rep_windows job from diego/2.89.0
Github source:
901665d80 or
master branch
Properties¶
cell_registrations¶
locket¶
enabled¶Enable the cell rep to register itself as a service with Locket.
- Default
containers¶
graceful_shutdown_interval_in_seconds¶time in seconds between signalling a container to shutdown gracefully and stopping it forcefully. Should not be less than 10.
- Default
layering_mode¶Configures downloaded container asset management mode. Valid values are ‘single-layer’ and ‘two-layer’. Setting this property to ‘two-layer’ enables the conversion of some downloaded Task and LRP assets to container image layers.
- Default
proxy¶
additional_memory_allocation_mb¶EXPERIMENTAL: Additional memory allocated to each container for the envoy proxy. This must not be negative. Currently doesn’t work on windows cells but left here for compatability with the linux Rep
- Default
ads_addresses¶EXPERIMENTAL: When set, the envoy proxy consumes dynamic config from the specified Aggregated Discovery Service servers (specified as a list of host:port). This config is in addition to the static configuration that supports TLS termination / route-integrity.
- Default
- Example
configuration_reload_duration¶Duration of time in seconds that the rep grants the container Envoy proxy to reload its listener configuration when shutting down a container gracefully so that TLS-verifying clients will stop making connections. After this time duration, the rep will shut down other processes in the container.
- Default
enable_http2¶EXPERIMENTAL: Whether envoy proxy advertises HTTP/2 support via ALPN. Currently doesn’t work on windows cells but left here for compatability with the linux Rep
- Default
enable_unproxied_port_mappings¶EXPERIMENTAL: whether the cell should still map host ports directly to the unproxied container ports. Setting to false requires containers.proxy.enabled to be set to true.
- Default
enabled¶EXPERIMENTAL: Enable envoy proxy on garden containers. Currently doesn’t work on windows cells but left here for compatability with the linux Rep
- Default
require_and_verify_client_certificates¶whether the per-container proxy should require and verify a TLS certificate from a client connecting to one of its ingress listeners. Proxy will trust the set of CA certificates supplied in the containers.proxy.trusted_ca_certificates property. Requires containers.proxy.enabled to be set to true to enable.
- Default
trusted_ca_certificates¶List of CA certificate bundles against which the per-container proxy will verify certificates for clients connecting to its ingress listeners, if containers.proxy.require_and_verify_client_certificates is enabled.
- Default
- Example
verify_subject_alt_name¶If specified when containers.proxy.require_and_verify_client_certificates is enabled, the per-container proxy will also verify that the Subject Alternative Name of the presented certificate matches one of the specified values.
- Default
- Example
set_cpu_weight¶EXPERIMENTAL: Set CPU weight on each Garden container to be proportional to its memory limit.
- Default
trusted_ca_certificates¶List of PEM-encoded CA certificates to make available inside containers in a conventional location. List entries may be individual or concatenated CAs.
- Example
declarative_healthcheck_path¶
The directory containing the declarative healthcheck binary
- Default
/var/vcap/packages/healthcheck_windows/external
diego¶
executor¶
auto_disk_capacity_overhead_mb¶the amount of overhead that should be subtracted from the container disk capacity, this only applies when disk_capacity_mb is set to auto
- Default
container_inode_limit¶the inode limit enforced on each garden container.
- Default
container_max_cpu_shares¶the maximum number of cpu shares for a container.
- Default
container_metrics_report_interval¶the frequency for emitting container metrics
- Default
create_work_pool_size¶Maximum number of concurrent create container operations.
- Default
delete_work_pool_size¶Maximum number of concurrent delete container operations.
- Default
disk_capacity_mb¶the container disk capacity the executor should manage. this should not be greater than the actual disk quota on the VM
- Default
garden¶
address¶Garden server listening address.
- Default
network¶Network type for the garden server connection (tcp or unix).
- Default
garden_healthcheck¶
command_retry_pause¶Time to wait between retrying garden commands
- Default
interval¶Frequency for healtchecking garden
- Default
process¶args¶List of command line args to pass to the garden health check process
- Default
dir¶Directory to run the healthcheck process from
env¶Environment variables to use when running the garden health check
- Default
path¶Path of the command to run to perform a container healthcheck
- Default
user¶User to use while performing a container healthcheck
- Default
timeout¶Maximum allowed time for garden healthcheck
- Default
healthcheck_work_pool_size¶Maximum number of concurrent health check operations.
- Default
healthy_monitoring_interval_in_seconds¶Interval to check healthy containers in seconds.
- Default
instance_identity_ca_cert¶PEM-encoded CA used to sign instance identity credentials. Enables instance identity if set along with instance_identity_key
instance_identity_key¶PEM-encoded key used to sign instance identity credentials. Enables instance identity if set along with instance_identity_ca_cert
instance_identity_validity_period_in_hours¶Validity period for the generated instance identity certificate
- Default
max_cache_size_in_bytes¶maximum size of the cache in bytes - this should leave a healthy overhead for temporary items, etc.
- Default
max_concurrent_downloads¶the max concurrent download steps that can be active
- Default
max_log_lines_per_second¶EXPERIMENTAL: Maximum log lines allowed per second per app instance. Default value of 0 will disable rate limiting. Minimum recommended value is 100.
