cloud_controller_ng job from capi/1.55.0
The Cloud Controller provides primary Cloud Foundry API that is by the CF CLI. The Cloud Controller uses a database to keep tables for organizations, spaces, apps, services, service instances, user roles, and more. Typically multiple instances of Cloud Controller are load balanced.
Github source:
a776389
or
master branch
Properties¶
app_domains
¶
Array of domains for user apps (example: ‘user.app.space.foo’, a user app called ‘neat’ will listen at ‘http://neat.user.app.space.foo')
- Example
-
|+ - name: example.com - name: tcp.example.com router_group_name: default-tcp
app_ssh
¶
host_key_fingerprint
¶Fingerprint of the host key of the SSH proxy that brokers connections to application instances. Supported fingerprint formats: SHA256 (recommended), SHA1 and MD5 Example fingerprints by format: SHA256: 0KmvfcwFCnwQRviOJEwZtnz5qoi76BVb8dm3/vgilCI SHA1: b8:80:2c:8c:d7:25:ad:2a:b4:8c:02:34:52:06:f7:ba:1f:0d:02:de MD5: d2:d6:b9:d7:f9:c4:15:70:de:af:c7:36:88:3a:60:12
oauth_client_id
¶The oauth client ID of the SSH proxy
- Default
ssh-proxy
port
¶External port for SSH access to application instances
- Default
2222
bpm
¶
enabled
¶Experimental feature flag: Enable Bosh Process Manager
- Default
false
build
¶
‘build’ attribute in the /v2/info endpoint
- Default
""
cc
¶
allow_app_ssh_access
¶Allow users to change the value of the app-level allow_ssh attribute
- Default
true
allowed_cors_domains
¶List of domains (including scheme) from which Cross-Origin requests will be accepted, a * can be used as a wildcard for any part of a domain
- Default
[]
app_bits_max_body_size
¶Maximum body size for nginx bits uploads
- Default
1536M
app_bits_upload_grace_period_in_seconds
¶Extra token expiry time while uploading big apps
- Default
1200
bits_service
¶
ca_cert
¶The ca cert to use when communicating with bits-service endpoints
- Default
""
enabled
¶Enable integration of the bits-service incubator (experimental)
- Default
false
password
¶Password for the bits-service
- Default
""
private_endpoint
¶Private url for the bits-service service
- Default
""
public_endpoint
¶Public url for the bits-service service
- Default
""
username
¶Username for the bits-service
- Default
""
broker_client_default_async_poll_interval_seconds
¶Specifies interval on which the CC will poll a service broker for asynchronous actions. If the service broker provides a value, this value is the minimum accepted value the broker can provide.
- Default
60
broker_client_max_async_poll_duration_minutes
¶The max duration the CC will fetch service instance state from a service broker (in minutes). Default is 1 week
- Default
10080
broker_client_timeout_seconds
¶For requests to service brokers, this is the HTTP (open and read) timeout setting.
- Default
60
buildpacks
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
buildpack_directory_key
¶Directory (bucket) used store buildpacks. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’
- Default
cc-buildpacks
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for buildpack downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
bulk_api_password
¶Password used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
bulk_api_user
¶User used to access the bulk_api, health_manager uses it to connect to the cc, announced over NATS
- Default
bulk_api
client_max_body_size
¶Maximum body size for nginx
- Default
15M
core_file_pattern
¶Filename template for core dump files. Use an empty string if you don’t want core files saved.
- Default
/var/vcap/sys/cores/core-%e-%s-%p-%t
credential_references
¶
interpolate_service_bindings
¶Controls whether CredHub credentials are automatically interpolated in VCAP_SERVICES
- Default
true
database_encryption
¶
current_key_label
¶current key label for encrypting values in the CC database
- Default
""
keys
¶label-key pairs for encrypting sensitive values in the CC database; labels must be < 256 characters long
- Default
{}
db_encryption_key
¶key for encrypting sensitive values in the CC database
- Default
""
db_logging_level
¶Level at which cc database operations will be logged if cc.log_db_queries is set to true.
