Permalink
Fetching contributors…
Cannot retrieve contributors at this time
1487 lines (1326 sloc) 40.6 KB
name: (( meta.environment ))
director_uuid: (( merge ))
default_releases: [{name: cf, version: latest}]
releases: (( merge || default_releases ))
networks: (( merge ))
jobs:
- name: consul_z1
templates: (( merge || meta.consul_templates ))
instances: 2
persistent_disk: 1024
resource_pool: small_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
update:
serial: true
max_in_flight: 1
properties:
consul:
agent:
mode: server
metron_agent:
zone: z1
- name: consul_z2
templates: (( merge || meta.consul_templates ))
instances: 1
persistent_disk: 1024
resource_pool: small_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
update:
serial: true
max_in_flight: 1
properties:
consul:
agent:
mode: server
metron_agent:
zone: z2
- name: nats_z1
templates: (( merge || meta.nats_templates ))
instances: 1
resource_pool: medium_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: nats_z2
templates: (( merge || meta.nats_templates ))
instances: 1
resource_pool: medium_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z2
update: (( merge || empty_hash ))
- name: etcd_z1
templates: (( merge || meta.etcd_templates ))
instances: 2
persistent_disk: 10024
resource_pool: large_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
consul:
agent:
services:
etcd:
name: cf-etcd
update:
serial: true
max_in_flight: 1
- name: etcd_z2
templates: (( merge || meta.etcd_templates ))
instances: 1
persistent_disk: 10024
resource_pool: large_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z2
consul:
agent:
services:
etcd:
name: cf-etcd
update:
serial: true
max_in_flight: 1
- name: stats_z1
templates: (( merge || meta.stats_templates ))
instances: 1
resource_pool: small_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: nfs_z1
templates: (( merge || meta.nfs_templates ))
instances: 0
resource_pool: medium_z1
persistent_disk: 102400
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
blobstore: {}
metron_agent:
zone: z1
route_registrar:
routes: (( merge || meta.blobstore_routes ))
update: (( merge || empty_hash ))
- name: blobstore_z1
templates: (( merge || meta.blobstore_templates ))
instances: 0
resource_pool: medium_z1
persistent_disk: 102400
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
blobstore: {}
metron_agent:
zone: z1
route_registrar:
routes: (( merge || meta.blobstore_routes ))
update: (( merge || empty_hash ))
- name: postgres_z1
templates: (( merge || meta.postgres_templates ))
instances: 0
resource_pool: medium_z1
persistent_disk: 4096
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: uaa_z1
templates: (( merge || meta.uaa_templates ))
instances: 1
resource_pool: medium_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z1
route_registrar:
routes: (( merge || meta.uaa_routes ))
uaa:
proxy:
servers: (( merge || jobs.router_z1.networks.cf1.static_ips jobs.router_z2.networks.cf2.static_ips || nil ))
update: (( merge || empty_hash ))
- name: uaa_z2
templates: (( merge || meta.uaa_templates ))
instances: 1
resource_pool: medium_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
uaa: {}
metron_agent:
zone: z2
route_registrar:
routes: (( merge || meta.uaa_routes ))
uaa:
proxy:
servers: (( merge || jobs.router_z1.networks.cf1.static_ips jobs.router_z2.networks.cf2.static_ips || nil ))
update: (( merge || empty_hash ))
- name: api_z1
templates: (( merge || meta.api_templates ))
instances: 1
resource_pool: large_z1
persistent_disk: 0
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
consul:
agent:
services: (( merge || meta.api_consul_services ))
metron_agent:
zone: z1
route_registrar:
routes: (( merge || meta.api_routes ))
nfs_server: (( meta.nfs_server ))
update: (( merge || empty_hash ))
- name: api_z2
templates: (( merge || meta.api_templates ))
instances: 1
resource_pool: large_z2
persistent_disk: 0
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
consul:
agent:
