silk-cni job from silk/2.32.0

Github source: fbd4394 or master branch

Properties¶

burst¶

Bandwidth burst in Kb for traffic through container. 0 for no limit. If burst is set, rate must also be set.

Default

0

deny_networks¶

always¶

List of CIDR blocks to which all containers will be denied access, regardless of security groups. This can severely impact the network connectivity of applications. Use with extreme caution and at your own risk. These rules apply to all containers.

Default

[]

running¶

List of CIDR blocks to which all containers will be denied access, regardless of security groups. This can severely impact the network connectivity of applications. Use with extreme caution and at your own risk. These rules apply to running scheduled containers: apps and tasks.

Default

[]

staging¶

List of CIDR blocks to which all containers will be denied access, regardless of security groups. This can severely impact the network connectivity of applications. Use with extreme caution and at your own risk. These rules apply during the staging process.

Default

[]

disable¶

Disable this monit job. It will not run. Required for backwards compatability

Default

false

dns_servers¶

DNS servers that containers will use. If set, this list takes precedence over DNS servers configured through garden.

Default

[]

host_tcp_services¶

List of TCP addresses running on the BOSH VM that should be accessible from containers. The address must not be in the 127.0.0.0/8 range. The network plugin will install an iptables INPUT rule for each service.

Default

[]

Example

|+
  - 169.254.0.2:9001
  - 169.254.0.2:9002

host_udp_services¶

List of UDP addresses running on the BOSH VM that should be accessible from containers. The address must not be in the 127.0.0.0/8 range. The network plugin will install an iptables INPUT rule for each service.

Default

[]

Example

|+
  - 169.254.0.2:9001
  - 169.254.0.2:9002

iptables_accepted_udp_logs_per_sec¶

Maximum number of iptables logs per second for accepted UDP packets.

Default

100

iptables_denied_logs_per_sec¶

Maximum number of iptables logs per second for denied packets.

Default

1

iptables_logging¶

Enables iptables logging for overlay network policies and Application Security Groups. Logs to the kernel log.

Default

false

mtu¶

Pre-encapsulation MTU for containers. If set, the network interface inside the container will have an MTU that is 50 bytes less than this value, in order to account for VXLAN encap overhead. If zero, MTU will be automatically configured to account for the VXLAN encapsulation, but it may not account for additional network encapsulations, e.g. IPSec.

Default

0

no_masquerade_cidr_range¶

CIDR address block that should not be masqueraded. Fallsback to cf_network.network link property if property is not provided.

Default

""

rate¶

Bandwidth rate in Kbps for traffic through container. 0 for no limit. If rate is set, burst must also be set.

Default

0

silk_daemon¶

listen_port¶

Silk CNI plugin connects to the silk daemon on this port.

Default

23954

temporary¶

underlay_interface_names¶

Use with extreme caution. To be used only if there are network interfaces not created by BOSH. Provide names for all interfaces. If provided, only interfaces referenced here will be used. Will not use any bosh interface by default.

Default

[]

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/silk-cni/ directory (learn more).

• bin/pre-start (from pre-start.erb)
• config/cni/cni-wrapper-plugin.conflist (from cni-wrapper-plugin.conflist.erb)
• config/teardown-config.json (from teardown-config.json.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• silk-cni