Last active
April 6, 2018 14:48
-
-
Save calebwashburn/7b469942844a51d331f563ae27a2c7bd to your computer and use it in GitHub Desktop.
concourse-3.10-credhub
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
instance_groups: | |
- azs: | |
- ((az_name)) | |
instances: 1 | |
jobs: | |
- name: postgres | |
properties: | |
databases: | |
databases: | |
- name: atc | |
- name: credhub | |
- name: uaa | |
port: 5432 | |
roles: | |
- name: concourse | |
password: ((postgres_password)) | |
- name: credhub | |
password: ((credhub-db-password)) | |
- name: uaa | |
password: ((uaa-db-password)) | |
release: postgres | |
name: db | |
networks: | |
- name: ((network_name)) | |
static_ips: | |
- ((concourse_db_ip)) | |
persistent_disk_type: ((db_persistent_disk_type)) | |
stemcell: trusty | |
vm_type: ((db_vm_type)) | |
- azs: | |
- ((az_name)) | |
instances: ((web_instances)) | |
jobs: | |
- name: atc | |
properties: | |
basic_auth_password: ((atc_basic_auth.password)) | |
basic_auth_username: ((atc_basic_auth.username)) | |
credhub: | |
client_id: concourse_to_credhub | |
client_secret: ((concourse_to_credhub_secret)) | |
tls: | |
ca_cert: | |
certificate: ((credhub-tls.ca)) | |
url: https://((concourse_fqdn)):8844 | |
external_url: https://((concourse_fqdn)) | |
postgresql: | |
database: atc | |
role: | |
name: concourse | |
password: ((postgres_password)) | |
tls_bind_port: 443 | |
tls_cert: ((atc_tls.certificate)) | |
tls_key: ((atc_tls.private_key)) | |
token_signing_key: ((token_signing_key)) | |
release: concourse | |
- name: tsa | |
properties: | |
authorized_keys: | |
- ((worker_key.public_key)) | |
host_key: ((tsa_host_key)) | |
token_signing_key: ((token_signing_key)) | |
release: concourse | |
- name: credhub | |
properties: | |
credhub: | |
authentication: | |
uaa: | |
ca_certs: | |
- ((credhub-tls.ca)) | |
url: https://((concourse_fqdn)):8443 | |
verification_key: ((uaa-jwt.public_key)) | |
data_storage: | |
database: credhub | |
host: ((concourse_db_ip)) | |
password: ((credhub-db-password)) | |
port: 5432 | |
require_tls: false | |
type: postgres | |
username: credhub | |
encryption: | |
keys: | |
- active: true | |
encryption_password: ((credhub-encryption-password)) | |
provider_name: int | |
providers: | |
- name: int | |
type: internal | |
port: 8844 | |
tls: ((credhub-tls)) | |
release: credhub | |
- name: uaa | |
properties: | |
login: | |
saml: | |
serviceProviderCertificate: ((credhub-tls.certificate)) | |
serviceProviderKey: ((credhub-tls.private_key)) | |
serviceProviderKeyPassword: "" | |
uaa: | |
admin: | |
client_secret: ((uaa-admin)) | |
clients: | |
concourse_to_credhub: | |
access-token-validity: 1200 | |
authorities: credhub.read,credhub.write | |
authorized-grant-types: client_credentials | |
override: true | |
refresh-token-validity: 3600 | |
scope: "" | |
secret: ((concourse_to_credhub_secret)) | |
credhub_cli: | |
access-token-validity: 1200 | |
authorities: uaa.resource | |
authorized-grant-types: password,refresh_token | |
override: true | |
refresh-token-validity: 3600 | |
scope: credhub.read,credhub.write | |
secret: "" | |
jwt: | |
policy: | |
active_key_id: key-1 | |
keys: | |
key-1: | |
signingKey: ((uaa-jwt.private_key)) | |
revocable: true | |
login: | |
client_secret: ((uaa-login)) | |
port: -1 | |
scim: | |
users: | |
- groups: | |
- scim.write | |
- scim.read | |