services: (( merge || meta.api_consul_services ))
metron_agent:
zone: z2
route_registrar:
routes: (( merge || meta.api_routes ))
nfs_server: (( meta.nfs_server ))
update: (( merge || empty_hash ))
- name: clock_z1
templates: (( merge || meta.clock_templates ))
instances: 1
resource_pool: medium_z1
persistent_disk: 0
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: api_worker_z1
templates: (( merge || meta.api_worker_templates ))
instances: 1
resource_pool: small_z1
persistent_disk: 0
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z1
nfs_server: (( meta.nfs_server ))
update: (( merge || empty_hash ))
- name: clock_z2
templates: (( merge || meta.clock_templates ))
instances: 1
resource_pool: medium_z2
persistent_disk: 0
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z2
update: (( merge || empty_hash ))
- name: api_worker_z2
templates: (( merge || meta.api_worker_templates ))
instances: 1
resource_pool: small_z2
persistent_disk: 0
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
metron_agent:
zone: z2
nfs_server: (( meta.nfs_server ))
update: (( merge || empty_hash ))
- name: loggregator_z1
templates: (( merge || meta.loggregator_templates ))
instances: 0
resource_pool: medium_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
doppler:
zone: z1
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: loggregator_z2
templates: (( merge || meta.loggregator_templates ))
instances: 0
resource_pool: medium_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
doppler:
zone: z2
metron_agent:
zone: z2
update: (( merge || empty_hash ))
- name: doppler_z1
templates: (( merge || meta.loggregator_templates ))
instances: 1
resource_pool: medium_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
<<: (( merge ))
doppler:
zone: z1
metron_agent:
zone: z1
consul:
agent:
services:
doppler:
name: doppler
update: (( merge || empty_hash ))
- name: doppler_z2
templates: (( merge || meta.loggregator_templates ))
instances: 1
resource_pool: medium_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
<<: (( merge ))
doppler:
zone: z2
metron_agent:
zone: z2
consul:
agent:
services:
doppler:
name: doppler
update: (( merge || empty_hash ))
- name: loggregator_trafficcontroller_z1
templates: (( merge || meta.loggregator_trafficcontroller_templates ))
instances: 1
resource_pool: small_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
<<: (( merge ))
loggregator:
uaa:
client_secret: (( .properties.uaa.clients.doppler.secret ))
traffic_controller:
zone: z1
consul:
agent:
services:
loggregator_trafficcontroller: {}
metron_agent:
zone: z1
route_registrar:
routes: (( merge || meta.loggregator_trafficcontroller_routes ))
update:
serial: true
max_in_flight: 1
- name: loggregator_trafficcontroller_z2
templates: (( merge || meta.loggregator_trafficcontroller_templates ))
instances: 1
resource_pool: small_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
<<: (( merge ))
loggregator:
uaa:
client_secret: (( .properties.uaa.clients.doppler.secret ))
traffic_controller:
zone: z2
consul:
agent:
services:
loggregator_trafficcontroller: {}
metron_agent:
zone: z2
route_registrar:
routes: (( merge || meta.loggregator_trafficcontroller_routes ))
update:
serial: true
max_in_flight: 1
- name: router_z1
templates: (( merge || meta.router_templates ))
instances: 1
resource_pool: router_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
gorouter: {}
metron_agent:
zone: z1
router:
isolation_segments: (( merge || [] ))
routing_table_sharding_mode: all
update: (( merge || empty_hash ))
- name: router_z2
templates: (( merge || meta.router_templates ))
instances: 1
resource_pool: router_z2
default_networks:
- name: cf2
networks: (( merge || default_networks ))
properties:
consul:
agent:
services:
gorouter: {}
metron_agent:
zone: z2
router:
isolation_segments: (( merge || [] ))
routing_table_sharding_mode: all
update: (( merge || empty_hash ))
- name: ha_proxy_z1
templates: (( merge || meta.ha_proxy_templates ))
