Configuration Reference

Anka Build Cloud Configuration Reference

Controller Configuration Reference

Configuring your Anka Build Cloud Controller & Registry to enable features or customize URLs has several methods available.

If you're using the standalone Registry package, you'll need to use Flags/Options and edit your /Library/LaunchDaemons/com.veertu.anka.registry.plist, then restart it with launchctl unload /Library/. . . && launchctl load /Library/. . .


Depending on the package you're using (native or docker), you can set ENV variables to modify the configuration of your controller and registry.

docker-compose.yml (docker)

  anka-controller:
    container_name: anka-controller
    build:
       context: .
       dockerfile: anka-controller.docker
    ports:
       - "8090:80"
       #- "8100:8100"
    volumes:
       - /Users/myUserName:/mnt/cert
    depends_on:
       - etcd
       - anka-registry
    restart: always
    environment:
      ANKA_REGISTRY_ADDR: "http://anka.registry:8089"
      ANKA_USE_HTTPS: "false"
      ANKA_SKIP_TLS_VERIFICATION: "false"
      ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      ANKA_ENABLE_AUTH: "false"
      # SSL + Cert Auth
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_ROOT_TOKEN: "1111111111"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"
  anka-registry:
    container_name: anka-registry
    build:
        context: .
        dockerfile: anka-registry.docker
    ports:
        - "8089:8089"
    restart: always
    volumes:
      - "/Library/Application Support/Veertu/Anka/registry:/mnt/vol"
      # SSL + Cert Auth | - /Users/myUser/mycerts:/mnt/cert
    # SSL + Cert Auth | environment:
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_REGISTRY_AUTHORIZATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"

/usr/local/bin/anka-controllerd (native)

You must comment out the export to disable

#!/bin/bash

export ANKA_STANDALONE="true"
export ANKA_LISTEN_ADDR=":8090"
export ANKA_DATA_DIR="/Library/Application Support/Veertu/Anka/anka-controller"
export ANKA_ENABLE_CENTRAL_LOGGING="true"
export ANKA_LOG_DIR="/Library/Logs/Veertu/AnkaController"

export ANKA_RUN_REGISTRY="true"
export ANKA_REGISTRY_BASE_PATH="/Library/Application Support/Veertu/Anka/registry"
export ANKA_REGISTRY_LISTEN_ADDRESS="anka.registry:8089"
export ANKA_ANKA_REGISTRY="http://anka.registry:8089"

# SSL + Cert Auth
#export ANKA_ANKA_REGISTRY="https://anka.registry:8089"
#export ANKA_USE_HTTPS="true"
#export ANKA_SKIP_TLS_VERIFICATION="true"
#export ANKA_SERVER_CERT="/Users/MyUser/anka-controller-crt.pem"
#export ANKA_SERVER_KEY="/Users/MyUser/anka-controller-key.pem"

#export ANKA_ENABLE_AUTH="true"
#export ANKA_ENABLE_REGISTRY_AUTHORIZATION="true"
#export ANKA_CA_CERT="/Users/MyUser/anka-ca-crt.pem"
#export ANKA_CLIENT_CERT="/Users/MyUser/anka-controller-crt.pem"
#export ANKA_CLIENT_CERT_KEY="/Users/MyUser/anka-controller-key.pem"
#export ANKA_ROOT_TOKEN="1111111111"

/Library/Application\ Support/Veertu/Anka/bin/anka-controller

General and Common

When editing the /usr/local/bin/anka-controllerd, be sure to use export when setting the ENV

