    version: 1

    # GLOBAL CONFIGURATION

    auth-server: # Common authentication client settings for all services
      url: https://anaconda.example.com:30080/auth
      realm: AnacondaPlatform
      realm-key: ''

    db: # Database client configuration
      drivername: postgresql # Database driver (default postgresql, which is currently the only driver supported)
      host: postgres # Database hostname
      port: 5432
      username: postgres
      password: ''

    auth-escrow: # Common authentication client settings for all services
      url: https://anaconda.example.com:30091/api/v1

    https: # Common HTTPS client and server settings for all services
      certificate-authority: /etc/ssl/certs/ca-certificates.crt # Path to Certificate Authority bundle for private CA or self-signed certificates
      # certificate-authority: /etc/ssl/certs/DST_Root_CA_X3.pem  # For lets encrypt

    images:
      app: apiserver:5000/ap-app:5.0.1-1896-g6d27a29
      app_proxy: apiserver:5000/ap-app-proxy:5.0.1-1896-g6d27a29
      editor: apiserver:5000/ap-editor:5.0.1-1896-g6d27a29

    kubernetes:
      server: https://kubernetes.default.svc.cluster.local
      use_service_account: true
      max_cores_per_app: 2
      max_ram_mb_per_app: 2048

    license:
      number: PASTE_LICENSE_CODE_OR_CLIENT_ID_HERE
      # key: PASTE_OFFLINE_KEY_HERE_FOR_OFFLINE_ACTIVATION
      working-directory: /tmp/anaconda
      security:
        x: 207
        y: 705
        z: 278
      analytics:
        enabled: true

    # PER-SERVICE CONFIGURATION

    auth: # Authentication server configuration
      port: 9080
      db:
        database: anaconda_auth
      https: # HTTPS configuration
        keystore: /etc/secrets/certs/keystore.jks # Name of server keystore in Java keystore (.jks) format
        keystore-password: anaconda # Keystore password defined when generating the Java keystore
        key-alias: auth # Name of the key in the keystore
        truststore: null # (optional) Path to the trust store to use for outgoing HTTPS requests (e.g. for LDAPS)
        truststore-password: null # (optional) Truststore password defined when generating the Java keystore
      debug: False # If true, enable use of a pregenerated SSL key for testing. DO NOT SET TO TRUE IN PRODUCTION.
      api: # Service settings for auth-api
        port: 9090
        limit: 12
        https:
          key: /etc/secrets/certs/server.key
          certificate: /etc/secrets/certs/server.crt
      escrow: # Service settings for auth-escrow
        port: 9091
        db:
          database: anaconda_auth_escrow
        hosts: # List of hosts (host:port pairs) to allow in API request headers
          - anaconda.example.com:30091
        prefix: '' # URL prefix
        https:
          key: /etc/secrets/certs/server.key
          certificate: /etc/secrets/certs/server.crt
        auth-server:
          client-secret: ed7ec3ff-c535-455b-b431-5ed97d78b8be
          client-id: anaconda-platform

    deploy: # Deployment server configuration
      port: 8081
      prefix: '' # URL prefix
      url: https://anaconda.example.com:30081/ # Deployment server URL
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      hosts: # List of hosts (host:port pairs) to allow in API request headers
        - anaconda.example.com:30081
      db:
        database: anaconda_deploy
      users: '*' # Users/groups who have permission to access deployed apps
      deployers: # Users/groups who have permission to deploy here
        users: []
        groups:
          - developers
        roles: []
      superusers: # Users/groups who have unrestricted access
        users: []
        groups: []
        roles: []
      auth-server:
        client-id: anaconda-deploy
      apps-host: anaconda.example.com # Hostname where apps are deployed, if different from the one in kubernetes.server
      auth-proxy: # Settings for deployed app proxy
        client-id: anaconda-deploy-proxy # Client ID of the proxy, as registered in the auth service
        dns-server: 10.100.0.4 # IP address of DNS server used by the app proxy. Default is the internal kubernetes resolver.
        https:
          key: /etc/secrets/certs/server.key
          certificate: /etc/secrets/certs/server.crt

      debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION.

