New Required cc_uploader Server Certs


Timothy Hausler
 

CAPI has been continuing the work to secure internal traffic with CAPI VMs
[1]. Next on the list of jobs that now need certs is CC-Uploader.
CC-Uploader's purpose is to manage blobstore upload requests from Diego,
mostly droplets and build artifacts. In an upcoming CAPI release (1.26.0),
the properties below will be required for the cc-uploader job. There is no
harm in filling in these properties now. * capi.cc_uploader.ca_cert *
capi.cc_uploader.server_cert * capi.cc_uploader.server_key If you're using
manifest generation from diego-release from the example AWS or bosh-lite
manifests, the certs should be generated automatically from upcoming PRs
[2].

Otherwise, please see the following doc for TLS generation:
https://github.com/cloudfoundry/capi-release/blob/develop/docs/tls-configuration.md.
Diego cert generation scripts have been updated include generation of the
new cc-uploader certs that you need. If you have any questions or hit any
speed bumps, please reach out to us on slack in the #capi channel [3].

Best,
Tim Hausler && Jen Spinney, CAPI team members [1]
https://www.pivotaltracker.com/epic/show/2541685 [2]
https://github.com/cloudfoundry/diego-release/pull/292 &
https://github.com/cloudfoundry/cf-deployment/pull/110 [3]
https://cloudfoundry.slack.com/messages/capi/

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.