tcp_router job from routing/0.344.0
              Github source:
              ec8f3c0cc or
              master branch
            
Properties¶
dns_health_check_host¶
  
    
      Host to ping for confirmation of DNS resolution
- Default
- uaa.service.cf.internal 
metron¶
  
  
    
port¶The port used to emit dropsonde messages to the Metron agent.
- Default
3457
reserved_system_component_ports¶
  
    
      This should come via a bosh link from the routing_api job. This property is here in case it needs to be overwritten.
routing_api¶
  
  
    
auth_disabled¶Disables UAA authentication
- Default
false
ca_cert¶Routing API Certificate Authority
client_cert¶Routing API Client Certificate
client_private_key¶Routing API Client Private Key
port¶Port of routing api
uri¶URL where the routing API can be reached internally
- Default
https://routing-api.service.cf.internal
skip_ssl_validation¶
  
    
      Skip TLS verification when talking to UAA
- Default
- false 
tcp_router¶
  
  
    
backend_tls¶
ca_cert¶TCP Router’s TLS CA used with route backends
client_cert¶TCP Router’s TLS client cert used for mTLS with route backends
client_key¶TCP Router’s TLS client private key used for mTLS with route backends
enabled¶Turns on support for TLS for TCP Router. Requires tcp_router.backend_tls.ca_cert to be set. For mTLS also set tcp_router.backend_tls.client_cert and tcp_router.backend_tls.client_key.
- Default
false
debug_address¶Address at which to serve debug info
- Default
127.0.0.1:17002
drain_wait¶Delay in seconds after shut down is initiated before haproxy stops listening. During this time haproxy will reject requests to the /health endpoint. This accommodates requests forwarded by a load balancer until it considers the tcp_router unhealthy.
- Default
20
enable_nontls_health_checks¶Toggles on/off whether or not to listen for load balancer health check requests on the non-tls
tcp_router.health_check_portport
- Default
true
fail_on_router_port_conflicts¶Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups.
- Default
"false"
frontend_tls¶Array of private keys, certificates and names for serving TLS requests. Each element in the array is an object containing fields ‘private_key’ and ‘cert_chain’, each of which supports a PEM block.
- Example
|+ - cert_chain: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- private_key: | -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- name: | name of the cert
frontend_tls_pem¶
certificate_path¶Path to the certs and key store
health_check_port¶Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port
- Default
80
isolation_segments¶Routes with these isolation segments will be registered. Used in combination with routing_table_sharding_mode.
- Default
[]
load_balancer_healthy_threshold¶Time period in seconds to wait until declaring the tcp_router instance started after starting the listener socket. This allows an external load balancer time to register the instance as healthy.”
- Default
20
log_level¶Log level
- Default
info
oauth_secret¶OAuth client secret used to obtain token for Routing API from UAA.
request_timeout_in_seconds¶Server and client timeouts in seconds
- Default
300
tcp_stats_collection_interval¶String representing interval for collecting statistic metrics from tcp proxy. Units: ms, s, m h
- Default
1m
tls_health_check_cert¶TLS certificate to use on the TCP Router’s TLS health check port
tls_health_check_key¶TLS private key to use on the TCP Router’s TLS health check port
tls_health_check_port¶Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port
- Default
443
uaa¶
  
  
    
ca_cert¶Certificate authority for communication between clients and uaa.
- Default
""
tls_port¶Port on which UAA is listening for TLS connections. This is required for obtaining an OAuth token for Routing API.
token_endpoint¶UAA token endpoint host name. Do not include a scheme in this value; TCP Router will always use TLS to connect to UAA.
- Default
uaa.service.cf.internal
Templates¶
            Templates are rendered and placed onto corresponding
            instances during the deployment process. This job's templates
            will be placed into /var/vcap/jobs/tcp_router/ directory
            (learn more).
          
- bin/bpm-pre-start(from- bpm-pre-start.erb)
- bin/drain(from- drain.erb)
- bin/haproxy_reloader(from- haproxy_reloader)
- bin/post-start(from- post-start.erb)
- bin/pre-start(from- pre-start.erb)
- bin/tcp_router_ctl(from- tcp_router_ctl.erb)
- config/bpm.yml(from- bpm.yml.erb)
- config/certs/health.pem(from- tcp_router_health_check_certificate.pem.erb)
- config/certs/routing-api/ca_cert.crt(from- routing_api_ca_certificate.crt.erb)
- config/certs/routing-api/client.crt(from- routing_api_client_certificate.crt.erb)
- config/certs/tcp-router/backend/ca.crt(from- tcp_router_backend_ca.crt.erb)
- config/certs/uaa/ca.crt(from- uaa_ca.crt.erb)
- config/haproxy.conf(from- haproxy.conf.erb)
- config/haproxy.conf.template(from- haproxy.conf.template.erb)
- config/keys/routing-api/client.key(from- routing_api_client_private.key.erb)
- config/keys/tcp-router/backend/client_cert_and_key.pem(from- tcp_router_backend_client_cert_and_key.pem.erb)
- config/tcp_router.yml(from- tcp_router.yml.erb)
Packages¶
            Packages are compiled and placed onto corresponding
            instances during the deployment process. Packages will be
            placed into /var/vcap/packages/ directory.