htwkmooc/poseidon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9deee186a70f1ac8784fb624f9b1963132298b93
poseidon/configuration.example.yaml
Maximilian Paß 9deee186a7 Fix Runner DNS resolution 
by adding public nameservers to the CNI secure bridge configuration.
2024-04-03 10:14:24 +02:00

139 lines
6.7 KiB
YAML
Raw Blame History

# Configuration of the Poseidon webserver
server:
# Address or hostname on which the webserver listens
# If a hostname is specified, the server might listen on only one of the resolved IPv4 or IPv6 addresses
address: 127.0.0.1
# Port on which the webserver listens
port: 7200
# When using Systemd socket activation, Poseidon tries to connect to an existing systemd socket instead of creating its own.
# This is useful for zero downtime deployments as the systemd sockets hold up the connections while Poseidon is restarting.
# Iff systemdsocketactivation, the configured address and port will not be used, instead the provided systemd socket will be.
systemdsocketactivation: false
# If set, this token is required in the `Poseidon-Token` header for each route except /health
# token: SECRET
# Configuration of TLS between the web client and Poseidon.
tls:
# If set, the API uses TLS for all incoming connections.
active: false
# The path to the certificate of the CA authority used for TLS
# cafile: ./ca.crt
# The path to the certificate file used for TLS
# certfile: ./poseidon.crt
# The path to the key file used for TLS
# keyfile: ./poseidon.key
# If true, an additional WebSocket connection will be opened to split stdout and stderr when executing interactively
interactivestderr: true
# If set, the file at the given path overwrites the default Nomad job file in internal/environment/template-environment-job.hcl
# templatejobfile: ./poseidon.hcl
# The LoggingFilterToken filters out Systemd Watchdog requests from the logs and is preconfigured with a random value.
# It can also be manually configured to hide additional requests from the logs, such as those from monitoring systems.
# To use this feature, the respective user agent must be set according to `dto.UserAgentFiltered`.
# However, it is important to consider the security implications of using this expert-level setting for manual values.
# loggingfiltertoken: secret
# alert defines how poseidon should handle specific risks.
alert:
# The prewarming pool threshold [0, 1) defines which part of the prewarming pool should always be filled.
# Setting it to 0 will disable the alert.
# If the prewarming pool is filled for less than, i.e., 50%, the health route of Poseidon will return a warning.
prewarmingpoolthreshold: 0.5
# The prewarming pool reload timeout (in seconds) defines for how long the low prewarming pool warning (above)
# should be active before Poseidon automatically reloads the environment.
# Setting it to 0 will disable the automatic reload.
prewarmingpoolreloadtimeout: 300
# Configuration of the used Nomad cluster
nomad:
# Specifies whether Nomad should be used as executor.
enabled: true
# IP address / domain of the Nomad server
address: 127.0.0.1
# Port of the Nomad server
port: 4646
# Authenticate requests to the Nomad server with this token
# token: SECRET
# Configuration of TLS between the Poseidon and Nomad.
tls:
# Specifies whether to use TLS when communicating with the Nomad server.
active: false
# The path to the certificate of the CA authority of the Nomad host.
# cafile: ./ca.crt
# The path to the client certificate file used for TLS
# certfile: ./poseidon.crt
# The path to the client key file used for TLS
# keyfile: ./poseidon.key
# Nomad namespace to use. If unset, 'default' is used
# namespace: poseidon
# Prefer local Docker images over pulling them from a registry. Images with the `latest` tag will always be force pulled by Nomad regardless of this configuration.
disableforcepull: true
# Network configuration for network-enabled runners. See https://developer.hashicorp.com/nomad/docs/job-specification/network.
network:
# Available Modes: "none", "bridge", "host", "cni/*".
# "none": Even the network-enabled runners will be isolated.
# "bridge": Isolated network namespace with bridged interface. Linux-only.
# "host": Using the host network namespace. Less-secure.
# "cni/*": Configure an isolated network namespace using CNI. For example, this can be a more secured bridge network.
mode: "cni/secure-bridge"
aws:
# Specifies whether AWS should be used as executor.
enabled: false
# The endpoint of the WebSocket API
# endpoint: wss://abcdef1234.execute-api.eu-central-1.amazonaws.com/production
# Currently, only static AWS environments are supported.
# For setting this via environment variables you have to use a string separated by spaces, like: POSEIDON_AWS_FUNCTIONS="java11Exec go118Exec".
# functions:
# - java11Exec
# - go118Exec
# Configuration of the logger
logger:
# Log level that is used after reading the config (INFO until then)
level: DEBUG
# Configuration of the embedded profiler
profiling:
# Enables the runtime profiler
cpuenabled: false
# The file to which the profile is written to.
# The default location `cmd/poseidon/default.pgo` will be picked up during the build process to create a profile-guided build.
cpufile: cmd/poseidon/default.pgo
# If set, a memory watchdog will be started that monitors the memory usage of Poseidon and alerts if the threshold is exceeded.
# The value defines the interval in milliseconds in which the memory usage is checked.
memoryinterval: 30_000
# The Threshold in MB of memory usage at which Poseidon will start alerting.
memorythreshold: 1_000
# Configuration of the sentry logging
sentry:
# The DSN of the sentry endpoint to use.
# If the DSN is not set, the client is effectively disabled.
# dsn: https://example.io
# The environment to be sent with events.
# environment: staging
# This release information is used by Poseidon to provide the version route and tag events in Sentry.
# If no specific value is set, the git commit hash used to build the binary is used.
# release: development
# In debug mode, the debug information is printed to stdout to help you understand what sentry is doing.
# debug: true
# Enable performance tracing.
# enabletracing: true
# The sample rate for sampling traces in the range [0.0, 1.0].
# tracessamplerate: 1.0
# The sample rate for sampling performance profiles in the range [0.0, 1.0].
# This is only used if enabletracing is set to true and is relative to tracessamplerate.
# profilessamplerate: 1.0
# Configuration of the influxdb monitoring
influxdb:
# The url of the influxdb endpoint.
# If the url is not set, the influxdb monitoring is disabled.
# url: http://localhost:8086
# The token to secure the influxdb endpoint.
# token: SecretBase64Token==
# The organization set in your influxdb configuration.
# organization: PoseidonOrg
# The influxdb bucket to store the data in.
# bucket: poseidon
# The stage to be sent with events.
# stage: staging
Reference in New Issue View Git Blame Copy Permalink