ON THIS PAGE
cSRX Environment Variables
Docker allows you to store data such as configuration settings as environment variables. At runtime, the environment variables are exposed to the application inside the container. You can set any number of parameters to take effect when the cSRX image launches. You can pass configuration settings in the YAML file or environment variables to the cSRX when it launches at boot time.
Table 1 summarizes the list of available cSRX environment variables.
Environment Variable |
Mandatory |
Description |
---|---|---|
CSRX_AUTO_ASSIGN_IP |
Optional |
Automatically configure cSRX Multus CNI is supports to create more Pod interfaces in Kubernetes. If set to
|
CSRX_MGMT_PORT_REORDER |
Optional |
If set to |
CSRX_TCP_CKSUM_CALC |
Optional |
If set to |
CSRX_LICENSE_FILE |
Optional |
If set, license file is loaded through ConfigMap. |
CSRX_JUNOS_CONFIG |
Optional |
If set, initial configuration of cSRX is loaded through ConfigMap. |
CSRX_SD_HOST |
Optional |
It is used to define Security Director (SD) server IP address or FQDN address. |
CSRX_SD_USER |
Optional |
It is used to define Security Director server login account name. |
CSRX_SD_DEVICE_IP |
Optional |
It is used to define cSRX management IP address, which is used by Security Director to connect to cSRX. Else it uses Port IP address. |
CSRX_SD_DEVICE_PORT |
Optional |
It is used to define cSRX management port, which is used by Security Director to connect to cSRX.
Otherwise it uses the default port number |
CSRX_FORWARD_MODE |
Optional |
It is used in traffic forwarding mode.
|
CSRX_PACKET_DRIVER |
Optional |
It is used in Packet I/O driver.
|
CSRX_CTRL_CPU |
Optional |
CPU mask, indicating which CPU is running the cSRX control plane daemons (such as nsd, mgd, nstraced, utmd, and so on). No CPU affinity
|
CSRX_DATA_CPU |
Optional |
CPU mask, indicating which CPU is running the cSRX data plane daemon (srxpfe). No CPU affinity
|
CSRX_ARP_TIMEOUT |
Optional |
ARP entry timeout value for the control plane ARP learning or response.
Same as the Linux host |
CSRX_NDP_TIMEOUT |
Optional |
NDP entry timeout value for the control plane NDP learning or response.
Same as the Linux host |
CSRX_PORT_NUM |
Optional |
Number of interfaces you need to add to container. Default is 3, maximum is 17 (which means 1 management interfaces and 16 data interfaces) |
Adding License key File
You can import saved local license key file to cSRX Pod using environment variable
CSRX_LICENSE_FILE
using Kubernetes ConfigMaps.
Save the license key file in a text file.
Create ConfigMap in Kubernetes.
root@kubernetes-master:~#kubectl create configmap csrxconfigmap --from-file=<file path>/var/tmp/csrxlicensing
Create cSRX using ConfigMaps to import the user defined configuration
--- deployment.spec.template.spec.containers. env: - name: CSRX_LICENSE_FILE value: "/var/local/config/.csrxlicense" volumeMounts: - name: lic mountPath: "/var/local/config" deployment.spec.template.spec. volumes: - name: lic configMap: name: csrxconfigmap items: - key: csrxlicensing path: csrxlicensing ---
Run the following command to create cSRX deployment using yaml file.
root@kubernetes-master:~#kubectl apply -f csrx.yaml
Login to cSRX pods to verify the license installed
root@kubernetes-master:~#kubectl exec -it csrx bash
root@csrx:~#cli
root@csrx>show system license
Setting Root Password
You can set root password using Kubernetes secrets.
Create a generic secret in Kubernetes cSRX home namespce.
root@kubernetes-master:~#kubectl create secret generic csrxrootpasswd --fromliteral= CSRX_ROOT_PASSWORD=XXXXX
Run the following command to verify the password is created.
root@kubernetes-master:~#kubectl describe secret csrxrootpasswd
Run the following command to use Kubernetes Secrets to save root password in cSRX deployment yaml file.
--- deployment.spec.template.spec.containers. env: - name: CSRX_ROOT_PASSWORD valueFrom: secretKeyRef: name: csrxrootpasswd key: CSRX_ROOT_PASSWORD ---
Run the following command to create cSRX deployment using yaml file.
root@kubernetes-master:~#kubectl apply -f csrx.yaml