silk-controller job from silk/2.30.0

Github source: 1496631 or master branch

Properties¶

`ca_cert`¶

Trusted CA certificate that was used to sign the silk daemon client cert and key.

`connections_max_lifetime_seconds`¶

Sets the maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. If value <= 0, connections are reused forever

If there is a spike in connection usage, all of these connections have the potential to stick around with a high lifetime. Lowering the lifetime will result in connections getting reaped sooner, but the policy server may have to renegotiate connections more often, which could add some latency. We recommend using the default unless you have seen specific needs to change it.

Default

`database`¶

ca_cert¶

ca cert for db connectivity. Requires ‘database.require_ssl’ to be true.

connect_timeout_seconds¶

Connection timeout between the silk controller and the silk database.
Default
120
host¶

Host (IP or DNS name) for database server.

name¶

Name of logical database to use.

password¶

Password for database connection.

port¶

Port for database server.

require_ssl¶

Require ssl db connectivity when true. Must be used in conjuncture with a release that is configured with ssl.
Default
false
skip_hostname_validation¶

Skip hostname validation when true. Requires ‘database.require_ssl’ to be true
Default
false
type¶

Type of database: postgres or mysql

username¶

Username for database connection.

`debug_port`¶

Debug port for silk controller. Use this to adjust log level at runtime or dump process stats.

Default

`disable`¶

Disable this monit job. It will not run. Required for backwards compatability

Default

false

`health_check_port`¶

Health check port for silk controller. Used by the Consul DNS health check.

Default

`health_check_timeout_seconds`¶

Health check timeout for Consul DNS.

Default

`listen_ip`¶

IP address where the silk controller will serve its API.

Default

0.0.0.0

`listen_port`¶

Port where the silk controller will serve its API. Silk daemon connects to this port.

Default

`max_idle_connections`¶

Maximum number of idle connections to the SQL database Idle connections will be retained until their connections_max_lifetime_seconds has been reached.

Default

`max_open_connections`¶

Maximum number of open connections to the SQL database.

The number of necessary connections will scale with the number of diego-cells in the deployment. The handlers that use the db conns in this job respond to the silk-daemon, which runs on the diego-cells. Each daemon polls this server once every 5s, by default. Anecdote: A deployment with ~200 diego-cells has been seen to use up to ~200 conns in total. Each instance of this job would expect approx 200/job-instance-count conns each in this scenario. YMMV based on the performance of the db, latency, load, etc.

Default

`metron_port`¶

Forward metrics to this metron agent, listening on this port on localhost

Default

`network`¶

CIDR address block for overlay network. Subnets for each diego cell are allocated out of this network.

Default

10.255.0.0/16

`server_cert`¶

Server certificate for TLS. Must have common name that matches the Consul DNS name of the silk controller, eg silk-controller.service.cf.internal

`server_key`¶

Server key for TLS.

`subnet_lease_expiration_hours`¶

Expiration time for subnet leases, in hours. If a cell is not gracefully stopped, its lease may be reclaimed after this duration. Diego cells that are partitioned from the silk controller for longer than this duration will be removed from the network.

Default

`subnet_prefix_length`¶

Length, in bits, of the prefix for subnets allocated per Diego cell, e.g. ‘24’ for a ‘/24’ subnet.

Default

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/silk-controller/ directory (learn more).

bin/dns_health_check (from dns_health_check.erb)
bin/post-start (from post-start.erb)
config/bpm.yml (from bpm.yml.erb)
config/certs/ca.crt (from ca.crt.erb)
config/certs/database_ca.crt (from database_ca.crt.erb)
config/certs/server.crt (from server.crt.erb)
config/certs/server.key (from server.key.erb)
config/silk-controller.json (from silk-controller.json.erb)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

silk-controller job from silk/2.30.0

Properties¶

`ca_cert`¶

`connections_max_lifetime_seconds`¶

`database`¶

`ca_cert`¶

`connect_timeout_seconds`¶

`host`¶

`name`¶

`password`¶

`port`¶

`require_ssl`¶

`skip_hostname_validation`¶

`type`¶

`username`¶

`debug_port`¶

`disable`¶

`health_check_port`¶

`health_check_timeout_seconds`¶

`listen_ip`¶

`listen_port`¶

`max_idle_connections`¶

`max_open_connections`¶

`metron_port`¶

`network`¶

`server_cert`¶

`server_key`¶

`subnet_lease_expiration_hours`¶

`subnet_prefix_length`¶

Templates¶

Packages¶

silk-controller job from silk/2.30.0

Properties¶

ca_cert¶

connections_max_lifetime_seconds¶

database¶

ca_cert¶

connect_timeout_seconds¶

host¶

name¶

password¶

port¶

require_ssl¶

skip_hostname_validation¶

type¶

username¶

debug_port¶

disable¶

health_check_port¶

health_check_timeout_seconds¶

listen_ip¶

listen_port¶

max_idle_connections¶

max_open_connections¶

metron_port¶

network¶

server_cert¶

server_key¶

subnet_lease_expiration_hours¶

subnet_prefix_length¶

Templates¶

Packages¶

`ca_cert`¶

`connections_max_lifetime_seconds`¶

`database`¶

`ca_cert`¶

`connect_timeout_seconds`¶

`host`¶

`name`¶

`password`¶

`port`¶

`require_ssl`¶

`skip_hostname_validation`¶

`type`¶

`username`¶

`debug_port`¶

`disable`¶

`health_check_port`¶

`health_check_timeout_seconds`¶

`listen_ip`¶

`listen_port`¶

`max_idle_connections`¶

`max_open_connections`¶

`metron_port`¶

`network`¶

`server_cert`¶

`server_key`¶

`subnet_lease_expiration_hours`¶

`subnet_prefix_length`¶