Skip to content

Commit 96821f1

Browse files
nicklas-dohrnnicklas-dohrn
committed
Add mtls section to ingest from cf
1 parent d56bb74 commit 96821f1

File tree

1 file changed

+33
-1
lines changed

1 file changed

+33
-1
lines changed

docs/ingest-from-cloud-foundry-runtime-f5a7c99.md

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,12 +93,44 @@ For more information about different contexts, tools, options, and best practice
9393
cf service-key <service-instance> <service-key>
9494
```
9595
96-
5. Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice:
96+
5. (a) Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice:
9797
9898
```
9999
cf cups <user-provided-service-name> -l https-batch://<ingest-username>:<ingest-password>@<ingest-endpoint>/cfsyslog?drain-type=all
100100
```
101101
102+
(b) **Use mTLS if required:**
103+
104+
Use this if you need mTLS. You still embed the basic auth username/password into the drain URL, while the certificate material is supplied separately as parameters.
105+
106+
5.1 Prerequisites
107+
- You have obtained the binding JSON (cf service-key <service-instance> <service-key>).
108+
109+
5.2 Extract the following fields from the binding JSON:
110+
- ingest-username
111+
- ingest-password
112+
- ingest-mtls-endpoint
113+
- ingest-mtls-cert
114+
- ingest-mtls-key
115+
- server-ca
116+
117+
5.3 Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline)
118+
```json
119+
creds_payload.json:
120+
{
121+
"ca": "<server-ca>",
122+
"cert": "<ingest-mtls-cert>",
123+
"key": "<ingest-mtls-key>"
124+
}
125+
```
126+
127+
5.4 Create the mTLS-enabled user provided service:
128+
```bash
129+
cf cups <user-provided-service-name> \
130+
-l "https-batch://<ingest-username>:<ingest-password>@<ingest-mtls-endpoint>/cfsyslog?drain-data=all" \
131+
-p creds_payload.json
132+
```
133+
102134
6. Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service.
103135
104136
**Bind the Application to User Provided Service Using SAP BTP Cockpit**

0 commit comments

Comments
 (0)