: platform

# Use distinct vxlan policy links for tenant cells
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa
value: {as: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa
value: {from: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa
value: {from: vpa-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables
value: {from: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables
value: {as: iptables-tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config
value: {from: cni_config_tenant}
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config
value: {as: cni_config_tenant}

# Add platform cells to DNS aliases
- type: replace
Expand Down
18 changes: 18 additions & 0 deletions ci/pipeline.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,24 @@ jobs:
- cf-manifests/bosh/opsfiles/encryption.yml
- cf-manifests/bosh/opsfiles/sql.yml
- cf-manifests/bosh/opsfiles/log-levels.yml
- cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml
- cf-manifests/bosh/opsfiles/instance-profiles.yml
- cf-manifests/bosh/opsfiles/platform-cells.yml
- cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml
- cf-manifests/bosh/opsfiles/diego-cell-disk.yml
- cf-manifests/bosh/opsfiles/scaling-development.yml
- cf-manifests/bosh/opsfiles/cf-networking.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml
- cf-manifests/bosh/opsfiles/smoke-tests.yml
- cf-manifests/bosh/opsfiles/routing.yml
- cf-manifests/bosh/opsfiles/uaa-rds-ca.yml
- cf-manifests/bosh/opsfiles/content-security-policy.yml
- cf-manifests/bosh/opsfiles/loggregator.yml
- cf-manifests/bosh/opsfiles/meta-data-v2.yml
- cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml
- cf-manifests/bosh/opsfiles/router-main.yml
- cf-manifests/bosh/opsfiles/router-main-dev.yml
- cf-manifests/bosh/opsfiles/router-logstash.yml
Expand All @@ -83,6 +88,7 @@ jobs:
- cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml
- cf-manifests/bosh/opsfiles/add-opensearch-ca.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml
- cf-manifests/bosh/opsfiles/aggregate_drains.yml
vars_files:
- cf-manifests/bosh/varsfiles/development.yml
Expand Down Expand Up @@ -570,23 +576,29 @@ jobs:
- cf-manifests/bosh/opsfiles/encryption.yml
- cf-manifests/bosh/opsfiles/sql.yml
- cf-manifests/bosh/opsfiles/log-levels.yml
- cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml
- cf-manifests/bosh/opsfiles/instance-profiles.yml
- cf-manifests/bosh/opsfiles/platform-cells.yml
- cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml
- cf-manifests/bosh/opsfiles/diego-cell-disk.yml
- cf-manifests/bosh/opsfiles/scaling-staging.yml
- cf-manifests/bosh/opsfiles/cf-networking.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml
- cf-manifests/bosh/opsfiles/smoke-tests.yml
- cf-manifests/bosh/opsfiles/routing.yml
- cf-manifests/bosh/opsfiles/uaa-rds-ca.yml
- cf-manifests/bosh/opsfiles/loggregator.yml
- cf-manifests/bosh/opsfiles/meta-data-v2.yml
- cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml
- cf-manifests/bosh/opsfiles/router-main.yml
- cf-manifests/bosh/opsfiles/router-logstash.yml
- cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml
- cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml
vars_files:
- cf-manifests/bosh/varsfiles/staging.yml
- terraform-secrets/terraform.yml
Expand Down Expand Up @@ -1083,23 +1095,29 @@ jobs:
- cf-manifests/bosh/opsfiles/encryption.yml
- cf-manifests/bosh/opsfiles/sql.yml
- cf-manifests/bosh/opsfiles/log-levels.yml
- cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml
- cf-manifests/bosh/opsfiles/instance-profiles.yml
- cf-manifests/bosh/opsfiles/platform-cells.yml
- cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml
- cf-manifests/bosh/opsfiles/diego-cell-disk.yml
- cf-manifests/bosh/opsfiles/scaling-production.yml
- cf-manifests/bosh/opsfiles/cf-networking.yml
- cf-manifests/bosh/opsfiles/routing.yml
- cf-manifests/bosh/opsfiles/smoke-tests.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml
- cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs.yml
- cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml
- cf-manifests/bosh/opsfiles/uaa-rds-ca.yml
- cf-manifests/bosh/opsfiles/loggregator.yml
- cf-manifests/bosh/opsfiles/meta-data-v2.yml
- cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml
- cf-manifests/bosh/opsfiles/router-main.yml
- cf-manifests/bosh/opsfiles/router-logstash.yml
- cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml
- cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml
- cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml
vars_files:
- cf-manifests/bosh/varsfiles/production.yml
- terraform-secrets/terraform.yml
Expand Down