-
Notifications
You must be signed in to change notification settings - Fork 0
/
gke.yaml
919 lines (919 loc) · 58.4 KB
/
gke.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
apiVersion: v1
data:
bondy.conf.template: "## =============================================================================\n##
COORDINATED STARTUP\n## =============================================================================\n\n##
Defines whether Bondy will wait for the db partitions to be initialised\n## before
continuing with initialisation.\n##\n## Default: on\n##\n## Acceptable values:\n##
\ - on or off\nstartup.wait_for_store_partitions = on\n\n## Defines whether Bondy
will wait for the db hashtrees to be built\n## before continuing with initialisation.\n##\n##
Default: on\n##\n## Acceptable values:\n## - on or off\nstartup.wait_for_store_hashtrees
= on\n\n## Defines whether Bondy will wait for the first aae exchange to be\n##
finished before continuing with initialisation.\n##\n## Default: on\n##\n## Acceptable
values:\n## - on or off\nstartup.wait_for_store_aae_exchange = on\n\n\n## The
period in seconds that Bondy will waith for clients to gracefully\n## terminate
their connections when the router is shutting down.\n##\n## Default: 30s\n##\n##
Acceptable values:\n## - a time duration with units, e.g. '10s' for 10 seconds\nshutdown.grace_period
= 30s\n\n\n\n\n## =============================================================================\n##
SECURITY\n## =============================================================================\n\n##
Defines whether Bondy allows the \"anonymous\" user\n##\n## Default: on\n##\n##
Acceptable values:\n## - on or off\nsecurity.allow_anonymous_user = on\n\n##
Defines whether Bondy create's a new realm or not when a session wants\n## to
connect a non existing realm.\n##\n## Default: off\n##\n## Acceptable values:\n##
\ - on or off\nsecurity.automatically_create_realms = off\n\n## The filename
of a security JSON configuration file, which allows you to\n## statically configure
realms and its users, groups, sources and permissions.\nsecurity.config_file =
${BONDY_ETC_DIR}/security_config.json\n\n## Defines the default password protocol
to be used for new user password\n## creation. Notice the user API allows a caller
to define the protocol to be\n## used. This default is used when the caller does
not specify a protocol.\n##\n## Default: cra\n##\n## Acceptable values:\n## -
one of: cra, scram\nsecurity.password.protocol = cra\n\n## Controls whether a
password protocol upgrade is performed during\n## password migrations. A password
migration occurs when Bondy changes the\n## internal representation of the password
object to accommodate new protocols,\n## features or bug fixes. Normally some
of this changes can be done without\n## user input, but when these changes include
a re-calculation of the salted\n## hash they can only happend during authentication
or when the user changes\n## the password.\n## If this option is set to 'on',
then Bondy will try to upgrade the password\n## protocol of an existing password
to the protocol defined by the\n## 'security.password.protocol' option using the
defaul parameters defined in\n## the 'security.password.{SelectedProtocol}.{Option}'
options.\n##\n## Default: off\n##\n## Acceptable values:\n## - on or off\nsecurity.password.protocol.upgrade.enabled
= off\n\n## Defines the minimum length for newly created passwords. The value\n##
should be at least 6 and at most 254.\n##\n## Default: 6\n##\n## Acceptable values:\n##
\ - an integer\nsecurity.password.min_length = 6\n\n\n## Defines the maximum
length for newly created passwords. The value\n## should be at least 6 and at
most 254.\n##\n## Default: 254\n##\n## Acceptable values:\n## - an integer\nsecurity.password.max_length
= 254\n\n\n## Defines the default key derivation function (KDF) to be used with
SCRAM.\n##\n## Default: pbkdf2\n##\n## Acceptable values:\n## - one of: pbkdf2,
argon2id13\nsecurity.password.scram.kdf = pbkdf2\n\n\n\n## Defines the default
number of iterations to be used with the pbkdf2 key\n## derivation function. It
should be an integer in the range 4096..65536.\n##\n## Default: 10000\n##\n##
Acceptable values:\n## - an integer\nsecurity.password.pbkdf2.iterations = 10000\n\n##
Defines the default iterations to be used with the argon2id13 key\n## derivation
function. It should be an integer in the range 4096..4294967295\n## or a named
configuration:\n## - interactive (integer 2)\n## - moderate (integer 3)\n## -
sensitive (integer 4)\n##\n## Default: moderate\n##\n## Acceptable values:\n##
\ - one of: interactive, moderate, sensitive\n## - an integer\nsecurity.password.argon2id13.iterations
= moderate\n\n## Defines the default memory to be used with the argon2id13 key\n##
derivation function. It should be an integer in the range 8192..1073741824\n##
or a named configuration:\n## - interactive (integer 64MB)\n## - moderate (integer
256MB)\n## - sensitive (integer 1GB)\n## (Notice that the underlying library allows
up to 4398046510080 (3.9 TB)\n## but we have restricted this value to avoid a
configuration error to enable a\n## DoS attack).\n##\n## Default: interactive\n##\n##
Acceptable values:\n## - one of: interactive, moderate, sensitive\n## - a
byte size with units, e.g. 10GB\nsecurity.password.argon2id13.memory = interactive\n\n\n##
=============================================================================\n##
SECURITY - TICKET AUTHENTICATION\n## =============================================================================\n\n\n##
Defines whether Bondy will allow a valid ticket to be used for\n## authentication
when a local copy of the ticket has not been found in\n## storage. This might
happen if the ticket data has not yet been syncrhonised\n## to the node handling
the authentication request.\n##\n## Default: on\n##\n## Acceptable values:\n##
\ - on or off\nsecurity.ticket.allow_not_found = on\n\n## The default expiration
time on or after which authentication ticket\n## MUST NOT be accepted for processing.\n##\n##
Default: 30d\n##\n## Acceptable values:\n## - a time duration with units, e.g.
'10s' for 10 seconds\nsecurity.ticket.expiry_time = 15d\n\n## The maximum expiration
time on or after which authentication ticket\n## MUST NOT be accepted for processing.\n##\n##
Default: 30d\n##\n## Acceptable values:\n## - a time duration with units, e.g.
