-
Notifications
You must be signed in to change notification settings - Fork 100
/
spec
663 lines (593 loc) · 26.6 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
---
name: cloud_controller_ng
description: "The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced."
templates:
nginx_ctl.erb: bin/nginx_ctl
nginx.conf.erb: config/nginx.conf
drain.rb: bin/drain
restart_drain.rb: bin/restart_drain
mime.types: config/mime.types
cloud_controller_api.yml.erb: config/cloud_controller_ng.yml
cloud_controller_api_ctl.erb: bin/cloud_controller_ng_ctl
cloud_controller_api_worker_ctl.erb: bin/cloud_controller_worker_ctl
cloud_controller_api_migration_ctl.erb: bin/cloud_controller_migration_ctl
handle_local_blobstore.sh.erb: bin/handle_local_blobstore.sh
stacks.yml.erb: config/stacks.yml
newrelic.yml.erb: config/newrelic.yml
nginx_newrelic_plugin_ctl.erb: bin/nginx_newrelic_plugin_ctl
newrelic_plugin.yml.erb: config/newrelic_plugin.yml
ruby_version.sh.erb: bin/ruby_version.sh
console.erb: bin/console
dns_health_check.erb: bin/dns_health_check
blobstore_waiter.sh.erb: bin/blobstore_waiter.sh
buildpacks_ca_cert.pem.erb: config/certs/buildpacks_ca_cert.pem
droplets_ca_cert.pem.erb: config/certs/droplets_ca_cert.pem
packages_ca_cert.pem.erb: config/certs/packages_ca_cert.pem
resource_pool_ca_cert.pem.erb: config/certs/resource_pool_ca_cert.pem
dea_ca.crt.erb: config/certs/dea_ca.crt
dea_client.crt.erb: config/certs/dea_client.crt
dea_client.key.erb: config/certs/dea_client.key
pre-start.sh.erb: bin/pre-start
check_for_domain_overlap.rb: bin/check_for_domain_overlap.rb
packages:
- capi_utils
- cloud_controller_ng
- nginx
- nginx_newrelic_plugin
- libpq
- libmariadb
- ruby-2.2.4
properties:
ssl.skip_cert_verify:
description: "specifies that the job is allowed to skip ssl cert verification"
default: false
domain:
description: "domain where cloud_controller will listen (api.domain) often the same as the system domain"
system_domain:
description: "Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen"
system_domain_organization:
description: "The User Org that owns the system_domain, required if system_domain is defined"
default: ""
app_domains:
description: "Array of domains for user apps (example: 'user.app.space.foo', a user app called 'neat' will listen at 'http://neat.user.app.space.foo')"
app_ssh.host_key_fingerprint:
description: "Fingerprint of the host key of the SSH proxy that brokers connections to application instances"
default: ~
app_ssh.port:
description: "External port for SSH access to application instances"
default: 2222
app_ssh.oauth_client_id:
description: "The oauth client ID of the SSH proxy"
default: ssh-proxy
nats.user:
description: "Username for cc client to connect to NATS"
nats.password:
description: "Password for cc client to connect to NATS"
nats.port:
description: "IP port of Cloud Foundry NATS server"
nats.machines:
description: "IP of each NATS cluster member."
nfs_server.address:
description: "NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)"
nfs_server.share_path:
description: "The location at which to mount the nfs share"
default: "/var/vcap/nfs"
request_timeout_in_seconds:
description: "Timeout for requests in seconds."