    spaces: # Spaces server configuration
      port: 8090
      prefix: '' # URL prefix
      url: https://anaconda.example.com:30095/ # Spaces server URL
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      hosts: # List of hosts (host:port pairs) to allow in API request headers
        - anaconda.example.com:30095
      db:
        database: anaconda_spaces

      users: '*' # Users/groups who have permission to create spaces
      superusers: # Users/groups who have unrestricted access
        users: []
        groups: []
        roles: []

      auth-server:
        client-id: anaconda-spaces-api
      spaces-host: anaconda.example.com # Hostname where spaces are hosted, if different from the one in kubernetes.server
      auth-proxy: # Settings for spaces access control proxy
        client-id: anaconda-spaces # Client ID of the proxy, as registered in the auth service
        dns-server: 10.100.0.4 # IP address of DNS server used by the app proxy. Default is the internal kubernetes resolver.
        https:
          key: /etc/secrets/certs/server.key
          certificate: /etc/secrets/certs/server.crt

      debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION.

    storage: # Storage server configuration
      host: anaconda.example.com # full hostname of the storage server
      port: 8086
      prefix: '' # URL prefix
      hosts: # List of hosts (host:port pairs) to allow in API request headers
        - anaconda.example.com:30086
      url: https://anaconda.example.com:30086 # Base URL of storage server
      db:
        database: anaconda_storage
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      git:
        default:
          name: Example.com Anaconda Enterprise Server # human-readable name of this git server
          type: internal # server type. There is support for "internal" and planned support for "github" and "gitlab".
          url: https://anaconda.example.com:30088 # URL of git server
          repository: '{name}-{id}' # Template for repository names; use {name}, {id}, and {owner} as placeholders.
          auth-header: Anaconda-User # Name of HTTP header for proxy authentication (internal server type only)
          username: anaconda # Username of git service account
          # no password needed when using auth-header
          proxy:
            url: https://anaconda.example.com:30085 # URL of git proxy
            client-id: anaconda-git-proxy # Auth client ID of this proxy
            dns-server: 10.100.0.4 # IP address of DNS server used by the git proxy.
            run-as-user: www-data # System user account to run the proxy under
            api-key: f49fece0b2ef8d122d4a2473278465f7c77781617428b7e18401f2d0139b39e7 # secret api key to allow storage service API calls through the proxy. Should be uniquely generated for each installation.
            port: 8095
            probe-port: 8096
            https:
              key: /etc/secrets/certs/server.key
              certificate: /etc/secrets/certs/server.crt
      objects:
        projects: # storage location for objects in projects. You may use placeholders {name} {owner} and {id} for project name, project owner and project ID.
          bucket: anaconda-projects
          path: projects/{owner}-{id}
        global: # storage location for global objects (available to all logged-in users)
          bucket: anaconda-objects
          path: 'global/'
        public: # storage location for public objects (available to everyone without logging in)
          bucket: anaconda-objects
          path: 'public/'
      users: '*' # Users/groups who can create projects
      creators: # Users/groups who can create new projects
        users: []
        groups:
          - developers
        roles: []
      superusers: # Users/groups who have unrestricted access
        users: []
        groups: []
        roles: []

    repository: # Repository server configuration
      port: 8089
      hosts: # List of hosts (host:port pairs) to allow in API request headers
        - anaconda.example.com:30089
      prefix: '' # URL prefix
      db:
        database: anaconda_repository
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      users: '*' # Users/groups who can access the repository
      uploaders: # Users/groups who can create and upload packages
        users: []
        groups:
          - developers
        roles: []
      superusers: # Users/groups who have unrestricted access
        users: []
        groups: []
        roles: []
      bucket: anaconda-repository # S3/object storage bucket to store repository files
      auth-escrow:
        url: https://anaconda.example.com:30091/api/v1
      cleanup-upload-seconds: 3600 # How long an unfinished upload will be kept before being cleaned up
      cleanup-period-seconds: 73 # How frequently the server will check for files that should be removed from disk
      index-update-cooldown-seconds: 7 # How much time without new uploads is required before index will be rebuilt
      index-update-period-seconds: 23 # How frequently the server will check for channels that require rebuilding of index information (repodata.json)

    s3: # configuration for the object-storage service
      host: 0.0.0.0 # full hostname of the object store server S3 API
      port: 8087
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      access-key: 's3-access-key'
      secret-key: 's3-secret-key'
      directory: /export

    s3-client: # configuration for clients to the object storage service
      endpoint-url: https://anaconda.example.com:30087 # AWS endpoint URL
      access-key: 's3-access-key'
      secret-key: 's3-secret-key'
      region-name: 'us-east-1' # the AWS region where your S3 bucket is located

