tcp_router job from routing/0.332.0

Github source: c4802b38 or master branch

Properties¶

dns_health_check_host¶

Host to ping for confirmation of DNS resolution

Default

uaa.service.cf.internal

metron¶

port¶

The port used to emit dropsonde messages to the Metron agent.

Default

3457

reserved_system_component_ports¶

This should come via a bosh link from the routing_api job. This property is here in case it needs to be overwritten.

routing_api¶

auth_disabled¶

Disables UAA authentication

Default

false

ca_cert¶

Routing API Certificate Authority

client_cert¶

Routing API Client Certificate

client_private_key¶

Routing API Client Private Key

port¶

Port of routing api

uri¶

URL where the routing API can be reached internally

Default

https://routing-api.service.cf.internal

skip_ssl_validation¶

Skip TLS verification when talking to UAA

Default

false

tcp_router¶

backend_tls¶

ca_cert¶

TCP Router’s TLS CA used with route backends

client_cert¶

TCP Router’s TLS client cert used for mTLS with route backends

client_key¶

TCP Router’s TLS client private key used for mTLS with route backends

enabled¶

Turns on support for TLS for TCP Router. Requires tcp_router.backend_tls.ca_cert to be set. For mTLS also set tcp_router.backend_tls.client_cert and tcp_router.backend_tls.client_key.

Default

false

debug_address¶

Address at which to serve debug info

Default

127.0.0.1:17002

drain_wait¶

Delay in seconds after shut down is initiated before haproxy stops listening. During this time haproxy will reject requests to the /health endpoint. This accommodates requests forwarded by a load balancer until it considers the tcp_router unhealthy.

Default

20

enable_nontls_health_checks¶

Toggles on/off whether or not to listen for load balancer health check requests on the non-tls tcp_router.health_check_port port

Default

true

fail_on_router_port_conflicts¶

Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups.

Default

"false"

health_check_port¶

Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port

Default

80

isolation_segments¶

Routes with these isolation segments will be registered. Used in combination with routing_table_sharding_mode.

Default

[]

load_balancer_healthy_threshold¶

Time period in seconds to wait until declaring the tcp_router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.”

Default

20

log_level¶

Log level

Default

info

oauth_secret¶

OAuth client secret used to obtain token for Routing API from UAA.

request_timeout_in_seconds¶

Server and client timeouts in seconds

Default

300

tcp_stats_collection_interval¶

String representing interval for collecting statistic metrics from tcp proxy. Units: ms, s, m h

Default

1m

tls_health_check_cert¶

TLS certificate to use on the TCP Router’s TLS health check port

tls_health_check_key¶

TLS private key to use on the TCP Router’s TLS health check port

tls_health_check_port¶

Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port

Default

443

uaa¶

ca_cert¶

Certificate authority for communication between clients and uaa.

Default

""

tls_port¶

Port on which UAA is listening for TLS connections. This is required for obtaining an OAuth token for Routing API.

token_endpoint¶

UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.

Default

uaa.service.cf.internal

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/tcp_router/ directory (learn more).

• bin/bpm-pre-start (from bpm-pre-start.erb)
• bin/drain (from drain.erb)
• bin/haproxy_reloader (from haproxy_reloader)
• bin/post-start (from post-start.erb)
• bin/tcp_router_ctl (from tcp_router_ctl.erb)
• config/bpm.yml (from bpm.yml.erb)
• config/certs/health.pem (from tcp_router_health_check_certificate.pem.erb)
• config/certs/routing-api/ca_cert.crt (from routing_api_ca_certificate.crt.erb)
• config/certs/routing-api/client.crt (from routing_api_client_certificate.crt.erb)
• config/certs/tcp-router/backend/ca.crt (from tcp_router_backend_ca.crt.erb)
• config/certs/uaa/ca.crt (from uaa_ca.crt.erb)
• config/haproxy.conf (from haproxy.conf.erb)
• config/haproxy.conf.template (from haproxy.conf.template.erb)
• config/keys/routing-api/client.key (from routing_api_client_private.key.erb)
• config/keys/tcp-router/backend/client_cert_and_key.pem (from tcp_router_backend_client_cert_and_key.pem.erb)
• config/tcp_router.yml (from tcp_router.yml.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• haproxy
• routing_utils
• tcp_router