Configuration Reference

Anka Build Cloud Configuration Reference

Controller Configuration Reference

Configuring your Anka Build Cloud Controller & Registry to enable features or customize URLs has several methods available.

If you're using the standalone Registry package, you'll need to use Flags/Options and edit your /Library/LaunchDaemons/com.veertu.anka.registry.plist, then restart it with launchctl unload /Library/. . . && launchctl load /Library/. . .

The .docker files in the docker/linux package and dockerhub tags include a mix of non-ANKA_ ENVs and flags (in the ENTRYPOINT). While we work on simplifying the docker package to support the ANKA_ environment variables, you may need to remove the flags and non-ANKA_ ENVs from the .docker file. Using ANKA_LISTEN_ADDR for example while the ENTRYPOINT has --listen_addr defined will cause a problem.


Depending on the package you're using (native or docker), you can set ENV variables to modify the configuration of your controller and registry.

docker-compose.yml (docker)

  anka-controller:
    container_name: anka-controller
    build:
       context: .
       dockerfile: anka-controller.docker
    ports:
       - "8090:80"
       #- "8100:8100"
    volumes:
       - /Users/myUserName:/mnt/cert
    depends_on:
       - etcd
       - anka-registry
    restart: always
    environment:
      ANKA_REGISTRY_ADDR: "http://anka.registry:8089"
      ANKA_USE_HTTPS: "false"
      ANKA_SKIP_TLS_VERIFICATION: "false"
      ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      ANKA_ENABLE_AUTH: "false"
      # SSL + Cert Auth
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_ROOT_TOKEN: "1111111111"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"
  anka-registry:
    container_name: anka-registry
    build:
        context: .
        dockerfile: anka-registry.docker
    ports:
        - "8089:8089"
    restart: always
    volumes:
      - "/Library/Application Support/Veertu/Anka/registry:/mnt/vol"
      # SSL + Cert Auth | - /Users/myUser/mycerts:/mnt/cert
    # SSL + Cert Auth | environment:
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_REGISTRY_AUTHORIZATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"

/usr/local/bin/anka-controllerd (native)

You must comment out the export to disable

#!/bin/bash

export ANKA_STANDALONE="true"
export ANKA_LISTEN_ADDR=":8090"
export ANKA_DATA_DIR="/Library/Application Support/Veertu/Anka/anka-controller"
export ANKA_ENABLE_CENTRAL_LOGGING="true"
export ANKA_LOG_DIR="/Library/Logs/Veertu/AnkaController"

export ANKA_RUN_REGISTRY="true"
export ANKA_REGISTRY_BASE_PATH="/Library/Application Support/Veertu/Anka/registry"
export ANKA_REGISTRY_LISTEN_ADDRESS="anka.registry:8089"
export ANKA_ANKA_REGISTRY="http://anka.registry:8089"

# SSL + Cert Auth
#export ANKA_ANKA_REGISTRY="https://anka.registry:8089"
#export ANKA_USE_HTTPS="true"
#export ANKA_SKIP_TLS_VERIFICATION="true"
#export ANKA_SERVER_CERT="/Users/MyUser/anka-controller-crt.pem"
#export ANKA_SERVER_KEY="/Users/MyUser/anka-controller-key.pem"

#export ANKA_ENABLE_AUTH="true"
#export ANKA_ENABLE_REGISTRY_AUTHORIZATION="true"
#export ANKA_CA_CERT="/Users/MyUser/anka-ca-crt.pem"
#export ANKA_CLIENT_CERT="/Users/MyUser/anka-controller-crt.pem"
#export ANKA_CLIENT_CERT_KEY="/Users/MyUser/anka-controller-key.pem"
#export ANKA_ROOT_TOKEN="1111111111"

/Library/Application\ Support/Veertu/Anka/bin/anka-controller

General and Common

When editing the /usr/local/bin/anka-controllerd, be sure to use export when setting the ENV