'10s' for 10 seconds\nsecurity.ticket.max_expiry_time = 30d\n\n## Controls whether
local scope tickets are persistent. If enabled the\n## ticket will be stored in
Bondy's database. Otherwise the ticket is not\n## stored.\n##\n## Default: on\n##\n##
Acceptable values:\n## - on or off\nsecurity.ticket.scope.local.persistence
= off\n\n## Controls whether SSO scope tickets are persistent. If enabled the\n##
ticket will be stored in Bondy's database. Otherwise the ticket is not\n## stored.\n\n##
Controls whether SSO scope tickets are persistent. If enabled the\n## ticket will
be stored in Bondy's database. Otherwise the ticket is not\n## stored.\n##\n##
Default: on\n##\n## Acceptable values:\n## - on or off\n#\n## We set it in off
as we are restricting users to only be able to issue\n## client_local and client_sso
scope tickets.\nsecurity.ticket.scope.sso.persistence = off\n\n## Controls whether
client-local scope tickets are persistent. If enabled\n## the ticket will be stored
in Bondy's database. Otherwise the ticket is not\n## stored.\n##\n## Default:
on\n##\n## Acceptable values:\n## - on or off\nsecurity.ticket.scope.client_local.persistence
= on\n\n\n## Controls whether client-SSO scope tickets are persistent. If enabled
the\n## ticket will be stored in Bondy's database. Otherwise the ticket is not\n##
stored.\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nsecurity.ticket.scope.client_sso.persistence
= on\n\n## @doc Defines the a comma separated list of authentication methods that
a\n## user can use to establish a session that is allowed to issue tickets to
be\n## used with 'ticket' authentication.\n##\n## The possible values are the
names of the authentication methods:\n## - \"cryptosign\"\n## - \"password\"\n##
- \"ticket\"\n## - \"tls\"\n## - \"trust\"\n## - \"wamp-scram\"\n## - \"wampcra\"\n##\n##
The option also allows a single value \"all\" in which case all the methods\n##
above will be allowed.\n##\n## Notice that \"anonymous\" and \"oauth2\" methods
are NOT allowed in this list as\n## they are incompatible with the idea of tickets.\nsecurity.ticket.authmethods
= all\n\n\n## =============================================================================\n##
SECURITY: OAUTH2\n## =============================================================================\n\n\n\n##
Default location for oauth2 configuration file\n##\n## Default: ./etc/oauth2_config.json\n##\n##
Acceptable values:\n## - the path to a file\n## oauth2.config_file = ${BONDY_ETC_DIR}/oauth2_config.json\n\n##\n##
Default: 15m\n##\n## Acceptable values:\n## - a time duration with units, e.g.
'10s' for 10 seconds\n# oauth2.password_grant.duration = 15m\n\n##\n## Default:
15m\n##\n## Acceptable values:\n## - a time duration with units, e.g. '10s'
for 10 seconds\n# oauth2.client_credentials_grant.duration = 15m\n\n##\n## Default:
10m\n##\n## Acceptable values:\n## - a time duration with units, e.g. '10s'
for 10 seconds\n# oauth2.code_grant.duration = 10m\n\n##\n## Default: 30d\n##\n##
Acceptable values:\n## - a time duration with units, e.g. '10s' for 10 seconds\n#
oauth2.refresh_token.duration = 30d\n\n##\n## Default: 40\n##\n## Acceptable values:\n##
\ - a byte size with units, e.g. 10GB\n# oauth2.refresh_token.length = 40\n\n\n\n##
=============================================================================\n##
ADMIN HTTP/S API\n## =============================================================================\n\nadmin_api.http.enabled
= on\nadmin_api.http.acceptors_pool_size = 100\nadmin_api.http.backlog = 1024\nadmin_api.http.keepalive
= off\nadmin_api.http.max_connections = 10000\nadmin_api.http.nodelay = on\n\n\nadmin_api.https.enabled
= on\nadmin_api.https.acceptors_pool_size = 100\nadmin_api.https.backlog = 1024\nadmin_api.https.keepalive
= off\nadmin_api.https.max_connections = 10000\nadmin_api.https.versions = 1.3\nadmin_api.https.cacertfile
= ${BONDY_ETC_DIR}/ssl/ca.crt\nadmin_api.https.certfile = ${BONDY_ETC_DIR}/ssl/tls.crt\nadmin_api.https.keyfile
= ${BONDY_ETC_DIR}/ssl/tls.key\n\n\n## =============================================================================\n##
API GATEWAY\n## =============================================================================\n\n##
NOTICE: At the moment the WS listener is the api_gateway listener, in the\n##
next version we will split them so that we can configure them separetely\n\n\n##\n##
Default: on\n##\n## Acceptable values:\n## - on or off\napi_gateway.http.enabled
= on\n\n##\n## Default: 200\n##\n## Acceptable values:\n## - an integer\napi_gateway.http.acceptors_pool_size
= 100\n\n##\n## Default: 500000\n##\n## Acceptable values:\n## - an integer\napi_gateway.http.max_connections
= 200000\n\n##\n## Default: 4096\n##\n## Acceptable values:\n## - an integer\napi_gateway.http.backlog
= 4096\n\n## Enables/disables periodic transmission on a connected socket when
no\n## other data is exchanged. If the other end does not respond, the connection
is\n## considered broken and an error message is sent to the controlling process.\n##\n##
Default: off\n##\n## Acceptable values:\n## - on or off\napi_gateway.http.keepalive
= off\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\napi_gateway.http.nodelay
= on\n\n\n\napi_gateway.https.enabled = on\napi_gateway.https.acceptors_pool_size
= 200\napi_gateway.https.backlog = 4096\napi_gateway.https.keepalive = off\napi_gateway.https.max_connections
= 500000\napi_gateway.https.nodelay = on\napi_gateway.https.versions = 1.3\napi_gateway.https.cacertfile
= ${BONDY_ETC_DIR}/ssl/ca.crt\napi_gateway.https.certfile = ${BONDY_ETC_DIR}/ssl/tls.crt\napi_gateway.https.keyfile
= ${BONDY_ETC_DIR}/ssl/tls.key\n\n\n## =============================================================================\n##
WAMP\n## =============================================================================\n\n\n##
The default timeout for WAMP (RPC) Calls when the CALL.Options.timeout\n## property
is not used. This value will be restricted by the\n## 'wamp.max_call_timeout'
property\n##\n## Default: 30s\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\nwamp.call_timeout = 30s\n\n##\n## Default:
on\n##\n## Acceptable values:\n## - on or off\nwamp.message_retention.enabled
= off\n\n##\n## Default: ram\n##\n## Acceptable values:\n## - one of: ram, disk,
ram_disk\nwamp.message_retention.storage_type = ram\n\n##\n## Default: 1000000\n##\n##
Acceptable values:\n## - an integer\nwamp.message_retention.max_messages = 1000000\n\n##\n##
Default: 1GB\n##\n## Acceptable values:\n## - a byte size with units, e.g. 10GB\nwamp.message_retention.max_memory
= 1GB\n\n##\n## Default: 64KB\n##\n## Acceptable values:\n## - a byte size with
units, e.g. 10GB\nwamp.message_retention.max_message_size = 64KB\n\n##\n## Default:
0\n##\n## Acceptable values:\n## - an integer\n## - a time duration with units,
e.g. '10s' for 10 seconds\nwamp.message_retention.default_ttl = 0\n\n##\n## Default:
loose\n##\n## Acceptable values:\n## - one of: loose, strict\nwamp.uri.strictness
= loose\n\n\n##\n## Default: 15\n##\n## Acceptable values:\n## - an integer\nwamp.serializers.erl
= 15\n\n##\n## Default: 4\n##\n## Acceptable values:\n## - an integer\nwamp.serializers.bert
= 4\n\n\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.tcp.enabled
= on\n\n## api_gateway.ssl.port is the TCP port that Bondy uses for\n## exposing
the WAMP raw socket transport\n##\n## Default: 18082\n##\n## Acceptable values:\n##
\ - an integer\nwamp.tcp.port = 18082\n\n##\n## Default: 200\n##\n## Acceptable
values:\n## - an integer\nwamp.tcp.acceptors_pool_size = 50\n\n##\n## Default:
100000\n##\n## Acceptable values:\n## - an integer\nwamp.tcp.max_connections
= 1000\n\n##\n## Default: 1024\n##\n## Acceptable values:\n## - an integer\nwamp.tcp.backlog
= 1024\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.tcp.keepalive
= on\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.tcp.nodelay
= on\n\n\n##\n## Default: off\n##\n## Acceptable values:\n## - on or off\nwamp.tls.enabled
= on\n\n##\n## Default: 200\n##\n## Acceptable values:\n## - an integer\nwamp.tls.acceptors_pool_size
= 200\n\n##\n## Default: 1024\n##\n## Acceptable values:\n## - an integer\nwamp.tls.backlog
= 1024\n\n## Default signing authority location for https can be overridden\n##
with the wamp.tls config variable, for example:\n##\n## Default: ./etc/cacert.pem\n##\n##
Acceptable values:\n## - the path to a file\nwamp.tls.cacertfile = ${BONDY_ETC_DIR}/ssl/ca.crt\n\n##
Default cert location for https can be overridden\n## with the wamp.tls config
variable, for example:\n##\n## Default: ./etc/keycert.pem\n##\n## Acceptable values:\n##
\ - the path to a file\nwamp.tls.certfile = ${BONDY_ETC_DIR}/ssl/tls.crt\n\n##
Default key location for https can be overridden with the\n## wamp.tls config
variable, for example:\n##\n## Default: ./etc/key.pem\n##\n## Acceptable values:\n##
\ - the path to a file\nwamp.tls.keyfile = ${BONDY_ETC_DIR}/ssl/tls.key\n\n##\n##
Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.tls.keepalive =
on\n\n##\n## Default: 100000\n##\n## Acceptable values:\n## - an integer\nwamp.tls.max_connections
= 100000\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.tls.nodelay
= on\n\n## api_gateway.ssl.port is the TCP port that Bondy uses for\n## exposing
the WAMP raw socket transport\n##\n## Default: 18085\n##\n## Acceptable values:\n##
\ - an integer\nwamp.tls.port = 18085\n\n\n## A comma separate list of TLS protocol
versions that will be supported\n## At the moment Bondy only supports versions
1.2 and 1.3\n##\n## Default: 1.3\n##\n## Acceptable values:\n## - text\nwamp.tls.versions
= 1.3\n\n## Defines if Websockets PING control message functionality is enabled
or\n## not. This option affects server (Bondy) initiated pings only. Some clients\n##
might also initiate ping requests and Bondy will always respond to those\n## even
if this option is turned off.\n## This feature is useful to keep a connection
alive and validate the\n## connection is healthy. For example, Browsers will typically
kill websocket\n## connections after 60s and will not initiate PINGs.\n##\n##
Default: on\n##\n## Acceptable values:\n## - on or off\nwamp.websocket.ping.enabled
= on\n\n## If wamp.websocket.ping.enabled is 'on', this value controls the interval\n##
in which Bondy sends WebSockets PING control messages.\n##\n## Default: 30s\n##\n##
Acceptable values:\n## - a time duration with units, e.g. '10s' for 10 seconds\nwamp.websocket.ping.interval
= 30s\n\n## If wamp.websocket.ping.enabled is 'on', this value controls how many\n##
missed pings are considered a timeout. Thus, after this number of attempts\n##
Bondy will drop the connection.\n## If the value is 'infinity' Bondy will never
timeout based on missed pings.\n##\n## Default: 3\n##\n## Acceptable values:\n##
\ - an integer\n## - the text \"infinity\"\nwamp.websocket.ping.max_attempts
= 3\n\n## Drops the connection after a period of inactivity. This option does
not\n## take effect when wamp.websocket.ping.enabled is 'on' and wamp.websocket.ping.\n##
interval times wamp.websocket.ping.max_attempts results in a value higher\n##
than this option.\n## Notice that for some clients using this option alone is
not enough to keep\n## a connection alive as the client will drop the connection
due to inactivity.\n## If the client supports Websocket PING control messages,
enabled them,\n## otherwise e.g. web browsers set wamp.websocket.ping.enabled
to on.\n##\n## Default: 8h\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\n## - the text \"infinity\"\nwamp.websocket.idle_timeout
= 8h\n\n\n\n##\n## Default: infinity\n##\n## Acceptable values:\n## - the text
\"infinity\"\n## - an integer\nwamp.websocket.max_frame_size = infinity\n\n##\n##
Default: off\n##\n## Acceptable values:\n## - on or off\nwamp.websocket.compression_enabled
= off\n\n##\n## Default: 5\n##\n## Acceptable values:\n## - an integer\nwamp.websocket.deflate.level
= 5\n\n##\n## Default: 8\n##\n## Acceptable values:\n## - an integer\nwamp.websocket.deflate.mem_level
= 8\n\n##\n## Default: default\n##\n## Acceptable values:\n## - one of: default,
filtered, huffman_only, rle\nwamp.websocket.deflate.strategy = default\n\n##\n##
Default: takeover\n##\n## Acceptable values:\n## - one of: takeover, no_takeover\nwamp.websocket.deflate.server_context_takeover
= takeover\n\n##\n## Default: takeover\n##\n## Acceptable values:\n## - one
of: takeover, no_takeover\nwamp.websocket.deflate.client_context_takeover = takeover\n\n##\n##
Default: 11\n##\n## Acceptable values:\n## - an integer\nwamp.websocket.deflate.server_max_window_bits
= 11\n\n##\n## Default: 11\n##\n## Acceptable values:\n## - an integer\nwamp.websocket.deflate.client_max_window_bits
= 11\n\n\n## =============================================================================\n##
BROKER BRIDGE\n## =============================================================================\n\n\n##\n##\n##
Default: off\n##\n## Acceptable values:\n## - on or off\nbroker_bridge.kafka.enabled
= off\n\n\n\n## =============================================================================\n##
CLUSTER\n## =============================================================================\n\n\n##
Defines wether a Bondy node should perform a cluster leave operation\n## automatically
when it is being shutdown.\ncluster.automatic_leave = on\n\n## Defines the number
of TCP connections for the cluster TCP stack\n##\n## Default: 4\n##\n## Acceptable
values:\n## - an integer\ncluster.parallelism = 1\n\n## Defines the IP to use
