Skip to content

silk-daemon job from silk/2.31.0

Github source: b55c40b or master branch

Properties

ca_cert

Trusted CA certificate that was used to sign the silk controller server cert and key.

client_cert

Client certificate for TLS to access silk controller.

client_key

Client private key for TLS to access silk controller.

debug_port

Debug port for silk daemon. Use this to adjust log level at runtime or dump process stats.

Default
22233

disable

Disable this monit job. It will not run. Required for backwards compatability

Default
false

lease_poll_interval_seconds

The silk daemon queries the silk controller on this interval in seconds to renew its lease and get all routable leases.

Default
30

listen_port

Silk daemon handles requests from the CNI plugin on this localhost port.

Default
23954

logging

format

timestamp

Format for timestamp in the drain log. Valid values are ‘rfc3339’ and ‘deprecated’. This property only affects the drain log because other component and bosh lifecycle logs were already in the rfc3339 format. ‘rfc3339’ is the recommended format. It will result in all timestamps in the drain log controlled by silk-daemon to be in RFC3339 format, which is human readable. This does not include stderr logs from golang libraries. ‘deprecated’ will result in all timestamps being in the format they were before the rfc3339 flag was introduced for the drain log. We do not recommend using this flag unless you have scripts that expect a particular timestamp format.

Default
rfc3339

metron_port

Forward metrics to this metron agent, listening on this port on localhost

Default
3457

partition_tolerance_hours

When silk controller is unavailable, silk daemon will remain healthy and allow creation of new containers for this number of hours. Should be no larger than cf_networking.subnet_lease_expiration_hours.

Default
168

policy_server_url

The policy server internal hostname and port

Default
https://policy-server.service.cf.internal:4003

rep_listen_addr_admin

Admin endpoint on diego rep. Silk daemon job drain waits for the rep to exit before tearing down the network. See diego.rep.listen_addr_admin

Default
127.0.0.1:1800

silk_controller

hostname

Host name for the silk controller. E.g. the service advertised via Consul DNS. Must match common name in the silk_controller.server_cert

Default
silk-controller.service.cf.internal

listen_port

Silk controller handles requests from the silk daemon on this port.

Default
4103

single_ip_only

When true, this VM will get assigned exactly one IP address on the Silk network. Use this to connect this VM to the Silk network without acquiring a whole block of addresses (as would be required for a Diego Cell).

Default
false

temporary_vxlan_interface

Not recommended. Use vxlan_network instead. Name of network interface which container traffic is sent to. If empty, the default network interface is used. This cannot be set when vxlan_network is set.

vtep_port

Host port used for receiving VXLAN packets

Default
4789

vxlan_network

The name of the bosh network which container traffic is sent over. If empty, the default gateway network is used.

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/silk-daemon/ directory (learn more).

  • bin/drain (from drain.erb)
  • bin/post-start (from post-start.erb)
  • bin/pre-start (from pre-start.erb)
  • config/bootstrap-config.json (from bootstrap-config.json.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/certs/ca.crt (from ca.crt.erb)
  • config/certs/client.crt (from client.crt.erb)
  • config/certs/client.key (from client.key.erb)
  • config/certs/policy-agent/ca.crt (from policy-agent-ca.crt.erb)
  • config/certs/policy-agent/client.crt (from policy-agent-client.crt.erb)
  • config/certs/policy-agent/client.key (from policy-agent-client.key.erb)
  • config/client-config.json (from client-config.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.