- Default
debug2
default_app_disk_in_mb
¶The default disk space an app gets
- Default
1024
default_app_memory
¶How much memory given to an app if not specified
- Default
1024
default_app_ssh_access
¶When ssh is allowed and not explicitly set in the application, new applications will start with ssh service enabled
- Default
true
default_health_check_timeout
¶Default health check timeout (in seconds) that can be set for the app
- Default
60
default_quota_definition
¶The name of the quota definition CC will fallback on for org and space limits from the list of quota definitions.
- Default
default
default_running_security_groups
¶The default running security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
default_stack
¶The default stack name to use if no custom stack is specified by an app.
- Default
cflinuxfs2
default_staging_security_groups
¶The default staging security groups that will be seeded in CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
development_mode
¶Enable development features for monitoring and insight
- Default
false
diego
¶
bbs
¶
url
¶URL of the BBS Server
- Default
https://bbs.service.cf.internal:8889
cc_uploader_https_url
¶URL of cc uploader. Not used if BOSH link ‘cc_uploader’ is present.
- Default
https://cc-uploader.service.cf.internal:9091
cc_uploader_url
¶URL of cc uploader. Not used if BOSH link ‘cc_uploader’ is present.
- Default
http://cc-uploader.service.cf.internal:9090
docker_staging_stack
¶stack to use for staging Docker applications
- Default
cflinuxfs2
file_server_url
¶URL of file server
- Default
http://file-server.service.cf.internal:8080
insecure_docker_registry_list
¶An array of insecure Docker registries in the form of :PORT
- Default
[]
lifecycle_bundles
¶List of lifecycle bundles arguments for different stacks
- Default
buildpack/cflinuxfs2: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/cflinuxfs3: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz buildpack/windows2012R2: windows_app_lifecycle/windows_app_lifecycle.tgz buildpack/windows2016: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz docker: docker_app_lifecycle/docker_app_lifecycle.tgz
pid_limit
¶Maximum pid limit for containerized work running user-provided code
- Default
1024
temporary_oci_buildpack_mode
¶Temporary flag to enable OCI buildpack flow. Valid values: ‘oci-phase-1’
use_privileged_containers_for_running
¶Whether or not to use privileged containers for running buildpack apps and tasks.
- Default
false
use_privileged_containers_for_staging
¶Whether or not to use privileged containers for staging tasks.
- Default
false
directories
¶
diagnostics
¶The directory where operator requested diagnostic files should be placed
- Default
/var/vcap/data/cloud_controller_ng/diagnostics
tmpdir
¶The directory to use for temporary files
- Default
/var/vcap/data/cloud_controller_ng/tmp
disable_custom_buildpacks
¶Disable external (i.e. git) buildpacks? (Admin buildpacks and system buildpacks only.)
- Default
false
droplets
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for droplet downloads
- Default
""
droplet_directory_key
¶Directory (bucket) used store droplets. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’
- Default
cc-droplets
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
max_staged_droplets_stored
¶Number of recent, staged droplets stored per app (not including current droplet)
- Default
5
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
external_host
¶Host part of the cloud_controller api URI, will be joined with value of ‘domain’
- Default
api
external_port
¶External Cloud Controller port
- Default
9022
external_protocol
¶The protocol used to access the CC API from an external entity
- Default
https
info
¶
custom
¶Custom attribute keys and values for /v2/info endpoint
install_buildpacks
¶Set of buildpacks to install during deploy
- Default
[]
instance_file_descriptor_limit
¶The file descriptors made available to each app instance
- Default
16384
internal_api_password
¶Password used by Diego to access internal endpoints
internal_api_user
¶User name used by Diego to access internal endpoints
- Default
internal_user
internal_service_hostname
¶Internal hostname used to resolve the address of the Cloud Controller
- Default
cloud-controller-ng.service.cf.internal
jobs
¶
blobstore_delete
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
droplet_upload
¶
timeout_in_seconds
¶The longest this job can take before it is cancelled
global
¶
timeout_in_seconds
¶The longest any job can take before it is cancelled unless overridden per job
- Default
14400
local
¶
number_of_workers
¶Number of local cloud_controller_worker workers
- Default
2
log_db_queries
¶Log database queries. WARNING: Setting this to true with cc.db_logging_level >= cc.logging_level will log all field values, including encrypted secrets.
- Default
false
logging_level
¶Log level for cc. Valid levels are listed here: https://github.com/cloudfoundry/steno#log-levels.