for the cluster TCP connection\n## {mapping, \"cluster.peer_ip\", \"partisan.peer_ip\",
[\n## {default, \"\"},\n## {datatype, integer}\n## ]}.\n##\n## Default: 18086\n##\n##
Acceptable values:\n## - an integer\ncluster.peer_port = 18087\n\n##\n## Default:
off\n##\n## Acceptable values:\n## - on or off\ncluster.tls.enabled = on\n\n\n##
Default cert location for cluster TLS connection\n##\n## Acceptable values:\n##
\ - the path to a file\ncluster.tls.server.certfile = ${BONDY_ETC_DIR}/ssl/tls.crt\n\n##
Default key location for cluster TLS connection\n##\n## Acceptable values:\n##
\ - the path to a file\ncluster.tls.server.keyfile = ${BONDY_ETC_DIR}/ssl/tls.key\n\n##
Default signing authority location for cluster TLS connection\n##\n## Acceptable
values:\n## - the path to a file\ncluster.tls.server.cacertfile = ${BONDY_ETC_DIR}/ssl/ca.crt\n\n##
A comma separate list of TLS protocol versions that will be supported\n## At the
moment Bondy only supports versions 1.2 and 1.3\n##\n## Default: 1.3\n##\n## Acceptable
values:\n## - text\ncluster.tls.server.versions = 1.3\n\n##\n## Default: verify_none\n##\n##
Acceptable values:\n## - one of: verify_peer, verify_none\ncluster.tls.server.verify
= verify_none\n\n## Default cert location for cluster TLS connection\n##\n## Acceptable
values:\n## - the path to a file\n## cluster.tls.client.certfile = ${BONDY_ETC_DIR}/ssl/client/keycert.pem\n\n##
Default key location for cluster TLS connection\n##\n## Acceptable values:\n##
\ - the path to a file\n## cluster.tls.client.keyfile = ${BONDY_ETC_DIR}/ssl/client/key.pem\n\n##
Default signing authority location for cluster TLS connection\n##\n## Acceptable
values:\n## - the path to a file\n## cluster.tls.client.cacertfile = ${BONDY_ETC_DIR}/ssl/client/cacert.pem\n\n##
A comma separate list of TLS protocol versions that will be supported\n## At the
moment Bondy only supports versions 1.2 and 1.3\n##\n## Default: 1.3\n##\n## Acceptable
values:\n## - text\n# cluster.tls.client.versions = 1.2,1.3\n\n# cluster.tls.client.verify
= verify_none\n\n##\n## Default: off\n##\n## Acceptable values:\n## - on or
off\ncluster.peer_discovery.enabled = on\n\n##\n## Default: 30s\n##\n## Acceptable
values:\n## - a time duration with units, e.g. '10s' for 10 seconds\ncluster.peer_discovery.initial_delay
= 30s\n\n##\n## Default: off\n##\n## Acceptable values:\n## - on or off\ncluster.peer_discovery.automatic_join
= on\n\n##\n## Default: 5s\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\ncluster.peer_discovery.join_retry_interval
= 5s\n\n##\n## Default: 10s\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\ncluster.peer_discovery.polling_interval
= 10s\n\n##\n## Default: 5s\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\ncluster.peer_discovery.timeout = 5s\n\n##\n##
Default: bondy_peer_discovery_dns_agent\n##\n## Acceptable values:\n## - text\ncluster.peer_discovery.type
= bondy_peer_discovery_dns_agent\ncluster.peer_discovery.config.service_name =
${BONDY_PEER_SERVICE_NAME}\n\n\n\n## =============================================================================\n##
AAE\n## =============================================================================\n\n\n##\n##
Default: 1m\n##\n## Acceptable values:\n## - a time duration with units, e.g.
'10s' for 10 seconds\naae.data_exchange_timeout = 1m\n\n##\n## Default: on\n##\n##
Acceptable values:\n## - on or off\naae.enabled = on\n\n##\n## Default: 10s\n##\n##
Acceptable values:\n## - a time duration with units, e.g. '10s' for 10 seconds\naae.hashtree_timer
= 10s\n\n##\n## Default: 1w\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\naae.hashtree_ttl = 1w\n\n##\n## Default:
1m\n##\n## Acceptable values:\n## - a time duration with units, e.g. '10s' for
10 seconds\naae.exchange_timer = 1m\n\n##\n##\n## Default: on\n##\n## Acceptable
values:\n## - on or off\naae.exchange_on_cluster_join = on\n\n\n\n## =============================================================================\n##
DIRECTORIES\n## =============================================================================\n\n##\n##
Default: ./data\n##\n## Acceptable values:\n## - the path to a directory\nplatform_data_dir
= /bondy/data\n##\n## Default: ./log\n##\n## Acceptable values:\n## - the path
to a directory\nplatform_log_dir = /bondy/log\n##\n## Default: ./tmp\n##\n## Acceptable
values:\n## - the path to a directory\nplatform_tmp_dir = /bondy/tmp\n\n\n##
=============================================================================\n##
STORAGE\n## =============================================================================\n\nstore.shard_by
= prefix\n\n## Defines the level of concurrency in plum_db (the local embedded\n##
database used by Bondy).\n## Each partition has its own leveldb and ets (in-memory
db) instance. Ideally\n## we can have one partition per CPU core.\n## Bondy will
ignore this configuration in case data already exists i.e. this\n## parameter
is considered on a fresh start.\n##\n## Default: 16\n##\n## Acceptable values:\n##
\ - an integer\nstore.partitions = 16\n\n##\n## Default: 30\n##\n## Acceptable
values:\n## - an integer\nstore.open_retry_limit = 30\n\n##\n## Default: 2s\n##\n##
Acceptable values:\n## - a time duration with units, e.g. '10s' for 10 seconds\nstore.open_retries_delay
= 2s\n\n\n## =============================================================================\n##
LOGGING\n## =============================================================================\n\n##
Specifies the primary log level, that is, log event that are equally or\n## more
severe than this level, are forwarded to the primary filters. Less\n## severe
log events are immediately discarded.\n##\n## Default: info\n##\n## Acceptable
values:\n## - one of: debug, info, notice, warning, error, critical, alert,
emergency\nlog.level = ${BONDY_LOG_LEVEL}\n\n## allows to enable or disable a
configured handler\n##\n## Default: on\n##\n## Acceptable values:\n## - on or
off\nlog.handlers.default.enabled = on\n\n## The destination backend handler.\n##\n##
Default: console\n##\n## Acceptable values:\n## - one of: disk, console\nlog.handlers.default.backend
= console\n\n## Specifies the log level for the handler, that is, log events that
are\n## equally or more severe than this level, are forwarded to the handler filters\n##
for this handler.\n##\n## Default: info\n##\n## Acceptable values:\n## - one
of: debug, info, notice, warning, error, critical, alert, emergency\nlog.handlers.default.level
= ${BONDY_LOG_LEVEL}\n\n##\n## Default: standard_io\n##\n## Acceptable values:\n##
\ - one of: standard_io, standard_error, file\nlog.handlers.default.config.type
= standard_io\n\n## Large bursts of log events - many events received by the handler
