Jump to content

SUSE Cloud Application Platform 2.0 Release Notes

Publication Date: 2020-06-18

This document provides guidance and an overview to high-level general features and updates for SUSE Cloud Application Platform 2.0. It also describes capabilities and limitations of SUSE Cloud Application Platform 2.0. For detailed information about deploying this product, see the Deployment Guide at https://documentation.suse.com/suse-cap/2.0/single-html/cap-guides/#part-cap-deployment.

These release notes are updated periodically. The latest version of these release notes is always available at https://www.suse.com/releasenotes. General documentation can be found at https://documentation.suse.com/suse-cap/2.

1 About SUSE Cloud Application Platform

SUSE Cloud Application Platform is a modern application delivery platform used to bring an advanced cloud native developer experience to Kubernetes—​the de-facto standard for enterprise container orchestration. SUSE Cloud Application Platform eliminates manual IT configuration and helps accelerate innovation by getting applications to market faster. Developers can serve themselves and get apps to the cloud in minutes instead of weeks, while staying within IT guidelines, and without relying on scarce IT resources to perform manual configuration each step of the way. Streamlining application delivery opens a clear path to increased business agility, led by enterprise development, operations, and DevOps teams.

SUSE Cloud Application Platform increases business agility by helping enterprises to:

  • Boost developer productivity with easy one step deployment of cloud native applications using the language and framework most appropriate for the task.

  • Reduce complexity and increase IT efficiency with a single, lean, platform that brings together proven open source technologies for rapid application delivery at scale.

  • Maximize return on investment with industry leading open-source technologies that leverage your existing investments.

2 Support Statement for SUSE Cloud Application Platform

To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/?id=SUSE_Cloud_Application_Platform.

The following definitions apply:

2.1 Version Support

Technical Support and Troubleshooting (L1 - L2): Current and previous major versions (n-1). For example: SUSE will provide technical support and troubleshooting for versions 1.0, 1.1, 1.2, 1.3 (and all 2.x point releases) until the release of 3.0.

Patches and updates (L3): On the latest or last minor release of each major release. For example: SUSE will provide patches and updates for 1.3 (and 2.latest) until the release of 3.0.

SUSE Cloud Application Platform closely follows upstream Cloud Foundry releases which may implement fixes and changes which are not backwards compatible with previous releases. SUSE will backport patches for critical bugs and security issues on a best efforts basis.

2.2 Platform Support

SUSE Cloud Application Platform is fully supported on Amazon EKS, Microsoft Azure AKS and Google GKE. Each release is tested by SUSE Cloud Application Platform QA on these platforms.

SUSE Cloud Application Platform is fully supported on SUSE CaaS Platform, wherever it happens to be installed. If SUSE CaaS Platform is supported on a particular CSP, the customer can get support for SUSE Cloud Application Platform in that context.

SUSE can provide support for SUSE Cloud Application Platform on 3rd party/generic Kubernetes on a case-by-case basis provided:

  1. the Kubernetes cluster satisfies the Requirements listed here: https://documentation.suse.com/suse-cap/2.0/html/cap-guides/cha-cap-depl-kube-requirements.html#sec-cap-changes-kube-reqs

  2. The kube-ready-state-check.sh script has been run on the target Kubernetes cluster and does not show any configuration problems

  3. a SUSE Services or Sales Engineer has verified that SUSE Cloud Application Platform works correctly on the target Kubernetes cluster

Any incident with SUSE Cloud Application Platform is also fully supported as long as the problem can be replicated on SUSE CaaS Platform, AKS, Amazon EKS or GKE. Bugs identified on 3rd party / generic Kubernetes which are unique to that platform and can not be replicated on the core supported platforms are fixed on a best efforts basis. SUSE will not replicate the deployed Kubernetes environment internally in order to reproduce errors.

SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.