- Default
info
logging_max_retries
¶Passthru value for Steno logger
- Default
1
loggregator
¶
internal_url
¶Internal url used to communicate with traffic_controller
- Default
http://loggregator-trafficcontroller.service.cf.internal:8081
maximum_app_disk_in_mb
¶The maximum amount of disk a user can request
- Default
2048
maximum_health_check_timeout
¶Maximum health check timeout (in seconds) that can be set for the app
- Default
180
min_cli_version
¶Minimum version of the CF CLI to work with the API.
min_recommended_cli_version
¶Minimum recommended version of the CF CLI.
mutual_tls
¶
ca_cert
¶PEM-encoded CA certificate for secure, mutually authenticated TLS communication
private_key
¶PEM-encoded key for secure, mutually authenticated TLS communication
public_cert
¶PEM-encoded certificate for secure, mutually authenticated TLS communication
newrelic
¶
capture_params
¶Capture and send query params to NewRelic
- Default
false
developer_mode
¶Activate NewRelic developer mode
- Default
false
environment_name
¶The environment name used by NewRelic
- Default
development
license_key
¶The api key for NewRelic
log_file_path
¶The location for NewRelic to log to
- Default
/var/vcap/sys/log/cloud_controller_ng/newrelic
monitor_mode
¶Activate NewRelic monitor mode
- Default
false
transaction_tracer
¶
enabled
¶Enable transaction tracing in NewRelic
- Default
false
record_sql
¶NewRelic’s SQL statement recording mode: [off | obfuscated | raw]
- Default
"off"
nginx
¶
ip
¶IP for nginx
- Default
""
nginx_access_log_destination
¶The nginx access log destination. This can be used to route access logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.access.log
nginx_access_log_format
¶The nginx log format string to use when writing to the access log.
- Default
|+ $host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time
nginx_error_log_destination
¶The nginx error log destination. This can be used to route error logs to a file, syslog, or a memory buffer.
- Default
/var/vcap/sys/log/nginx_cc/nginx.error.log
nginx_error_log_level
¶The lowest severity nginx log level to capture in the error log.
- Default
error
nginx_rate_limit_general
¶The rate limiting and burst value to use for ‘/’
- Example
|+ limit: 100r/s burst: 500
nginx_rate_limit_zones
¶Array of zones to do rate limiting for.
- Example
|+ - name: apps location: /v2/apps limit: 10r/s burst: 50 - name: spaces location: ~ ^/v2/spaces/(.*) limit: 10r/s burst: 100
packages
¶
app_package_directory_key
¶Directory (bucket) used store app packages. It does not have be pre-created. Should contain only alphanumeric characters, ‘-’, ‘_‘, and ‘.’
- Default
cc-packages
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for app package downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
max_package_size
¶Maximum size of application package
- Default
1.073741824e+09
max_valid_packages_stored
¶Number of recent, valid packages stored per app (not including package for current droplet)
- Default
5
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
quota_definitions
¶Hash of default quota definitions to be seeded. This property can be used to add quotas with subsequent deploys, but not to update existing ones.
- Default
default: memory_limit: 102400 non_basic_services_allowed: true total_reserved_route_ports: 100 total_routes: 1000 total_services: -1
rate_limiter
¶
enabled
¶Enable rate limiting for UAA-authenticated endpoints per user or client
- Default
false
general_limit
¶The number of requests a user or client is allowed to make for all endpoints that do not have a custom limit over the configured interval
- Default
2000
reset_interval_in_minutes
¶The interval in minutes, after which, a user’s available api requests will be reset
- Default
60
unauthenticated_limit
¶The number of requests an unauthenticated client is allowed to make over the configured interval
- Default
100
renderer
¶
default_results_per_page
¶Default number of results returned per page if user does not specify
- Default
50
max_inline_relations_depth
¶Maximum depth of inlined relationships in the result
- Default
2
max_results_per_page
¶Maximum number of results returned per page
- Default
100
reserved_private_domains
¶File location of a list of reserved private domains (for file format, see https://publicsuffix.org/)
resource_pool
¶
blobstore_type
¶The type of blobstore backing to use. Valid values: [‘fog’, ‘webdav’]
- Default
fog
cdn
¶
key_pair_id
¶Key pair name for signed download URIs
- Default
""
private_key
¶Private key for signing download URIs
- Default
""
uri
¶URI for a CDN to used for resource pool downloads
- Default
""
fog_aws_storage_options
¶Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration.
