Open patrickhuber opened 6 years ago
for posterity... see also: https://github.com/pivotal-cf/pcf-pipelines/blob/master/docs/samples/colocated-credhub-ops/add-credhub-to-atcs.yml
@patrickhuber 's example was useful for me to simply point concourse to an existing credhub (deployed on my bosh director in my case)...but the emerging pattern seems to be keeping concourse-facing credhub separate and scaled with atcs.
I second the emerging pattern that @deadlysyn mentioned. If you use the credhub on bosh director then it will cause downtime when bosh director is updated, this way you get minimal downtime that is coupled to concourse upgrades rather than a 3rd component.
I see a vault sample ops file, adding one for credhub will help others set that up as well.
Here is the sample from my deployment:
Based off of this repo: https://github.com/nsagoo-pivotal/concourse-credhub-bosh-deployment/blob/master/concourse.yml
And this ops file: https://github.com/concourse/concourse-deployment/blob/master/cluster/operations/vault-tls-cert-auth.yml
Optionally could use a ((credhub_url)) variable instead of the IP, but the sample comes from a deployment where credhub is on the same VM as the bosh director.