3 Major Changes

3.1 Release 2.0, June 2020

3.1.1 What Is New?

3.1.2 Features and Fixes

  • The values.yaml configuration file has undergone significant updates, including changes to the format and name of keys. When migrating from SUSE Cloud Application Platform 1.5.2 to 2.0, the existing values.yaml configuration file (for example, scf-config-values.yaml) for 1.5.2 cannot be reused for 2.0. A new values.yaml file (for example, kubecf-config-values.yaml) must be created and used instead. Refer to Section 6, “Appendix: Sample values.yaml File” as a guideline for format and names valid for 2.0

  • The UAA component is now embedded in KubeCF by default and a separate installation is not necessary.

  • Fixed appVersion field in Chart yaml(s) to reflect the application version

  • Removed sle12 and cflinuxfs2 stack, which were preceded by warnings in CAP 1.5.x releases

  • Removed cf-usb service broker. Users should use Minibroker or the OSBAPI-compliant brokers provided by the public cloud platforms instead

  • nfs-broker is not included in the current release

  • pxc is no longer directly taken from upstream; we rely on a docker image (0.9.4) that uses version 5.7.28-31.41

  • Includes these Cloud Foundry component versions:

    • app-autoscaler: 3.0.0

    • bits-services: 2.28.0

    • bosh-dns-aliases: 0.0.3

    • bpm: 1.1.7

    • capi: 1.91.0

    • cf-acceptance-tests: 0.0.13

    • cf-deployment: 12.36

    • cf-smoke-tests: 40.0.128

    • cf-syslog-drain: 10.2.11

    • cflinuxfs3: 0.167.0

    • credhub: 2.5.11

    • diego: 2.44.0

    • eirini: 0.0.27

    • garden-runc: 1.19.10

    • loggregator: 106.3.8

    • loggregator-agent: 5.3.7

    • log-cache: 2.6.8

    • nats: 33

    • postgres-release: 39

    • routing: 0.198.0

    • scf-helper: 1.0.13

    • silk: 2.28.0

    • sle15: 10.93

    • statsd-injector: 1.11.15

    • sync-integration-tests: 0.0.3

    • uaa: 74.15.0

  • Buildpacks:

    • binary-buildpack: 1.0.36

    • dotnetcore-buildpack: 2.3.9

    • go-buildpack: 1.9.11

    • java-buildpack: 4.29.1

    • nginx-buildpack: 1.1.7

    • nodejs-buildpack: 1.7.17

    • php-buildpack: 4.4.12

    • python-buildpack: 1.7.12

    • staticfile-buildpack: 1.5.5

    • ruby-buildpack: 1.8.15

3.1.3 Known Issues

Important
Important
Important
Important
  • Autoscaler can go into a CrashLoopBackoff state if DNS setup is not complete by the time autoscaler comes up. To avoid this situation it is recommended the DNS entries are set up as soon as services (e.g. router-public) have external IPs assigned to them. The asactors pod can also be deleted to recover from this state as kubernetes will re-create the pod

Important
Important
  • Occasionally, the Autoscaler’s database pod (asdatabase) can go into a CrashLoopBackoff when Autoscaler is enabled via a helm upgrade. It is recommended Autoscaler is deployed along with other CAP 2 components during the initial helm install.

  • SLE12 and cflinuxfs2 have been removed and are no longer supported. For details regarding the deprecation of these stacks, refer to the previous annoucements at https://www.suse.com/releasenotes/x86_64/SUSE-CAP/1/#sec.1_4_1.issue and https://www.suse.com/releasenotes/x86_64/SUSE-CAP/1/#sec.1_5.issue. Procedures to migrate to new stacks can be found at https://documentation.suse.com/suse-cap/1.5.2/single-html/cap-guides/#id-1.3.4.3.4.

  • Eirini will only work on a cluster that has .cluster.local set as the local domain in the kubelet using ` --cluster-domain` as described at https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#introduction

  • When Eirini is enabled, both features.suse_default_stack and features.suse_buildpacks must be enabled. A cflinuxfs3 Eirini image is currently not available, and the SUSE stack must be used.