NameTypeDescriptionDefault ValueENV
VersionboolPrints controller version and exits-ANKA_VERSION
External Registry addressstringAnka Registry external URL (http[s]://hostname:[port]). This is passed to the Nodes, so they can download (and start) VMs(required)ANKA_ANKA_REGISTRY
Configuration filestringPath to a configuration file in INI format. You can use the file with/without the command line parameters and env variables-ANKA_CONFIG
Listen addressstringListen on this address (:80 is equivalent to 0.0.0.0:80). Use the format [address]:port:80ANKA_LISTEN_ADDR
Local Registry AddressstringAnka Registry local address in format http[s]://hostname:[port]. This parameter is for situations where the Controller and Registry are on the same network. For example http://locahost:8089-ANKA_LOCAL_ANKA_REGISTRY
Number of concurrent workersintThe number of concurrent workers processing node tasks2ANKA_NUM_WORKERS
Standalone modeboolRun an embedded ETCD server alongside the controllerfalseANKA_STANDALONE
ETCD endpointsstringComma-separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS)127.0.0.1:2379ANKA_ETCD_ENDPOINTS
Queue ETCD endpointsstringComma-separated list of etcd addresses to use for only the Queue DB (task information).127.0.0.1:2379ANKA_QUEUE_ETCD_ENDPOINTS
ETCD defrag intervaldurationDefrag ETCD (all servers) at this interval (0 to disable)3hANKA_DEFRAG_DB_INTERVAL
Allow empty registryboolAllow controller to start without a ‘Registry address’falseANKA_ALLOW_EMPTY_REGISTRY
Enable event loggingboolEnables event logging. Requires a Enterprise Plus license and will show under the Controller's Logs section after the first instance is created.falseANKA_ENABLE_EVENT_LOGGING
Event log urlstringThe URL to post events (in json format)-ANKA_EVENT_LOG_URL
Enable central loggingboolEnables central loggingfalseANKA_ENABLE_CENTRAL_LOGGING
Push registrystringComma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building)-ANKA_PUSH_REGISTRY
Instance time outdurationThe time that instances stay in ‘Terminated’ state1mANKA_INSTANCE_TIME_OUT
Manage MAC addressesboolLet the controller manage VM MAC addresses to ensure uniqueness/prevent collision. Requires VM Templates/Tags be stored in your Registry in a stopped state (vs suspended).falseANKA_MANAGE_MAC_ADDRESSES
Clean MAC addresses intervaldurationInterval between cleanings of unused MAC addresses1hANKA_CLEAN_MAC_ADDRESS_INTERVAL
Limit MAC addresses to a rangestringAllows passing the range of mac addresses to use. ANKA_MANAGE_MAC_ADDRESSES must be set to true to use this option. Format: <FROM>-<TO> (example: 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF) (In the example range, 00:00:00:00:00:00 and FF:FF:FF:FF:FF:FF will be included in the internal MAC address list)-ANKA_MAC_ADDR_RANGE
MAC address request retriesintTimes to retry to get mac address from the database before giving up and returning an error.100ANKA_MAC_ADDR_RANGE_MAX_RETRIES
MAC address range validation intervaldurationInterval to execute the mac address range validation.3hANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL

Logging

NameTypeDescriptionDefault ValueENV
Log levelintLog level verbosity. Higher number means more verbose0ANKA_LOG_LEVEL
Log to stderrboollog to standard error instead of filesfalseANKA_LOGTOSTDERR
Log directorystringWrite log files in this directoryANKA_LOG_DIR
Also log to stderrboolLog to standard error as well as filestrueANKA_ALSOLOGTOSTDERR

TLS

NameTypeDescriptionDefault ValueENV
Enable httpsboolUse https protocol for the controller portal/APIs. Must pass this to enable TLSfalseANKA_USE_HTTPS
CA certificatestringPath to a CA cert to use for authenticating clients-ANKA_CA_CERT
Root certificatestringSimilar to CA certificate-ANKA_ROOT_CERT
Server certificatestringPath to TLS server certificate-ANKA_SERVER_CERT
Server certificate keystringPath to the server certificate's private key-ANKA_SERVER_KEY
Skip TLS verificationboolDon't verify TLS certificatesfalseANKA_SKIP_TLS_VERIFICATION
Client certificatestringPath to client certificate. The Controller will use this certificate when making http requests (mainly to the Registry).-ANKA_CLIENT_CERT
Client certificate keystringPath to the client certificate's private key-ANKA_CLIENT_CERT_KEY
Client keystorestringPath to a client keystore file in pkcs12 format. The Controller will use the certificate from this key store when making http requests (mainly to the Registry).-ANKA_CLIENT_KEYSTORE
Client keystore passwordstringPassword for the client keystore (optional).-ANKA_CLIENT_KEYPASS
Allowed TLS Cipher Suitescomma separated, stringsA list of cipher suites to use for tls. Options: tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256NoneANKA_CIPHER_SUITES
Minimal TLS VersionstringThe min tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3NoneANKA_MIN_TLS_VERSION
Maximal TLS VersionstringThe max tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3NoneANKA_MAX_TLS_VERSION