NameTypeDescriptionDefault ValueENV
VersionboolPrints controller version and exits-ANKA_VERSION
Registry addressstringAnka Registry external URL (http[s]://hostname:[port]). This is passed to the Nodes, so they can download (and start) VMs(required)ANKA_ANKA_REGISTRY
Configuration filestringPath to a configuration file in INI format. You can use the file with/without the command line parameters and env variables-ANKA_CONFIG
Listen addressstringListen on this address (:80 is equivalent to 0.0.0.0:80). Use the format [address]:port:80ANKA_LISTEN_ADDR
Local Registry AddressstringAnka Registry local address in format http[s]://hostname:[port]. This parameter is for situations where the Controller and Registry are on the same network. For example http://locahost:8089-ANKA_LOCAL_ANKA_REGISTRY
Number of concurrent workersintThe number of concurrent workers processing node tasks2ANKA_NUM_WORKERS
Standalone modeboolRun an embedded ETCD server alongside the controllerfalseANKA_STANDALONE
ETCD endpointsstringComma separated list of etcd hosts127.0.0.1:2379ANKA_ETCD_ENDPOINTS
Allow empty registryboolAllow controller to start without a ‘Registry address’falseANKA_ALLOW_EMPTY_REGISTRY
Enable event loggingboolEnables event logging. Requires a Enterprise Plus license and will show under the Controller's Logs section after the first instance is created.falseANKA_ENABLE_EVENT_LOGGING
Event log urlstringThe URL to post events (in json format)-ANKA_EVENT_LOG_URL
Enable central loggingboolEnables central loggingfalseANKA_ENABLE_CENTRAL_LOGGING
Push registrystringComma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building)-ANKA_PUSH_REGISTRY
ETCD defrag intervaldurationDefrag ETCD (all servers) in this interval. Pass 0 to disable3hANKA_DEFRAG_DB_INTERVAL
Instance time outdurationThe time that instances stay in ‘Terminated’ state1mANKA_INSTANCE_TIME_OUT
Manage MAC addressesboolLet the controller manage VM MAC addresses to ensure uniqueness/prevent collision. Requires VM Templates/Tags be stored in your Registry in a stopped state (vs suspended).falseANKA_MANAGE_MAC_ADDRESSES
Clean MAC addresses intervaldurationInterval between cleanings of unused MAC addresses1hANKA_CLEAN_MAC_ADDRESS_INTERVAL

Logging

NameTypeDescriptionDefault ValueENV
Log levelintLog level verbosity. Higher number means more verbose0ANKA_LOG_LEVEL
Log to stderrboollog to standard error instead of filesfalseANKA_LOGTOSTDERR
Log directorystringWrite log files in this directoryANKA_LOG_DIR
Also log to stderrboolLog to standard error as well as filestrueANKA_ALSOLOGTOSTDERR

TLS

NameTypeDescriptionDefault ValueENV
Enable httpsboolUse https protocol for the controller portal/APIs. Must pass this to enable TLSfalseANKA_USE_HTTPS
CA certificatestringPath to a CA cert to use for authenticating clients-ANKA_CA_CERT
Root certificatestringSimilar to CA certificate-ANKA_ROOT_CERT
Server certificatestringPath to TLS server certificate-ANKA_SERVER_CERT
Server certificate keystringPath to the server certificate's private key-ANKA_SERVER_KEY
Skip TLS verificationboolDon't verify TLS certificatesfalseANKA_SKIP_TLS_VERIFICATION
Client certificatestringPath to client certificate. The Controller will use this certificate when making http requests (mainly to the Registry).-ANKA_CLIENT_CERT
Client certificate keystringPath to the client certificate's private key-ANKA_CLIENT_CERT_KEY
Client keystorestringPath to a client keystore file in pkcs12 format. The Controller will use the certificate from this key store when making http requests (mainly to the Registry).-ANKA_CLIENT_KEYSTORE
Client keystore passwordstringPassword for the client keystore (optional).-ANKA_CLIENT_KEYPASS
Allowed TLS Cipher Suitescomma separated, stringsA list of cipher suites to use for tls. Options: tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256ANKA_CIPHER_SUITES
Minimal TLS VersionstringThe min tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_MIN_TLS_VERSION
Maximal TLS VersionstringThe max tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
ANKA_MAX_TLS_VERSION

Built in Registry

NameTypeDescriptionDefault ValueENV
Run registryboolRun the embedded Registry serverfalseANKA_RUN_REGISTRY
Registry listen addressstringAddress for Registry to listen on (:8089 is equivalent to 0.0.0.0:8089). Use the format [address]:port:8089ANKA_REGISTRY_LISTEN_ADDRESS
Registry base pathstringPath for registry's data-ANKA_REGISTRY_BASE_PATH
Registry access logsboolEnables registry access logsfalseANKA_REGISTRY_ACCESS_LOGS
Enable registry authorizationEnables authorization for the RegistryfalseANKA_ENABLE_REGISTRY_AUTHORIZATION

