X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b9b4502bcddeccd794614bf6979d643f9f350877..f9e94997cb5c2166d8b71874f263544cfc2fe5ba:/services/api/config/application.default.yml

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index c2f89582fc..f51679135d 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 # Do not use this file for site configuration. Create application.yml
 # instead (see application.yml.example).
 #
@@ -285,6 +289,11 @@ common:
   ### Crunch, DNS & compute node management
   ###
 
+  # Preemptible instance support (e.g. AWS Spot Instances)
+  # When true, child containers will get created with the preemptible
+  # scheduling parameter parameter set.
+  preemptible_instances: false
+
   # Docker image to be used when none found in runtime_constraints of a job
   default_docker_image_for_jobs: false
 
@@ -378,15 +387,38 @@ common:
   # original job reuse behavior, and is still the default).
   reuse_job_if_outputs_differ: false
 
+  ###
+  ### Federation support.
+  ###
+
+  # You can enable use of this cluster by users who are authenticated
+  # by a remote Arvados site. Control which remote hosts are trusted
+  # to authenticate which user IDs by configuring remote_hosts,
+  # remote_hosts_via_dns, or both. The default configuration disables
+  # remote authentication.
+
+  # Map known prefixes to hosts. For example, if user IDs beginning
+  # with "zzzzz-" should be authenticated by the Arvados server at
+  # "zzzzz.example.com", use:
+  #
+  # remote_hosts:
+  #   zzzzz: zzzzz.example.com
+  remote_hosts: {}
+
+  # Use {prefix}.arvadosapi.com for any prefix not given in
+  # remote_hosts above.
+  remote_hosts_via_dns: false
+
   ###
   ### Remaining assorted configuration options.
   ###
 
   arvados_theme: default
 
-  # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the Single Sign
-  # On (sso) server.  Should only be enabled during development when the SSO
-  # server is using a self-signed cert.
+  # Permit insecure (OpenSSL::SSL::VERIFY_NONE) connections to the
+  # Single Sign On (sso) server and remote Arvados sites.  Should only
+  # be enabled during development when the SSO server is using a
+  # self-signed cert.
   sso_insecure: false
 
   ## Set Time.zone default to the specified zone and make Active
@@ -438,6 +470,17 @@ common:
   # Default value for keep_cache_ram of a container's runtime_constraints.
   container_default_keep_cache_ram: 268435456
 
+  # Token to be included in all healthcheck requests. Disabled by default.
+  # Server expects request header of the format "Authorization: Bearer xxx"
+  ManagementToken: false
+
+  # URL of keep-web service.  Provides read/write access to collections via
+  # HTTP and WebDAV protocols.
+  #
+  # Example:
+  # keep_web_service_url: https://download.uuid_prefix.arvadosapi.com/
+  keep_web_service_url: false
+
 development:
   force_ssl: false
   cache_classes: false