default: 900
name:
description: "'name' attribute in the /v2/info endpoint"
default: ""
build:
description: "'build' attribute in the /v2/info endpoint"
default: ""
version:
description: "'version' attribute in the /v2/info endpoint"
default: 0
support_address:
description: "'support' attribute in the /v2/info endpoint"
default: ""
description:
description: "'description' attribute in the /v2/info endpoint"
default: ""
cc.info.custom:
description: "Custom attribute keys and values for /v2/info endpoint"
cc.external_port:
description: "External Cloud Controller port"
default: 9022
cc.internal_service_hostname:
description: "Internal hostname used to resolve the address of the Cloud Controller"
default: "cloud-controller-ng.service.cf.internal"
cc.jobs.global.timeout_in_seconds:
description: "The longest any job can take before it is cancelled unless overriden per job"
default: 14400 # 4 hours
cc.jobs.app_bits_packer.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.app_events_cleanup.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.app_usage_events_cleanup.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.blobstore_delete.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.blobstore_upload.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.droplet_deletion.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.jobs.droplet_upload.timeout_in_seconds:
description: "The longest this job can take before it is cancelled"
cc.app_events.cutoff_age_in_days:
description: "How old an app event should stay in cloud controller database before being cleaned up"
default: 31
cc.app_usage_events.cutoff_age_in_days:
description: "How old an app usage event should stay in cloud controller database before being cleaned up"
default: 31
cc.service_usage_events.cutoff_age_in_days:
description: "How old a service usage event should stay in cloud controller database before being cleaned up"
default: 31
cc.audit_events.cutoff_age_in_days:
description: "How old an audit event should stay in cloud controller database before being cleaned up"
default: 31
cc.failed_jobs.cutoff_age_in_days:
description: "How old a failed job should stay in cloud controller database before being cleaned up"
default: 31
cc.completed_tasks.cutoff_age_in_days:
description: "How long a completed task will stay in cloud controller database before being cleaned up based on last updated time with success or failure."
default: 31
cc.directories.tmpdir:
default: "/var/vcap/data/cloud_controller_ng/tmp"
description: "The directory to use for temporary files"
cc.directories.diagnostics:
default: "/var/vcap/data/cloud_controller_ng/diagnostics"
description: "The directory where operator requested diagnostic files should be placed"
cc.external_protocol:
default: "https"
description: "The protocol used to access the CC API from an external entity"
cc.external_host:
default: "api"
description: "Host part of the cloud_controller api URI, will be joined with value of 'domain'"
cc.cc_partition:
default: "default"
description: "Deprecated. Defines a 'partition' for the health_manager job"
cc.bulk_api_user:
default: "bulk_api"
description: "User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS"
cc.bulk_api_password:
description: "Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS"
cc.internal_api_user:
default: "internal_user"
description: "User name used by Diego to access internal endpoints"
cc.internal_api_password:
description: "Password used by Diego to access internal endpoints"
cc.diego.nsync_url:
default: http://nsync.service.cf.internal:8787
description: "URL of the Diego nsync service"
cc.diego.stager_url:
default: http://stager.service.cf.internal:8888
description: "URL of the Diego stager service"
cc.diego.tps_url:
default: http://tps.service.cf.internal:1518
description: "URL of the Diego tps service"
cc.min_cli_version:
description: "Minimum version of the CF CLI to work with the API."
cc.min_recommended_cli_version:
description: "Minimum recommended version of the CF CLI."
cc.uaa_resource_id:
default: "cloud_controller,cloud_controller_service_permissions"
description: "Name of service to register to UAA"
cc.db_logging_level:
default: "debug2"
description: "Log level for cc database operations"
cc.logging_level:
default: "debug2"
description: "Log level for cc"
cc.logging_max_retries:
default: 1
description: "Passthru value for Steno logger"
cc.staging_timeout_in_seconds:
default: 900
description: "Timeout for staging a droplet"
cc.default_health_check_timeout:
default: 60
description: "Default health check timeout (in seconds) that can be set for the app"
cc.maximum_health_check_timeout:
default: 180
description: "Maximum health check timeout (in seconds) that can be set for the app"
cc.stacks:
default:
- name: "cflinuxfs2"
description: "Cloud Foundry Linux-based filesystem"
description: "Tag used by the DEA to describe capabilities (i.e. 'Windows7', 'python-linux'). DEA and CC must agree."
cc.default_stack:
default: "cflinuxfs2"
description: "The default stack to use if no custom stack is specified by an app."