  • On subsequent deployments with Eirini enabled, deployments may result in the bits pod going into a CrashLoopBackoff state with a tls: private key does not match public key error. This occurs after an initial deployment wiht Eirini enabled is not properly cleaned up. The csr for bits is not namespaced and will not be removed when helm delete kubecf is performed and must be deleted manually using kubectl delete csr kubecf-bits-service-ssl before another deployment is made.

  • The Open Service Broker for Azure is only compatible with Kubernetes 1.15 or earlier.

  • The cf-usb service brokers from CAP 1.x will not work with CAP 2.0, along with Kubernetes 1.16 or higher, so they are no longer supported. As noted in the Features & Fixes above, please migrate over to either Minibroker or an OSBAPI-compliant broker available via your public cloud platform.

  • During the Open Service Broker for Azure set up process, the svc/catalog chart install will encounter a OOMKilled state and fail. The controllerManager’s requests and limits for the CPU and memory must be increased to avoid this. As an example, increasing these values to double the default will allow for a successful installation.

    helm install catalog svc-cat/catalog \
     --namespace catalog \
     --set controllerManager.healthcheck.enabled=false \
     --set apiserver.healthcheck.enabled=false \
     --set controllerManager.resources.requests.cpu=200m \
     --set controllerManager.resources.requests.memory=40Mi \
     --set controllerManager.resources.limits.cpu=200m \
     --set controllerManager.resources.limits.memory=40Mi

4 Obtaining Source Code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com or as otherwise instructed at https://www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee to recover distribution costs.

5 Legal Notices

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Refer to https://www.suse.com/company/legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2017-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (CC-BY-SA-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

6 Appendix: Sample values.yaml File

# REQUIRED: the domain that the deployment will be visible to the user.
system_domain: ~

# Set or override job properties. The first level of the map is the instance group name. The second
# level of the map is the job name. E.g.:
#  properties:
#    adapter:
#      adapter:
#        scalablesyslog:
#          adapter:
#            logs:
#              addr: kubecf-log-api:8082
#
properties: {}

credentials: {}

variables: {}

kube:
  # The storage class to be used for the instance groups that need it (e.g. bits, database and
  # singleton-blobstore). If it's not set, the default storage class will be used.
  storage_class: ~
  # The psp key contains the configuration related to Pod Security Policies. By default, a PSP will
  # be generated with the necessary permissions for running KubeCF. To pass an existing PSP and
  # prevent KubeCF from creating a new one, set the kube.psp.default with the PSP name.
  psp:
    default: ~