    git:
      url: https://anaconda.example.com:30088 # externally visible URL of the git server
      host: anaconda.example.com # full hostname of the git server
      port: 8088
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      db:
        database: anaconda_git
      directory: /export # directory where git server will store its data
      username: anaconda # OS username that the git server should run under
      lfs-secret: AohzzmIZVHYSTYJ7HM1E1GWhjRYCTcfLdxHHGR8fKCM # LFS authentication token secret. Should be uniquely generated for each installation.
      secret-key: E3P99Z3XRAXaoJHGygmCjZ613pIZ9nvg6SnVRrPHTBU # git server secret key. Should be uniquely generated for each installation.

    conda: # Common conda settings for editing sessions and deployments
      channels: # List of channels to put in .condarc
        - defaults
      default-channels: [] # List of channels that should be used for channel 'defaults'
      channel-alias: https://anaconda.example.com:30089/conda # Default conda URL prefix for channels given by name only

    offline_docs:
      url: https://anaconda.example.com:30071 # Docs server URL
      hosts: # List of hosts (host:port pairs) to allow in API request headers
        - anaconda.example.com:30071
      port: 8091
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      directory: docs/_build/ # The path relative to the base directory of the static docs.
      prefix: '' # URL prefix

    ui: # Anaconda Platform UI server configuration
      base-url: / # URL prefix
      cookie-secret: this-is-a-very-insecure-secret # secret key used to sign session cookies
      cookie-session:
        name: anaconda-platform-ui-session-v1
      cookie-next:
        name: anaconda-platform-ui-next-v1
      db:
        database: anaconda_ui
      debug: False # If true, enable debugging. DO NOT SET TO TRUE IN PRODUCTION.
      host: anaconda.example.com # full hostname of the UI server
      public-url: https://anaconda.example.com:30090/ # User-facing URL of site, if different than host/port
      https:
        key: /etc/secrets/certs/server.key
        certificate: /etc/secrets/certs/server.crt
      port: 6990
      auth-server:
        client-secret: ed7ec3ff-c535-455b-b431-5ed97d78b8be
        client-id: anaconda-platform
      services:
        anaconda-storage:
          storage:
            icon: fa-anaconda
            label: Storage
            url: https://anaconda.example.com:30086/api/v1
        anaconda-deploy:
          deploy:
            icon: fa-anaconda
            label: Deploy
            url: https://anaconda.example.com:30081/api/v1
        anaconda-spaces:
          spaces:
            icon: fa-anaconda
            label: Spaces
            url: https://anaconda.example.com:30095/api/v1
            options:
              spaces:
                tools:
                  notebook:
                    default: true
                    label: Jupyter Notebook Classic
                    packages: [notebook]
                  lab-pre:
                    label: JupyterLab
                    packages: [jupyterlab]
                  sync:
                    label: Anaconda Project Sync
                    packages: [anaconda-platform-sync]
                templates:
                  jupyter-5:
                    label: Jupyter Notebook Classic
                    tools:
                      - notebook
                      - sync
                  jupyterlab:
                    label: JupyterLab
                    default: true
                    tools:
                      - lab-pre
                      - sync
        anaconda-repo5:
          repo:
            html-url: https://anaconda.example.com:30089
            icon: fa-anaconda
            label: Repo Service
            url: https://anaconda.example.com:30089/api
        auth-api:
          auth-api:
            icon: fa-anaconda
            label: Auth API
            url: https://anaconda.example.com:30082/api/v1
        documentation:
          offline_docs:
            html-url: https://anaconda.example.com:30071
            icon: fa-anaconda
            label: Documentation
            url: https://anaconda.example.com:30071
      help: # Help links
        docs:
          label: Anaconda Documentation - Home
          external: true
          href: https://anaconda.example.com:30071
          position: 0
        started:
          label: Getting Started with Anaconda Enterprise
          external: true
          href: https://anaconda.example.com:30071/user-guide/getting-started.html
          position: 1
        release:
          label: Release Notes
          external: true
          href: https://anaconda.example.com:30071/release-notes.html
          position: 2
        support:
          label: Support
          external: true
          href: https://anaconda.example.com:30071/help-support.html
          position: 3
        feedback:
          label: Feedback
          external: true
          href: https://continuum.typeform.com/to/TnHsme
          position: 4

    postgresql: # PostgreSQL server configuration
      port: 7080