Built in ETCD

NameTypeDescriptionDefault ValueENV
Server namestringHuman readable name for ETCD serveranka-etcdANKA_NAME
Data directorystringPath to use for saving ETCD data/tmp/etcd-dataANKA_DATA_DIR
Initial clusterstringInitial cluster configuration for bootstrapping etcd serveranka-etcd=http://0.0.0.0:2380ANKA_INITIAL_CLUSTER
Listen peer urlsstringComma separated URLs for ETCD server to server communication (when clustering ETCD)http://0.0.0.0:2380ANKA_LISTEN_PEER_URLS
Initial advertise peer urlsstringComma separated URLs for ETCD server to server communication to advertisehttp://0.0.0.0:2380ANKA_INITIAL_ADVERTISE_PEER_URLS
Initial ETCD statestringInitial ETCD cluster state (‘new’ or ‘existing’)newANKA_INITIAL_CLUSTER_STATE
Initial ETCD tokenstringInitial token for the ETCD cluster during bootstrapetcd-serverANKA_INITIAL_CLUSTER_TOKEN
Listen client urlsstringComma separated URLs for ETCD to serve clients (Controller)http://127.0.0.1:2379ANKA_LISTEN_CLIENT_URLS
Auto compaction modestringAuto compaction mode, either ‘periodic’ or ‘revision’.periodicANKA_AUTO_COMPACTION_MODE
Advertise client urlsstringClient urls for etcd server to advertisehttp://127.0.0.1:2379ANKA_ADVERTISE_CLIENT_URLS
Compaction retention intervalstringAuto compaction retention length. 0 means disable auto compaction.30mANKA_AUTO_COMPACTION_RETENTION

Authentication and Authorization

NameTypeDescriptionDefault ValueENV
Anable authenticationboolEnable authentication module. Must pass this for authentication to workfalseANKA_ENABLE_AUTH
Root static tokenstringA token to authenticate as super user-ANKA_ROOT_TOKEN
OpenId connect display namestringName of open id server to display in login page. The text will say “Login with X”-ANKA_OIDC_DISPLAY_NAME
OpenId connect provider urlstringOpen ID connect provider url-ANKA_OIDC_PROVIDER_URL
OpenId connect client idstringOpen ID connect client id-ANKA_OIDC_CLIENT_ID
OpenId connect username claimstringOpen ID connect claim key to use for user namenameANKA_OIDC_USERNAME_CLAIM
OpenId connect groups claimstringOpen ID connect claim key to use for groups,groupsANKA_OIDC_GROUPS_CLAIM

Separate queue interface

This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster's Nodes

NameTypeDescriptionDefault ValueENV
Queue addressstringSetting this address will activate a separate http server that will only serve queue requests (only for Node communication).-ANKA_QUEUE_ADDR
Queue CA certificatestringPath to a CA certificate to use for authenticating clients-ANKA_QUEUE_CA_CERT
Queue server certificatestringPath to TLS server certificate-ANKA_QUEUE_SERVER_CERT
Queue server certificate keystringPath to the server certificate's private key-ANKA_QUEUE_SERVER_KEY
Use queue TLSEnables queue tlsfalseANKA_USE_QUEUE_TLS
Enable queue authEnables queue authentication/authorizationfalseANKA_ENABLE_QUEUE_AUTH

Internal

Parameters used internally. It's recommended to use the Default Values.

NameTypeDescriptionDefault ValueENV
Clean process intervaldurationThe interval to clean the queues (delete any tasks older than 24 hours), 0 to disable1hANKA_CLEAN_QUEUES_INTERVAL
allow corsboolIf true adds Acces-Control-Allow-Origin to all routesdefaultANKA_ALLOW_CORS
Scheduler intervaldurationInterval for checking scheduled tasks30mANKA_SCHEDULER_INTERVAL
allowUnknownFlagsDon't terminate the app if ini file contains unknown flags.defaultANKA_ALLOWUNKNOWNFLAGS
Dump flagsboolDumps values for all flags defined in the app into stdout in ini-compatible syntax and terminates the app.falseANKA_DUMPFLAGS

Depending on the package you're using (native or docker), you can include flags to modify the configuration of your controller and registry. However, you need to override the default entrypoint (you can find the default in the .docker file).

docker-compose.yml (docker)

  anka-controller:
    container_name: anka-controller
    build:
       context: .
       dockerfile: anka-controller.docker
    ports:
       - "80:80"
       # SSL + Cert Auth | - "443:80"
    # SSL + Cert Auth | volumes:
    #    - /Users/myUser/mycerts/:/mnt/cert
    depends_on:
       - etcd
       - anka-registry
    restart: always
    entrypoint: ["/bin/bash", "-c", "anka-controller --standalone --enable-central-logging --anka-registry http://anka.registry:8089 --etcd-endpoints etcd:2379 --log_dir /var/log/anka-controller --local-anka-registry http://anka-registry:8085"]
    # SSL + Cert Auth | entrypoint: ["/bin/bash", "-c", "anka-controller --standalone --enable-central-logging --anka-registry https://anka.registry:8089 --etcd-endpoints etcd:2379 --log_dir /var/log/anka-controller --local-anka-registry http://anka-registry:8085 --use-https --server-cert /mnt/cert/anka-controller-crt.pem --server-key /mnt/cert/anka-controller-key.pem --enable-auth --ca-cert /mnt/cert/anka-ca-crt.pem --enable-registry-authorization --skip-tls-verification --client-cert /mnt/cert/anka-controller-crt.pem --client-key /mnt/cert/anka-controller-key.pem --root-token 1111111111"]

  anka-registry:
    container_name: anka-registry
    build:
        context: .
        dockerfile: anka-registry.docker
    ports:
        - "8089:8089"
    restart: always
    volumes:
      - "/Library/Application Support/Veertu/Anka/registry:/mnt/vol"
      # SSL + Cert Auth | - /Users/myUser/mycerts:/mnt/cert
    # SSL + Cert Auth | environment:
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_REGISTRY_AUTHORIZATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"