instances: 0
resource_pool: router_z1
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
ha_proxy:
router:
servers: (( merge || jobs.router_z1.networks.cf1.static_ips jobs.router_z2.networks.cf2.static_ips || nil ))
metron_agent:
zone: z1
update: (( merge || empty_hash ))
- name: acceptance_tests
templates:
- name: acceptance-tests
release: (( meta.cf_release_name ))
instances: 1
resource_pool: small_errand
lifecycle: errand
default_networks:
- name: cf1
networks: (( merge || default_networks ))
- name: smoke_tests
templates:
- name: smoke-tests
release: (( meta.cf_release_name ))
instances: 0
resource_pool: small_errand
lifecycle: errand
default_networks:
- name: cf1
networks: (( merge || default_networks ))
properties:
<<: (( merge ))
properties:
<<: (( merge ))
app_ssh: ~
blobstore:
port: (( merge || 8080 ))
admin_users: (( merge || nil ))
secure_link:
secret: (( merge || nil ))
tls:
port: (( merge || 4443 ))
cert: ~
private_key: ~
ca_cert: ~
consul:
dns_config: (( merge || nil ))
agent:
domain: cf.internal
log_level: (( merge || nil ))
servers:
lan: (( meta.consul_servers ))
ca_cert: (( merge ))
agent_cert: (( merge ))
agent_key: (( merge ))
encrypt_keys: (( merge ))
server_cert: (( merge ))
server_key: (( merge ))
dropsonde:
enabled: true
support_address: (( merge || "http://support.cloudfoundry.com" ))
description: null
ssl:
skip_cert_verify: (( merge || false ))
system_domain: (( merge ))
system_domain_organization: ~
app_domains: (( [system_domain] ))
disk_quota_enabled: true
request_timeout_in_seconds: 900
nats:
user: (( merge ))
password: (( merge ))
port: 4222
machines: (( merge || jobs.nats_z1.networks.cf1.static_ips jobs.nats_z2.networks.cf2.static_ips ))
debug: false
trace: false
monitor_port: 0
prof_port: 0
etcd:
machines: (( merge || jobs.etcd_z1.networks.cf1.static_ips jobs.etcd_z2.networks.cf2.static_ips ))
require_ssl: (( merge || false ))
peer_require_ssl: (( .properties.etcd.require_ssl ))
advertise_urls_dns_suffix: cf-etcd.service.cf.internal
ca_cert: (( merge || "" ))
client_cert: (( merge || "" ))
client_key: (( merge || "" ))
cluster:
- instances: (( jobs.etcd_z1.instances ))
name: etcd_z1
- instances: (( jobs.etcd_z2.instances ))
name: etcd_z2
peer_ca_cert: (( merge || "" ))
peer_cert: (( merge || "" ))
peer_key: (( merge || "" ))
server_cert: (( merge || "" ))
server_key: (( merge || "" ))
etcd_metrics_server:
etcd:
require_ssl: (( .properties.etcd.require_ssl ))
ca_cert: (( .properties.etcd.ca_cert ))
client_cert: (( .properties.etcd.client_cert ))
client_key: (( .properties.etcd.client_key ))
dns_suffix: (( .properties.etcd.advertise_urls_dns_suffix ))
loggregator:
maxRetainedLogMessages: 100
debug: (( merge || false ))
blacklisted_syslog_ranges: ~
outgoing_dropsonde_port: 8081
tls:
ca_cert: (( merge ))
doppler:
cert: (( merge ))
key: (( merge ))
trafficcontroller:
cert: (( merge ))
key: (( merge ))
cc_trafficcontroller:
cert: (( merge ))
key: (( merge ))
metron:
cert: (( merge ))
key: (( merge ))
syslogdrainbinder:
cert: (( merge ))
key: (( merge ))
statsd_injector:
cert: (( merge ))
key: (( merge ))
etcd:
machines: [(( .properties.etcd.advertise_urls_dns_suffix ))]
require_ssl: (( .properties.etcd.require_ssl ))
ca_cert: (( .properties.etcd.ca_cert ))
loggregator_endpoint:
shared_secret: (( merge ))
doppler:
message_drain_buffer_size: ~
zone: (( merge || nil ))
maxRetainedLogMessages: 100
debug: (( merge || false ))
blacklisted_syslog_ranges: ~
unmarshaller_count: (( merge || 5 ))
port: (( merge || 4443 ))
outgoing_port: (( merge || 8081 ))
tls:
server_cert: ~
server_key: ~
port: ~
enable: ~
etcd:
client_cert: (( .properties.etcd.client_cert ))
client_key: (( .properties.etcd.client_key ))
doppler_endpoint:
shared_secret: (( .properties.loggregator_endpoint.shared_secret ))
statsd_injector:
deployment: (( meta.environment ))
metron_agent:
deployment: (( meta.environment ))
preferred_protocol: ~
protocols: ~
etcd:
client_cert: (( .properties.etcd.client_cert ))
client_key: (( .properties.etcd.client_key ))
tls:
client_cert: ~
client_key: ~
traffic_controller:
zone: (( merge || nil ))
disable_access_control: (( merge || nil ))
security_event_logging:
enabled: (( merge || false ))
etcd:
client_cert: (( .properties.etcd.client_cert ))
client_key: (( .properties.etcd.client_key ))
logger_endpoint: ~
syslog_drain_binder:
etcd:
client_cert: (( .properties.etcd.client_cert ))
client_key: (( .properties.etcd.client_key ))
cc:
diego:
use_privileged_containers_for_running: (( merge || nil ))
use_privileged_containers_for_staging: (( merge || nil ))
insecure_docker_registry_list: (( merge || nil ))
pid_limit: (( merge || nil ))
temporary_local_staging: (( merge || nil ))
temporary_local_tasks: (( merge || nil ))
temporary_local_apps: (( merge || nil ))
temporary_local_sync: (( merge || nil ))
temporary_local_tps: (( merge || nil ))
temporary_cc_uploader_mtls: (( merge || nil ))
temporary_droplet_download_mtls: (( merge || nil ))
bbs:
url: (( merge || nil ))
tls_port: (( merge ))
mutual_tls:
ca_cert: (( merge ))
public_cert: (( merge ))
private_key: (( merge ))
jobs:
global:
timeout_in_seconds: 14400 # 4 hours
app_bits_packer:
timeout_in_seconds: ~
app_events_cleanup:
timeout_in_seconds: ~
app_usage_events_cleanup:
timeout_in_seconds: ~
blobstore_delete:
timeout_in_seconds: ~
blobstore_upload:
timeout_in_seconds: ~
droplet_deletion:
timeout_in_seconds: ~
droplet_upload:
timeout_in_seconds: ~
generic:
number_of_workers: ~
app_events:
cutoff_age_in_days: 31
app_usage_events:
cutoff_age_in_days: 31
service_usage_events:
cutoff_age_in_days: 31
audit_events:
cutoff_age_in_days: 31
users_can_select_backend: true
default_to_diego_backend: true
allow_app_ssh_access: true
default_app_ssh_access: (( merge || nil ))
default_app_memory: 1024
default_app_disk_in_mb: 1024
maximum_app_disk_in_mb: 2048
client_max_body_size: 15M
default_health_check_timeout: 60
maximum_health_check_timeout: 180
min_cli_version: ~
min_recommended_cli_version: ~
system_hostnames: ~
external_host: api
external_port: 9022
srv_api_uri: (( "https://" external_host "." system_domain ))
internal_service_hostname: "cloud-controller-ng.service.cf.internal"
bulk_api_password: (( merge ))
internal_api_user: "internal_user"
internal_api_password: (( bulk_api_password ))
logging_level: debug2
db_logging_level: debug2
staging_upload_user: (( merge ))
staging_upload_password: (( merge ))
db_encryption_key: (( merge ))
directories: ~
disable_custom_buildpacks: false
release_level_backup: false
broker_client_timeout_seconds: 70
broker_client_default_async_poll_interval_seconds: ~
broker_client_max_async_poll_duration_minutes: ~
resource_pool:
blobstore_type: (( merge || "webdav" ))
webdav_config: (( merge || properties.cc.webdav_config ))
resource_directory_key: (( system_domain "-cc-resources" ))
fog_connection: ~
fog_aws_storage_options: ~
cdn: ~
packages:
blobstore_type: (( merge || "webdav" ))
webdav_config: (( merge || properties.cc.webdav_config ))
app_package_directory_key: (( system_domain "-cc-packages" ))
fog_connection: ~
fog_aws_storage_options: ~
cdn: ~
max_package_size: 1073741824
max_valid_packages_stored: ~
droplets:
blobstore_type: (( merge || "webdav" ))
webdav_config: (( merge || properties.cc.webdav_config ))
droplet_directory_key: (( system_domain "-cc-droplets" ))
fog_connection: ~
fog_aws_storage_options: ~
cdn: ~
max_staged_droplets_stored: ~
development_mode: false
newrelic:
license_key: ~
environment_name: (( meta.environment ))
developer_mode: (( cc.development_mode ))
monitor_mode: false
capture_params: false
transaction_tracer:
enabled: true
record_sql: "obfuscated"
buildpacks:
blobstore_type: (( merge || "webdav" ))
webdav_config: (( merge || properties.cc.webdav_config ))
buildpack_directory_key: (( system_domain "-cc-buildpacks" ))
fog_connection: ~
fog_aws_storage_options: ~
cdn: ~
quota_definitions: (( merge || meta.default_quota_definitions ))
