Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Cloud Application Platform 2.0.1

A Appendix

A.1 Complete suse/kubecf values.yaml File

This is the complete output of helm inspect values suse/kubecf for the current SUSE Cloud Application Platform 2.0.1 release.

# REQUIRED: the domain that the deployment will be visible to the user.
system_domain: ~

# Set or override job properties. The first level of the map is the instance group name. The second
# level of the map is the job name. E.g.:
#  properties:
#    adapter:
#      adapter:
#        scalablesyslog:
#          adapter:
#            logs:
#              addr: kubecf-log-api:8082
#
properties: {}

credentials: {}

variables: {}

kube:
  # The storage class to be used for the instance groups that need it (e.g. bits, database and
  # singleton-blobstore). If it's not set, the default storage class will be used.
  storage_class: ~
  # The psp key contains the configuration related to Pod Security Policies. By default, a PSP will
  # be generated with the necessary permissions for running KubeCF. To pass an existing PSP and
  # prevent KubeCF from creating a new one, set the kube.psp.default with the PSP name.
  psp:
    default: ~

releases:
  # The defaults for all releases, where we do not otherwise override them.
  defaults:
    url: registry.suse.com/cap
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  app-autoscaler:
    version: 3.0.0
  bits-service:
    version: 2.28.0
  brain-tests:
    version: v0.0.12
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
  cf-acceptance-tests:
    version: 0.0.13
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  cf-smoke-tests:
    version: 40.0.128
    stemcell:
      os: SLE_15_SP1
      version: 25.2-7.0.0_374.gb8e8e6af
  # pxc is not a BOSH release.
  pxc:
    image:
      repository: registry.suse.com/cap/pxc
      tag: 0.9.4
  eirini:
    version: 0.0.27
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  postgres:
    version: "39"
  sle15:
    version: "10.93"
  sync-integration-tests:
    version: v0.0.3
  suse-staticfile-buildpack:
    url: registry.suse.com/cap
    version: "1.5.5.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-staticfile-buildpack/packages/staticfile-buildpack-sle15/staticfile-buildpack-sle15-v1.5.5.1-5.1-eaf36a02.zip
  suse-java-buildpack:
    url: registry.suse.com/cap
    version: "4.29.1.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-java-buildpack/packages/java-buildpack-sle15/java-buildpack-sle15-v4.29.1.1-543ec059.zip
  suse-ruby-buildpack:
    url: registry.suse.com/cap
    version: "1.8.15.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-ruby-buildpack/packages/ruby-buildpack-sle15/ruby-buildpack-sle15-v1.8.15.1-4.1-2b6d6879.zip
  suse-dotnet-core-buildpack:
    url: registry.suse.com/cap
    version: "2.3.9.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-dotnet-core-buildpack/packages/dotnet-core-buildpack-sle15/dotnet-core-buildpack-sle15-v2.3.9.1-1.1-e74bd89e.zip
  suse-nodejs-buildpack:
    url: registry.suse.com/cap
    version: "1.7.17.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-nodejs-buildpack/packages/nodejs-buildpack-sle15/nodejs-buildpack-sle15-v1.7.17.1-1.1-7e96d2dd.zip
  suse-go-buildpack:
    url: registry.suse.com/cap
    version: "1.9.11.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-go-buildpack/packages/go-buildpack-sle15/go-buildpack-sle15-v1.9.11.1-2.1-d5c02636.zip
  suse-python-buildpack:
    url: registry.suse.com/cap
    version: "1.7.12.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-python-buildpack/packages/python-buildpack-sle15/python-buildpack-sle15-v1.7.12.1-2.1-ebd0f50d.zip
  suse-php-buildpack:
    url: registry.suse.com/cap
    version: "4.4.12.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-php-buildpack/packages/php-buildpack-sle15/php-buildpack-sle15-v4.4.12.1-4.1-2c4591cb.zip
  suse-nginx-buildpack:
    url: registry.suse.com/cap
    version: "1.1.7.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-nginx-buildpack/packages/nginx-buildpack-sle15/nginx-buildpack-sle15-v1.1.7.1-1.1-fbf90d1f.zip
  suse-binary-buildpack:
    url: registry.suse.com/cap
    version: "1.0.36.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-binary-buildpack/packages/binary-buildpack-sle15/binary-buildpack-sle15-v1.0.36.1-1.1-37ec2cbf.zip

