-
Notifications
You must be signed in to change notification settings - Fork 102
/
Copy pathspec
216 lines (197 loc) · 9.55 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
---
name: cc_deployment_updater
description: "The Cloud Controller deployment updater periodically updates app deployments"
templates:
bpm.yml.erb: config/bpm.yml
bin/cc_deployment_updater.erb: bin/cc_deployment_updater
pre-backup-lock.sh.erb: bin/bbr/pre-backup-lock
post-backup-unlock.sh.erb: bin/bbr/post-backup-unlock
pre-restore-lock.sh.erb: bin/bbr/pre-restore-lock
post-restore-unlock.sh.erb: bin/bbr/post-restore-unlock
cloud_controller_ng.yml.erb: config/cloud_controller_ng.yml
drain.sh.erb: bin/drain
ruby_version.sh.erb: bin/ruby_version.sh
console.erb: bin/console
stacks.yml.erb: config/stacks.yml
post-start.sh.erb: bin/post-start
pre-start.sh.erb: bin/pre-start
db_ca.crt.erb: config/certs/db_ca.crt
mutual_tls_ca.crt.erb: config/certs/mutual_tls_ca.crt
mutual_tls.crt.erb: config/certs/mutual_tls.crt
mutual_tls.key.erb: config/certs/mutual_tls.key
credhub_ca.crt.erb: config/certs/credhub_ca.crt
packages_ca_cert.pem.erb: config/certs/packages_ca_cert.pem
resource_pool_ca_cert.pem.erb: config/certs/resource_pool_ca_cert.pem
droplets_ca_cert.pem.erb: config/certs/droplets_ca_cert.pem
buildpacks_ca_cert.pem.erb: config/certs/buildpacks_ca_cert.pem
packages:
- capi_utils
- cloud_controller_ng
- libpq
- jemalloc
- mariadb_connector_c
- ruby-3.2
consumes:
- name: database
type: database
optional: true
- name: credhub
type: credhub
optional: true
- name: cloud_controller_internal
type: cloud_controller_internal
- name: file_server
type: file_server
optional: true
properties:
ccdb.databases:
description: "Contains the name of the database on the database server"
ccdb.roles:
description: "Users to create on the database when seeding"
ccdb.db_scheme:
description: "The type of database being used. mysql or postgres"
default: postgres
ccdb.address:
description: "The address of the database server"
ccdb.port:
description: "The port of the database server"
ccdb.max_connections:
default: 25
description: "Maximum connections for Sequel"
ccdb.pool_timeout:
default: 10
description: "The timeout for Sequel pooled connections"
ccdb.ca_cert:
default: ~
description: "The CA certificate to use when communicating with the database over SSL"
ccdb.ssl_verify_hostname:
default: true
description: "Verify that the database SSL certificate matches the host to which the connection is attempted"
ccdb.read_timeout:
default: 3600
description: "The read timeout in seconds for query responses, passed directly to the Sequel gem - see /~https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details"
ccdb.connection_validation_timeout:
default: 3600
description: "The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications"
ccdb.connection_expiration_timeout:
description: "The period in seconds after which connections are expired (omit to never expire connections), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details"
ccdb.connection_expiration_random_delay:
description: "The random delay in seconds to the expiration timeout (to prevent all connections being recreated simultaneously), passed directly to the Sequel gem - see https://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_expiration_rb.html for details"
cc.readiness_port.deployment_updater:
default: -1
description: "Readiness port used in k8s to check that db migrations are complete before component update"
cc.db_encryption_key:
default: ""
description: "key for encrypting sensitive values in the CC database"
ccdb.max_migration_duration_in_minutes:
description: "the maximum time migrations should be allowed to run before job startup should error"
default: 20160
cc.database_encryption.keys:
default: {}
description: "label-key pairs for encrypting sensitive values in the CC database; labels must be < 256 characters long"
cc.database_encryption.current_key_label:
default: ""
description: "current key label for encrypting values in the CC database"
cc.temporary_disable_deployments:
description: "Do not allow the API client to create app deployments (temporary)"
default: false
cc.logging_level:
default: "info"
description: "Log level for CC. Valid levels are listed here: /~https://github.com/cloudfoundry/steno#log-levels."
cc.logging_max_retries:
default: 1
description: "Passthru value for Steno logger"
cc.log_db_queries:
default: false
description: "Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets."
