Will you be at KubeCon this year? Join us for CalicoCon 2019!

Configuring Dikastes

Configuration for Dikastes is read from the command line arguments passed. The command line options are listed in the following table.

Option Short Option Description Schema
--listen <path> -l Unix domain socket path for Dikastes to create its listen socket. This socket accepts connections from Envoy to query whether a request should be authorized. string
--dial <path> -d Unix domain socket path where Dikastes should connect to the Policy Sync API (provided by Felix) to obtain the policy for the pod it is enforcing on. string
--debug   Flag to set Dikastes to log extra information for debugging purposes n/a

For example:

dikastes server -l /var/run/dikastes/socket -d /var/run/felix/nodeagent/socket --debug