Built in Registry

NameTypeDescriptionDefault ValueENV
Run registryboolRun the embedded Registry serverfalseANKA_RUN_REGISTRY
Registry listen addressstringAddress for Registry to listen on (:8089 is equivalent to 0.0.0.0:8089). Use the format [address]:port:8089ANKA_REGISTRY_LISTEN_ADDRESS
Registry base pathstringPath for registry's data-ANKA_REGISTRY_BASE_PATH
Registry access logsboolEnables registry access logsfalseANKA_REGISTRY_ACCESS_LOGS
Enable registry authorizationEnables authorization for the RegistryfalseANKA_ENABLE_REGISTRY_AUTHORIZATION

Built in ETCD

NameTypeDescriptionDefault ValueENV
Server namestringHuman readable name for ETCD serveranka-etcdANKA_NAME
Data directorystringPath to use for saving ETCD data/tmp/etcd-dataANKA_DATA_DIR
Initial clusterstringInitial cluster configuration for bootstrapping etcd serveranka-etcd=http://0.0.0.0:2380ANKA_INITIAL_CLUSTER
Listen peer urlsstringComma separated URLs for ETCD server to server communication (when clustering ETCD)http://0.0.0.0:2380ANKA_LISTEN_PEER_URLS
Initial advertise peer urlsstringComma separated URLs for ETCD server to server communication to advertisehttp://0.0.0.0:2380ANKA_INITIAL_ADVERTISE_PEER_URLS
Initial ETCD statestringInitial ETCD cluster state (‘new’ or ‘existing’)newANKA_INITIAL_CLUSTER_STATE
Initial ETCD tokenstringInitial token for the ETCD cluster during bootstrapetcd-serverANKA_INITIAL_CLUSTER_TOKEN
Listen client urlsstringComma separated URLs for ETCD to serve clients (Controller)http://127.0.0.1:2379ANKA_LISTEN_CLIENT_URLS
Auto compaction modestringAuto compaction mode, either ‘periodic’ or ‘revision’.periodicANKA_AUTO_COMPACTION_MODE
Advertise client urlsstringClient urls for etcd server to advertisehttp://127.0.0.1:2379ANKA_ADVERTISE_CLIENT_URLS
Compaction retention intervalstringAuto compaction retention length. 0 means disable auto compaction.30mANKA_AUTO_COMPACTION_RETENTION

Authentication and Authorization

NameTypeDescriptionDefault ValueENV
Enable authenticationboolEnable authentication module. Must pass this for authentication to workfalseANKA_ENABLE_AUTH
Root static tokenstringA token to authenticate as super user-ANKA_ROOT_TOKEN
OpenId connect display namestringName of open id server to display in login page. The text will say “Login with X”-ANKA_OIDC_DISPLAY_NAME
OpenId connect provider urlstringOpen ID connect provider url-ANKA_OIDC_PROVIDER_URL
OpenId connect client idstringOpen ID connect client id-ANKA_OIDC_CLIENT_ID
OpenId connect username claimstringOpen ID connect claim key to use for user namenameANKA_OIDC_USERNAME_CLAIM
OpenId connect groups claimstringOpen ID connect claim key to use for groups,groupsANKA_OIDC_GROUPS_CLAIM
Enable Etcd AuthenticationboolUse TLS certificates for authentication with etcd server. Must pass this for etcd authentication to workfalseANKA_USE_ETCD_TLS
Etcd CA CertstringPath to CA certificate to be used when connecting to Etcd server-ANKA_ETCD_CA_CERT
Etcd Client CertstringPath to Etcd Client certificate to be used when connecting to Etcd server-ANKA_ETCD_CERT
Etcd Client KeystringPath to Etcd Client Key to be used when connecting to Etcd server-ANKA_ETCD_CERT_KEY
Skip Etcd TLS verificationboolDon't use TLS verification for Etcd AuthenticationfalseANKA_SKIP_ETCD_TLS_VERIFICATION
Enable Etcd user loginboolEnable Etcd user login when connecting to Etcd serverfalseANKA_USE_ETCD_LOGIN
Etcd UsernamestringEtcd username to be used to login to Etcd server-ANKA_ETCD_USERNAME
Etcd PasswordstringEtcd password to be used to login to Etcd server-ANKA_ETCD_PASSWORD