under\n## a short period of time - can potentially cause problems, such as:\n##
- Log files grow very large, very quickly.\n## - Circular logs wrap too quickly
so that important data is overwritten.\n## - Write buffers grow large, which slows
down file sync operations.\n## For this reason, both built-in handlers offer the
possibility to specify the\n## maximum number of events to be handled within a
certain time frame. With\n## this burst control feature enabled, the handler can
avoid choking the log\n## with massive amounts of printouts.\n## Value true enables
burst control and false disables it.\n##\n## Default: on\n##\n## Acceptable values:\n##
\ - on or off\nlog.handlers.default.config.burst_limit_enable = on\n\n## Large
bursts of log events - many events received by the handler under\n## a short period
of time - can potentially cause problems, such as:\n## - Log files grow very large,
very quickly.\n## - Circular logs wrap too quickly so that important data is overwritten.\n##
- Write buffers grow large, which slows down file sync operations.\n## For this
reason, both built-in handlers offer the possibility to specify the\n## maximum
number of events to be handled within a certain time frame. With\n## this burst
control feature enabled, the handler can avoid choking the log\n## with massive
amounts of printouts.\n## This is the maximum number of events to handle within
a\n## burst_limit_window_time time frame. After the limit is reached, successive\n##
events are dropped until the end of the time frame.\n##\n## Default: 500\n##\n##
Acceptable values:\n## - an integer\nlog.handlers.default.config.burst_limit_max_count
= 500\n\n## Large bursts of log events - many events received by the handler under\n##
a short period of time - can potentially cause problems, such as:\n## - Log files
grow very large, very quickly.\n## - Circular logs wrap too quickly so that important
data is overwritten.\n## - Write buffers grow large, which slows down file sync
operations.\n## For this reason, both built-in handlers offer the possibility
to specify the\n## maximum number of events to be handled within a certain time
frame. With\n## this burst control feature enabled, the handler can avoid choking
the log\n## with massive amounts of printouts.\n## See the previous description
of burst_limit_max_count.\n##\n## Default: 1s\n##\n## Acceptable values:\n## -
a time duration with units, e.g. '10s' for 10 seconds\nlog.handlers.default.config.burst_limit_window_time
= 1s\n\n## The handler process keeps track of the length of its message queue
and\n## takes some form of action when the current length exceeds a configurable\n##
threshold. The purpose is to keep the handler in, or to as quickly as\n## possible
get the handler into, a state where it can keep up with the pace of\n## incoming
log events. The memory use of the handler must never grow larger\n## and larger,
since that will eventually cause the handler to crash.\n## For the overload protection
algorithm to work properly, it is required that:\n## sync_mode_qlen =< drop_mode_qlen
=< flush_qlen\n## and that: drop_mode_qlen > 1\n## As long as the length of the
message queue is lower than this value, all log\n## events are handled asynchronously.
This means that the client process\n## sending the log event, by calling a log
function in the Logger API, does not\n## wait for a response from the handler
but continues executing immediately\n## after the event is sent. It is not affected
by the time it takes the handler\n## to print the event to the log device. If
the message queue grows larger than\n## this value, the handler starts handling
log events synchronously instead,\n## meaning that the client process sending
the event must wait for a response.\n## When the handler reduces the message queue
to a level below the\n## sync_mode_qlen threshold, asynchronous operation is resumed.
The switch from\n## asynchronous to synchronous mode can slow down the logging
tempo of one, or\n## a few, busy senders, but cannot protect the handler sufficiently
in a\n## situation of many busy concurrent senders.\n##\n## Default: 10\n##\n##
Acceptable values:\n## - an integer\nlog.handlers.default.config.sync_mode_qlen
= 10\n\n## The handler process keeps track of the length of its message queue
and\n## takes some form of action when the current length exceeds a configurable\n##
threshold. The purpose is to keep the handler in, or to as quickly as\n## possible
get the handler into, a state where it can keep up with the pace of\n## incoming
log events. The memory use of the handler must never grow larger\n## and larger,
since that will eventually cause the handler to crash.\n## For the overload protection
algorithm to work properly, it is required that:\n## sync_mode_qlen =< drop_mode_qlen
=< flush_qlen\n## and that: drop_mode_qlen > 1\n## When the message queue grows
larger than this threshold, the handler\n## switches to a mode in which it drops
all new events that senders want to\n## log. Dropping an event in this mode means
that the call to the log function\n## never results in a message being sent to
the handler, but the function\n## returns without taking any action. The handler
keeps logging the events that\n## are already in its message queue, and when the
length of the message queue\n## is reduced to a level below the threshold, synchronous
or asynchronous mode\n## is resumed. Notice that when the handler activates or
deactivates drop mode,\n## information about it is printed in the log.\n##\n##
Default: 200\n##\n## Acceptable values:\n## - an integer\nlog.handlers.default.config.drop_mode_qlen
= 200\n\n## The handler process keeps track of the length of its message queue
and\n## takes some form of action when the current length exceeds a configurable\n##
threshold. The purpose is to keep the handler in, or to as quickly as\n## possible
get the handler into, a state where it can keep up with the pace of\n## incoming
log events. The memory use of the handler must never grow larger\n## and larger,
since that will eventually cause the handler to crash.\n## For the overload protection
algorithm to work properly, it is required that:\n## sync_mode_qlen =< drop_mode_qlen
=< flush_qlen\n## and that: drop_mode_qlen > 1\n## If the length of the message
queue grows larger than this threshold, a flush\n## (delete) operation takes place.
To flush events, the handler discards the\n## messages in the message queue by
receiving them in a loop without logging.\n## Client processes waiting for a response
from a synchronous log request\n## receive a reply from the handler indicating
that the request is dropped. The\n## handler process increases its priority during
the flush loop to make sure\n## that no new events are received during the operation.