cc.staging_upload_user:
default: ""
description: "User name used to access internal endpoints of Cloud Controller to upload files when staging"
cc.staging_upload_password:
default: ""
description: "User's password used to access internal endpoints of Cloud Controller to upload files when staging"
cc.quota_definitions:
description: "Hash of default quota definitions to be used during Cloud Controller database seeding. After seeding, these can be updated using the API but not using the manifest."
cc.default_quota_definition:
default: default
description: "Local to use a local (NFS) file system. AWS to use AWS."
cc.resource_pool.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.resource_pool.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.resource_pool.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.resource_pool.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.resource_pool.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.resource_pool.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.resource_pool.minimum_size:
description: "Minimum size of a resource to add to the pool"
default: 65536
cc.resource_pool.maximum_size:
description: "Maximum size of a resource to add to the pool"
default: 536870912
cc.resource_pool.resource_directory_key:
description: "Directory (bucket) used store app resources. It does not have be pre-created."
default: "cc-resources"
cc.resource_pool.fog_connection:
description: "Fog connection hash"
cc.resource_pool.cdn.uri:
description: "URI for a CDN to used for resource pool downloads"
default: ""
cc.resource_pool.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.resource_pool.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.packages.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.packages.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.packages.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.packages.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.packages.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.packages.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.packages.app_package_directory_key:
description: "Directory (bucket) used store app packages. It does not have be pre-created."
default: "cc-packages"
cc.packages.max_package_size:
description: "Maximum size of application package"
default: 1073741824
cc.packages.max_valid_packages_stored:
description: "Number of recent, valid packages stored per app (not including package for current droplet)"
default: 5
cc.packages.fog_connection:
description: "Fog connection hash"
cc.packages.cdn.uri:
description: "URI for a CDN to used for app package downloads"
default: ""
cc.packages.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.packages.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.droplets.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.droplets.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.droplets.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.droplets.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.droplets.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.droplets.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.droplets.droplet_directory_key:
description: "Directory (bucket) used store droplets. It does not have be pre-created."
default: "cc-droplets"
cc.droplets.max_staged_droplets_stored:
description: "Number of recent, staged droplets stored per app (not including current droplet)"
default: 5
cc.droplets.fog_connection:
description: "Fog connection hash"
cc.droplets.cdn.uri:
description: "URI for a CDN to used for droplet downloads"
default: ""
cc.droplets.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.droplets.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
cc.buildpacks.blobstore_type:
description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
default: "fog"
cc.buildpacks.webdav_config.public_endpoint:
description: "The location of the webdav server eg: https://blobstore.com"
default: ""
cc.buildpacks.webdav_config.private_endpoint:
description: "The location of the webdav server eg: https://blobstore.internal"
default: "https://blobstore.service.cf.internal"
cc.buildpacks.webdav_config.username:
description: "The basic auth user that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.buildpacks.webdav_config.password:
description: "The basic auth password that CC uses to connect to the admin endpoint on webdav"
default: ""
cc.buildpacks.webdav_config.ca_cert:
description: "The ca cert to use when communicating with webdav"
default: ""
cc.buildpacks.buildpack_directory_key:
description: "Directory (bucket) used store buildpacks. It does not have be pre-created."
default: "cc-buildpacks"
cc.buildpacks.fog_connection:
description: "Fog connection hash"
cc.buildpacks.cdn.uri:
description: "URI for a CDN to used for buildpack downloads"
default: ""
cc.buildpacks.cdn.private_key:
description: "Private key for signing download URIs"
default: ""
cc.buildpacks.cdn.key_pair_id:
description: "Key pair name for signed download URIs"
default: ""
ccdb.databases:
description: "Contains the name of the database on the database server"
ccdb.roles:
description: "Users to create on the database when seeding"
ccdb.db_scheme:
description: "The type of database being used. mysql or postgres"
default: postgres
ccdb.address:
description: "The address of the database server"
ccdb.port:
description: "The port of the database server"
ccdb.max_connections:
default: 25
description: "Maximum connections for Sequel"
ccdb.pool_timeout:
default: 10
description: "The timeout for Sequel pooled connections"
uaa.cc.token_secret:
description: "Symmetric secret used to decode uaa tokens. Used for testing."
