policy-server job from cf-networking/2.6.0
Github source:
34eeb289 or
master branch
Properties¶
allowed_cors_domains¶
List of domains (including scheme) from which Cross-Origin requests will be accepted.
- Default
[]
cc_hostname¶
Host name for the Cloud Controller server. E.g. the service advertised via Consul DNS. Must match cc.internal_service_hostname.
- Default
cloud-controller-ng.service.cf.internal
cc_port¶
External port of Cloud Controller server. Must match cc.external_port.
- Default
9022
database¶
ca_cert¶ca cert for db connectivity. Requires ‘database.require_ssl’ to be true.
connect_timeout_seconds¶Connection timeout between the policy server and its database.
- Default
host¶Host (IP or DNS name) for database server.
name¶Name of logical database to use.
password¶Password for database connection.
port¶Port for database server.
require_ssl¶Require ssl db connectivity when true. Must be used in conjuncture with a release that is configured with ssl.
- Default
type¶Type of database: postgres or mysql.
username¶Username for database connection.
debug_port¶
Port for the debug server. Use this to adjust log level at runtime or dump process stats.
- Default
31821
disable¶
Disable container to container networking.
- Default
false
enable_space_developer_self_service¶
Allows space developers to always be able to configure policies for the apps they own.
- Default
false
listen_ip¶
IP address where the policy server will serve its API.
- Default
0.0.0.0
listen_port¶
Port where the policy server will serve its external API.
- Default
4002
log_level¶
Logging level (debug, info, warn, error).
- Default
info
max_idle_connections¶
Maximum number of idle connections to the SQL database
- Default
200
max_open_connections¶
Maximum number of open connections to the SQL database
- Default
200
max_policies_per_app_source¶
Maximum policies a space developer may configure for an application source. Does not affect admin users.
- Default
50
metron_port¶
Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
policy_cleanup_interval¶
Clean up stale policies on this interval, in minutes.
- Default
60
skip_ssl_validation¶
Skip verifying ssl certs when speaking to UAA or Cloud Controller.
- Default
false
tag_length¶
Length in bytes of the packet tags to generate for policy sources and destinations. Must be greater than 0 and less than or equal to 4. If using VXLAN GBP, must be less than or equal to 2.
- Default
2
uaa_ca¶
Trusted CA for UAA server.
uaa_client¶
UAA client name. Must match the name of a UAA client with the following properties:
authorities: uaa.resource,cloud_controller.admin_read_only,
authorities: uaa.resource,cloud_controller.admin_read_only.”
- Default
network-policy
uaa_client_secret¶
UAA client secret. Must match the secret of the above UAA client.
uaa_hostname¶
Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in uaa.zones.internal.hostnames.
- Default
uaa.service.cf.internal
uaa_port¶
Port of the UAA server. Must match uaa.ssl.port.
- Default
8443
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/policy-server/ directory
(learn more).
bin/bbr/post-backup-unlock(frompost-backup-unlock.sh.erb)bin/bbr/pre-backup-lock(frompre-backup-lock.sh.erb)bin/post-start(frompost-start.erb)config/bpm.yml(frombpm.yml.erb)config/certs/database_ca.crt(fromdatabase_ca.crt.erb)config/certs/uaa_ca.crt(fromuaa_ca.crt.erb)config/policy-server.json(frompolicy-server.json.erb)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.