releases:
  # The defaults for all releases, where we do not otherwise override them.
  defaults:
    url: registry.suse.com/cap
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  app-autoscaler:
    version: 3.0.0
  bits-service:
    version: 2.28.0
  brain-tests:
    version: v0.0.12
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
  cf-acceptance-tests:
    version: 0.0.13
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  cf-smoke-tests:
    version: 40.0.128
    stemcell:
      os: SLE_15_SP1
      version: 25.2-7.0.0_374.gb8e8e6af
  # pxc is not a BOSH release.
  pxc:
    image:
      repository: registry.suse.com/cap/pxc
      tag: 0.9.4
  eirini:
    version: 0.0.27
    stemcell:
      os: SLE_15_SP1
      version: 23.21-7.0.0_374.gb8e8e6af
  postgres:
    version: "39"
  sle15:
    version: "10.93"
  sync-integration-tests:
    version: v0.0.3
  suse-staticfile-buildpack:
    url: registry.suse.com/cap
    version: "1.5.5.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-staticfile-buildpack/packages/staticfile-buildpack-sle15/staticfile-buildpack-sle15-v1.5.5.1-5.1-eaf36a02.zip
  suse-java-buildpack:
    url: registry.suse.com/cap
    version: "4.29.1.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-java-buildpack/packages/java-buildpack-sle15/java-buildpack-sle15-v4.29.1.1-543ec059.zip
  suse-ruby-buildpack:
    url: registry.suse.com/cap
    version: "1.8.15.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-ruby-buildpack/packages/ruby-buildpack-sle15/ruby-buildpack-sle15-v1.8.15.1-4.1-2b6d6879.zip
  suse-dotnet-core-buildpack:
    url: registry.suse.com/cap
    version: "2.3.9.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-dotnet-core-buildpack/packages/dotnet-core-buildpack-sle15/dotnet-core-buildpack-sle15-v2.3.9.1-1.1-e74bd89e.zip
  suse-nodejs-buildpack:
    url: registry.suse.com/cap
    version: "1.7.17.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-nodejs-buildpack/packages/nodejs-buildpack-sle15/nodejs-buildpack-sle15-v1.7.17.1-1.1-7e96d2dd.zip
  suse-go-buildpack:
    url: registry.suse.com/cap
    version: "1.9.11.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-go-buildpack/packages/go-buildpack-sle15/go-buildpack-sle15-v1.9.11.1-2.1-d5c02636.zip
  suse-python-buildpack:
    url: registry.suse.com/cap
    version: "1.7.12.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-python-buildpack/packages/python-buildpack-sle15/python-buildpack-sle15-v1.7.12.1-2.1-ebd0f50d.zip
  suse-php-buildpack:
    url: registry.suse.com/cap
    version: "4.4.12.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-php-buildpack/packages/php-buildpack-sle15/php-buildpack-sle15-v4.4.12.1-4.1-2c4591cb.zip
  suse-nginx-buildpack:
    url: registry.suse.com/cap
    version: "1.1.7.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-nginx-buildpack/packages/nginx-buildpack-sle15/nginx-buildpack-sle15-v1.1.7.1-1.1-fbf90d1f.zip
  suse-binary-buildpack:
    url: registry.suse.com/cap
    version: "1.0.36.1"
    stemcell:
      os: SLE_15_SP1
      version: 25.1-7.0.0_374.gb8e8e6af
    file: suse-binary-buildpack/packages/binary-buildpack-sle15/binary-buildpack-sle15-v1.0.36.1-1.1-37ec2cbf.zip

multi_az: false
high_availability: false

# Sizing takes precedence over the high_availability property. I.e. setting the instance count
# for an instance group greater than 1 will make it highly available.
sizing:
  adapter:
    instances: ~
  api:
    instances: ~
  asactors:
    instances: ~
  asapi:
    instances: ~
  asmetrics:
    instances: ~
  asnozzle:
    instances: ~
  auctioneer:
    instances: ~
  bits:
    instances: ~
  cc_worker:
    instances: ~
  credhub:
    instances: ~
  database:
    instances: ~
    persistence:
      size: 20Gi
  diego_api:
    instances: ~
  diego_cell:
    ephemeral_disk:
      # Size of the ephemeral disk used to store applications in MB
      size: 40960
      # The name of the storage class used for the ephemeral disk PVC.
      storage_class: ~
    instances: ~
  doppler:
    instances: ~
  eirini:
    instances: ~
  log_api:
    instances: ~
  nats:
    instances: ~
  router:
    instances: ~
  routing_api:
    instances: ~
  scheduler:
    instances: ~
  uaa:
    instances: ~
  tcp_router:
    instances: ~

#  External endpoints are created for the instance groups only if features.ingress.enabled is false.
services:
  router:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
  ssh-proxy:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
  tcp-router:
    annotations: ~
    type: LoadBalancer
    externalIPs: []
    clusterIP: ~
    port_range:
      start: 20000
      end: 20008

settings:
  router:
    # tls sets up the public TLS for the router. The tls keys:
    #   crt: the certificate in the PEM format. Required.
    #   key: the private key in the PEM format. Required.
    tls: {}
    # crt: |
    #   -----BEGIN CERTIFICATE-----
    #   ...
    #   -----END CERTIFICATE-----
    # key: |
    #   -----BEGIN PRIVATE KEY-----
    #   ...
    #   -----END PRIVATE KEY-----