- bosh.admin | |
- credhub.read | |
- credhub.write | |
name: admin | |
password: ((uaa-users-admin)) | |
sslCertificate: ((credhub-tls.certificate)) | |
sslPrivateKey: ((credhub-tls.private_key)) | |
url: https://((concourse_fqdn)):8443 | |
zones: | |
internal: | |
hostnames: [] | |
uaadb: | |
address: ((concourse_db_ip)) | |
databases: | |
- name: uaa | |
tag: uaa | |
db_scheme: postgresql | |
port: 5432 | |
roles: | |
- name: uaa | |
password: ((uaa-db-password)) | |
tag: admin | |
release: uaa | |
name: web | |
networks: | |
- name: ((network_name)) | |
static_ips: | |
- ((web_static_ips)) | |
stemcell: trusty | |
vm_type: ((web_vm_type)) | |
- azs: | |
- ((az_name)) | |
instances: ((worker_instances)) | |
jobs: | |
- consumes: | |
baggageclaim: | |
from: worker-baggageclaim | |
name: worker | |
properties: | |
drain_timeout: 10m | |
http_proxy_url: ((proxy_url)) | |
https_proxy_url: ((proxy_url)) | |
no_proxy: ((no_proxy)) | |
tsa: | |
worker_key: ((worker_key)) | |
release: concourse | |
- name: baggageclaim | |
properties: {} | |
provides: | |
baggageclaim: | |
as: worker-baggageclaim | |
release: concourse | |
- name: garden | |
properties: | |
garden: | |
listen_address: 0.0.0.0:7777 | |
listen_network: tcp | |
release: garden-runc | |
name: worker | |
networks: | |
- name: ((network_name)) | |
stemcell: trusty | |
vm_type: ((worker_vm_type)) | |
name: concourse | |
releases: | |
- name: concourse | |
version: latest | |
- name: garden-runc | |
version: latest | |
- name: postgres | |
version: latest | |
- name: uaa | |
version: latest | |
- name: credhub | |
version: latest | |
stemcells: | |
- alias: trusty | |
os: ubuntu-trusty | |
version: latest | |
update: | |
canaries: 1 | |
canary_watch_time: 30000-1200000 | |
max_in_flight: 3 | |
serial: false | |
update_watch_time: 5000-1200000 | |
variables: | |
- name: postgres_password | |
type: password | |
- name: token_signing_key | |
type: rsa | |
- name: tsa_host_key | |
type: ssh | |
- name: worker_key | |
type: ssh | |
- name: concourse_ca | |
options: | |
common_name: ((concourse_fqdn)) | |
is_ca: true | |
type: certificate | |
- name: atc_tls | |
options: | |
alternative_names: | |
- ((concourse_fqdn)) | |
- 127.0.0.1 | |
ca: concourse_ca | |
common_name: ((concourse_fqdn)) | |
type: certificate | |
- name: atc-db-password | |
type: password | |
- name: credhub-encryption-password | |
options: | |
length: 40 | |
type: password | |
- name: credhub-db-password | |
type: password | |
- name: uaa-jwt | |
options: | |
key_length: 4096 | |
type: rsa | |
- name: uaa-users-admin | |
type: password | |
- name: uaa-admin | |
type: password | |
- name: uaa-login | |
type: password | |
- name: uaa-credhub-admin | |
type: password | |
- name: uaa-db-admin | |
type: password | |
- name: uaa-db-password | |
type: password | |
- name: concourse_to_credhub_secret | |
type: password | |
- name: credhub_cli_password | |
type: password | |
- name: concourse_client_secret | |
type: password | |
- name: main-team-password | |
type: password | |
- name: credhub-ca | |
options: | |
common_name: Credhub CA | |
is_ca: true | |
type: certificate | |
- name: credhub-tls | |
options: | |
alternative_names: | |
- ((concourse_fqdn)) | |
- 127.0.0.1 | |
ca: credhub-ca | |
common_name: ((concourse_fqdn)) | |
type: certificate | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment