Skip to content

routing-api job from routing/0.232.0

Github source: 02a2529 or master branch

Properties

dns_health_check_host

Host to ping for confirmation of DNS resolution

Default
uaa.service.cf.internal

golang

x509ignoreCN

Environment Flag to temporarily ignore golang’s strict checking for at least one SAN in a TLS certificate. See: https://github.com/cloudfoundry/routing-release/blob/develop/docs/golang1.15-remove-x509ignoreCN%3D0-flag-certificates-now-require-SANs.md for more info.

Default
true

metron

port

The port used to emit dropsonde messages to the Metron agent.

Default
3457

release_level_backup

Include routing api database in backup and restore operations

Default
false

routing_api

admin_port

Local port to listen on with admin endpoint (used for backup/restore locking)

Default
15897

auth_disabled

Disables UAA authentication

Default
false

clients

OAuth client ids and secrets provided via link to jobs in other BOSH deployments that need to read and/or write to Routing API. These clients must be configured in UAA via API or using the property uaa.clients with the desired scopes. For a list of scopes supported see https://github.com/cloudfoundry-incubator/routing-api/blob/master/docs/api_docs.md. Jobs consuming the link should use these credentials to fetch a token from UAA with which to authenticate with Routing API.

Example
cfcr_routing_api_client:
  secret: ((uaa_clients_cfcr_routing_api_client_secret))

debug_address

Address at which to serve debug info

Default
127.0.0.1:17002

enabled_api_endpoints

Protocols that the routing api will listen on. Possible values: ‘mtls’, or ‘both’ (mTLS + HTTP)

Default
both

fail_on_router_port_conflicts

This should come via a bosh link from the tcp_routing job. This property is here in case it needs to be overwritten.

lock_retry_interval

interval to wait before retrying a failed lock acquisition

Default
5s

lock_ttl

TTL for service lock

Default
10s

locket

api_location

Hostname and port of the Locket server. Used to obtain a lock so only one instance of Routing API is active at a time.

ca_cert

CA cert for the Locket server.

Default
""
client_cert

Client cert for the Locket server.

Default
""
client_key

Client key for the Locket server.

Default
""

log_level

Log level

Default
info

max_ttl

String representing the maximum TTL a client can request for route registration.

Default
120s

metrics_reporting_interval

String representing interval for reporting the following metrics: total_http_subscriptions, total_http_routes, total_tcp_subscriptions, total_tcp_routes, total_token_errors, key_refresh_events. Units: ms, s, m h

Default
30s

mtls_ca

Routing API CA cert

mtls_client_cert

Routing API client cert (provided to clients by bosh link)

mtls_client_key

Routing API client key (provided to clients by bosh link)

mtls_port

Port on which Routing API is running, listening with mTLS.

Default
3001

mtls_server_cert

Routing API server cert

mtls_server_key

Routing API server key

port

Port on which Routing API is running. If this is changed and routing_api.enabled:true in cf-release, it will break management of routes and domains until routing_api.port is updated in cf-release.

Default
3000

reserved_system_component_ports

Array of ports that are reserved for system components. Users will not be able to create router_groups with ports that overlap with this value. Please see docs for more information about these ports.

Default
  - 2822
  - 2825
  - 3457
  - 3458
  - 3459
  - 3460
  - 3461
  - 8853
  - 9100
  - 14726
  - 14727
  - 14821
  - 14822
  - 14823
  - 14824
  - 14829
  - 14830
  - 14920
  - 14922
  - 15821
  - 17002
  - 53035
  - 53080

router_groups

Array of router groups that will be seeded into routing_api database. Once some value is included with a deploy, subsequent changes to this property will be ignored. TCP Routing requires a router group of type: tcp.

Default
[]
Example
|+
  - name: default-tcp
    reservable_ports: 1024-10000,12000
    type: tcp

sqldb

ca_cert

(optional, string) When present, force database connections via TLS.

connections_max_lifetime_seconds

Sets the maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. If value <= 0, connections are reused forever. If there is a spike in connection usage, all of these connections have the potential to stick around with a high lifetime. Lowering the lifetime will result in connections getting reaped sooner, but the routing-api may have to renegotiate connections more often, which could add some latency. We recommend using the default unless you have seen specific needs to change it.

Default
3600
host

Host for SQL database

max_idle_connections

Maximum number of idle connections to the SQL database. Idle connections will be retained until their routing_api.sqldb.connections_max_lifetime_seconds has been reached.

Default
10
max_open_connections

Maximum number of open connections to the SQL database. The number of necessary connections will scale with the number of requests to the /routing/... cf api endpoints.

Default
200
password

Password used for connecting to SQL database

port

Port on which SQL database is listening

schema

Database name for routing api

Example
routing_api
skip_hostname_validation

skip checking the hostname of the server cert when connecting via TLS

Default
false
type

Type of SQL database

Example
mysql
username

Username used for connecting to SQL database

statsd_client_flush_interval

Buffered statsd client flush interval

Default
300ms

statsd_endpoint

The endpoint for the statsd server used to translate the following metrics from statsd to dropsonde: total_http_subscriptions, total_http_routes, total_tcp_subscriptions, total_tcp_routes, total_token_errors, key_refresh_events.

Default
localhost:8125

system_domain

Domain reserved for CF operator; base URL where the UAA, Cloud Controller, and other non-user apps listen

skip_ssl_validation

Skip TLS verification when talking to UAA

Default
false

uaa

ca_cert

Certificate authority for communication between clients and UAA.

Default
""

tls_port

Port on which UAA is listening for TLS connections. This is required for obtaining a key to verify client OAuth tokens.

token_endpoint

UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.

Default
uaa.service.cf.internal

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/routing-api/ directory (learn more).

  • bin/bbr/metadata (from bbr-metadata)
  • bin/bbr/post-backup-unlock (from post-backup-unlock.erb)
  • bin/bbr/post-restore-unlock (from post-restore-unlock.erb)
  • bin/bbr/pre-backup-lock (from pre-backup-lock.erb)
  • bin/bbr/pre-restore-lock (from pre-restore-lock.erb)
  • bin/bpm-pre-start (from bpm-pre-start.erb)
  • bin/dns_health_check (from dns_health_check.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/locket/ca.crt (from locket_ca.crt.erb)
  • config/certs/locket/client.crt (from locket_client.crt.erb)
  • config/certs/locket/client.key (from locket_client.key.erb)
  • config/certs/routing-api/client_ca.crt (from api_mtls_client_ca.crt.erb)
  • config/certs/routing-api/server.crt (from api_mtls_server.crt.erb)
  • config/certs/routing-api/server.key (from api_mtls_server.key.erb)
  • config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
  • config/routing-api.yml (from routing-api.yml.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.