- Default
memory_capacity_mb¶the memory capacity the executor should manage. this should not be greater than the actual memory on the VM
- Default
metrics_work_pool_size¶Maximum number of concurrent get container metrics operations.
- Default
post_setup_hook¶Experimental: arbitrary command to run after setup action
post_setup_user¶Experimental: user to run post setup hook command
read_work_pool_size¶Maximum number of concurrent get container info operations.
- Default
unhealthy_monitoring_interval_in_seconds¶Interval to check unhealthy containers in seconds.
- Default
use_schedulable_disk_size¶Use total space available to containers reported by Garden. If false the total size of image plugin store minus max_cache_size_in_bytes is used.
- Default
rep¶
advertise_domain¶base domain at which the rep should advertise its secure API
- Default
advertise_preference_for_instance_address¶advertise that containers managed by this rep are directly accessible on the infrastructure network at their instance address. Components like ssh-proxy or routers may use this property when determining how to connect to a container. Set this flag only when using a third-party container-networking solution that provides direct connectivity between containers and VMs
- Default
bbs¶
api_location¶Address of the BBS server
- Default
client_session_cache_size¶capacity of the tls client cache
max_idle_conns_per_host¶maximum number of idle http connections
request_timeout¶Request timeout to the BBS server
- Default
debug_addr¶address at which to serve debug info
- Default
evacuation_polling_interval_in_seconds¶The interval to look for completed tasks and LRPs during evacuation in seconds
- Default
evacuation_timeout_in_seconds¶The time to wait for evacuation to complete in seconds
- Default
job_name¶The name of the Diego job referenced by this spec (DO NOT override)
- Default
listen_addr_admin¶serve (insecure) ping and evacuate requests on this address and port
- Default
listen_addr_securable¶address where rep listens for LRP and task start auction requests
- Default
locket¶
api_location¶Hostname and port of the locket server
- Default
client_keepalive_time¶Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to.
- Default
client_keepalive_timeout¶Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server.
- Default
log_level¶Log level
- Default
open_bindmounts_acl¶Add more permissive ACLs to directories that are bind mounted into containers. Required for Windows 2016 cells
- Default
optional_placement_tags¶Array of optional tags used for scheduling Tasks and LRPs
- Default
placement_tags¶Array of tags used for scheduling Tasks and LRPs
- Default
polling_interval_in_seconds¶The interval to look for completed tasks and LRPs in seconds
- Default
preloaded_rootfses¶Array of name:absolute_path pairs representing root filesystems preloaded onto the underlying garden
- Default
rootfs_providers¶Array of schemes for which the underlying garden can support arbitrary root filesystems
- Default
use_azure_fault_domains¶Use Azure Fault-Domains to determine the value of the zone. The value of the zone will be z. e.g. z0, z1, etc.
- Default
zone¶The zone associated with the rep. This will override the BOSH-provided spec.az property if present.
ssl¶
skip_cert_verify¶when connecting over https, ignore bad ssl certificates
- Default
enable_declarative_healthcheck¶
When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action.
- Default
false
logging¶
format¶
timestamp¶Format for timestamp in component logs. Valid values are ‘unix-epoch’ and ‘rfc3339’.
- Default
max_data_string_length¶Length in bytes above which logged strings will be truncated. If set to 0, turns off truncation.
- Default
loggregator¶
ca_cert¶CA Cert used to communicate with local metron agent over gRPC
cert¶Cert used to communicate with local metron agent over gRPC
key¶Key used to communicate with local metron agent over gRPC
use_v2_api¶True to use local metron agent gRPC v2 API. False to use UDP v1 API.
- Default
v2_api_port¶Local metron agent gRPC port
- Default
syslog_daemon_config¶
address¶Syslog host
- Default
port¶Syslog port
- Default
transport¶Syslog transport protocol (tcp or udp)
- Default
tls¶
ca_cert¶REQUIRED: PEM-encoded tls client CA certificate for asset upload/download
cert¶REQUIRED: PEM-encoded tls certificate that can be used for client and server authentication
key¶REQUIRED: PEM-encoded tls client key
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/rep_windows/ directory
(learn more).
bin/drain.ps1(fromdrain.ps1.erb)bin/post-start.ps1(frompost-start.ps1.erb)bin/pre-start.ps1(frompre-start.ps1.erb)bin/start.ps1(fromstart.ps1.erb)config/certs/loggregator/ca.crt(fromloggregator_ca.crt.erb)config/certs/loggregator/client.crt(fromloggregator_client.crt.erb)config/certs/loggregator/client.key(fromloggregator_client.key.erb)config/certs/rep/instance_identity.crt(frominstance_identity.crt.erb)config/certs/rep/instance_identity.key(frominstance_identity.key.erb)config/certs/rep/trusted_ca_certificates.json(fromtrusted_ca_certificates.json.erb)config/certs/tls.crt(fromtls.crt.erb)config/certs/tls.key(fromtls.key.erb)config/certs/tls_ca.crt(fromtls_ca.crt.erb)config/indicators.yml(fromindicators.yml.erb)config/rep.json(fromrep.json.erb)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.