features:
  eirini:
    # When eirini is enabled, both suse_default_stack and suse_buildpacks must be enabled as well.
    enabled: false
    registry:
      service:
        # This setting is not currently configurable and must be HIDDEN
        nodePort: 31666
  ingress:
    enabled: false
    tls:
      crt: ~
      key: ~
    annotations: {}
    labels: {}
  suse_default_stack:
    enabled:  true
  suse_buildpacks:
    enabled: true
  autoscaler:
    enabled: false
  credhub:
    enabled: true
  # Disabling routing_api will also disable the tcp_router instance_group
  routing_api:
    enabled: true
  # embedded_database enables the embedded PXC sub-chart. Disabling it allows using an external, already seeded,
  embedded_database:
    enabled: true
  blobstore:
    # Possible values for provider: singleton and s3.
    provider: singleton
    s3:
      aws_region: ~
      blobstore_access_key_id: ~
      blobstore_secret_access_key: ~
      blobstore_admin_users_password: ~
      # The following values are used as S3 bucket names.
      app_package_directory_key: ~
      buildpack_directory_key: ~
      droplet_directory_key: ~
      resource_directory_key: ~

  # The external database type can be either 'mysql' or 'postgres'.
  external_database:
    enabled: false
    require_ssl: false
    ca_cert: ~
    type: ~
    host: ~
    port: ~
    databases:
      uaa:
        name: uaa
        password: ~
        username: ~
      cc:
        name: cloud_controller
        password: ~
        username: ~
      bbs:
        name: diego
        password: ~
        username: ~
      routing_api:
        name: routing-api
        password: ~
        username: ~
      policy_server:
        name: network_policy
        password: ~
        username: ~
      silk_controller:
        name: network_connectivity
        password: ~
        username: ~
      locket:
        name: locket
        password: ~
        username: ~
      credhub:
        name: credhub
        password: ~
        username: ~

# Enable or disable instance groups for the different test suites.
# Only smoke tests should be run in production environments.
#
# __ATTENTION__: The brain tests do things with the cluster which
# required them to have `cluster-admin` permissions (i.e. root).
# Enabling them is thus potentially insecure. They should only be
# activated for isolated testing.

testing:
  brain_tests:
    enabled: false
  cf_acceptance_tests:
    enabled: false
  smoke_tests:
    enabled: true
  sync_integration_tests:
    enabled: false

ccdb:
  encryption:
    rotation:
      # Key labels must be <= 240 characters long.
      key_labels:
      - encryption_key_0
      current_key_label: encryption_key_0

operations:
  # A list of configmap names that should be applied to the BOSH manifest.
  custom: []
  # Inlined operations that get into generated ConfigMaps. E.g. adding a password variable:
  # operations:
  #   inline:
  #   - type: replace
  #     path: /variables/-
  #     value:
  #       name: my_password
  #       type: password
  inline: []

k8s-host-url: ""
k8s-service-token: ""
k8s-service-username: ""
k8s-node-ca: ""

eirini:
  global:
    labels: {}
    annotations: {}

  env:
    # This setting is not configurable and must be HIDDEN from the user.
    # It's a workaround to replace the port eirini uses for the registry
    DOMAIN: '127.0.0.1.nip.io:31666" #'
  services:
    loadbalanced: true
  opi:
    image_tag: "1.5.0"
    image: registry.suse.com/cap/opi
    metrics_collector_image: registry.suse.com/cap/metrics-collector
    bits_waiter_image: registry.suse.com/cap/bits-waiter
    route_collector_image: registry.suse.com/cap/route-collector
    route_pod_informer_image: registry.suse.com/cap/route-pod-informer
    route_statefulset_informer_image: registry.suse.com/cap/route-statefulset-informer
    event_reporter_image: registry.suse.com/cap/event-reporter
    event_reporter_image_tag: "1.5.0"
    staging_reporter_image: registry.suse.com/cap/staging-reporter
    staging_reporter_image_tag: "1.5.0"
    #
    registry_secret_name: eirini-registry-credentials
    namespace: eirini
    kubecf:
      enable: false
    use_registry_ingress: false
    ingress_endpoint: ~
    kube:
      external_ips: []
    deny_app_ingress: false
    cc_api:
      serviceName: "api"

