Cloud Foundry Enterprise Environment parameters

During installation, specify the following parameters to configure the deployment.

Cloud Foundry parameters

• Installer action: Type of installer action to be performed. Valid choices are:

  • install: Install a new deployment.
  • upgrade: Upgrade an existing deployment. This action is not supported when Kubernetes storage class name is local.
  • scale: Increase the number of cell instances or control plane instances on an existing deployment.

  • uninstall: Delete the existing deployment.

    Note: Before you start the deployment, ensure that the Cloud Foundry deployment tool settings page indicates Ready status for each step you want to run.

• Developer mode: If checked, then an environment with reduced size is deployed. Number of control plane instances is set to 1 and Number of cell instances is set to 1.
• Administrator password: The Cloud Foundry administrator (admin) password.
• User Account and Authenication (UAA) administrator password: The Cloud Foundry UAA administrator (admin) password.
• Number of cell instances: The number of cells must be between 1 and 9. Two or more are needed for high availability.
• Number of control plane instances: Number of control plane instances for api, uaa, nats, etc. Two or more are needed for high availability.
• Management console port: External HTTPS port for the management console.
• Cloud Foundry Blobstore disk size (GB): The amount of disk storage that is allocated for the Cloud Foundry Blobstore.Note: You must have at least 50 GB allocated to the Blobstore in a production environment.
• UAA Postgres disk size (GB): The amount of disk storage that is allotted for UAA in the Postgres database.

• Cloud Foundry Postgres disk size (GB): The amount of disk storage that is allotted for the Cloud Foundry namespace.

  Important: Cloud Foundry Blobstore disk size, UAA Postgres disk size, and Cloud Foundry Postgres disk size are only available when Cloud Foundry Enterprise Environment 3.2.1 fix pack is installed. For more information see IBM® Fix Central .

• Maximum health-check timeout: The maximum time, in seconds, to elapse between deploying an application and declaring it as unhealthy.

• Routers per control plane: The number of gorouters that are available per control plane instance.

  Note: The Number of cell instances total plus the Number of control plane instances total must be less than or equal to the number of Kubernetes worker nodes.

• External database options:

  • Use external Postgres database: When the check box is not selected, the environment stands up a Postgres database within the deployment. When you select the check box, the following parameters are required:
    • Database hostname: The name of the Postgres database to use.
    • Database port: Postgres database port to connect to.
    • Database user: Postgres user ID. Must have privileges to create tables.
    • Database password: Password for Postgres user.
    • Database name: Default Postgres database name to use. If left blank, 'compose' is used.
    • Delete tables: Drop any existing Postgres database tables during installation.

Kubernetes parameters

• Kubernetes administrator user name: The user name for the Kubernetes administrator. Default: admin.
• Kubernetes administrator password: The password for the Kubernetes administrator.
• Kubernetes storage class name: Kubernetes disk storage class name to use for persistent data. The name local is reserved and must only be used for non-production developer mode environments. The storageclass name must already exist, except if the value is specified as local. Default: local.
• Docker host name: The host name or IP address for the Docker repository to pull the container images from. This parameter is optional.
• Docker user name: The user name for the Docker repository to pull the container images from. This parameter is optional.
• Docker password: The password for the Docker repository to pull the container images from. This parameter is optional.
• Docker organization: The organization for the Docker repository to pull the container images from. This parameter is optional.

Wildcard domain and certificates parameters

• Application domain: Cloud Foundry default application domain.

• Application domain private key and certificate secret: Kubernetes secret name (TLS) that contains the Cloud Foundry application domain private key and certificate. This parameter is optional. For more information on creating a domain certificate, see Providing certificates for Cloud Foundry Enterprise Environment. The secret object must be in the same namespace where the Cloud Foundry Enterprise Environment Helm chart is deployed.