multi_az: false
high_availability: false

# Instance sizing takes precedence over the high_availability property. I.e. setting the
# instance count for an instance group greater than 1 will make it highly available.
#
# It is also possible to specify custom affinity rules for each instance group. If no rule
# is provided, then each group as anti-affinity to itself, to try to spread the pods between
# different nodes. In addition diego-cell and router also have anti-affinity to each other.
#
# The default rules look like this:
#
# sizing:
#   sample_group:
#     affinity:
#       podAntiAffinity:
#         preferredDuringSchedulingIgnoredDuringExecution:
#         - weight: 100
#           podAffinityTerm:
#             labelSelector:
#               matchExpressions:
#               - key: quarks.cloudfoundry.org/quarks-statefulset-name
#                 operator: In
#                 values:
#                 - sample_group
#             topologyKey: kubernetes.io/hostname
#
# Any affinity rules specified here will *overwrite* the default rule and not merge with it.

sizing:
  adapter:
    instances: ~
  api:
    instances: ~
  asactors:
    instances: ~
  asapi:
    instances: ~
  asmetrics:
    instances: ~
  asnozzle:
    instances: ~
  auctioneer:
    instances: ~
  bits:
    instances: ~
  cc_worker:
    instances: ~
  credhub:
    instances: ~
  database:
    instances: ~
    persistence:
      size: 20Gi
  diego_api:
    instances: ~
  diego_cell:
    ephemeral_disk:
      # Size of the ephemeral disk used to store applications in MB
      size: 40960
      # The name of the storage class used for the ephemeral disk PVC.
      storage_class: ~
    instances: ~
  doppler:
    instances: ~
  eirini:
    instances: ~
  log_api:
    instances: ~
  nats:
    instances: ~
  router:
    instances: ~
  routing_api:
    instances: ~
  scheduler:
    instances: ~
  uaa:
    instances: ~
  tcp_router:
    instances: ~

#  External endpoints are created for the instance groups only if features.ingress.enabled is false.
services:
  router:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
  ssh-proxy:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
  tcp-router:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
    port_range:
      start: 20000
      end: 20008

settings:
  router:
    # tls sets up the public TLS for the router. The tls keys:
    #   crt: the certificate in the PEM format. Required.
    #   key: the private key in the PEM format. Required.
    tls: {}
    # crt: |
    #   -----BEGIN CERTIFICATE-----
    #   ...
    #   -----END CERTIFICATE-----
    # key: |
    #   -----BEGIN PRIVATE KEY-----
    #   ...
    #   -----END PRIVATE KEY-----


features:
  eirini:
    # When eirini is enabled, both suse_default_stack and suse_buildpacks must be enabled as well.
    enabled: false
    registry:
      service:
        # This setting is not currently configurable and must be HIDDEN
        nodePort: 31666
  ingress:
    enabled: false
    tls:
      crt: ~
      key: ~
    annotations: {}
    labels: {}
  suse_default_stack:
    enabled:  true
  suse_buildpacks:
    enabled: true
  autoscaler:
    enabled: false
  credhub:
    enabled: true
  # Disabling routing_api will also disable the tcp_router instance_group
  routing_api:
    enabled: true
  # embedded_database enables the embedded PXC sub-chart. Disabling it allows using an external, already seeded,
  embedded_database:
    enabled: true
  blobstore:
    # Possible values for provider: singleton and s3.
    provider: singleton
    s3:
      aws_region: ~
      blobstore_access_key_id: ~
      blobstore_secret_access_key: ~
      blobstore_admin_users_password: ~
      # The following values are used as S3 bucket names.
      app_package_directory_key: ~
      buildpack_directory_key: ~
      droplet_directory_key: ~
      resource_directory_key: ~

  # The external database type can be either 'mysql' or 'postgres'.
  external_database:
    enabled: false
    require_ssl: false
    ca_cert: ~
    type: ~
    host: ~
    port: ~
    databases:
      uaa:
        name: uaa
        password: ~
        username: ~
      cc:
        name: cloud_controller
        password: ~
        username: ~
      bbs:
        name: diego
        password: ~
        username: ~
      routing_api:
        name: routing-api
        password: ~
        username: ~
      policy_server:
        name: network_policy
        password: ~
        username: ~
      silk_controller:
        name: network_connectivity
        password: ~
        username: ~
      locket:
        name: locket
        password: ~
        username: ~
      credhub:
        name: credhub
        password: ~
        username: ~