Separate queue interface

This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster's Nodes

NameTypeDescriptionDefault ValueENV
Queue addressstringSetting this address will activate a separate http server that will only serve queue requests (only for Node communication).-ANKA_QUEUE_ADDR
Queue CA certificatestringPath to a CA certificate to use for authenticating clients-ANKA_QUEUE_CA_CERT
Queue server certificatestringPath to TLS server certificate-ANKA_QUEUE_SERVER_CERT
Queue server certificate keystringPath to the server certificate's private key-ANKA_QUEUE_SERVER_KEY
Use queue TLSEnables queue tlsfalseANKA_USE_QUEUE_TLS
Enable queue authEnables queue authentication/authorizationfalseANKA_ENABLE_QUEUE_AUTH

Internal

Parameters used internally. It's recommended to use the Default Values.

NameTypeDescriptionDefault ValueENV
Clean process intervaldurationThe interval to clean the queues (delete any tasks older than 24 hours), 0 to disable1hANKA_CLEAN_QUEUES_INTERVAL
allow corsboolIf true adds Acces-Control-Allow-Origin to all routesdefaultANKA_ALLOW_CORS
Scheduler intervaldurationInterval for checking scheduled tasks30mANKA_SCHEDULER_INTERVAL
allowUnknownFlagsDon't terminate the app if ini file contains unknown flags.defaultANKA_ALLOWUNKNOWNFLAGS
Dump flagsboolDumps values for all flags defined in the app into stdout in ini-compatible syntax and terminates the app.falseANKA_DUMPFLAGS

Depending on the package you're using (native or docker), you can include flags to modify the configuration of your controller and registry.

docker-compose.yml (docker)

  anka-controller:
    container_name: anka-controller
    build:
       context: .
       dockerfile: anka-controller.docker
    ports:
       - "80:80"
       # SSL + Cert Auth | - "443:80"
    # SSL + Cert Auth | volumes:
    #    - /Users/myUser/mycerts/:/mnt/cert
    depends_on:
       - etcd
       - anka-registry
    restart: always
    entrypoint: ["/bin/bash", "-c", "anka-controller --standalone --enable-central-logging --anka-registry http://anka.registry:8089 --etcd-endpoints etcd:2379 --log_dir /var/log/anka-controller --local-anka-registry http://anka-registry:8085"]
    # SSL + Cert Auth | entrypoint: ["/bin/bash", "-c", "anka-controller --standalone --enable-central-logging --anka-registry https://anka.registry:8089 --etcd-endpoints etcd:2379 --log_dir /var/log/anka-controller --local-anka-registry http://anka-registry:8085 --use-https --server-cert /mnt/cert/anka-controller-crt.pem --server-key /mnt/cert/anka-controller-key.pem --enable-auth --ca-cert /mnt/cert/anka-ca-crt.pem --enable-registry-authorization --skip-tls-verification --client-cert /mnt/cert/anka-controller-crt.pem --client-key /mnt/cert/anka-controller-key.pem --root-token 1111111111"]

