-
Notifications
You must be signed in to change notification settings - Fork 1
/
configuration.example.yaml
138 lines (132 loc) · 6.73 KB
/
configuration.example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Configuration of the Poseidon webserver
server:
# Address or hostname on which the webserver listens
# If a hostname is specified, the server might listen on only one of the resolved IPv4 or IPv6 addresses
address: 127.0.0.1
# Port on which the webserver listens
port: 7200
# When using systemd socket activation, Poseidon tries to connect to an existing systemd socket instead of creating its own.
# This is useful for zero downtime deployments as the systemd sockets hold up the connections while Poseidon is restarting.
# Iff systemdsocketactivation, the configured address and port will not be used, instead the provided systemd socket will be.
systemdsocketactivation: false
# If set, this token is required in the `Poseidon-Token` header for each route except /health
# token: SECRET
# Configuration of TLS between the web client and Poseidon.
tls:
# If set, the API uses TLS for all incoming connections.
active: false
# The path to the certificate of the CA authority used for TLS
# cafile: ./ca.crt
# The path to the certificate file used for TLS
# certfile: ./poseidon.crt
# The path to the key file used for TLS
# keyfile: ./poseidon.key
# If true, an additional WebSocket connection will be opened to split stdout and stderr when executing interactively
interactivestderr: true
# If set, the file at the given path overwrites the default Nomad job file in internal/environment/template-environment-job.hcl
# templatejobfile: ./poseidon.hcl
# The LoggingFilterToken filters out systemd Watchdog requests from the logs and is preconfigured with a random value.
# It can also be manually configured to hide additional requests from the logs, such as those from monitoring systems.
# To use this feature, the respective user agent must be set according to `dto.UserAgentFiltered`.
# However, it is important to consider the security implications of using this expert-level setting for manual values.
# loggingfiltertoken: secret
# alert defines how poseidon should handle specific risks.
alert:
# The prewarming pool threshold [0, 1) defines which part of the prewarming pool should always be filled.
# Setting it to 0 will disable the alert.
# If the prewarming pool is filled for less than, i.e., 50%, the health route of Poseidon will return a warning.
prewarmingpoolthreshold: 0.5
# The prewarming pool reload timeout (in seconds) defines for how long the low prewarming pool warning (above)
# should be active before Poseidon automatically reloads the environment.
# Setting it to 0 will disable the automatic reload.
prewarmingpoolreloadtimeout: 300
# Configuration of the used Nomad cluster
nomad:
# Specifies whether Nomad should be used as executor.
enabled: true
# IP address / domain of the Nomad server
address: 127.0.0.1
# Port of the Nomad server
port: 4646
# Authenticate requests to the Nomad server with this token
# token: SECRET
# Configuration of TLS between the Poseidon and Nomad.
tls:
# Specifies whether to use TLS when communicating with the Nomad server.
active: false
# The path to the certificate of the CA authority of the Nomad host.
# cafile: ./ca.crt
# The path to the client certificate file used for TLS
# certfile: ./poseidon.crt
# The path to the client key file used for TLS
# keyfile: ./poseidon.key
# Nomad namespace to use. If unset, 'default' is used
# namespace: poseidon
# Prefer local Docker images over pulling them from a registry. Images with the `latest` tag will always be force pulled by Nomad regardless of this configuration.
disableforcepull: true
# Network configuration for network-enabled runners. See https://developer.hashicorp.com/nomad/docs/job-specification/network.
network:
# Available Modes: "none", "bridge", "host", "cni/*".
# "none": Even the network-enabled runners will be isolated.
# "bridge": Isolated network namespace with bridged interface. Linux-only.
# "host": Using the host network namespace. Less-secure.
# "cni/*": Configure an isolated network namespace using CNI. For example, this can be a more secured bridge network.
mode: "cni/secure-bridge"
aws:
# Specifies whether AWS should be used as executor.
enabled: false
# The endpoint of the WebSocket API
# endpoint: wss://abcdef1234.execute-api.eu-central-1.amazonaws.com/production
# Currently, only static AWS environments are supported.
# For setting this via environment variables you have to use a string separated by spaces, like: POSEIDON_AWS_FUNCTIONS="java11Exec go118Exec".
# functions:
# - java11Exec
# - go118Exec
# Configuration of the logger
logger:
# Log level that is used after reading the config (INFO until then)
level: DEBUG
# Configuration of the embedded profiler
profiling:
# Enables the runtime profiler
cpuenabled: false
# The file to which the profile is written to.
# The default location `cmd/poseidon/default.pgo` will be picked up during the build process to create a profile-guided build.
cpufile: cmd/poseidon/default.pgo
# If set, a memory watchdog will be started that monitors the memory usage of Poseidon and alerts if the threshold is exceeded.
# The value defines the interval in milliseconds in which the memory usage is checked.
memoryinterval: 30_000
# The Threshold in MB of memory usage at which Poseidon will start alerting.
memorythreshold: 1_000
# Configuration of the sentry logging
sentry:
# The DSN of the sentry endpoint to use.
# If the DSN is not set, the client is effectively disabled.
# dsn: https://example.io
# The environment to be sent with events.
# environment: staging
# This release information is used by Poseidon to provide the version route and tag events in Sentry.
# If no specific value is set, the git commit hash used to build the binary is used.
# release: development
# In debug mode, the debug information is printed to stdout to help you understand what sentry is doing.
# debug: true
# Enable performance tracing.
# enabletracing: true
# The sample rate for sampling traces in the range [0.0, 1.0].
# tracessamplerate: 1.0
# The sample rate for sampling performance profiles in the range [0.0, 1.0].
# This is only used if enabletracing is set to true and is relative to tracessamplerate.
# profilessamplerate: 1.0
# Configuration of the influxdb monitoring
influxdb:
# The url of the influxdb endpoint.
# If the url is not set, the influxdb monitoring is disabled.
# url: http://localhost:8086
# The token to secure the influxdb endpoint.
# token: SecretBase64Token==
# The organization set in your influxdb configuration.
# organization: PoseidonOrg
# The influxdb bucket to store the data in.
# bucket: poseidon
# The stage to be sent with events.
# stage: staging