Re: Announcement: default etcd cluster to TLS in cf-release spiff templates


Rich Wohlstadter
 

Hi Michael,

We were hitting the same issue. It turned out to be that that the etcd_proxy (temporarily on etcd_z2) was advertising dns for cf-etcd.service.cf.internal which caused some of the below services to try and contact the proxy securely which would fail. What we did is added a step after you generate the manifest and get ready to deploy the upgrade to v241, edit and delete the following consul property on your etcd_z2 job before deploying:

consul:
agent:
services:
etcd:
name: cf-etcd

That solved the issue. Once everything is talking to the secure etcd standalone and you scale back up the generation scripts will add it back in and your good to go. Hope this helps.

-Rich

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.