- Default
{}
fog_connection
¶Fog connection hash
maximum_size
¶Maximum size of a resource to add to the pool
- Default
5.36870912e+08
minimum_size
¶Minimum size of a resource to add to the pool
- Default
65536
resource_directory_key
¶Directory (bucket) used store app resources. It does not have be pre-created.
- Default
cc-resources
webdav_config
¶
blobstore_timeout
¶The timeout in seconds for requests to the blobstore
- Default
5
ca_cert
¶The ca cert to use when communicating with webdav
- Default
""
password
¶The basic auth password that CC uses to connect to the admin endpoint on webdav
- Default
""
private_endpoint
¶The location of the webdav server eg: https://blobstore.internal
- Default
https://blobstore.service.cf.internal:4443
public_endpoint
¶The location of the webdav server eg: https://blobstore.com
- Default
""
username
¶The basic auth user that CC uses to connect to the admin endpoint on webdav
- Default
""
run_prestart_migrations
¶Run Cloud Controller DB migrations in BOSH pre-start script. Should be changed to false for deployments where the PostgreSQL job is deployed to the same VM as Cloud Controller. Otherwise, the default of true is preferable.
- Default
true
security_event_logging
¶
enabled
¶Enable logging of all requests made to the Cloud Controller in CEF format.
- Default
false
security_group_definitions
¶Array of security groups that will be seeded into CloudController. Note: security groups are only seeded on the first deploy, after which they should be managed via the API
server_keepalive_timeout
¶Configure keep alive timeout for connections to cloud controller. This is a temporary field used for testing.
- Default
75
shared_isolation_segment_name
¶Name of the shared isolation segment created at startup. This field can be updated, but subject to the following caveat: Using the name of an existing IS will cause a deployment to fail. To recover, redeploy using the last valid Shared Isolation Segment name.
- Default
shared
stacks
¶List of hashes describing stacks intended for developers to choose from when pushing apps. A stack is a prebuilt root file system (rootfs) that supports a specific operating system. Note: removing items in this list will not remove the records in the Cloud Controller’s database.
- Default
- description: Cloud Foundry Linux-based filesystem name: cflinuxfs2
staging_file_descriptor_limit
¶File descriptor limit for staging tasks
- Default
16384
staging_timeout_in_seconds
¶Timeout for staging a droplet
- Default
900
staging_upload_password
¶User’s password used to access internal endpoints of Cloud Controller to upload files when staging
staging_upload_user
¶User name used to access internal endpoints of Cloud Controller to upload files when staging
statsd_host
¶The host for the statsd server, defaults to the local metron agent
- Default
127.0.0.1
statsd_port
¶The port for the statsd server, defaults to the local metron agent
- Default
8125
system_hostnames
¶List of hostnames for which routes cannot be created on the system domain.
- Default
- api - uaa - login - doppler - loggregator - hm9000 - credhub
temporary_create_internal_domain
¶Create the apps.internal domain so that it is reserved for use by platform service discovery
- Default
false
thresholds
¶
api
¶
alert_if_above_mb
¶The cc will alert if memory remains above this threshold for 3 monit cycles
- Default
3500
restart_if_above_mb
¶The cc will restart if memory remains above this threshold for 3 monit cycles
- Default
3750
restart_if_consistently_above_mb
¶The cc will restart if memory remains above this threshold for 15 monit cycles
- Default
3500
tls_port
¶Port for internal TLS communication
- Default
9023
uaa
¶
internal_url
¶The internal url used by UAA
- Default
uaa.service.cf.internal
uaa_resource_id
¶Name of service to register to UAA
- Default
cloud_controller,cloud_controller_service_permissions
volume_services_enabled
¶Enable binding to services that provide volume_mount information.
