Skip to content

vxlan-policy-agent job from cf-networking/1.13.0

Github source: e773941b or master branch

Properties

cf_networking

disable

Disable container to container networking.

Default
false

iptables_accepted_udp_logs_per_sec

Maximum number of iptables logs per second for accepted UDP packets.

Default
100

iptables_logging

Enables iptables logging for container to container traffic. Logs to the kernel log.

Default
false

policy_poll_interval_seconds

The VXLAN policy agent queries the policy server on this interval in seconds and updates local policy rules.

Default
5

policy_server

hostname

Host name for the policy server. E.g. the service advertised via Consul DNS. Must match common name in the policy_server.server_cert

Default
policy-server.service.cf.internal
internal_listen_port

Policy server handles requests from the vxlan policy agent on this port.

Default
4003

vxlan_policy_agent

ca_cert

Trusted CA certificate that was used to sign the policy server’s server cert and key.

client_cert

Client certificate for TLS to access policy server.

client_key

Client private key for TLS to access policy server.

debug_server_port

Port for the debug server. Use this to adjust log level at runtime or dump process stats.

Default
44151
log_level

Logging level (debug, info, warn, error).

Default
info
metron_port

Port of metron agent on localhost. This is used to forward metrics.

Default
3457

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/vxlan-policy-agent/ directory (learn more).

  • bin/pre-start (from pre-start.erb)
  • bin/vxlan-policy-agent_ctl (from vxlan-policy-agent_ctl.erb)
  • config/certs/ca.crt (from ca.crt.erb)
  • config/certs/client.crt (from client.crt.erb)
  • config/certs/client.key (from client.key.erb)
  • config/vxlan-policy-agent.json (from vxlan-policy-agent.json.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.