/usr/local/bin/anka-controllerd (native)

#!/bin/bash
/Library/Application\ Support/Veertu/Anka/bin/anka-controller \
--standalone \
--listen_addr ":8090" \
--run-registry \
--anka-registry "http://anka.registry:8089" \
--registry-listen-address ":8089" \
--enable-central-logging \
--log_dir "/Library/Logs/Veertu/AnkaController" \
--data-dir "/Library/Application Support/Veertu/Anka/anka-controller" \
--registry-base-path "/Library/Application Support/Veertu/Anka/registry" \
# SSL + Cert Auth
# --anka-registry "https://anka.registry:8089" \
# --use-https \
# --enable-auth \
# --root-token "1111111111" \
# --enable-registry-authorization \
# --skip-tls-verification \
# --ca-cert $CERT_FOLDER/anka-ca-crt.pem \
# --server-cert $CERT_FOLDER/anka-controller-crt.pem \
# --server-key $CERT_FOLDER/anka-controller-key.pem \
# --client-cert $CERT_FOLDER/anka-controller-crt.pem \
# --client-cert-key $CERT_FOLDER/anka-controller-key.pem

General and Common

NameTypeDescriptionDefault Valueflag / opt
VersionboolPrints controller version and exits---version
Registry addressstringAnka Registry external URL (http[s]://hostname:[port]). This is passed to the Nodes, so they can download (and start) VMs(required)--anka-registry
Configuration filestringPath to a configuration file in INI format. You can use the file with/without the command line parameters and env variables---config
Listen addressstringListen on this address (:80 is equivalent to 0.0.0.0:80). Use the format [address]:port:80--listen_addr
Local Registry AddressstringAnka Registry local address in format http[s]://hostname:[port]. This parameter is for situations where the Controller and Registry are on the same network. For example http://locahost:8089---local-anka-registry
Number of concurrent workersintThe number of concurrent workers processing node tasks2--num-workers
Standalone modeboolRun an embedded ETCD server alongside the controllerfalse--standalone
ETCD endpointsstringComma separated list of etcd hosts127.0.0.1:2379--etcd-endpoints
Allow empty registryboolAllow controller to start without a ‘Registry address’false--allow-empty-registry
Enable event loggingboolEnables event logging. Requires a Enterprise Plus license and will show under the Controller's Logs section after the first instance is created.false--enable-event-logging
Event log urlstringThe URL to post events (in json format)---event-log-url
Enable central loggingboolEnables central loggingfalse--enable-central-logging
Push registrystringComma separated list of Registry addresses to use for push operations---push-registry
ETCD defrag intervaldurationDefrag ETCD (all servers) in this interval. Pass 0 to disable3h--defrag-db-interval
Instance time outdurationThe time that instances stay in ‘Terminated’ state1m--instance-time-out
Manage MAC addressesboolLet the controller manage VM MAC addresses to ensure uniqueness/prevent collision. Requires VM Templates/Tags be stored in your Registry in a stopped state (vs suspended).false--manage-mac-addresses
Clean MAC addresses intervaldurationInterval between cleanings of unused MAC addresses1h--clean-mac-address-interval

Logging

NameTypeDescriptionDefault Valueflag / opt
Log levelintLog level verbosity. Higher number means more verbose0--log-level
Log to stderrboollog to standard error instead of filesfalse--logtostderr
Log directorystringWrite log files in this directory--log_dir
Also log to stderrboolLog to standard error as well as filestrue--alsologtostderr