uaa.url:
description: "URL of the UAA server"
login.protocol:
description: "http or https"
default: "https"
login.url:
description: "URL of the login server"
hm9000.url:
description: "URL of the hm9000 server"
uaa.jwt.verification_key:
default: ""
description: "ssl cert defined in the manifest by the UAA, required by the cc to communicate with UAA"
login.enabled:
default: true
description: "whether use login as the authorization endpoint or not"
metron_endpoint.host:
description: "The host used to emit messages to the Metron agent"
default: "127.0.0.1"
metron_endpoint.port:
description: "The port used to emit messages to the Metron agent"
default: 3457
logger_endpoint.use_ssl:
description: "Whether to use ssl for logger endpoint listed at /v2/info"
default: true
logger_endpoint.port:
description: "Port for logger endpoint listed at /v2/info"
default: 443
doppler.enabled:
description: "Whether to expose the doppler_logging_endpoint listed at /v2/info"
default: true
doppler.use_ssl:
description: "Whether to use ssl for the doppler_logging_endpoint listed at /v2/info"
default: true
doppler.port:
description: "Port for doppler_logging_endpoint listed at /v2/info"
default: 443
cc.db_encryption_key:
default: ""
description: "key for encrypting sensitive values in the CC database"
cc.default_app_memory:
default: 1024
description: "How much memory given to an app if not specified"
cc.default_app_disk_in_mb:
default: 1024
description: "The default disk space an app gets"
cc.maximum_app_disk_in_mb:
default: 2048
description: "The maximum amount of disk a user can request"
cc.users_can_select_backend:
default: true
description: "Allow non-admin users to switch their apps between DEA and Diego backends"
cc.default_to_diego_backend:
default: false
description: "Use Diego backend by default for new apps"
cc.allow_app_ssh_access:
default: true
description: "Allow users to change the value of the app-level allow_ssh attribute"
cc.flapping_crash_count_threshold:
default: 3
description: "The threshold of crashes after which the app is marked as flapping"
cc.client_max_body_size:
default: "15M"
description: "Maximum body size for nginx"
cc.app_bits_max_body_size:
default: "1536M"
description: "Maximum body size for nginx bits uploads"
cc.disable_custom_buildpacks:
default: false
description: "Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)"
cc.broker_client_timeout_seconds:
default: 60
description: "For requests to service brokers, this is the HTTP (open and read) timeout setting."
cc.broker_client_default_async_poll_interval_seconds:
default: 60
description: "Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide."
cc.broker_client_max_async_poll_duration_minutes:
default: 10080
description: "The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week"
cc.development_mode:
default: false
description: "Enable development features for monitoring and insight"
cc.newrelic.license_key:
default: ~
description: "The api key for NewRelic"
cc.newrelic.environment_name:
default: "development"
description: "The environment name used by NewRelic"
cc.newrelic.developer_mode:
default: false
description: "Activate NewRelic developer mode"
cc.newrelic.monitor_mode:
default: false
description: "Activate NewRelic monitor mode"
cc.newrelic.log_file_path:
default: "/var/vcap/sys/log/cloud_controller_ng/newrelic"
description: "The location for NewRelic to log to"
cc.newrelic.capture_params:
default: false
description: "Capture and send query params to NewRelic"
cc.newrelic.transaction_tracer.enabled:
default: false
description: "Enable transaction tracing in NewRelic"
cc.newrelic.transaction_tracer.record_sql:
default: "off"
description: "NewRelic's SQL statement recording mode: [off | obfuscated | raw]"
cc.nginx_access_log_destination:
description: "The nginx access log destination. This can be used to route access logs to a file, syslog, or a memory buffer."
default: "/var/vcap/sys/log/nginx_cc/nginx.access.log"
cc.nginx_access_log_format:
description: "The nginx log format string to use when writing to the access log."
default: >
$host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"
$proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time
cc.nginx_error_log_destination:
description: "The nginx error log destination. This can be used to route error logs to a file, syslog, or a memory buffer."
default: "/var/vcap/sys/log/nginx_cc/nginx.error.log"
cc.nginx_error_log_level:
description: "The lowest severity nginx log level to capture in the error log."
