policy-server job from cf-networking/1.10.0
Github source:
96a911a9
or
master branch
Properties¶
cf_networking
¶
disable
¶Disable container to container networking.
- Default
false
enable_space_developer_self_service
¶Allows space developers to always be able to configure policies for the apps they own.
- Default
false
max_policies_per_app_source
¶Maximum policies a space developer may configure for an application source. Does not affect admin users.
- Default
50
policy_cleanup_interval
¶Clean up stale policies on this interval, in minutes.
- Default
60
policy_server
¶
cc_hostname
¶Host name for the Cloud Controller server. E.g. the service advertised via Consul DNS. Must match
cc.internal_service_hostname
.
- Default
cloud-controller-ng.service.cf.internal
cc_port
¶External port of Cloud Controller server. Must match
cc.external_port
.
- Default
9022
connect_timeout_seconds
¶Connection timeout between the policy server and its database. Also used by Consul DNS health check.
- Default
5
database
¶
host
¶Host (IP or DNS name) for database server.
name
¶Name of logical database to use.
password
¶Password for database connection.
port
¶Port for database server.
type
¶Type of database: postgres or mysql.
username
¶Username for database connection.
debug_port
¶Port for the debug server. Use this to adjust log level at runtime or dump process stats.
- Default
31821
listen_ip
¶IP address where the policy server will serve its API.
- Default
0.0.0.0
listen_port
¶Port where the policy server will serve its external API.
- Default
4002
log_level
¶Logging level (debug, info, warn, error).
- Default
info
metron_port
¶Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
skip_ssl_validation
¶Skip verifying ssl certs when speaking to UAA or Cloud Controller.
- Default
false
tag_length
¶Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than or equal to 4. If using VXLAN GBP, must be less than or equal to 2.
- Default
2
uaa_ca
¶Trusted CA for UAA server.
uaa_client
¶UAA client name. Must match the name of a UAA client with the following properties:
authorities: uaa.resource,cloud_controller.admin_read_only
,authorities: uaa.resource,cloud_controller.admin_read_only
.”
- Default
network-policy
uaa_client_secret
¶UAA client secret. Must match the secret of the above UAA client.
uaa_hostname
¶Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in
uaa.zones.internal.hostnames
.
- Default
uaa.service.cf.internal
uaa_port
¶Port of the UAA server. Must match
uaa.ssl.port
.
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/policy-server/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/policy-server_as_vcap
(frompolicy-server_as_vcap.erb
)bin/policy-server_ctl
(frompolicy-server_ctl.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/policy-server.json
(frompolicy-server.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.