-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathspec
115 lines (94 loc) · 3.81 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
---
name: vxlan-policy-agent
templates:
bpm.yml.erb: config/bpm.yml
start.erb: bin/start
pre-start.erb: bin/pre-start
post-start.erb: bin/post-start
vxlan-policy-agent.json.erb: config/vxlan-policy-agent.json
loggregator_ca.crt.erb: config/certs/loggregator/ca.crt
loggregator_client.crt.erb: config/certs/loggregator/client.crt
loggregator_client.key.erb: config/certs/loggregator/client.key
ca.crt.erb: config/certs/ca.crt
client.crt.erb: config/certs/client.crt
client.key.erb: config/certs/client.key
packages:
- vxlan-policy-agent
- silk-ctl-utils
provides:
- name: vpa
type: policy-agent
properties:
- ca_cert
- client_cert
- client_key
- force_policy_poll_cycle_port
consumes:
- name: cf_network
type: cf_network
- name: cni_config
type: cni_config
- name: iptables
type: iptables
optional: true
properties:
iptables_logging:
description: "Enables iptables logging for container to container traffic. Logs to the kernel log."
default: false
policy_server.hostname:
description: "Host name for the policy server. E.g. the service advertised via Consul DNS. Must match common name in the policy_server.server_cert"
default: "policy-server.service.cf.internal"
policy_server.internal_listen_port:
description: "Policy server handles requests from the vxlan policy agent on this port."
default: 4003
policy_poll_interval_seconds:
description: "The VXLAN policy agent queries the policy server on this interval in seconds and updates local policy rules."
default: 5
enable_asg_syncing:
description: "Enable dynamic updates to ASG rules for running containers"
default: true
asg_poll_interval_seconds:
description: "The VXLAN policy agent queries the policy server on this interval in seconds and updates local security groups rules."
default: 60
ca_cert:
description: "Trusted CA certificate that was used to sign the policy server's server cert and key."
client_cert:
description: "Client certificate for TLS to access policy server."
client_key:
description: "Client private key for TLS to access policy server."
metron_port:
description: "Port of metron agent on localhost. This is used to forward metrics."
default: 3457
debug_server_port:
description: "Port for the debug server. Use this to adjust log level at runtime or dump process stats."
default: 8721
log_level:
description: "Logging level (debug, info, warn, error)."
default: info
iptables_accepted_udp_logs_per_sec:
description: "Maximum number of iptables logs per second for accepted UDP packets."
default: 100
force_policy_poll_cycle_port:
description: "Port for force policy poll cycle server. Use this server to force an immediate poll cycle."
default: 8722
enable_overlay_ingress_rules:
description: "Experimental feature. Allows ingress over the overlay network, from a vm running silk-daemon in singleIPMode"
default: false
disable:
description: "Disable this monit job. It will not run. Required for backwards compatability"
default: false
disable_container_network_policy:
description: "WARNING!!! Disables network policy enforcement. Setting this property to true allows all app containers to access any other app container with no restrictions."
default: false
loggregator.use_v2_api:
description: "True to use local metron agent gRPC v2 API. False to use UDP v1 API."
default: false
loggregator.v2_api_port:
description: "Local metron agent gRPC port"
default: 3458
loggregator.ca_cert:
description: "CA Cert used to communicate with local metron agent over gRPC"
loggregator.cert:
description: "Cert used to communicate with local metron agent over gRPC"
loggregator.key:
description: "Key used to communicate with local metron agent over gRPC"