default_quota_definition: default
user_buildpacks: (( merge || [] ))
system_buildpacks: (( merge || default_buildpacks ))
default_buildpacks:
- name: staticfile_buildpack
package: staticfile-buildpack
- name: java_buildpack
package: java-buildpack
- name: ruby_buildpack
package: ruby-buildpack
- name: dotnet_core_buildpack
package: dotnet-core-buildpack
- name: nodejs_buildpack
package: nodejs-buildpack
- name: go_buildpack
package: go-buildpack
- name: python_buildpack
package: python-buildpack
- name: php_buildpack
package: php-buildpack
- name: binary_buildpack
package: binary-buildpack
install_buildpacks: (( system_buildpacks user_buildpacks ))
stacks: ~
security_group_definitions: (( merge || meta.default_security_group_definitions ))
default_running_security_groups: (( merge || ["public_networks", "dns"] ))
default_staging_security_groups: (( merge || ["public_networks", "dns"] ))
allowed_cors_domains: (( merge || [] ))
thresholds:
api:
alert_if_above_mb: ~
restart_if_consistently_above_mb: ~
restart_if_above_mb: ~
worker:
alert_if_above_mb: ~
restart_if_consistently_above_mb: ~
restart_if_above_mb: ~
external_protocol: ~
webdav_config:
blobstore_timeout: 5
private_endpoint: "https://blobstore.service.cf.internal:4443"
public_endpoint: (( "http://blobstore." system_domain || nil))
username: (( properties.blobstore.admin_users.[0].username || nil ))
password: (( properties.blobstore.admin_users.[0].password || nil ))
ca_cert: (( properties.blobstore.tls.ca_cert || nil ))
reserved_private_domains: ~
minimum_candidate_stagers: (( merge || nil ))
volume_services_enabled: (( merge || nil ))
security_event_logging:
enabled: (( merge || nil ))
rate_limiter: (( merge || nil ))
ccdb: (( merge ))
ha_proxy: (( merge || nil ))
login:
branding: (( merge || nil ))
enabled: true
analytics:
code: ~
domain: ~
url: ~
catalina_opts: ~
protocol: ~
brand: oss
asset_base_url: ~
self_service_links_enabled: ~
messages: ~
notifications:
url: ~
smtp:
<<: (( merge || nil ))
host: ~
port: ~
user: ~
password: ~
links:
passwd: (( "https://login." system_domain "/forgot_password" ))
signup: (( "https://login." system_domain "/create_account" ))
logout: ~
saml: ~
restricted_ips_regex: ~
uaa:
ca_cert: (( merge ))
catalina_opts: ~
url: (( "https://uaa." system_domain ))
internal_url: (( merge || "https://uaa.service.cf.internal:8443" ))
issuer: (( url ))
no_ssl: ~
require_https: ~
limitedFunctionality:
enabled: (( merge || nil ))
whitelist:
endpoints: (( merge || nil ))
methods: (( merge || nil ))
scim:
userids_enabled: (( merge || true ))
users: (( merge ))
external_groups: ~
groups: ~
ssl:
port: 8443
sslCertificate: (( merge ))
sslPrivateKey: (( merge ))
jwt: (( merge ))
cc:
client_secret: (( merge ))
admin:
client_secret: (( merge ))
authentication:
policy:
lockoutAfterFailures: ~
countFailuresWithinSeconds: ~
lockoutPeriodSeconds: ~
password:
policy:
minLength: ~
requireUpperCaseCharacter: ~
requireLowerCaseCharacter: ~
requireDigit: ~
requireSpecialCharacter: ~
login: ~
ldap: ~
newrelic: ~
port: 8080
user:
<<: (( merge || nil ))
authorities:
- openid
- scim.me
- cloud_controller.read
- cloud_controller.write
- cloud_controller_service_permissions.read
- password.write
- uaa.user
- approvals.me
- oauth.approvals
- notification_preferences.read
- notification_preferences.write
- profile
- roles
- user_attributes
- cloud_controller.user
- actuator.read
clients:
<<: (( merge || nil ))
login:
override: true
scope: openid,oauth.approvals
authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write
secret: (( merge ))
authorized-grant-types: authorization_code,client_credentials,refresh_token
redirect-uri: (( "https://login." system_domain ))
autoapprove: true
cf:
override: true
authorized-grant-types: password,refresh_token
scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,cloud_controller.admin_read_only,cloud_controller.global_auditor,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write