TLS

NameTypeDescriptionDefault Valueflag / opt
Enable httpsboolUse https protocol for the controller portal/APIs. Must pass this to enable TLSfalse--use-https
CA certificatestringPath to a CA cert to use for authenticating clients---ca-cert
Root certificatestringAlias of CA certificate---root-cert
Server certificatestringPath to TLS server certificate---server-cert
Server certificate keystringPath to the server certificate's private key---server-key
Skip TLS verificationboolDon't verify TLS certificatesfalse--skip-tls-verification
Client certificatestringPath to client certificate. The Controller will use this certificate when making http requests (mainly to the Registry).---client-cert
Client certificate keystringPath to the client certificate's private key---client-cert-key
Client keystorestringPath to a client keystore file in pkcs12 format. The Controller will use the certificate from this key store when making http requests (mainly to the Registry).---client-keystore
Client keystore passwordstringPassword for the client keystore (optional).---client-keypass
Allowed TLS Cipher Suitescomma separated, stringsA list of cipher suites to use for tls. Options: tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256--cipher-suites
Minimal TLS VersionstringThe min tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
--min-tls-version
Maximal TLS VersionstringThe max tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3
--max-tls-version

Built in Registry

NameTypeDescriptionDefault Valueflag / opt
Run registryboolRun the embedded Registry serverfalse--run-registry
Registry listen addressstringAddress for Registry to listen on (:8089 is equivalent to 0.0.0.0:8089). Use the format [address]:port:8089--registry-listen-address
Registry base pathstringPath for registry's data---registry-base-path
Registry access logsboolEnables registry access logsfalse--registry-access-logs
Enable registry authorizationEnables authorization for the Registryfalse--enable-registry-authorization

Built in ETCD

NameTypeDescriptionDefault Valueflag / opt
Server namestringHuman readable name for ETCD serveranka-etcd--name
Data directorystringPath to use for saving ETCD data/tmp/etcd-data--data-dir
Initial clusterstringInitial cluster configuration for bootstrapping etcd serveranka-etcd=http://0.0.0.0:2380--initial-cluster
Listen peer urlsstringComma separated URLs for ETCD server to server communication (when clustering ETCD)http://0.0.0.0:2380--listen-peer-urls
Initial advertise peer urlsstringComma separated URLs for ETCD server to server communication to advertisehttp://0.0.0.0:2380--initial-advertise-peer-urls
Initial ETCD statestringInitial ETCD cluster state (‘new’ or ‘existing’)new--initial-cluster-state
Initial ETCD tokenstringInitial token for the ETCD cluster during bootstrapetcd-server--initial-cluster-token
Listen client urlsstringComma separated URLs for ETCD to serve clients (Controller)http://127.0.0.1:2379--listen-client-urls
Auto compaction modestringAuto compaction mode, either ‘periodic’ or ‘revision’.periodic--auto-compaction-mode
Advertise client urlsstringClient urls for etcd server to advertisehttp://127.0.0.1:2379--advertise-client-urls
Compaction retention intervalstringAuto compaction retention length. 0 means disable auto compaction.30m--auto-compaction-retention

Authentication and Authorization

NameTypeDescriptionDefault Valueflag / opt
Anable authenticationboolEnable authentication module. Must pass this for authentication to workfalse--enable-auth
Root static tokenstringA token to authenticate as super user---root-token
OpenId connect display namestringName of open id server to display in login page. The text will say “Login with X”---oidc-display-name
OpenId connect provider urlstringOpen ID connect provider url---oidc-provider-url
OpenId connect client idstringOpen ID connect client id---oidc-client-id
OpenId connect username claimstringOpen ID connect claim key to use for user namename--oidc-username-claim
OpenId connect groups claimstringOpen ID connect claim key to use for groups,groups--oidc-groups-claim

Separate queue interface

This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster's Nodes

NameTypeDescriptionDefault Valueflag / opt
Queue addressstringSetting this address will activate a separate http server that will only serve queue requests (only for Node communication).---queue-addr
Queue CA certificatestringPath to a CA certificate to use for authenticating clients---queue-ca-cert
Queue server certificatestringPath to TLS server certificate---queue-server-cert
Queue server certificate keystringPath to the server certificate's private key---queue-server-key
Use queue TLSEnables queue tlsfalse--use-queue-tls
Enable queue authEnables queue authentication/authorizationfalse--enable-queue-auth

Internal

Parameters used internally. It's recommended to use the Default Values.

NameTypeDescriptionDefault Valueflag / opt
Clean process intervaldurationThe interval to clean the queues (delete any tasks older than 24 hours), 0 to disable1h--clean-queues-interval
allow corsboolIf true adds Acces-Control-Allow-Origin to all routesdefault--allow-cors
Scheduler intervaldurationInterval for checking scheduled tasks30m--scheduler-interval
allowUnknownFlagsDon't terminate the app if ini file contains unknown flags.default--allowUnknownFlags
Dump flagsboolDumps values for all flags defined in the app into stdout in ini-compatible syntax and terminates the app.false--dumpflags

Last modified November 20, 2020 : better examples and Cert auth guide (12d9503) by Nathan Pierce