route_registrar job from routing/0.227.0
Used for registering routes
Github source:
fc6eaa5
or
master branch
Properties¶
golang
¶
x509ignoreCN
¶Environment Flag to temporarily ignore golang’s strict checking for at least one SAN in a TLS certificate. See: https://github.com/cloudfoundry/routing-release/blob/develop/docs/golang1.15-remove-x509ignoreCN%3D0-flag-certificates-now-require-SANs.md for more info.
- Default
true
host
¶
(string, optional) By default, route_registrar will detect the IP of the VM and use it, in combination with port as the backend destination for each uri being registered. This property enables overriding the destination hostname or IP.
- Example
-
192.168.60.25
nats
¶
machines
¶IPs of each NATS cluster member
- Example
|+ - 192.168.50.123 - 192.168.52.123
password
¶Password for NATS authentication
- Example
natSpa55w0rd
port
¶TCP port of NATS servers
- Example
4222
tls
¶
client_cert
¶PEM-encoded certificate for the route-emitter to present to NATS for verification when connecting via TLS.
client_key
¶PEM-encoded private key for the route-emitter to present to NATS for verification when connecting via TLS.
enabled
¶Enable connecting to NATS server via TLS.
- Default
false
user
¶User name for NATS authentication
- Example
nats
route_registrar
¶
logging_level
¶Log level for route_registrar
- Default
info
routes
¶(required, array of objects): Routes that will be registered
route object name (required, string, for all routes): Human-readable reference for the route type (optional, string, for all routes): Defaults to http, can specify http, sni, or tcp. uris (required, array, for http routes): When Gorouter receives a request that matches one of these URIs, it will forward them to the IP of the host on which route_registrar runs, and either port or tls_port. sni_port (required, integer, for sni rotues): When sni type provided, this is the downstream port to route to port (required, integer, for all routes): Either
port
ortls_port
are required; if both are provided, Gorouter will prefer tls_port. Requests for associated URIs will be forwarded unencypted by the router to this port. The IP is determined automatically from the host on which route-registrar is run. tls_port (required, integer, for http routes): Eitherport
ortls_port
are required; if both are provided, Gorouter will prefer tls_port. Requests for associated URIs will be forwarded over TLS by the router to this port. The IP is determined automatically from the host on which route-registrar is run. route_service_url (optional, string, for http routes): When valid route service URL is provided, Gorouter will proxy requests received for the uris above to the specified route service URL. server_cert_domain_san (conditional, string, for http routes): Required if tls_port is present. Gorouter will validate that the TLS certificate presented by the destination host contains this as a Subject Alternative Name (SAN). registration_interval (required, string, for all routes): Interval between heartbeated route registrations (e.g. 10s). It must parse to a positive time duration i.e. “-5s” is not permitted. tags (optional, array of objects, for http routes): Arbitrary key-value pairs emitted with metrics to support filtering of metrics prepend_instance_index (optional, boolean, for http routes): When set to true the values inuris
will be prepended with the instance index. e.g. ‘some-uri.system-domain.com’ will become ‘0-some-uri.system-domain.com’ on the instance with index 0, and ‘2-some-url.system-domain.com’ on the instance with index 2. When this value is enabled, each instance will register its own, unique, set of uris. To additionally continue to register these original uris, create another route with the same uris and set ‘prepend_instance_index’ to false (or omit the key entirely). health_check (optional, object, for all routes): Script executed on frequency ofregistration_interval
. If healthcheck script exits with success, route registration heartbeat is sent. If script exits with error, the route is unregistered. router_group (required, string, for tcp routes): Name of the router group to which the TCP route should be added. external_port (required, string, for tcp routes): Port that the TCP router will listen on. server_cert_domain_name_modifier (optional, string, for sni routes): a regex replace to help with complicated hostnameshealth_check object name (required, string): Human-readable reference for the healthcheck script_path (required, string): Path to script that will be run periodically to determine service health timeout (optional, string): The healthcheck script must exit within this timeout, otherwise the script is terminated with
SIGKILL
and the route is unregistered. Value is a string (e.g. “10s”) and must parse to a positive time duration i.e. “-5s” is not permitted. Must be less than the value ofregistration_interval
. Default: Half of the value ofregistration_interval
- Example
|+ - name: my-service uris: - my-service.system-domain.com - *.my-service.system-domain.com port: 12345 registration_interval: 20s tags: component: my-service env: production health_check: name: my-service-health_check script_path: /path/to/script timeout: 5s route_service_url: https://my-oauth-proxy-route-service.example.com - name: my-tls-endpoint tls_port: 12346 server_cert_domain_san: "my-tls-endpoint.internal.com" uris: - my-service.system-domain.com - name: my-debug-endpoint uris: - my-service.system-domain.com/debug port: 12346 - name: cf-mysql-proxy-api-per-instance uris: - proxy-cf-mysql.system.domain port: 8080 prepend_instance_index: true - name: cf-mysql-proxy-api uris: - proxy-cf-mysql.system.domain port: 8081 - name: my-tcp-route type: tcp port: 6263 router_group: my-router-group external_port: 1234 registration_interval: 10s
routing_api
¶
api_url
¶(optional, string) The routing API’s URL. This is required to register any TCP routes.
- Default
https://routing-api.service.cf.internal:3001
ca_certs
¶(optional, array of strings) The certificate authority certificates for any APIs that the route registrar is communicating with over HTTPS, e.g., the OAuth server. This is required to register any TCP routes.
client_cert
¶Routing API Client Certificate
client_id
¶(optional, string) An OAuth client ID for a client that is permitted to add new TCP routes. This is required to register any TCP routes.
- Default
routing_api_client
client_private_key
¶Routing API Client Private Key
client_secret
¶(optional, string) The OAuth client secret for the above client. This is required to register any TCP routes.
oauth_url
¶(optional, string) The OAuth server’s URL. This is required to register any TCP routes.
- Default
https://uaa.service.cf.internal:8443
server_ca_cert
¶Routing API Certificate Authority
skip_ssl_validation
¶(optional, boolean) Option to skip TLS validation.
- Default
false
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/route_registrar/
directory
(learn more).
config/bpm.yml
(frombpm.yml.erb
)config/certs/ca.crt
(fromca.crt.erb
)config/nats/certs/client.crt
(fromnats_client.crt.erb
)config/nats/certs/client_private.key
(fromnats_client_private.key.erb
)config/nats/certs/server_ca.crt
(fromnats_server_ca.crt.erb
)config/registrar_settings.json
(fromregistrar_settings.json.erb
)config/routing_api/certs/client.crt
(fromclient.crt.erb
)config/routing_api/certs/server_ca.crt
(fromserver_ca.crt.erb
)config/routing_api/keys/client_private.key
(fromclient_private.key.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.