cc.db_logging_level:
default: "debug2"
description: "Level at which cc database operations will be logged if cc.log_db_queries is set to true."
cc.thresholds.api.alert_if_above_mb:
description: "The CC will alert if memory remains above this threshold for 3 monit cycles"
default: 3500
cc.thresholds.api.restart_if_consistently_above_mb:
description: "The CC will restart if memory remains above this threshold for 15 monit cycles"
default: 3500
cc.thresholds.api.restart_if_above_mb:
description: "The CC will restart if memory remains above this threshold for 3 monit cycles"
default: 3750
cc.thresholds.api.alert_if_above_memory_percent:
description: "The cc will alert if memory remains above this percent threshold for 3 monit cycles. If specified, this threshold is used over `cc.thresholds.api.alert_if_above_mb`. Value must be percent integer, e.g. '80'."
cc.thresholds.api.restart_if_consistently_above_memory_percent:
description: "The cc will restart if memory remains above this percent threshold for 15 monit cycles. If specified, this threshold is used over `cc.thresholds.api.restart_if_consistently_above_mb` and `restart_if_above_mb`. Value must be percent integer, e.g. '80'."
cc.diego.bbs.url:
description: "URL of the BBS Server"
default: https://bbs.service.cf.internal:8889
cc.diego.bbs.connect_timeout:
description: "Connect timeout (in seconds) when talking to BBS Server"
default: 10
cc.diego.bbs.send_timeout:
description: "Send timeout (in seconds) when talking to BBS Server"
default: 10
cc.diego.bbs.receive_timeout:
description: "Receive timeout (in seconds) when talking to BBS Server"
default: 10
cc.mutual_tls.ca_cert:
description: "PEM-encoded CA certificate for secure, mutually authenticated TLS communication"
cc.mutual_tls.public_cert:
description: "PEM-encoded certificate for secure, mutually authenticated TLS communication"
cc.mutual_tls.private_key:
description: "PEM-encoded key for secure, mutually authenticated TLS communication"
cc.diego.file_server_url:
description: "URL of file server"
default: http://file-server.service.cf.internal:8080
cc.diego.cc_uploader_url:
description: "URL of cc uploader"
default: http://cc-uploader.service.cf.internal:9090
cc.diego.use_privileged_containers_for_running:
description: "Whether or not to use privileged containers for running buildpack apps and tasks."
default: false
cc.diego.use_privileged_containers_for_staging:
description: "Whether or not to use privileged containers for staging tasks."
default: false
cc.diego.lifecycle_bundles:
description: "List of lifecycle bundles arguments for different stacks"
default:
"buildpack/cflinuxfs4": "buildpack_app_lifecycle/buildpack_app_lifecycle.tgz"
"buildpack/windows": "buildpack_app_lifecycle/buildpack_app_lifecycle.tgz"
"buildpack/windows2012R2": "windows_app_lifecycle/windows_app_lifecycle.tgz"
"buildpack/windows2016": "buildpack_app_lifecycle/buildpack_app_lifecycle.tgz"
"docker": "docker_app_lifecycle/docker_app_lifecycle.tgz"
cc.diego.droplet_destinations:
description: "List of destination directories for different stacks"
default:
"cflinuxfs4": "/home/vcap"
"windows": "/Users/vcap"
"windows2012R2": "/"
"windows2016": "/Users/vcap"
cc.diego.temporary_oci_buildpack_mode:
description: "Temporary flag to enable OCI buildpack flow. Valid values: 'oci-phase-1'"
default: ~
cc.diego.enable_declarative_asset_downloads:
description: "Enable specifying task and app asset downloads as declarative resources"
default: false
cc.diego.pid_limit:
description: "Maximum pid limit for containerized work running user-provided code"
default: 1024
deployment_updater.update_frequency_in_seconds:
description: "How often to update deployments by rolling instances"
default: 5
cc.default_app_memory:
default: 1024
description: "How much memory given to an app if not specified"
cc.default_app_disk_in_mb:
default: 1024
description: "The default disk space an app gets"
cc.maximum_app_disk_in_mb:
default: 2048
description: "The maximum amount of disk a user can request"
cc.instance_file_descriptor_limit:
description: "The file descriptors made available to each app instance"
default: 16384
cc.locket.host:
default: "locket.service.cf.internal"
description: "Hostname of the Locket server"
cc.locket.port:
default: 8891
description: "Port of the Locket server"