policy-server job from cf-networking/2.5.0
Github source:
a4c0331c
or
master branch
Properties¶
allowed_cors_domains
¶
List of domains (including scheme) from which Cross-Origin requests will be accepted.
- Default
[]
cc_hostname
¶
Host name for the Cloud Controller server. E.g. the service advertised via Consul DNS. Must match cc.internal_service_hostname
.
- Default
cloud-controller-ng.service.cf.internal
cc_port
¶
External port of Cloud Controller server. Must match cc.external_port
.
- Default
9022
database
¶
ca_cert
¶ca cert for db connectivity. Requires ‘database.require_ssl’ to be true.
connect_timeout_seconds
¶Connection timeout between the policy server and its database.
- Default
120
host
¶Host (IP or DNS name) for database server.
name
¶Name of logical database to use.
password
¶Password for database connection.
port
¶Port for database server.
require_ssl
¶Require ssl db connectivity when true. Must be used in conjuncture with a release that is configured with ssl.
- Default
false
type
¶Type of database: postgres or mysql.
username
¶Username for database connection.
debug_port
¶
Port for the debug server. Use this to adjust log level at runtime or dump process stats.
- Default
31821
disable
¶
Disable container to container networking.
- Default
false
enable_space_developer_self_service
¶
Allows space developers to always be able to configure policies for the apps they own.
- Default
false
listen_ip
¶
IP address where the policy server will serve its API.
- Default
0.0.0.0
listen_port
¶
Port where the policy server will serve its external API.
- Default
4002
log_level
¶
Logging level (debug, info, warn, error).
- Default
info
max_idle_connections
¶
Maximum number of idle connections to the SQL database
- Default
200
max_open_connections
¶
Maximum number of open connections to the SQL database
- Default
200
max_policies_per_app_source
¶
Maximum policies a space developer may configure for an application source. Does not affect admin users.
- Default
50
metron_port
¶
Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
policy_cleanup_interval
¶
Clean up stale policies on this interval, in minutes.
- Default
60
skip_ssl_validation
¶
Skip verifying ssl certs when speaking to UAA or Cloud Controller.
- Default
false
tag_length
¶
Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than or equal to 4. If using VXLAN GBP, must be less than or equal to 2.
- Default
2
uaa_ca
¶
Trusted CA for UAA server.
uaa_client
¶
UAA client name. Must match the name of a UAA client with the following properties:
authorities: uaa.resource,cloud_controller.admin_read_only
,
authorities: uaa.resource,cloud_controller.admin_read_only
.”
- Default
network-policy
uaa_client_secret
¶
UAA client secret. Must match the secret of the above UAA client.
uaa_hostname
¶
Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in uaa.zones.internal.hostnames
.
- Default
uaa.service.cf.internal
uaa_port
¶
Port of the UAA server. Must match uaa.ssl.port
.
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/policy-server/
directory
(learn more).
bin/bbr/post-backup-unlock
(frompost-backup-unlock.sh.erb
)bin/bbr/pre-backup-lock
(frompre-backup-lock.sh.erb
)bin/post-start
(frompost-start.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/database_ca.crt
(fromdatabase_ca.crt.erb
)config/certs/uaa_ca.crt
(fromuaa_ca.crt.erb
)config/policy-server.json
(frompolicy-server.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.