- Default
false
ccdb
¶
address
¶The address of the database server
ca_cert
¶The ca cert to use when communicating with the database over SSL
connection_validation_timeout
¶The period in seconds after which idle connections are validated, passed directly to the Sequel gem - see http://sequel.jeremyevans.net/rdoc-plugins/files/lib/sequel/extensions/connection_validator_rb.html for details. Note that setting this to -1 results in an additional query whenever connections are checked out from the pool, which can have performance implications
- Default
3600
databases
¶Contains the name of the database on the database server
db_scheme
¶The type of database being used. mysql or postgres
- Default
postgres
max_connections
¶Maximum connections for Sequel
- Default
25
pool_timeout
¶The timeout for Sequel pooled connections
- Default
10
port
¶The port of the database server
read_timeout
¶The read timeout in seconds for query responses, passed directly to the Sequel gem - see https://github.com/jeremyevans/sequel/blob/master/doc/opening_databases.rdoc for details
- Default
3600
roles
¶Users to create on the database when seeding
ssl_verify_hostname
¶Verify that the database SSL certificate matches the host to which the connection is attempted
- Default
true
copilot
¶
client_ca_file
¶PEM-encoded CA cert used to sign CF Copilot’s server cert
client_chain_file
¶PEM-encoded Client cert chain for communication with CF Copilot
client_key_file
¶PEM-encoded Client key for communication with CF Copilot
enabled
¶Enable communication with CF Copilot. Must be enabled when using Envoy for ingress routing.
- Default
false
host
¶The FQDN to reach CF Copilot
- Default
copilot.service.cf.internal
credhub_api
¶
ca_cert
¶The certificate authority being used by CredHub
external_url
¶The external address of CredHub to expose at the ‘/’ endpoint
hostname
¶Hostname used to resolve the address of CredHub
- Default
credhub.service.cf.internal
dea_next
¶
advertise_interval_in_seconds
¶Advertise interval for DEAs
- Default
5
staging_disk_limit_mb
¶Disk limit in mb for staging tasks
- Default
4096
staging_memory_limit_mb
¶Memory limit in mb for staging tasks
- Default
1024
description
¶
‘description’ attribute in the /v2/info endpoint
- Default
""
doppler
¶
port
¶Port for doppler_logging_endpoint listed at /v2/info
- Default
443
use_ssl
¶Whether to use ssl for the doppler_logging_endpoint listed at /v2/info
- Default
true
login
¶
enabled
¶whether use login as the authorization endpoint or not
- Default
true
protocol
¶http or https
- Default
https
url
¶URL of the login server
metron_endpoint
¶
host
¶The host used to emit messages to the Metron agent
- Default
127.0.0.1
port
¶The port used to emit messages to the Metron agent
- Default
3457
name
¶
‘name’ attribute in the /v2/info endpoint
- Default
""
nfs_server
¶
address
¶NFS server for droplets and apps (not used in an AWS deploy, use s3 instead)
share_path
¶The location at which to mount the nfs share
- Default
/var/vcap/nfs
perm
¶
ca_certs
¶An array of certificate authorities being used by Perm. Allows multiple in case of rotation.
- Default
[]
enabled
¶Enable CF Permissions external service. Requires perm link to take effect
- Default
false
hostname
¶Hostname used to resolve the address of Perm
- Default
perm.service.cf.internal
query_enabled
¶Enable querying of the CF Permissions external service.
- Default
false
timeout_in_milliseconds
¶Timeout for Perm requests in milliseconds.
- Default
100
release_level_backup
¶
Include cloud_controller jobs in backup and restore operations
- Default
true
request_timeout_in_seconds
¶
Timeout for requests in seconds.
- Default
900
router
¶
route_services_secret
¶Support for route services is disabled when no value is configured.
- Default
""
routing_api
¶
enabled
¶Whether to expose the routing_endpoint listed at /v2/info and /. Enable this after deploying the Routing API
- Default
false
ssl
¶
skip_cert_verify
¶specifies that the job is allowed to skip ssl cert verification
- Default
false
support_address
¶
‘support’ attribute in the /v2/info endpoint
- Default
""
system_domain
¶
Domain reserved for CF operator, base URL where the login, uaa, and other non-user apps listen
system_domain_organization
¶
An organization that will be created as part of the seeding process. When the system_domain is not shared with (in the list of) app_domains, this is required as the system_domain will be created as a PrivateDomain in this organization.
