Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

cSRX Environment Variables

Docker allows you to store data such as configuration settings as environment variables. At runtime, the environment variables are exposed to the application inside the container. You can set any number of parameters to take effect when the cSRX image launches. You can pass configuration settings in the YAML file or environment variables to the cSRX when it launches at boot time.

Table 1 summarizes the list of available cSRX environment variables.

Table 1: Summary of cSRX Container Firewall Environment Variables

Environment Variable

Mandatory

Description

CSRX_AUTO_ASSIGN_IP

Optional

Automatically configure cSRX ge-0/0/x IP address based on IP address of cSRX container when the cSRX works in routing mode.

Multus CNI is supports to create more Pod interfaces in Kubernetes. If set to yes, the Pod interface IP address is automatically assigned to cSRX revenue port.

CSRX_MGMT_PORT_REORDER

Optional

If set to yes, the last Pod interface is changed to management interface. Else, the first Pod interface is management interface.

CSRX_TCP_CKSUM_CALC

Optional

If set to yes, cSRX re-compute to correct TCP checksum in packets.

CSRX_LICENSE_FILE

Optional

If set, license file is loaded through ConfigMap.

CSRX_JUNOS_CONFIG

Optional

If set, initial configuration of cSRX is loaded through ConfigMap.

CSRX_SD_HOST

Optional

It is used to define Security Director (SD) server IP address or FQDN address.

CSRX_SD_USER

Optional

It is used to define Security Director server login account name.

CSRX_SD_DEVICE_IP

Optional

It is used to define cSRX management IP address, which is used by Security Director to connect to cSRX. Else it uses Port IP address.

CSRX_SD_DEVICE_PORT

Optional

It is used to define cSRX management port, which is used by Security Director to connect to cSRX. Otherwise it uses the default port number 22.

CSRX_FORWARD_MODE

Optional

It is used in traffic forwarding mode.

"routing" | "wire"

CSRX_PACKET_DRIVER

Optional

It is used in Packet I/O driver.

"poll" | "interrupt"

CSRX_CTRL_CPU

Optional

CPU mask, indicating which CPU is running the cSRX control plane daemons (such as nsd, mgd, nstraced, utmd, and so on).

No CPU affinity

hex value

CSRX_DATA_CPU

Optional

CPU mask, indicating which CPU is running the cSRX data plane daemon (srxpfe).

No CPU affinity

hex value

CSRX_ARP_TIMEOUT

Optional

ARP entry timeout value for the control plane ARP learning or response.

decimal value

Same as the Linux host

CSRX_NDP_TIMEOUT

Optional

NDP entry timeout value for the control plane NDP learning or response.

decimal value

Same as the Linux host

CSRX_PORT_NUM

Optional

Number of interfaces you need to add to container.

Default is 3, maximum is 17 (which means 1 management interfaces and 16 data interfaces)

Adding License key File

You can import saved local license key file to cSRX Pod using environment variable CSRX_LICENSE_FILE using Kubernetes ConfigMaps.

  1. Save the license key file in a text file.

  2. Create ConfigMap in Kubernetes.

    root@kubernetes-master:~#kubectl create configmap csrxconfigmap --from-file=<file path>/var/tmp/csrxlicensing

  3. Create cSRX using ConfigMaps to import the user defined configuration

  4. Run the following command to create cSRX deployment using yaml file.

    root@kubernetes-master:~#kubectl apply -f csrx.yaml

  5. Login to cSRX pods to verify the license installed

    root@kubernetes-master:~#kubectl exec -it csrx bash

    root@csrx:~#cli

    root@csrx>show system license

Setting Root Password

You can set root password using Kubernetes secrets.

  1. Create a generic secret in Kubernetes cSRX home namespce.

    root@kubernetes-master:~#kubectl create secret generic csrxrootpasswd --fromliteral= CSRX_ROOT_PASSWORD=XXXXX

  2. Run the following command to verify the password is created.

    root@kubernetes-master:~#kubectl describe secret csrxrootpasswd

  3. Run the following command to use Kubernetes Secrets to save root password in cSRX deployment yaml file.

  4. Run the following command to create cSRX deployment using yaml file.

    root@kubernetes-master:~#kubectl apply -f csrx.yaml