forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_application_container_config.html.md.erb
37 lines (23 loc) · 4.94 KB
/
_application_container_config.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
1. Select **Application Containers**.
<%= image_tag("../images/docker-registry-ert.png") %>
1. The **Enable Custom Buildpacks** checkbox governs the ability to pass a custom buildpack URL to the `-b` option of the `cf push` command. By default, this ability is enabled, letting developers use custom buildpacks when deploying apps. Disable this option by disabling the checkbox. For more information about custom buildpacks, refer to the [buildpacks](../buildpacks/) section of the PCF documentation.
1. The **Allow SSH access to app containers** checkbox controls SSH access to application instances. Enable the checkbox to permit SSH access across your deployment, and disable it to prevent all SSH access. See the [Application SSH Overview](../devguide/deploy-apps/app-ssh-overview.html) topic for information about SSH access permissions at the space and app scope.
1. If you want enable SSH access for new apps by default in spaces that allow SSH, select **Enable SSH when an app is created**. If you deselect the checkbox, developers can still enable SSH after pushing their apps by running `cf enable-ssh APP-NAME`.
1. If you want to disable the Garden Root filesystem (GrootFS), deselect the **Enable the GrootFS container image plugin for Garden RunC** checkbox. Pivotal recommends using this plugin, so it is enabled by default. However, some external components are sensitive to dependencies with filesystems such as GrootFS. If you experience issues, such as antivirus or firewall compatibility problems, deselect the checkbox to roll back to the plugin that is built into Garden RunC. For more information about GrootFS, see [Component: Garden](../concepts/architecture/garden.html#garden-rootfs) and [Container Mechanics](../concepts/container-security.html#mechanics).
1. To enable Gorouter to verify app identity using TLS, select the **Router uses TLS to verify application identity** checkbox. Verifying app identity using TLS improves resiliency and consistency for app routes. For more information about Gorouter route consistency modes, see [Preventing Misrouting](../concepts/http-routing.html#consistency) in _HTTP Routing_.
1. You can configure Pivotal Application Service (PAS) to run app instances in Docker containers by supplying their IP address ranges in the **Private Docker Insecure Registry Whitelist** textbox. See the [Using Docker Registries](../opsguide/docker-registry.html) topic for more information.
1. Select your preference for **Docker Images Disk-Cleanup Scheduling on Cell VMs**. If you choose **Clean up disk-space once threshold is reached**, enter a **Threshold of Disk-Used** in megabytes. For more information about the configuration options and how to configure a threshold, see [Configuring Docker Images Disk-Cleanup Scheduling](../opsguide/config-cell-cleanup.html).
1. Enter a number in the **Max Inflight Container Starts** textbox. This number configures the maximum number of started instances across the Diego cells in your deployment. For more information about this feature, see [Setting a Maximum Number of Started Containers](../adminguide/max-container-starts.html).
1. Under **Enabling NFSv3 volume services**, select **Enable** or **Disable**. NFS volume services allow application developers to bind existing NFS volumes to their applications for shared file access. For more information, see the [Enabling NFS Volume Services](../opsguide/enable-vol-services.html) topic.
<p class="note"><strong>Note</strong>: In a clean install, NFSv3 volume services is enabled by default. In an upgrade, NFSv3 volume services is set to the same setting as it was in the previous deployment.</p>
1. (Optional) To configure LDAP for NFSv3 volume services, perform the following steps:
<%= image_tag("../images/er-config-app-vol-svc.png") %>
* For **LDAP Service Account User**, enter the username of the service account in LDAP that will manage volume services.
* For **LDAP Service Account Password**, enter the password for the service account.
* For **LDAP Server Host**, enter the hostname or IP address of the LDAP server.
* For **LDAP Server Port**, enter the LDAP server port number. If you do not specify a port number, Ops Manager uses 389.
* For **LDAP Server Protocol**, enter the server protocol. If you do not specify a protocol, Ops Manager uses TCP.
* For **LDAP User Fully-Qualified Domain Name**, enter the fully qualified path to the LDAP service account. For example, if you have a service account named `volume-services` that belongs to organizational units (OU) named `service-accounts` and `my-company`, and your domain is named `domain`, the fully qualified path looks like the following:
<pre>CN=volume-services,OU=service-accounts,OU=my-company,DC=domain,DC=com</pre>
1. By default, PAS manages container images using the [GrootFS](../concepts/architecture/garden.html#garden-rootfs) plugin for Garden-runC. If you experience issues with GrootFS, you can disable the plugin and use the image plugin built into Garden-runC.
1. Click **Save**.