  For creating the Kubernetes secret, for example, use the following code where ${APP_DOMAIN} is the application domain:

  kubectl create secret tls star.${APP_DOMAIN} --key star_${APP_DOMAIN}.key --cert star_${APP_DOMAIN}.crt
  

• Trusted application container certificates secret: Kubernetes secret name that contains trusted Certificate Authority certificates to install into Cloud Foundry application containers. The secret object must be in the same namespace where the Cloud Foundry Enterprise Environment Helm chart is deployed.
• Update Kubernetes DNS (kube-dns) with domain: If DNS resolution is not provided externally for the listed domain, and kube-dns needs to resolve this domain, leave this parameter checked.
• IP address for Kubernetes DNS (kube-dns) entry: IP address of the IBM Cloud Private ingress used by Cloud Foundry Enterprise Environment applications. If Update Kubernetes DNS (kube-dns) with domain is checked, this IP address is used to update kube-dns. In order for Cloud Foundry apps to communicate with one another, use a public facing DNS, for example, the proxy external IP address or load balancer IP address. Otherwise you can use the proxy internal IP address.

Logging

By default, platform and application logs are automatically forwarded to IBM Cloud Private logging. The logging function is provided by the logging Helm release of the ibm-icplogging Elastic Stack Helm chart. Modify these parameters if you want to forward logs to other destinations or if you are using a different release of ibm-icplogging with custom configuration.

• Platform logging: Configure forwarding of logs for Cloud Foundry components. Valid choices are:
  • Use IBM Cloud Private logging: Default option. Platform logs are forwarded to Elastic Stack in IBM Cloud Private.
  • Manual configuration: Platform logs are forwarded to a syslog endpoint of your choice.
  • Disabled: Platform logs are not forwarded.
    If you choose Manual configuration, additional parameters become available:
    • Address: IP address or domain of the server to receive syslogs.
    • Port: Port on which the syslog server is listening.
    • Transport: Transport for syslog forwarding (TCP or UDP).
• Application logging: Configure forwarding of logs for Cloud Foundry applications. Valid choices are:
  • Use IBM Cloud Private logging: Default option. Application logs are forwarded to Elastic Stack in IBM Cloud Private.
  • Use IBM Cloud Private logging + manual configuration: Application logs are forwarded to Elastic Stack in IBM Cloud Private and to a Lumberjack v2 or syslog endpoint of your choice.
  • Manual configuration: Application logs are forwarded to a Lumberjack v2 endpoint and a syslog endpoint of your choice.
  • Disabled: Application logs are not forwarded.
    If you choose an option that includes Manual configuration, additional parameters become available:
    • Send application logs: Check to enable the primary Lumberjack v2 endpoint.
    • URL: IP address or domain and port of the Lumberjack v2 endpoint to receive application logs.
    • Send application logs to a duplicate endpoint: Check to enable a duplicate Lumberjack v2 endpoint.
    • Duplicate endpoint URL: IP address or domain and port of the Lumberjack v2 endpoint to receive application logs.
    • Send application logs to a syslog endpoint: Check to enable a syslog endpoint.
    • Syslog URL: IP address or domain and port of the syslog endpoint to receive application logs.
    • Enable TLS for syslog connections: Check to enable TLS.
    • Syslog CA certificate: Certification Authority certificate to use for syslog connections.
• ibm-icplogging configuration: Choose the default release of ibm-icplogging that is provided by IBM Cloud Private or provide details for a custom release if you are using a non-default release of ibm-icplogging. If you choose Custom, additional parameters become available:
  • ibm-icplogging namespace: Namespace where ibm-icplogging was deployed
  • ibm-icplogging release name: Name of the ibm-icplogging release
  • ibm-icplogging name override: Value that is used for nameOverride in the ibm-icplogging release
  • ibm-icplogging mode: Value that is used for general.mode in the ibm-icplogging release
  • ibm-icplogging Elasticsearch name: Value that is used for elasticsearch.name in the ibm-icplogging release
  • ibm-icplogging Elasticsearch internal port: Value that is used for elasticsearch.internalPort in the ibm-icplogging release
  • ibm-icplogging Elasticsearch client - REST port: Value that is used for elasticsearch.client.restPort in the ibm-icplogging release
  • ibm-icplogging Elasticsearch security - require authentication: Value that is used for elasticsearch.security.authc.enabled in the ibm-icplogging release

For more information, see Connecting to Elastic Stack in IBM Cloud Private.