authorities: uaa.none
access-token-validity: 600 # 10 mins
refresh-token-validity: 604800 # 7 days
secret: ''
notifications:
secret: (( merge ))
authorities: cloud_controller.admin,scim.read
authorized-grant-types: client_credentials
doppler:
override: true
authorities: uaa.resource
secret: (( merge ))
authorized-grant-types: client_credentials
cloud_controller_username_lookup:
authorities: scim.userids
secret: (( merge ))
authorized-grant-types: client_credentials
cc_service_key_client:
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
secret: (( merge ))
cc_routing:
authorities: routing.router_groups.read
secret: (( merge ))
authorized-grant-types: client_credentials
gorouter:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: (( merge ))
tcp_emitter:
authorities: routing.routes.write,routing.routes.read
authorized-grant-types: client_credentials
secret: (( merge ))
tcp_router:
authorities: routing.routes.read
authorized-grant-types: client_credentials
secret: (( merge ))
cc-service-dashboards:
secret: (( merge ))
authorities: clients.read,clients.write,clients.admin
authorized-grant-types: client_credentials
token_endpoint: (( merge || nil ))
database: ~
zones:
internal:
hostnames: (( merge || ["uaa.service.cf.internal"] ))
uaadb: (( merge ))
databases: ~
router:
logging_level: (( merge || nil ))
suspend_pruning_if_nats_unavailable: (( merge || nil ))
enable_proxy: (( merge || nil ))
force_forwarded_proto_https: (( merge || nil ))
enable_ssl: (( merge || nil ))
ca_certs: (( merge || nil ))
cipher_suites: (( merge || nil ))
requested_route_registration_interval_in_seconds: (( merge || nil ))
load_balancer_healthy_threshold: (( merge || nil ))
balancing_algorithm: (( merge || nil ))
ssl_skip_validation: (( merge || nil ))
port: (( merge || nil ))
status:
user: (( merge ))
password: (( merge ))
port: (( merge || nil ))
secure_cookies: (( merge || nil ))
route_services_secret: (( merge || nil ))
route_services_secret_decrypt_only: (( merge || nil ))
route_services_timeout: (( merge || nil ))
route_services_recommend_https: (( merge || nil ))
max_idle_connections: (( merge || nil ))
tls_pem: (( merge || nil ))
tracing:
enable_zipkin: (( merge || nil ))
logrotate: (( merge || nil ))
extra_headers_to_log: (( merge || nil ))
debug_address: (( merge || nil ))
drain_wait: (( merge || nil ))
healthcheck_user_agent: (( merge || nil ))
enable_access_log_streaming: (( merge || nil ))
routing_api:
enabled: (( merge || nil ))
uri: (( merge || nil ))
port: (( merge || nil ))
syslog_daemon_config: ~
nfs_server: (( meta.nfs_server ))
collector: (( merge || nil ))
acceptance_tests: (( merge || nil ))
smoke_tests: (( merge || nil ))
compilation:
workers: 6
network: cf1
reuse_compilation_vms: true
cloud_properties: (( merge ))
update:
canaries: 1
max_in_flight: 1
canary_watch_time: 30000-600000
update_watch_time: 5000-600000
serial: true
resource_pools:
- name: small_z1
network: cf1
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: small_z2
network: cf2
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: medium_z1
network: cf1
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: medium_z2
network: cf2
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: large_z1
network: cf1
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: large_z2
network: cf2
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: router_z1
network: (( merge || "cf1" ))
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: router_z2
network: (( merge || "cf2" ))
stemcell: (( meta.stemcell ))
cloud_properties: (( merge ))
env: (( merge || meta.default_env ))
- name: small_errand
network: cf1
stemcell: (( meta.stemcell ))
cloud_properties: (( merge || resource_pools.small_z1.cloud_properties ))
env: (( merge || meta.default_env ))
- name: xlarge_errand
network: cf1
stemcell: (( meta.stemcell ))
cloud_properties: (( merge || resource_pools.large_z1.cloud_properties ))
env: (( merge || meta.default_env ))
