vxlan-policy-agent job from silk/2.38.0
Github source:
5b522dc
or
master branch
Properties¶
ca_cert
¶
Trusted CA certificate that was used to sign the policy server’s server cert and key.
client_cert
¶
Client certificate for TLS to access policy server.
client_key
¶
Client private key for TLS to access policy server.
debug_server_port
¶
Port for the debug server. Use this to adjust log level at runtime or dump process stats.
- Default
8721
disable
¶
Disable this monit job. It will not run. Required for backwards compatability
- Default
false
disable_container_network_policy
¶
WARNING!!! Disables network policy enforcement. Setting this property to true allows all app containers to access any other app container with no restrictions.
- Default
false
enable_overlay_ingress_rules
¶
Experimental feature. Allows ingress over the overlay network, from a vm running silk-daemon in singleIPMode
- Default
false
force_policy_poll_cycle_port
¶
Port for force policy poll cycle server. Use this server to force an immediate poll cycle.
- Default
8722
iptables_accepted_udp_logs_per_sec
¶
Maximum number of iptables logs per second for accepted UDP packets.
- Default
100
iptables_logging
¶
Enables iptables logging for container to container traffic. Logs to the kernel log.
- Default
false
log_level
¶
Logging level (debug, info, warn, error).
- Default
info
metron_port
¶
Port of metron agent on localhost. This is used to forward metrics.
- Default
3457
policy_poll_interval_seconds
¶
The VXLAN policy agent queries the policy server on this interval in seconds and updates local policy rules.
- Default
5
policy_server
¶
hostname
¶Host name for the policy server. E.g. the service advertised via Consul DNS. Must match common name in the policy_server.server_cert
- Default
policy-server.service.cf.internal
internal_listen_port
¶Policy server handles requests from the vxlan policy agent on this port.
- Default
4003
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/vxlan-policy-agent/
directory
(learn more).
bin/post-start
(frompost-start.erb
)bin/pre-start
(frompre-start.erb
)config/bpm.yml
(frombpm.yml.erb
)config/certs/ca.crt
(fromca.crt.erb
)config/certs/client.crt
(fromclient.crt.erb
)config/certs/client.key
(fromclient.key.erb
)config/vxlan-policy-agent.json
(fromvxlan-policy-agent.json.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.