Notice that after the\n## flush operation is performed, the handler prints information
in the log\n## about how many events have been deleted.\n##\n## Default: 1000\n##\n##
Acceptable values:\n## - an integer\nlog.handlers.default.config.flush_qlen
= 1000\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nlog.handlers.default.config.filesync_repeat_enable
= on\n\n##\n## Default: 5s\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\nlog.handlers.default.config.filesync_repeat_interval
= 5s\n\n## It is possible that a handler, even if it can successfully manage peaks\n##
of high load without crashing, can build up a large message queue, or use a\n##
large amount of memory. The overload protection mechanism includes an\n## automatic
termination and restart feature for the purpose of guaranteeing\n## that a handler
does not grow out of bounds.\n## For the overload protection algorithm to work
properly, it is required that:\n## sync_mode_qlen =< drop_mode_qlen =< flush_qlen\n##
and that: drop_mode_qlen > 1\n## Value true enables the feature and false disables
it.\n##\n## Default: off\n##\n## Acceptable values:\n## - on or off\nlog.handlers.default.config.overload_kill_enable
= off\n\n## It is possible that a handler, even if it can successfully manage
peaks\n## of high load without crashing, can build up a large message queue, or
use a\n## large amount of memory. The overload protection mechanism includes an\n##
automatic termination and restart feature for the purpose of guaranteeing\n##
that a handler does not grow out of bounds.\n## This is the maximum memory size
that the handler process is allowed to use. If the handler grows larger than this,
the process is terminated.\n##\n## Default: 3000000\n##\n## Acceptable values:\n##
\ - an integer\nlog.handlers.default.config.overload_kill_mem_size = 3000000\n\n##
It is possible that a handler, even if it can successfully manage peaks\n## of
high load without crashing, can build up a large message queue, or use a\n## large
amount of memory. The overload protection mechanism includes an\n## automatic
termination and restart feature for the purpose of guaranteeing\n## that a handler
does not grow out of bounds.\n## This is the maximum allowed queue length. If
the message queue grows larger\n## than this, the handler process is terminated.\n##\n##
Default: 20000\n##\n## Acceptable values:\n## - an integer\nlog.handlers.default.config.overload_kill_qlen
= 20000\n\n## It is possible that a handler, even if it can successfully manage
peaks\n## of high load without crashing, can build up a large message queue, or
use a\n## large amount of memory. The overload protection mechanism includes an\n##
automatic termination and restart feature for the purpose of guaranteeing\n##
that a handler does not grow out of bounds.\n## If the handler is terminated,
it restarts automatically after a delay\n## specified in milliseconds. The value
infinity prevents restarts.\n##\n## Default: 5s\n##\n## Acceptable values:\n##
\ - a time duration with units, e.g. '10s' for 10 seconds\nlog.handlers.default.config.overload_kill_restart_after
= 5s\n\n## Specifies what happens to a log event if all filters return ignore,
or\n## if no filters exist.\n##\n## Default: stop\n##\n## Acceptable values:\n##
\ - one of: log, stop\nlog.handlers.default.filter_default = stop\n\n## Defines
which domains are logged. All log messages that do not have the\n## domain metadata
key will be logged.\n## This allows for example to avoid printing bondy_audit
logs in the console\n## and print them to a dedicated handler.\n## The value is
a comma separated string which con contain one or more of the\n## following elements:
\"otp\", \"sasl\" and \"bondy_audit\"\n##\n## Default: otp, bondy_audit\n##\n##
Acceptable values:\n## - text\nlog.handlers.default.filter_domains = otp, bondy_audit\n\n##\n##
Default: 3\n##\n## Acceptable values:\n## - an integer\nlog.handlers.default.formatter.map_depth
= 3\n\n##\n## Default: 50\n##\n## Acceptable values:\n## - an integer\nlog.handlers.default.formatter.term_depth
= 50\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nlog.handlers.default.formatter.colored
= on\n\n##\n## Default: \e[0;38m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_debug
= \e[0;38m\n\n##\n## Default: \e[1;37m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_info
= \e[1;37m\n\n##\n## Default: \e[1;36m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_notice
= \e[1;36m\n\n##\n## Default: \e[1;33m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_warning
= \e[1;33m\n\n##\n## Default: \e[1;31m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_error
= \e[1;31m\n\n##\n## Default: \e[1;35m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_critical
= \e[1;35m\n\n##\n## Default: \e[1;45m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_alert
= \e[1;45m\n\n##\n## Default: \e[1;41;1m\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.colored_emergency
= \e[1;41;1m\n\n##\n## Default: 0\n##\n## Acceptable values:\n## - an integer\nlog.handlers.default.formatter.time_offset
= 0\n\n##\n## Default: T\n##\n## Acceptable values:\n## - text\nlog.handlers.default.formatter.time_designator
= T\n\n\n\n## =============================================================================\n##
EDGE LISTENER: ENABLED\n## =============================================================================\n\n\n##
Enables or disables Bondy edge nodes to connect to Bondy.\n##\n## Default: off\n##\n##
Acceptable values:\n## - on or off\nbridge.listener.tcp = off\n\n## TCP port
that Bondy edge nodes will use to connect to Bondy.\n##\n## Default: 18092\n##\n##
Acceptable values:\n## - an integer\n# bridge.listener.tcp.port = 18092\n\n##\n##
Default: 200\n##\n## Acceptable values:\n## - an integer\n# bridge.listener.tcp.acceptors_pool_size
= 200\n\n##\n## Default: 100000\n##\n## Acceptable values:\n## - an integer\n#
bridge.listener.tcp.max_connections = 100000\n\n##\n## Default: 1024\n##\n## Acceptable
values:\n## - an integer\n# bridge.listener.tcp.backlog = 1024\n\n##\n## Default:
on\n##\n## Acceptable values:\n## - on or off\n# bridge.listener.tcp.keepalive
= on\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\n# bridge.listener.tcp.nodelay
= on\n\n## Defines if PING control message functionality is enabled or\n## not.
