---
name: silk-daemon

templates:
  drain.erb: bin/drain
  pre-start.erb: bin/pre-start
  silk-daemon_ctl.erb: bin/silk-daemon_ctl
  ca.crt.erb: config/certs/ca.crt
  client.crt.erb: config/certs/client.crt
  client.key.erb: config/certs/client.key
  client-config.json.erb: config/client-config.json

packages:
  - silk-daemon
  - ctl-utils

consumes:
- name: cf_network
  type: cf_network

properties:
  cf_networking.disable:
    description: "Disable container to container networking."
    default: false

  cf_networking.vtep_port:
    description: "Host port used for receiving VXLAN packets"
    default: 4789

  cf_networking.rep_listen_addr_admin:
    description: "Admin endpoint on diego rep.  Silk daemon job drain waits for the rep to exit before tearing down the network.  See diego.rep.listen_addr_admin"
    default: 127.0.0.1:1800

  cf_networking.partition_tolerance_hours:
    description: "When silk controller is unavailable, silk daemon will remain healthy and allow creation of new containers for this number of hours.  Should be no larger than cf_networking.subnet_lease_expiration_hours."
    default: 168

  cf_networking.lease_poll_interval_seconds:
    description: "The silk daemon queries the silk controller on this interval in seconds to renew its lease and get all routable leases."
    default: 5

  cf_networking.silk_daemon.vxlan_interface:
    description: "Name of network interface which container traffic is sent to. If empty, the default network interface is used."

  cf_networking.silk_daemon.ca_cert:
    description: "Trusted CA certificate that was used to sign the silk controller server cert and key."

  cf_networking.silk_daemon.client_cert:
    description: "Client certificate for TLS to access silk controller."

  cf_networking.silk_daemon.client_key:
    description: "Client private key for TLS to access silk controller."

  cf_networking.silk_daemon.listen_port:
    description: "Silk daemon handles requests from the CNI plugin on this localhost port."
    default: 23954

  cf_networking.silk_daemon.debug_port:
    description: "Debug port for silk daemon.  Use this to adjust log level at runtime or dump process stats."
    default: 22233

  cf_networking.silk_daemon.metron_port:
    description: "Forward metrics to this metron agent, listening on this port on localhost"
    default: 3457

  cf_networking.silk_controller.hostname:
    description: "Host name for the silk controller.  E.g. the service advertised via Consul DNS.  Must match common name in the silk_controller.server_cert"
    default: "silk-controller.service.cf.internal"

  cf_networking.silk_controller.listen_port:
    description: "Silk controller handles requests from the silk daemon on this port."
    default: 4103