meta:
# override this in your stub to set the environment name,
# which is used for the deployment name
#
# i.e. cf-tabasco
environment: ~
default_env:
# Default vcap & root password on deployed VMs (ie c1oudc0w)
# Generated using mkpasswd -m sha-512
bosh:
password: (( merge || "$6$4gDD3aV0rdqlrKC$2axHCxGKIObs6tAmMTqYCspcdvQXh3JJcvWOY2WGb4SrdXtnCyNaWlrf3WEqvYR2MYizEGp3kMmbpwBC6jsHt0" ))
stemcell: (( merge ))
cf_release_name: cf
capi_release_name: (( releases.capi.name || "cf" ))
consul_release_name: (( releases.consul.name || "cf" ))
etcd_release_name: (( releases.etcd.name || "cf" ))
postgres_release_name: (( releases.postgres.name || "cf" ))
java_buildpack_release_name: (( releases.java-buildpack.name || "cf" ))
go_buildpack_release_name: (( releases.go-buildpack.name || "cf" ))
binary_buildpack_release_name: (( releases.binary-buildpack.name || "cf" ))
nodejs_buildpack_release_name: (( releases.nodejs-buildpack.name || "cf" ))
ruby_buildpack_release_name: (( releases.ruby-buildpack.name || "cf" ))
php_buildpack_release_name: (( releases.php-buildpack.name || "cf" ))
python_buildpack_release_name: (( releases.python-buildpack.name || "cf" ))
staticfile_buildpack_release_name: (( releases.staticfile-buildpack.name || "cf" ))
dotnet_core_buildpack_release_name: (( releases.dotnet-core-buildpack.name || "cf" ))
loggregator_release_name: (( releases.loggregator.name || "cf" ))
statsd_injector_release_name: (( releases.statsd-injector.name || "cf" ))
uaa_release_name: (( releases.uaa.name || "cf" ))
routing_release_name: (( releases.routing.name || "cf" ))
consul_servers: (( merge || jobs.consul_z1.networks.cf1.static_ips jobs.consul_z2.networks.cf2.static_ips ))
nfs_client_ranges:
- (( .networks.cf1.subnets.[0].range || nil ))
- (( .networks.cf2.subnets.[0].range || nil ))
nfs_server:
address: (( merge || jobs.nfs_z1.networks.cf1.static_ips.[0] || nil ))
allow_from_entries: (( merge || meta.nfs_client_ranges ))
share: ~
api_routes:
- name: api
tags:
component: CloudController
port: (( .properties.cc.external_port ))
registration_interval: 20s
uris:
- (( "api." .properties.system_domain ))
health_check:
name: api-health-check
script_path: "/var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check"
timeout: 3s
api_consul_services:
cloud_controller_ng: {}
api_templates:
- name: consul_agent
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
release: (( meta.consul_release_name ))
- name: java-buildpack
release: (( meta.java_buildpack_release_name ))
- name: go-buildpack
release: (( meta.go_buildpack_release_name ))
- name: binary-buildpack
release: (( meta.binary_buildpack_release_name ))
- name: nodejs-buildpack
release: (( meta.nodejs_buildpack_release_name ))
- name: ruby-buildpack
release: (( meta.ruby_buildpack_release_name ))
- name: php-buildpack
release: (( meta.php_buildpack_release_name ))
- name: python-buildpack
release: (( meta.python_buildpack_release_name ))
- name: staticfile-buildpack
release: (( meta.staticfile_buildpack_release_name ))
- name: dotnet-core-buildpack
release: (( meta.dotnet_core_buildpack_release_name ))
- name: cloud_controller_ng
release: (( meta.capi_release_name ))
consumes: {nats: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
- name: statsd_injector
release: (( meta.statsd_injector_release_name ))
- name: route_registrar
release: (( meta.routing_release_name ))
consumes: {nats: nil}
api_worker_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: cloud_controller_worker
release: (( meta.capi_release_name ))
consumes: {nats: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
clock_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: cloud_controller_clock
release: (( meta.capi_release_name ))
consumes: {nats: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
consul_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
etcd_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: etcd
release: (( meta.etcd_release_name ))