default: error
cc.jobs.local.number_of_workers:
default: 2
description: "Number of local cloud_controller_worker workers"
cc.thresholds.api.alert_if_above_mb:
description: "The cc will alert if memory remains above this threshold for 3 monit cycles"
default: 3500
cc.thresholds.api.restart_if_consistently_above_mb:
description: "The cc will restart if memory remains above this threshold for 15 monit cycles"
default: 3500
cc.thresholds.api.restart_if_above_mb:
description: "The cc will restart if memory remains above this threshold for 3 monit cycles"
default: 3750
dea_next.staging_memory_limit_mb:
description: "Memory limit in mb for staging tasks"
default: 1024
dea_next.staging_disk_limit_mb:
description: "Disk limit in mb for staging tasks"
default: 6144
cc.staging_file_descriptor_limit:
description: "File descriptor limit for staging tasks"
default: 16384
dea_next.advertise_interval_in_seconds:
description: "Advertise interval for DEAs"
default: 5
cc.renderer.max_results_per_page:
description: "Maximum number of results returned per page"
default: 100
cc.renderer.default_results_per_page:
description: "Default number of results returned per page if user does not specify"
default: 50
cc.renderer.max_inline_relations_depth:
description: "Maximum depth of inlined relationships in the result"
default: 2
uaa.clients.cc_service_broker_client.secret:
description: "(DEPRECATED) - Used for generating SSO clients for service brokers."
uaa.clients.cc_service_broker_client.scope:
description: "(DEPRECATED) - Used to grant scope for SSO clients for service brokers"
default: "openid,cloud_controller_service_permissions.read"
uaa.clients.cc-service-dashboards.secret:
description: "Used for generating SSO clients for service brokers."
uaa.clients.cc-service-dashboards.scope:
description: "Used to grant scope for SSO clients for service brokers"
default: "openid,cloud_controller_service_permissions.read"
uaa.clients.cloud_controller_username_lookup.secret:
description: "Used for fetching usernames from UAA."
uaa.clients.cc_routing.secret:
description: "Used for fetching routing information from the Routing API"
cc.install_buildpacks:
description: "Set of buildpacks to install during deploy"
cc.app_bits_upload_grace_period_in_seconds:
description: "Extra token expiry time while uploading big apps."
default: 1200
cc.security_group_definitions:
description: "Array of security groups that will be seeded into CloudController."
cc.default_running_security_groups:
description: "The default running security groups that will be seeded in CloudController."
cc.default_staging_security_groups:
description: "The default staging security groups that will be seeded in CloudController."
cc.feature_disabled_message:
description: "Custom message to use for a disabled feature."
cc.allowed_cors_domains:
description: "List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain"
default: []
cc.instance_file_descriptor_limit:
description: "The file descriptors made available to each app instance"
default: 16384
cc.statsd_host:
description: "The host for the statsd server, defaults to the local metron agent"
default: "127.0.0.1"
cc.statsd_port:
description: "The port for the statsd server, defaults to the local metron agent"
default: 8125
cc.placement_top_stager_percentage:
description: "The percentage of top stagers considered when choosing a stager"
default: 10
router.route_services_secret:
description: "Support for route services is disabled when no value is configured."
default: ""
routing_api.enabled:
description: "Whether to expose the routing_endpoint listed at /v2/info. Enable this after deploying the Routing API"
default: false
cc.reserved_private_domains:
description: "File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)"
default: ~
cc.dea_use_https:
description: "enable ssl for communication with DEAs"
default: false
dea_next.ca_cert:
description: "PEM-encoded CA certificate"
dea_next.client_cert:
description: "PEM-encoded server certificate"
dea_next.client_key:
description: "PEM-encoded server key"
cc.core_file_pattern:
description: "Filename template for core dump files. Use an empty string if you don't want core files saved."
default: "/var/vcap/sys/cores/core-%e-%s-%p-%t"
cc.security_event_logging.enabled:
description: "Enable logging of all requests made to the Cloud Controller in CEF format."
default: false