This option affects server (Bondy) initiated pings only. Bondy Edge\n## might
also initiate ping requests and Bondy will always respond to those\n## even if
this option is turned off.\n## This feature is useful to keep a connection alive
and validate the\n## connection is healthy.\n##\n## Default: on\n##\n## Acceptable
values:\n## - on or off\n# bridge.listener.tcp.ping = on\n\n## If bridge.listener.tcp.ping.enabled
is 'on', this value controls the interval\n## in which Bondy sends PING control
messages to edge peers.\n##\n## Default: 30s\n##\n## Acceptable values:\n## -
a time duration with units, e.g. '10s' for 10 seconds\n# bridge.listener.tcp.ping.interval
= 30s\n\n## If bridge.listener.tcp.ping.enabled is 'on', this value controls how
many\n## missed pings are considered a timeout. Thus, after this number of attempts\n##
Bondy will drop the connection.\n## If the value is 'infinity' Bondy will never
timeout based on missed pings.\n##\n## Default: 3\n##\n## Acceptable values:\n##
\ - an integer\n## - the text \"infinity\"\n# bridge.listener.tcp.ping.max_retries
= 3\n\n## Drops the connection after a period of inactivity. This option does
not\n## take effect when bridge.listener.tcp.ping.enabled is 'on'\n## and bridge.listener.tcp.ping.interval
times\n## bridge.listener.tcp.ping.max_retries results in a value higher than
this\n## option.\n## Notice that for some clients using this option alone is not
enough to keep\n## a connection alive as the client will drop the connection due
to inactivity.\n##\n## Default: 8h\n##\n## Acceptable values:\n## - a time duration
with units, e.g. '10s' for 10 seconds\n## - the text \"infinity\"\n# bridge.listener.tcp.idle_timeout
= 8h\n\n##\n## Default: infinity\n##\n## Acceptable values:\n## - the text \"infinity\"\n##
\ - an integer\n# bridge.listener.tcp.max_frame_size = infinity\n\n## Enables
or disables Bondy edge nodes to connect to Bondy.\n##\n## Default: off\n##\n##
Acceptable values:\n## - on or off\nbridge.listener.tls = on\n\n## TCP port
that Bondy edge nodes will use to connect to Bondy.\n##\n## Default: 18093\n##\n##
Acceptable values:\n## - an integer\nbridge.listener.tls.port = 18093\n\n##\n##
Default: 200\n##\n## Acceptable values:\n## - an integer\nbridge.listener.tls.acceptors_pool_size
= 200\n\n##\n## Default: 100000\n##\n## Acceptable values:\n## - an integer\nbridge.listener.tls.max_connections
= 100000\n\n##\n## Default: 1024\n##\n## Acceptable values:\n## - an integer\nbridge.listener.tls.backlog
= 1024\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nbridge.listener.tls.keepalive
= on\n\n##\n## Default: on\n##\n## Acceptable values:\n## - on or off\nbridge.listener.tls.nodelay
= on\n\n## Defines if PING control message functionality is enabled or\n## not.
This option affects server (Bondy) initiated pings only. Bondy Edge\n## might
also initiate ping requests and Bondy will always respond to those\n## even if
this option is turned off.\n## This feature is useful to keep a connection alive
and validate the\n## connection is healthy.\n##\n## Default: on\n##\n## Acceptable
values:\n## - on or off\nbridge.listener.tls.ping = on\n\n## If bridge.listener.tls.ping.enabled
is 'on', this value controls the interval\n## in which Bondy sends PING control
messages to edge peers.\n##\n## Default: 30s\n##\n## Acceptable values:\n## -
a time duration with units, e.g. '10s' for 10 seconds\nbridge.listener.tls.ping.interval
= 30s\n\n## If bridge.listener.tls.ping.enabled is 'on', this value controls how
many\n## missed pings are considered a timeout. Thus, after this number of attempts\n##
Bondy will drop the connection.\n## If the value is 'infinity' Bondy will never
timeout based on missed pings.\n##\n## Default: 3\n##\n## Acceptable values:\n##
\ - an integer\n## - the text \"infinity\"\nbridge.listener.tls.ping.max_retries
= 3\n\n## Drops the connection after a period of inactivity. This option does
not\n## take effect when bridge.listener.tls.ping.enabled is 'on' and bridge.listener.tls.ping.\n##
interval times bridge.listener.tls.ping.max_retries results in a value higher\n##
than this option.\n## Notice that for some clients using this option alone is
not enough to keep\n## a connection alive as the client will drop the connection
due to inactivity.\n##\n## Default: 8h\n##\n## Acceptable values:\n## - a time
duration with units, e.g. '10s' for 10 seconds\n## - the text \"infinity\"\nbridge.listener.tls.idle_timeout
= 8h\n\n##\n## Default: infinity\n##\n## Acceptable values:\n## - the text \"infinity\"\n##
\ - an integer\nbridge.listener.tls.max_frame_size = infinity\n\n##\n## Default:
./etc/cert.pem\n##\n## Acceptable values:\n## - the path to a file\nbridge.listener.tls.certfile
= ${BONDY_ETC_DIR}/ssl/tls.crt\n\n##\n## Default: ./etc/key.pem\n##\n## Acceptable
values:\n## - the path to a file\nbridge.listener.tls.keyfile = ${BONDY_ETC_DIR}/ssl/tls.key\n\n##\n##
Default: ./etc/cacert.pem\n##\n## Acceptable values:\n## - the path to a file\nbridge.listener.tls.cacertfile
= ${BONDY_ETC_DIR}/ssl/ca.crt\n\n## A comma separate list of TLS protocol versions
that will be supported\n## At the moment Bondy only supports versions 1.2 and
1.3\n##\n## Default: 1.3\n##\n## Acceptable values:\n## - text\nbridge.listener.tls.versions
= 1.3\n\nbridge.listener.tls.verify = verify_none\n\n\n## =============================================================================\n##
STORE\n## =============================================================================\n\n##
This parameter defines the percentage of total server memory\n## to assign to
LevelDB. LevelDB will dynamically adjust its internal\n## cache sizes to stay
within this size. The memory size can\n## alternately be assigned as a byte count
via leveldb.maximum_memory\n## instead.\n##\n## Default: 70\n##\n## Acceptable
values:\n## - an integer\ndb.maximum_memory.percent = 35\n\n\n## =============================================================================\n##
LOAD REGULATION\n## =============================================================================\n\n##
The capacity of the router process pool, i.e. the maximum number of\n## active
erlang processes handling router events (default = 100000).\n## Once the maximum
has been reached, Bondy will respond with an overload error.\n##\n## Default:
100000\n##\n## Acceptable values:\n## - an integer\nload_regulation.router.pool.capacity
= 100000\n\n## The capacity of the session manager process pool, i.e. the maximum\n##
number of active erlang processes handling session events (default = 50).\n##\n##
