Orchestrator Object
The orchestrator object attributes are described below - some of the fields are applicable only for specific orchestrator types; restrictions are mentioned in the table below.
|
Attribute |
Type |
Description |
|---|---|---|
|
id |
string |
Unique identifier for the orchestrator. |
|
name |
string |
User specified name of the orchestrator. |
|
type |
string |
Type of orchestrator - supported values (vcenter, kubernetes, f5, netscaler, infoblox, dns) |
|
description |
string |
User specified description of the orchestrator. |
|
username |
string |
Username for the orchestration endpoint. (unnecessary for dns) |
|
password |
string |
Password for the orchestration endpoint. (unnecessary for dns) |
|
certificate |
string |
Client certificate used for authentication (unnecessary for dns) |
|
key |
string |
Key corresponding to client certificate (unnecessary for dns) |
|
ca_certificate |
string |
CA Certificate to validate orchestration endpoint (unnecessary for dns) |
|
auth_token |
string |
Opaque authentication token (bearer token) (applies only for kubernetes) |
|
insecure |
boolean |
Turn off strict SSL verification |
|
delta_interval |
integer |
Delta polling interval in seconds Secure Workload Inventory manager will perform polling for incremental changes every delta_interval seconds. Note this parameter is not applicable for Infoblox and Secure Firewall Management Center. |
|
full_snapshot_interval |
integer |
Full snapshot interval in seconds Secure Workload Inventory manager will perform a full refresh poll from the or- chestrator |
|
verbose_tsdb_metrics |
boolean |
Per-Endpoint TSDB metrics |
|
hosts_list |
Array |
Array of { “host_name”, port_number} pairs that specify how Secure Workload must connect to the orchestrator |
|
use_secureconnector_tunnel |
boolean |
Tunnel connections to this orchestrator’s hosts through the Secure Connector tunnel |
|
route_domain |
integer |
Route Domain number to poll on F5 LoadBalancers (applies only for f5) |
|
dns_zones |
Array |
Array of strings containing the DNS zones to poll from the DNS server (only for dns). Each DNS Zone entry MUST end with a . |
|
enable_enforcement |
boolean |
Applicable only for external orchestrators with policy enforcement support such as firewalls and load balancers. Examples are Secure Firewall Management Center, F5 BIGIP and Citrix Netscaler. This flag is false (policy en- forcement is disabled) by default. If true, the external or- chestrator will deploy policies to the given load balancer appliance when policy enforcement is performed for the workspace. |
|
ingress_controllers |
object |
Array of Ingress Controller objects. |
|
fmc_enforcement_mode |
string |
Applicable only for Secure Firewall Management Center external orchestrator and must be either merge (default) or override. The first instance instructs Secure Firewall Management Center policy enforcer to put all Secure Workload policy rules before any existing prefilter rules, while the latter instance will remove all prefilter rules created by the users. |
|
infoblox_config |
object |
Applicable only for Infoblox external orchestrator. Infoblox Config record type selectors. |