consumes: {etcd: nil}
- name: etcd_metrics_server
release: (( meta.etcd_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
ha_proxy_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: haproxy
release: (( meta.cf_release_name ))
consumes: {ssh_proxy: nil}
consumes: {router: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
loggregator_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: doppler
release: (( meta.loggregator_release_name ))
- name: syslog_drain_binder
release: (( meta.loggregator_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
loggregator_trafficcontroller_routes:
- name: doppler
port: (( .properties.loggregator.outgoing_dropsonde_port ))
registration_interval: 20s
uris:
- (( "doppler." .properties.system_domain ))
loggregator_trafficcontroller_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: loggregator_trafficcontroller
release: (( meta.loggregator_release_name ))
consumes: {doppler: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
- name: route_registrar
release: (( meta.routing_release_name ))
consumes: {nats: nil}
nats_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: nats
consumes: {nats: nil}
release: (( meta.cf_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
blobstore_routes:
- name: blobstore
port: (( .properties.blobstore.port ))
registration_interval: 20s
tags:
component: blobstore
uris:
- (( "blobstore." .properties.system_domain ))
blobstore_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
- name: blobstore
release: (( meta.capi_release_name ))
consumes: {directories_to_backup: nil}
- name: route_registrar
release: (( meta.routing_release_name ))
consumes: {nats: nil}
nfs_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: debian_nfs_server
release: (( meta.capi_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
- name: blobstore
release: (( meta.capi_release_name ))
consumes: {directories_to_backup: nil}
- name: route_registrar
release: (( meta.routing_release_name ))
consumes: {nats: nil}
postgres_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: postgres
release: (( meta.postgres_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
router_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: gorouter
release: (( meta.routing_release_name ))
consumes: {nats: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
stats_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: collector
release: (( meta.cf_release_name ))
- name: metron_agent
release: (( meta.loggregator_release_name ))
uaa_routes:
- name: uaa
port: (( .properties.uaa.port ))
registration_interval: 4s
tags:
component: uaa
uris:
- (( "uaa." .properties.system_domain ))
- (( "*.uaa." .properties.system_domain ))
- (( "login." .properties.system_domain ))
- (( "*.login." .properties.system_domain ))
health_check:
name: uaa-healthcheck
script_path: /var/vcap/jobs/uaa/bin/health_check
uaa_templates:
- name: consul_agent
release: (( meta.consul_release_name ))
consumes: {consul_client: nil, consul_server: nil, consul_common: nil}
- name: uaa
release: (( meta.uaa_release_name ))
consumes: {router: nil}
- name: metron_agent
release: (( meta.loggregator_release_name ))
- name: route_registrar
release: (( meta.routing_release_name ))
consumes: {nats: nil}
- name: statsd_injector
release: (( meta.statsd_injector_release_name ))
default_quota_definitions:
default:
memory_limit: 10240
total_services: 100
total_service_keys: 1000
non_basic_services_allowed: true
total_routes: 1000
default_security_group_definitions:
- name: public_networks
rules:
- protocol: all
destination: 0.0.0.0-9.255.255.255
- protocol: all
destination: 11.0.0.0-169.253.255.255
- protocol: all
destination: 169.255.0.0-172.15.255.255
- protocol: all
destination: 172.32.0.0-192.167.255.255
- protocol: all
destination: 192.169.0.0-255.255.255.255
- name: dns
rules:
- protocol: tcp
destination: 0.0.0.0/0
ports: '53'
- protocol: udp
destination: 0.0.0.0/0
ports: '53'
empty_hash: {}