Default: 50\n##\n## Acceptable values:\n## - an integer\nload_regulation.session_manager.pool.size
= 50\n\n\n\n## =============================================================================\n##
ERLANG VM\n## =============================================================================\n\nerlang.async_threads
= 64\nerlang.max_ports = 500000\nerlang.process_limit = 2000000\nerlang.distribution_buffer_size
= 32MB\nerlang.time_correction = on\nerlang.time_correction.warp_mode = multi_time_warp\n\n##
The following is required when running in Docker / K8s\n## Refer to https://adoptingerlang.org/docs/production/kubernetes/\nerlang.sbwt
= none\n## erlang.schedulers.total = ${BONDY_ERL_SCHEDULERS}\n\n\n"
security_config.json.template: |-
[
{
"uri": "com.leapsight.bondy",
"security_enabled": true,
"authmethods": [
"cryptosign",
"wampcra",
"trust",
"anonymous"
],
"users": [
{
"username": "urn:demo:user:admin",
"authorized_keys": [
"669D0A9934B46DDDA57B7C6C66805E5D7BD13EE71340D54BB5AC394ACC7603E5"
],
"groups": ["urn:demo:group:admin"]
}
],
"groups": [
{
"name": "urn:demo:group:admin",
"groups": [],
"meta": {"description": "The administrators of the Platform."}
},
{
"name": "urn:demo:group:service",
"groups": []
},
{
"name": "urn:demo:group:service:a",
"groups": ["urn:demo:group:service"]
},
{
"name": "urn:demo:group:service:b",
"groups": ["urn:demo:group:service"]
}
],
"grants": [
{
"permissions": [
"wamp.call",
"wamp.cancel",
"wamp.subscribe",
"wamp.unsubscribe"
],
"resources": [
{
"uri": "bondy.",
"match": "prefix"
},
{
"uri": "wamp.",
"match": "prefix"
}
],
"roles": [
"urn:demo:group:admin"
]
},
{
"permissions": [
"wamp.call",
"wamp.cancel",
"wamp.subscribe",
"wamp.unsubscribe"
],
"resources": [
{
"uri": "bondy.",
"match": "prefix"
}
],
"roles": [
"urn:demo:group:service"
]
},
{
"permissions": [
"wamp.call",
"wamp.cancel"
],
"resources": [
{
"uri": "bondy.",
"match": "prefix"
}
],
"roles": [
"anonymous"
]
}
],
"sources": [
{
"usernames": "all",
"authmethod": "wampcra",
"cidr": "0.0.0.0/0",
"meta": {"description": "Allows access from ay source."}
},
{
"usernames": "all",
"authmethod": "cryptosign",
"cidr": "0.0.0.0/0",
"meta": {"description": "Allows access from ay source."}
},
{
"usernames": "all",
"authmethod": "trust",
"cidr": "0.0.0.0/0",
"meta": {"description": "Allows access from ay source."}
},
{
"usernames": ["anonymous"],
"authmethod": "anonymous",
"cidr": "0.0.0.0/0",
"meta": {"description": "Allows access from ay source."}
}
]
}
]
kind: ConfigMap
metadata:
name: bondy-config
namespace: wamp
---
apiVersion: v1
kind: Service
metadata:
name: bondy
spec:
clusterIP: None
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
- name: wamp-tcp
port: 9072
targetPort: wamp-tcp
- name: wamp-tls
port: 9073
targetPort: wamp-tls
- name: admin-http
port: 18081
targetPort: admin-http
- name: admin-https
port: 18084
targetPort: admin-https
- name: peer-tcp
port: 18086
targetPort: peer-tcp
- name: peer-tls
port: 18087
targetPort: peer-tls
- name: bridge-tls
port: 18093
targetPort: bridge-tls
selector:
app: bondy
---
apiVersion: v1
kind: Service
metadata:
name: bondy-admin-api
spec:
ports:
- name: admin-http
port: 8081
targetPort: admin-http
selector:
app: bondy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: external-wamp
spec:
selector:
app: bondy
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: internal-api-gateway
spec:
ports:
- name: api-http
port: 80
targetPort: http
selector:
app: bondy
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
name: internal-wamp
spec:
ports:
- name: wamp-ws
port: 80
targetPort: http
- name: wamp-tcp
port: 9072
targetPort: wamp-tcp
selector:
app: bondy
type: ClusterIP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app: bondy
app.kubernetes.io/component: application-router
app.kubernetes.io/name: bondy
fluentd: erlang
tier: application-router
name: bondy
spec:
podManagementPolicy: Parallel
replicas: 3
revisionHistoryLimit: 1
selector:
matchLabels:
app: bondy
serviceName: bondy
template:
metadata:
annotations:
prometheus.io/path: /metrics
prometheus.io/port: "18081"
prometheus.io/scrape: "true"
labels:
app: bondy
tier: application-router
spec:
containers:
- env:
- name: BONDY_K8S_CLUSTER_NAME
value: cluster
- name: BONDY_K8S_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: BONDY_K8S_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: BONDY_PEER_SERVICE_NAME
value: bondy.$(BONDY_K8S_NAMESPACE).svc.$(BONDY_K8S_CLUSTER_NAME).local
- name: BONDY_ERL_NODENAME
value: bondy@$(BONDY_K8S_POD_NAME).bondy.$(BONDY_K8S_NAMESPACE).svc.$(BONDY_K8S_CLUSTER_NAME).local
- name: BONDY_ERL_DISTRIBUTED_COOKIE
value: bondy
- name: BONDY_ERL_CRASH_DUMP
value: /bondy/log
- name: BONDY_LOG_LEVEL
value: info
image: leapsight/bondy:1.0.0-beta.65-alpine
imagePullPolicy: Always
livenessProbe:
failureThreshold: 1
httpGet:
path: /ping
port: 18081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: bondy
ports:
- containerPort: 18080
name: http
protocol: TCP
- containerPort: 18083
name: https
protocol: TCP
- containerPort: 18081
name: admin-http
protocol: TCP
- containerPort: 18084
name: admin-https
protocol: TCP
- containerPort: 18082
name: wamp-tcp
protocol: TCP
- containerPort: 18085
name: wamp-tls
protocol: TCP
- containerPort: 18093
name: bridge-tls
protocol: TCP
- containerPort: 18086
name: peer-tcp
protocol: TCP
- containerPort: 18087
name: peer-tls
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 18081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: "4"
memory: 4Gi
requests:
cpu: "2"
memory: 1Gi
startupProbe:
failureThreshold: 30
httpGet:
path: /ping
port: 18081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
volumeMounts:
- mountPath: /bondy/etc/ssl
name: bondy-ssl-volume
readOnly: true
- mountPath: /bondy/etc/bondy.conf.template
name: bondy-conf-volume
subPath: bondy.conf.template
- mountPath: /bondy/etc/security_config.json.template
name: bondy-conf-volume
subPath: security_config.json.template
- mountPath: /bondy/data
name: bondy-data-volume
- mountPath: /bondy/tmp
name: bondy-tmp-volume
- mountPath: /bondy/log
name: bondy-log-volume
securityContext:
fsGroup: 1000
runAsUser: 1000
terminationGracePeriodSeconds: 300
volumes:
- name: bondy-ssl-volume
secret:
secretName: rsa-cert-2048-bondy
- configMap:
name: bondy-config
name: bondy-conf-volume
- emptyDir: {}
name: bondy-tmp-volume
- emptyDir: {}
name: bondy-log-volume
updateStrategy:
type: RollingUpdate
volumeClaimTemplates:
- metadata:
name: bondy-data-volume
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 25Gi
storageClassName: standard-rwo