routing-api job from routing/0.232.0
              Github source:
              02a2529 or
              master branch
            
Properties¶
dns_health_check_host¶
  
    
      Host to ping for confirmation of DNS resolution
- Default
- uaa.service.cf.internal 
golang¶
  
  
    
x509ignoreCN¶Environment Flag to temporarily ignore golang’s strict checking for at least one SAN in a TLS certificate. See: https://github.com/cloudfoundry/routing-release/blob/develop/docs/golang1.15-remove-x509ignoreCN%3D0-flag-certificates-now-require-SANs.md for more info.
- Default
true
metron¶
  
  
    
port¶The port used to emit dropsonde messages to the Metron agent.
- Default
3457
release_level_backup¶
  
    
      Include routing api database in backup and restore operations
- Default
- false 
routing_api¶
  
  
    
admin_port¶Local port to listen on with admin endpoint (used for backup/restore locking)
- Default
15897
auth_disabled¶Disables UAA authentication
- Default
false
clients¶OAuth client ids and secrets provided via link to jobs in other BOSH deployments that need to read and/or write to Routing API. These clients must be configured in UAA via API or using the property uaa.clients with the desired scopes. For a list of scopes supported see https://github.com/cloudfoundry-incubator/routing-api/blob/master/docs/api_docs.md. Jobs consuming the link should use these credentials to fetch a token from UAA with which to authenticate with Routing API.
- Example
cfcr_routing_api_client: secret: ((uaa_clients_cfcr_routing_api_client_secret))
debug_address¶Address at which to serve debug info
- Default
127.0.0.1:17002
enabled_api_endpoints¶Protocols that the routing api will listen on. Possible values: ‘mtls’, or ‘both’ (mTLS + HTTP)
- Default
both
fail_on_router_port_conflicts¶This should come via a bosh link from the tcp_routing job. This property is here in case it needs to be overwritten.
lock_retry_interval¶interval to wait before retrying a failed lock acquisition
- Default
5s
lock_ttl¶TTL for service lock
- Default
10s
locket¶
api_location¶Hostname and port of the Locket server. Used to obtain a lock so only one instance of Routing API is active at a time.
ca_cert¶CA cert for the Locket server.
- Default
""
client_cert¶Client cert for the Locket server.
- Default
""
client_key¶Client key for the Locket server.
- Default
""
log_level¶Log level
- Default
info
max_ttl¶String representing the maximum TTL a client can request for route registration.
- Default
120s
metrics_reporting_interval¶String representing interval for reporting the following metrics: total_http_subscriptions, total_http_routes, total_tcp_subscriptions, total_tcp_routes, total_token_errors, key_refresh_events. Units: ms, s, m h
- Default
30s
mtls_ca¶Routing API CA cert
mtls_client_cert¶Routing API client cert (provided to clients by bosh link)
mtls_client_key¶Routing API client key (provided to clients by bosh link)
mtls_port¶Port on which Routing API is running, listening with mTLS.
- Default
3001
mtls_server_cert¶Routing API server cert
mtls_server_key¶Routing API server key
port¶Port on which Routing API is running. If this is changed and routing_api.enabled:true in cf-release, it will break management of routes and domains until routing_api.port is updated in cf-release.
- Default
3000
reserved_system_component_ports¶Array of ports that are reserved for system components. Users will not be able to create router_groups with ports that overlap with this value. Please see docs for more information about these ports.
- Default
- 2822 - 2825 - 3457 - 3458 - 3459 - 3460 - 3461 - 8853 - 9100 - 14726 - 14727 - 14821 - 14822 - 14823 - 14824 - 14829 - 14830 - 14920 - 14922 - 15821 - 17002 - 53035 - 53080
router_groups¶Array of router groups that will be seeded into routing_api database. Once some value is included with a deploy, subsequent changes to this property will be ignored. TCP Routing requires a router group of type: tcp.
- Default
[]
- Example
|+ - name: default-tcp reservable_ports: 1024-10000,12000 type: tcp
sqldb¶
ca_cert¶(optional, string) When present, force database connections via TLS.
connections_max_lifetime_seconds¶Sets the maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. If value <= 0, connections are reused forever. If there is a spike in connection usage, all of these connections have the potential to stick around with a high lifetime. Lowering the lifetime will result in connections getting reaped sooner, but the routing-api may have to renegotiate connections more often, which could add some latency. We recommend using the default unless you have seen specific needs to change it.
- Default
3600
host¶Host for SQL database
max_idle_connections¶Maximum number of idle connections to the SQL database. Idle connections will be retained until their
routing_api.sqldb.connections_max_lifetime_secondshas been reached.
- Default
10
max_open_connections¶Maximum number of open connections to the SQL database. The number of necessary connections will scale with the number of requests to the
/routing/...cf api endpoints.
- Default
200
password¶Password used for connecting to SQL database
port¶Port on which SQL database is listening
schema¶Database name for routing api
- Example
routing_api
skip_hostname_validation¶skip checking the hostname of the server cert when connecting via TLS
- Default
false
type¶Type of SQL database
- Example
mysql
username¶Username used for connecting to SQL database
statsd_client_flush_interval¶Buffered statsd client flush interval
- Default
300ms
statsd_endpoint¶The endpoint for the statsd server used to translate the following metrics from statsd to dropsonde: total_http_subscriptions, total_http_routes, total_tcp_subscriptions, total_tcp_routes, total_token_errors, key_refresh_events.
- Default
localhost:8125
system_domain¶Domain reserved for CF operator; base URL where the UAA, Cloud Controller, and other non-user apps listen
skip_ssl_validation¶
  
    
      Skip TLS verification when talking to UAA
- Default
- false 
uaa¶
  
  
    
ca_cert¶Certificate authority for communication between clients and UAA.
- Default
""
tls_port¶Port on which UAA is listening for TLS connections. This is required for obtaining a key to verify client OAuth tokens.
token_endpoint¶UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.
- Default
uaa.service.cf.internal
Templates¶
            Templates are rendered and placed onto corresponding
            instances during the deployment process. This job's templates
            will be placed into /var/vcap/jobs/routing-api/ directory
            (learn more).
          
- bin/bbr/metadata(from- bbr-metadata)
- bin/bbr/post-backup-unlock(from- post-backup-unlock.erb)
- bin/bbr/post-restore-unlock(from- post-restore-unlock.erb)
- bin/bbr/pre-backup-lock(from- pre-backup-lock.erb)
- bin/bbr/pre-restore-lock(from- pre-restore-lock.erb)
- bin/bpm-pre-start(from- bpm-pre-start.erb)
- bin/dns_health_check(from- dns_health_check.erb)
- config/bpm.yml(from- bpm.yml.erb)
- config/certs/locket/ca.crt(from- locket_ca.crt.erb)
- config/certs/locket/client.crt(from- locket_client.crt.erb)
- config/certs/locket/client.key(from- locket_client.key.erb)
- config/certs/routing-api/client_ca.crt(from- api_mtls_client_ca.crt.erb)
- config/certs/routing-api/server.crt(from- api_mtls_server.crt.erb)
- config/certs/routing-api/server.key(from- api_mtls_server.key.erb)
- config/certs/uaa/ca.crt(from- uaa_ca.crt.erb)
- config/routing-api.yml(from- routing-api.yml.erb)
Packages¶
            Packages are compiled and placed onto corresponding
            instances during the deployment process. Packages will be
            placed into /var/vcap/packages/ directory.