-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathspec
107 lines (86 loc) · 3.62 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
name: policy-server-asg-syncer
templates:
bpm.yml.erb: config/bpm.yml
policy-server-asg-syncer.json.erb: config/policy-server-asg-syncer.json
database_ca.crt.erb: config/certs/database_ca.crt
uaa_ca.crt.erb: config/certs/uaa_ca.crt
cc_ca.crt.erb: config/certs/cc_ca.crt
locket_ca.crt.erb: config/certs/locket_ca.crt
locket.crt.erb: config/certs/locket.crt
locket.key.erb: config/certs/locket.key
packages:
- policy-server
consumes:
- name: database
type: database
optional: true
- name: dbconn
type: dbconn
- name: cloud_controller_https_endpoint
type: cloud_controller_https_endpoint
optional: true
properties:
disable:
description: "Disable syncing application security groups for dynamic security group updates"
default: false
asg_poll_interval_seconds:
description: "Interval in seconds that policy-server will poll CAPI for ASG data. Requires asg_sync_enabled. Must be > 0"
default: 60
retry_deadline_seconds:
description: "Maximum amount of time that policy-server-asg-syncer will retry CAPI for when detecting unstable ASG lists"
default: 300
cc_hostname:
description: |
Host name for the Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server-asg-syncer will obtain the secure api endpoint by consuming
the `cloud_controller_https_endpoint` link.
The value supplied to this property must match the value supplied to the Cloud Controller
property `cc.internal_service_hostname`.
example: cloud-controller-ng.service.cf.internal
cc_port:
description: |
External port of Cloud Controller server for connecting to the non-secure api endpoint.
If this value is not provided, policy-server will obtain the secure api port by consuming
the `cloud_controller_https_endpoint` link.
The value supplied to this property must match the value supplied to the Cloud Controller
property `cc.external_port`.
example: 9022
database.connect_timeout_seconds:
description: "Connection timeout between the policy server and its database."
default: 120
locket.address:
description: "Hostname and port of the Locket server. Must be set when asg_sync_enabled is set to true."
default: "locket.service.cf.internal:8891"
locket.ca_cert:
description: "The CA certificiate for the CA for Locket."
locket.client_cert:
description: "The client certificate for Locket."
locket.client_key:
description: "The private key for Locket."
log_level:
description: "Logging level (debug, info, warn, error)."
default: info
metron_port:
description: "Port of metron agent on localhost. This is used to forward metrics."
default: 3457
skip_ssl_validation:
description: "Skip verifying ssl certs when speaking to UAA or Cloud Controller."
default: false
uaa_client:
description: |
UAA client name. Must match the name of a UAA client with the following properties:
`authorities: uaa.resource,cloud_controller.admin_read_only`,
`authorities: uaa.resource,cloud_controller.admin_read_only`.
default: network-policy
uaa_client_secret:
description: |
UAA client secret. Must match the secret of the above UAA client.
uaa_ca:
description: "Trusted CA for UAA server."
uaa_hostname:
description: "Host name for the UAA server. E.g. the service advertised via Consul DNS. Must match common name in the UAA server cert. Must be listed in `uaa.zones.internal.hostnames`."
default: uaa.service.cf.internal
uaa_port:
description: "Port of the UAA server. Must match `uaa.ssl.port`."
default: 8443