tcp_router job from routing/0.320.0
Github source:
90a6e106
or
master branch
Properties¶
dns_health_check_host
¶
Host to ping for confirmation of DNS resolution
- Default
uaa.service.cf.internal
metron
¶
port
¶The port used to emit dropsonde messages to the Metron agent.
- Default
3457
reserved_system_component_ports
¶
This should come via a bosh link from the routing_api job. This property is here in case it needs to be overwritten.
routing_api
¶
auth_disabled
¶Disables UAA authentication
- Default
false
ca_cert
¶Routing API Certificate Authority
client_cert
¶Routing API Client Certificate
client_private_key
¶Routing API Client Private Key
port
¶Port of routing api
uri
¶URL where the routing API can be reached internally
- Default
https://routing-api.service.cf.internal
skip_ssl_validation
¶
Skip TLS verification when talking to UAA
- Default
false
tcp_router
¶
backend_tls
¶
ca_cert
¶TCP Router’s TLS CA used with route backends
client_cert
¶TCP Router’s TLS client cert used for mTLS with route backends
client_key
¶TCP Router’s TLS client private key used for mTLS with route backends
enabled
¶Turns on support for TLS for TCP Router. Requires tcp_router.backend_tls.ca_cert to be set. For mTLS also set tcp_router.backend_tls.client_cert and tcp_router.backend_tls.client_key.
- Default
false
debug_address
¶Address at which to serve debug info
- Default
127.0.0.1:17002
drain_wait
¶Delay in seconds after shut down is initiated before haproxy stops listening. During this time haproxy will reject requests to the /health endpoint. This accommodates requests forwarded by a load balancer until it considers the tcp_router unhealthy.
- Default
20
enable_nontls_health_checks
¶Toggles on/off whether or not to listen for load balancer health check requests on the non-tls
tcp_router.health_check_port
port
- Default
true
fail_on_router_port_conflicts
¶Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups.
- Default
"false"
health_check_port
¶Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port
- Default
80
isolation_segments
¶Routes with these isolation segments will be registered. Used in combination with routing_table_sharding_mode.
- Default
[]
load_balancer_healthy_threshold
¶Time period in seconds to wait until declaring the tcp_router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.”
- Default
20
log_level
¶Log level
- Default
info
oauth_secret
¶OAuth client secret used to obtain token for Routing API from UAA.
request_timeout_in_seconds
¶Server and client timeouts in seconds
- Default
300
tcp_stats_collection_interval
¶String representing interval for collecting statistic metrics from tcp proxy. Units: ms, s, m h
- Default
1m
tls_health_check_cert
¶TLS certificate to use on the TCP Router’s TLS health check port
tls_health_check_key
¶TLS private key to use on the TCP Router’s TLS health check port
tls_health_check_port
¶Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port
- Default
443
uaa
¶
ca_cert
¶Certificate authority for communication between clients and uaa.
- Default
""
tls_port
¶Port on which UAA is listening for TLS connections. This is required for obtaining an OAuth token for Routing API.
token_endpoint
¶UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.
- Default
uaa.service.cf.internal
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/tcp_router/
directory
(learn more).
bin/bpm-pre-start
(frombpm-pre-start.erb
)bin/drain
(fromdrain.erb
)bin/haproxy_reloader
(fromhaproxy_reloader
)bin/post-start
(frompost-start.erb
)bin/tcp_router_ctl
(fromtcp_router_ctl.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/health.pem
(fromtcp_router_health_check_certificate.pem.erb
)config/certs/routing-api/ca_cert.crt
(fromrouting_api_ca_certificate.crt.erb
)config/certs/routing-api/client.crt
(fromrouting_api_client_certificate.crt.erb
)config/certs/tcp-router/backend/ca.crt
(fromtcp_router_backend_ca.crt.erb
)config/certs/uaa/ca.crt
(fromuaa_ca.crt.erb
)config/haproxy.conf
(fromhaproxy.conf.erb
)config/haproxy.conf.template
(fromhaproxy.conf.template.erb
)config/keys/routing-api/client.key
(fromrouting_api_client_private.key.erb
)config/keys/tcp-router/backend/client_cert_and_key.pem
(fromtcp_router_backend_client_cert_and_key.pem.erb
)config/tcp_router.yml
(fromtcp_router.yml.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.