# Enable or disable instance groups for the different test suites.
# Only smoke tests should be run in production environments.
#
# __ATTENTION__: The brain tests do things with the cluster which
# required them to have `cluster-admin` permissions (i.e. root).
# Enabling them is thus potentially insecure. They should only be
# activated for isolated testing.

testing:
  brain_tests:
    enabled: false
  cf_acceptance_tests:
    enabled: false
  smoke_tests:
    enabled: true
  sync_integration_tests:
    enabled: false

ccdb:
  encryption:
    rotation:
      # Key labels must be <= 240 characters long.
      key_labels:
      - encryption_key_0
      current_key_label: encryption_key_0

operations:
  # A list of configmap names that should be applied to the BOSH manifest.
  custom: []
  # Inlined operations that get into generated ConfigMaps. E.g. adding a password variable:
  # operations:
  #   inline:
  #   - type: replace
  #     path: /variables/-
  #     value:
  #       name: my_password
  #       type: password
  inline: []

k8s-host-url: ""
k8s-service-token: ""
k8s-service-username: ""
k8s-node-ca: ""

eirini:
  global:
    labels: {}
    annotations: {}

  env:
    # This setting is not configurable and must be HIDDEN from the user.
    # It's a workaround to replace the port eirini uses for the registry
    DOMAIN: '127.0.0.1.nip.io:31666" #'
  services:
    loadbalanced: true
  opi:
    image_tag: "1.5.0"
    image: registry.suse.com/cap/opi
    metrics_collector_image: registry.suse.com/cap/metrics-collector
    bits_waiter_image: registry.suse.com/cap/bits-waiter
    route_collector_image: registry.suse.com/cap/route-collector
    route_pod_informer_image: registry.suse.com/cap/route-pod-informer
    route_statefulset_informer_image: registry.suse.com/cap/route-statefulset-informer
    event_reporter_image: registry.suse.com/cap/event-reporter
    event_reporter_image_tag: "1.5.0"
    staging_reporter_image: registry.suse.com/cap/staging-reporter
    staging_reporter_image_tag: "1.5.0"
    #
    registry_secret_name: eirini-registry-credentials
    namespace: eirini
    kubecf:
      enable: false
    use_registry_ingress: false
    ingress_endpoint: ~
    kube:
      external_ips: []
    deny_app_ingress: false
    cc_api:
      serviceName: "api"

    staging:
      downloader_image: registry.suse.com/cap/recipe-downloader
      downloader_image_tag: "1.5.0-24.1"
      executor_image: registry.suse.com/cap/recipe-executor
      executor_image_tag: "1.5.0-24.1"
      uploader_image: registry.suse.com/cap/recipe-uploader
      uploader_image_tag: "1.5.0-24.1"
      enable: true
      tls:
        client:
          secretName: "var-eirini-tls-client-cert"
          certPath: "certificate"
          keyPath: "private_key"
        cc_uploader:
          secretName: "var-cc-bridge-cc-uploader"
          certPath: "certificate"
          keyPath: "private_key"
        ca:
          secretName: "var-eirini-tls-client-cert"
          path: "ca"
        stagingReporter:
          secretName: "var-eirini-tls-client-cert"
          certPath: "certificate"
          keyPath: "private_key"
          caPath: "ca"

    tls:
      opiCapiClient:
        secretName: "var-eirini-tls-client-cert"
        keyPath: "private_key"
        certPath: "certificate"
      opiServer:
        secretName: "var-eirini-tls-server-cert"
        certPath: "certificate"
        keyPath: "private_key"
      capi:
        secretName: "var-eirini-tls-server-cert"
        caPath: "ca"
      eirini:
        secretName: "var-eirini-tls-server-cert"
        caPath: "ca"

    events:
      enable: true
      # All configs in this section should be HIDDEN from the user; they are
      # here to adapt the Eirini helm chart for KubeCF use.
      tls:
        capiClient:
          secretName: "var-cc-tls"
          keyPath: "private_key"
          certPath: "certificate"
        capi:
          secretName: "var-cc-tls"
          caPath: "ca"

    logs:
      # disable fluentd, use eirinix-loggregator-bridge (HIDDEN from the user).
      enable: false
      # HIDDEN from the user as changing this breaks logging.
      serviceName: doppler