- Default
system
uaa
¶
ca_cert
¶The certificate authority being used by UAA
cc
¶
token_secret
¶Symmetric secret used to decode uaa tokens. Used for testing.
clients
¶
cc-service-dashboards
¶
scope
¶Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶Used for generating SSO clients for service brokers.
cc_routing
¶
secret
¶Used for fetching routing information from the Routing API
cc_service_broker_client
¶
scope
¶(DEPRECATED) - Used to grant scope for SSO clients for service brokers
- Default
openid,cloud_controller_service_permissions.read
secret
¶(DEPRECATED) - Used for generating SSO clients for service brokers
cc_service_key_client
¶
secret
¶Used for fetching service key values from CredHub
cloud_controller_username_lookup
¶
secret
¶Used for fetching usernames from UAA
port
¶The port used by UAA for non-ssl connections
ssl
¶
port
¶The port used by UAA for ssl connections
- Default
8443
url
¶URL of the UAA server
version
¶
‘version’ attribute in the /v2/info endpoint
- Default
0
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/cloud_controller_ng/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/post-restore-unlock
(frompost-restore-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/bbr/pre-restore-lock
(frompre-restore-lock.sh.erb
)bin/blobstore_waiter.sh
(fromblobstore_waiter.sh.erb
)bin/cc-drain
(fromcc-drain.rb
)bin/cloud_controller_ng
(frombin/cloud_controller_ng.erb
)bin/cloud_controller_ng_ctl
(fromcloud_controller_api_ctl.erb
)bin/cloud_controller_ng_health_check
(fromcloud_controller_api_health_check.erb
)bin/cloud_controller_worker_ctl
(fromcloud_controller_api_worker_ctl.erb
)bin/console
(fromconsole.erb
)bin/dns_health_check
(fromdns_health_check.erb
)bin/drain
(fromdrain.sh.erb
)bin/local_worker
(frombin/local_worker.erb
)bin/migrate_db
(frommigrate_db.sh.erb
)bin/nginx_ctl
(fromnginx_ctl.erb
)bin/nginx_newrelic_plugin
(frombin/nginx_newrelic_plugin.erb
)bin/nginx_newrelic_plugin_ctl
(fromnginx_newrelic_plugin_ctl.erb
)bin/post-start
(frompost-start.sh.erb
)bin/pre-start
(frompre-start.sh.erb
)bin/restart_drain
(fromrestart_drain.rb
)bin/ruby_version.sh
(fromruby_version.sh.erb
)bin/seed_db
(fromseed_db.sh.erb
)bin/setup_local_blobstore.sh
(fromsetup_local_blobstore.sh.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/bits_service_ca.crt
(frombits_service_ca.crt.erb
)config/certs/buildpacks_ca_cert.pem
(frombuildpacks_ca_cert.pem.erb
)config/certs/copilot.crt
(fromcopilot.crt.erb
)config/certs/copilot.key
(fromcopilot.key.erb
)config/certs/copilot_ca.crt
(fromcopilot_ca.crt.erb
)config/certs/credhub_ca.crt
(fromcredhub_ca.crt.erb
)config/certs/db_ca.crt
(fromdb_ca.crt.erb
)config/certs/droplets_ca_cert.pem
(fromdroplets_ca_cert.pem.erb
)config/certs/mutual_tls.crt
(frommutual_tls.crt.erb
)config/certs/mutual_tls.key
(frommutual_tls.key.erb
)config/certs/mutual_tls_ca.crt
(frommutual_tls_ca.crt.erb
)config/certs/packages_ca_cert.pem
(frompackages_ca_cert.pem.erb
)config/certs/perm_ca.crt
(fromperm_ca.crt.erb
)config/certs/resource_pool_ca_cert.pem
(fromresource_pool_ca_cert.pem.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/cloud_controller_ng.yml
(fromcloud_controller_ng.yml.erb
)config/local_blobstore_downloads.conf
(fromlocal_blobstore_downloads.conf.erb
)config/mime.types
(frommime.types
)config/newrelic.yml
(fromnewrelic.yml.erb
)config/newrelic_plugin.yml
(fromnewrelic_plugin.yml.erb
)config/nginx.conf
(fromnginx.conf.erb
)config/public_upload.conf
(frompublic_upload.conf.erb
)config/stacks.yml
(fromstacks.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.