---
name: cni

templates:
  pre-start.erb: bin/pre-start
  cni-wrapper-plugin.conf.erb: config/cni/cni-wrapper-plugin.conf

packages:
  - cni
  - runc-cni

properties:
  cf_networking.disable:
    description: "Disable container to container networking."
    default: false

  cf_networking.mtu:
    description: "Pre-encapsulation MTU for containers.  If set, the network interface inside the container will have an MTU that is 50 bytes less than this value, in order to account for VXLAN encap overhead.  If zero, MTU will be automatically configured to account for the VXLAN encapsulation, but it may not account for additional network encapsulations, e.g. IPSec."
    default: 0

  cf_networking.silk_daemon.listen_port:
    description: "Silk CNI plugin connects to the silk daemon on this port."
    default: 23954

  cf_networking.iptables_logging:
    description: "Enables iptables logging for overlay network policies and Application Security Groups.  Logs to the kernel log."
    default: false

  cf_networking.dns_servers:
    description: "DNS servers that containers will use.  If set, this list takes precedence over DNS servers configured through garden."
    default: []

  cf_networking.rate:
    description: "Bandwidth rate in Kbps for traffic through container. 0 for no limit. If rate is set, burst must also be set."
    default: 0

  cf_networking.burst:
    description: "Bandwidth burst in Kb for traffic through container. 0 for no limit. If burst is set, rate must also be set."
    default: 0

  cf_networking.iptables_denied_logs_per_sec:
    description: "Maximum number of iptables logs per second for denied packets."
    default: 1

  cf_networking.iptables_accepted_udp_logs_per_sec:
    description: "Maximum number of iptables logs per second for accepted UDP packets."
    default: 100