    # All configs in this section should be HIDDEN from the user; they are here
    # to adapt the Eirini helm chart for KubeCF use.
    metrics:
      enable: true
      tls:
        client:
          secretName: "var-loggregator-tls-doppler"
          keyPath: "private_key"
          certPath: "certificate"
        server:
          secretName: "var-loggregator-tls-doppler"
          caPath: "ca"

    rootfsPatcher:
      enable: false
      timeout: 2m

    # All configs in this section should be HIDDEN from the user; they are here
    # to adapt the Eirini helm chart for KubeCF use.
    routing:
      enable: true
      nats:
        secretName: "var-nats-password"
        passwordPath: "password"
        serviceName: "nats"

    secretSmuggler:
      enable: false

bits:
  download_eirinifs: false
  global:
    labels: {}
    annotations: {}
    images:
      bits_service: registry.suse.com/cap/bits-service:bits-1.0.15-15.1.6.2.220-24.2
  env:
    # This setting is not configurable and must be HIDDEN from the user.
    DOMAIN: 127.0.0.1.nip.io
  ingress:
    endpoint: ~
    use: false
  kube:
    external_ips: []
  services:
    loadbalanced: true

  blobstore:
    serviceName: "singleton-blobstore"
    userName: "blobstore-user"
    secret:
      name: "var-blobstore-admin-users-password"
      passwordPath: "password"

  secrets:
    BITS_SERVICE_SECRET: "secret"
    BITS_SERVICE_SIGNING_USER_PASSWORD: "notpassword123"

  useExistingSecret: true
  tls_secret_name: bits-service-ssl
  tls_cert_name: certificate
  tls_key_name: private_key
  tls_ca_name: ca

eirinix:
  persi-broker:
    service-plans:
    - id: default
      name: "default"
      description: "Existing default storage class"
      kube_storage_class: "default"
      free: true
      default_size: "1Gi"

A.2 Complete suse/cf-operator values.yaml File

This is the complete output of helm inspect values suse/cf-operator for the current SUSE Cloud Application Platform 2.0.1 release.

## Default values for Cf-operator Helm Chart.
## This is a YAML-formatted file.
## Declare variables to be passed into your templates.


# applyCRD is a boolean to control the installation of CRD's.
applyCRD: true

cluster:
  # domain is the the Kubernetes cluster domain
  domain: "cluster.local"

# createWatchNamespace is a boolean to control creation of the watched namespace.
createWatchNamespace: true

# fullnameOverride overrides the release name
fullnameOverride: ""

# image is the docker image of quarks job.
image:
  # repository that provides the operator docker image.
  repository: cf-operator
  # org that provides the operator docker image.
  org: registry.suse.com/cap
  # tag of the operator docker image
  tag: v4.5.13-0.gd4738712

# logrotateInterval is the time between logrotate calls for instance groups in minutes
logrotateInterval: 1440

# logLevel defines from which level the logs should be printed (trace,debug,info,warn).
logLevel: debug

# workers are the int values for running maximum number of workers of the respective controller.
workers:
  boshdeployment: 1
  quarksSecret: 1
  quarksStatefulset: 1

operator:
  webhook:
    # host under which the webhook server can be reached from the cluster
    host: ~
    # port the webhook server listens on
    port: "2999"
  # boshDNSDockerImage is the docker image used for emulating bosh DNS (a CoreDNS image).
  boshDNSDockerImage: "registry.suse.com/cap/coredns:0.1.0-1.6.7-bp152.1.2"

# nameOverride overrides the chart name part of the release name
nameOverride: ""

# serviceAccount contains the configuration
# values of the service account used by cf-operator.
serviceAccount:
  # create is a boolean to control the creation of service account name.
  create: true
  # name of the service account.
  name:

global:
  # Context Timeout for each K8's API request in seconds.
  contextTimeout: 300
  image:
    # pullPolicy defines the policy used for pulling docker images.
    pullPolicy: IfNotPresent
    # credentials is used for pulling docker images.
    credentials: ~
      # username:
      # password:
      # servername:
  operator:
    # watchNamespace is used for watching the BOSH deployments.
    watchNamespace: staging
    webhook:
      # useServiceReference is a boolean to control the use of the
      # service reference in the webhook spec instead of a url.
      useServiceReference: true

  rbac:
    # create is a boolean to control the installation of quarks job cluster role template.
    create: true

quarks-job:
  # createWatchNamespace is a boolean to control creation of the watched namespace.
  createWatchNamespace: false
  serviceAccount:
    # create is a boolean to control the creation of service account name.
    create: true
    # name of the service account.
    name:
Print this page