-
Notifications
You must be signed in to change notification settings - Fork 36
/
spec
184 lines (154 loc) · 6.29 KB
/
spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
---
name: bosh-dns
templates:
aliases.json.erb: dns/aliases.json
bosh_dns_ctl.erb: bin/bosh_dns_ctl
bosh_dns_health_ctl.erb: bin/bosh_dns_health_ctl
bosh_dns_resolvconf_ctl.erb: bin/bosh_dns_resolvconf_ctl
cli.erb: bin/cli
config.json.erb: config/config.json
handlers.json.erb: dns/handlers.json
health_server_config.json.erb: config/health_server_config.json
is-system-resolver.erb: bin/is-system-resolver
post-start.erb: bin/post-start
pre-start.erb: bin/pre-start
wait.erb: bin/wait
certs/health/client.crt.erb: config/certs/health/client.crt
certs/health/client.key.erb: config/certs/health/client.key
certs/health/client_ca.crt.erb: config/certs/health/client_ca.crt
certs/health/server.crt.erb: config/certs/health/server.crt
certs/health/server.key.erb: config/certs/health/server.key
certs/health/server_ca.crt.erb: config/certs/health/server_ca.crt
certs/api/client.crt.erb: config/certs/api/client.crt
certs/api/client.key.erb: config/certs/api/client.key
certs/api/client_ca.crt.erb: config/certs/api/client_ca.crt
certs/api/server.crt.erb: config/certs/api/server.crt
certs/api/server.key.erb: config/certs/api/server.key
certs/api/server_ca.crt.erb: config/certs/api/server_ca.crt
packages:
- bosh-dns
properties:
address:
description: "Address which the DNS server will bind to"
default: 169.254.0.2
addresses_files_glob:
description: "Glob for any files to look for extra addresses to listen on"
default: /var/vcap/jobs/*/dns/addresses.json
port:
description: "Port that the DNS server will bind to"
default: 53
log_level:
description: Logging level (DEBUG, INFO, WARN, ERROR, NONE)
default: INFO
api.port:
description: "Port that the DNS servers debug API will listen on"
default: 53080
api.server.tls:
description: "Server-side mutual TLS configuration for the API"
api.client.tls:
description: "Client-side mutual TLS configuration for the API"
records_file:
description: "Path to the file containing information that the DNS server will use to create DNS records"
default: /var/vcap/instance/dns/records.json
aliases:
description: "Hash of domain key to target domains array for aliased DNS lookups"
example:
cc.cf.consul: [ one, two, ... ]
third.internal: [ four ]
consul.internal: [ 127.0.0.1 ]
alias_files_glob:
description: "Glob for any files to look for DNS alias information"
default: /var/vcap/jobs/*/dns/aliases.json
override_nameserver:
description: "Configure ourselves as the system nameserver (e.g. /etc/resolv.conf will be watched and overwritten)"
default: true
configure_systemd_resolved:
description: "Create a virtual interface so systemd-resolved can use bosh-dns to resolve queries"
default: false
handlers:
description: "Array of handler configurations"
default: []
example:
- domain: endpoint.local.
cache:
enabled: true
source:
type: http
url: http://some.endpoint.local
- domain: corp.intranet.local.
cache:
enabled: true
source:
type: dns
recursors: [ 10.0.0.2 ]
handlers_files_glob:
description: "Glob for any files to look for DNS handler information"
default: /var/vcap/jobs/*/dns/handlers.json
disable_recursors:
description: "When set to true, bosh-dns will only resolve bosh-dns queries and will never forward queries to recursors"
default: false
recursors:
description: "Addresses of upstream DNS servers used for recursively resolving queries"
default: []
recursor_timeout:
description: "A timeout value for when dialing, writing and reading from the configured recursors"
default: 2s
recursor_max_retries:
description: "Maximum number of retries for recursively resolving DNS queries"
default: 0
recursor_selection:
description: "The selection strategy for the recursors (serial or smart)"
default: smart
excluded_recursors:
description: "A list of recursor addresses which should not be used by the DNS server"
default: []
request_timeout:
description: "A timeout value for when dialing, writing and reading from the bosh-dns or healthcheck servers"
default: 5s
cache.enabled:
description: "When enabled bosh-dns will cache recursor responses using the default coredns cache plugin"
default: false
metrics.enabled:
description: "When enabled bosh-dns will start a metrics server using the default coredns metrics plugin"
default: false
metrics.port:
description: "Port for metrics server to listen to"
default: 53088
metrics.address:
description: "Address for metrics server to bind to. Use 0.0.0.0 to bind to all addresses"
default: 127.0.0.1
upcheck_domains:
description: "Domain names that the dns server should respond to with successful answers. Answer ip will always be 127.0.0.1"
default:
- upcheck.bosh-dns.
internal_upcheck_domain.enabled:
description: "Enables an upcheck, which validates that internal domain resolution is working"
default: false
health.enabled:
description: "Enable healthchecks for DNS resolution"
default: false
health.server.port:
description: "Port to run health server on"
default: 8853
health.server.tls:
description: "Server-side mutual TLS configuration for healthchecking"
health.client.tls:
description: "Client-side mutual TLS configuration for healthchecking"
health.max_tracked_queries:
description: "Maximum number of DNS resolved FQDNs to maintain live health info for"
default: 2000
health.local_health_interval:
description: "Frequency for the local health server to query monit and job healthiness scripts"
default: 5s
health.remote_health_interval:
description: "Frequency for the local bosh-dns to query remote health servers"
default: 20s
health.synchronous_check_timeout:
description: "Network timeout for synchronous health checks"
default: 1s
logging.format.timestamp:
description: "Format for the timestamp in the component logs. Valid values are 'rfc3339' and 'deprecated'."
default: "rfc3339"
logging.tags:
description: "Provide logging configuration for log tags to overwrite the default logger behavior (e.g log_level property)"
default: []