| Component | Port |
|---|
| API | 3000 |
| STS | 8080 |
| Gateway | 8081 |
| Audit | 9090 |
| Coordinator | 4000 |
| Postgres | 5432 |
| Redis | 6379 |
| Limit | Default |
|---|
| STS resource mandate cap | 15 minutes |
| STS session mandate cap | 60 minutes |
STS MAX_GRANT_TTL_SECONDS | 3600 |
| DCR application lifetime default and maximum | 3600 seconds |
caracal run injected credential TTL | 900 seconds |
| Runtime step-up polling | every 2 seconds for up to 5 minutes |
| Gateway expiring-token preflight window | 35 seconds |
| Limit | Default |
|---|
| API body limit | 1_048_576 bytes |
| API request timeout | 30_000 ms |
| Gateway max request bytes | 10 MiB |
| Gateway STS timeout | 5 seconds |
| Gateway upstream timeout | 30 seconds |
| Gateway STS circuit failure limit | 3 failures |
| Gateway STS circuit open window | 10 seconds |
STS OPA_POLL_SECONDS | 60 seconds, max 300 |
| Control body limit | 64 KiB |
| Control rate capacity | 60 per window |
| Control rate window | 60 seconds |
| Control replay TTL | 3600 seconds |
| Limit | Default |
|---|
| Concurrent agent sessions per zone | 50 |
| Concurrent agent sessions per application | 200 |
| Child agents per parent session | 10 |
| Delegation depth | 10 |
| Agent labels per session | 32 |
| Agent label length | 64 characters |
| STS request rate per zone, resource, and acting application | 1000 per minute |
| Default | Value |
|---|
| Audit retention | 365 days |
| Audit max deliveries before DLQ | 8 |
| Audit claim idle | 30 seconds |
| Audit tamper rolling window | 4 hours |
| Redis audit stream intended max length | 1,000,000 |
| Redis audit DLQ intended max length | 100,000 |
| Redis policy/revocation/key stream intended max length | 10,000 |
| Service | Replicas | Max HPA replicas |
|---|
| API | 2 | 8 |
| STS | 2 | 8 |
| Gateway | 2 | 16 |
| Audit | 2 | 8 |
| Coordinator | 2 | 8 |
| Control | disabled | 2 when enabled |
Use CLI Exit Codes when automating top-level caracal runtime commands.