    staging:
      downloader_image: registry.suse.com/cap/recipe-downloader
      downloader_image_tag: "1.5.0-24.1"
      executor_image: registry.suse.com/cap/recipe-executor
      executor_image_tag: "1.5.0-24.1"
      uploader_image: registry.suse.com/cap/recipe-uploader
      uploader_image_tag: "1.5.0-24.1"
      enable: true
      tls:
        client:
          secretName: "var-eirini-tls-client-cert"
          certPath: "certificate"
          keyPath: "private_key"
        cc_uploader:
          secretName: "var-cc-bridge-cc-uploader"
          certPath: "certificate"
          keyPath: "private_key"
        ca:
          secretName: "var-eirini-tls-client-cert"
          path: "ca"
        stagingReporter:
          secretName: "var-eirini-tls-client-cert"
          certPath: "certificate"
          keyPath: "private_key"
          caPath: "ca"

    tls:
      opiCapiClient:
        secretName: "var-eirini-tls-client-cert"
        keyPath: "private_key"
        certPath: "certificate"
      opiServer:
        secretName: "var-eirini-tls-server-cert"
        certPath: "certificate"
        keyPath: "private_key"
      capi:
        secretName: "var-eirini-tls-server-cert"
        caPath: "ca"
      eirini:
        secretName: "var-eirini-tls-server-cert"
        caPath: "ca"

    events:
      enable: true
      # All configs in this section should be HIDDEN from the user; they are
      # here to adapt the Eirini helm chart for KubeCF use.
      tls:
        capiClient:
          secretName: "var-cc-tls"
          keyPath: "private_key"
          certPath: "certificate"
        capi:
          secretName: "var-cc-tls"
          caPath: "ca"

    logs:
      # disable fluentd, use eirinix-loggregator-bridge (HIDDEN from the user).
      enable: false
      # HIDDEN from the user as changing this breaks logging.
      serviceName: doppler

    # All configs in this section should be HIDDEN from the user; they are here
    # to adapt the Eirini helm chart for KubeCF use.
    metrics:
      enable: true
      tls:
        client:
          secretName: "var-loggregator-tls-doppler"
          keyPath: "private_key"
          certPath: "certificate"
        server:
          secretName: "var-loggregator-tls-doppler"
          caPath: "ca"

    rootfsPatcher:
      enable: false
      timeout: 2m

    # All configs in this section should be HIDDEN from the user; they are here
    # to adapt the Eirini helm chart for KubeCF use.
    routing:
      enable: true
      nats:
        secretName: "var-nats-password"
        passwordPath: "password"
        serviceName: "nats"

    secretSmuggler:
      enable: false

bits:
  download_eirinifs: false
  global:
    labels: {}
    annotations: {}
    images:
      bits_service: registry.suse.com/cap/bits-service:bits-1.0.15-15.1.6.2.220-24.2
  env:
    # This setting is not configurable and must be HIDDEN from the user.
    DOMAIN: 127.0.0.1.nip.io
  ingress:
    endpoint: ~
    use: false
  kube:
    external_ips: []
  services:
    loadbalanced: true

  blobstore:
    serviceName: "singleton-blobstore"
    userName: "blobstore-user"
    secret:
      name: "var-blobstore-admin-users-password"
      passwordPath: "password"

  secrets:
    BITS_SERVICE_SECRET: "secret"
    BITS_SERVICE_SIGNING_USER_PASSWORD: "notpassword123"

  useExistingSecret: true
  tls_secret_name: bits-service-ssl
  tls_cert_name: certificate
  tls_key_name: private_key
  tls_ca_name: ca

eirinix:
  persi-broker:
    service-plans:
    - id: default
      name: "default"
      description: "Existing default storage class"
      kube_storage_class: "default"
      free: true
      default_size: "1Gi"
Print this page