  anka-registry:
    container_name: anka-registry
    build:
        context: .
        dockerfile: anka-registry.docker
    ports:
        - "8089:8089"
    restart: always
    volumes:
      - "/Library/Application Support/Veertu/Anka/registry:/mnt/vol"
      # SSL + Cert Auth | - /Users/myUser/mycerts:/mnt/cert
    # SSL + Cert Auth | environment:
      #ANKA_USE_HTTPS: "true"
      #ANKA_SERVER_CERT: "/mnt/cert/anka-controller-crt.pem"
      #ANKA_SERVER_KEY: "/mnt/cert/anka-controller-key.pem"
      #ANKA_SKIP_TLS_VERIFICATION: "true"
      #ANKA_ENABLE_REGISTRY_AUTHORIZATION: "true"
      #ANKA_ENABLE_AUTH: "true"
      #ANKA_CA_CERT: "/mnt/cert/anka-ca-crt.pem"
      #ANKA_CLIENT_CERT="/mnt/cert/anka-controller-crt.pem"
      #ANKA_CLIENT_CERT_KEY="/mnt/cert/anka-controller-key.pem"

/usr/local/bin/anka-controllerd (native)

#!/bin/bash
/Library/Application\ Support/Veertu/Anka/bin/anka-controller \
--standalone \
--listen_addr ":8090" \
--run-registry \
--anka-registry "http://anka.registry:8089" \
--registry-listen-address ":8089" \
--enable-central-logging \
--log_dir "/Library/Logs/Veertu/AnkaController" \
--data-dir "/Library/Application Support/Veertu/Anka/anka-controller" \
--registry-base-path "/Library/Application Support/Veertu/Anka/registry" \
# SSL + Cert Auth
# --anka-registry "https://anka.registry:8089" \
# --use-https \
# --enable-auth \
# --root-token "1111111111" \
# --enable-registry-authorization \
# --skip-tls-verification \
# --ca-cert $CERT_FOLDER/anka-ca-crt.pem \
# --server-cert $CERT_FOLDER/anka-controller-crt.pem \
# --server-key $CERT_FOLDER/anka-controller-key.pem \
# --client-cert $CERT_FOLDER/anka-controller-crt.pem \
# --client-cert-key $CERT_FOLDER/anka-controller-key.pem

General and Common

NameTypeDescriptionDefault Valueflag / opt
VersionboolPrints controller version and exits---version
External Registry addressstringAnka Registry external URL (http[s]://hostname:[port]). This is passed to the Nodes, so they can download (and start) VMs(required)--anka-registry
Configuration filestringPath to a configuration file in INI format. You can use the file with/without the command line parameters and env variables---config
Listen addressstringListen on this address (:80 is equivalent to 0.0.0.0:80). Use the format [address]:port:80--listen_addr
Local Registry AddressstringAnka Registry local address in format http[s]://hostname:[port]. This parameter is for situations where the Controller and Registry are on the same network. For example http://locahost:8089. This is NOT used for Nodes. If not specified, External address is used.---local-anka-registry
Number of concurrent workersintThe number of concurrent workers processing node tasks2--num-workers
Standalone modeboolRun an embedded ETCD server alongside the controllerfalse--standalone
ETCD endpointsstringComma-separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS)127.0.0.1:2379--etcd-endpoints
Queue ETCD endpointsstringComma-separated list of etcd addresses to use for only the Queue DB (task information).127.0.0.1:2379--queue-etcd-endpoints
ETCD defrag intervaldurationDefrag ETCD (all servers) at this interval (0 to disable)3h--defrag-db-interval
Allow empty registryboolAllow controller to start without a ‘Registry address’false--allow-empty-registry
Enable event loggingboolEnables event logging. Requires a Enterprise Plus license and will show under the Controller's Logs section after the first instance is created.false--enable-event-logging
Event log urlstringThe URL to post events (in json format)---event-log-url
Enable central loggingboolEnables central loggingfalse--enable-central-logging
Push registrystringComma separated list of Registry addresses to use for push operations---push-registry
Instance time outdurationThe time that instances stay in ‘Terminated’ state1m--instance-time-out
Manage MAC addressesboolLet the controller manage VM MAC addresses to ensure uniqueness/prevent collision. Requires VM Templates/Tags be stored in your Registry in a stopped state (vs suspended).false--manage-mac-addresses
Clean MAC addresses intervaldurationInterval between cleanings of unused MAC addresses1h--clean-mac-address-interval
Limit MAC addresses to a rangestringAllows passing the range of mac addresses to use. --manage-mac-addresses must be set to true to use this option. Format: <FROM>-<TO> (example: 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF) (In the example range, 00:00:00:00:00:00 and FF:FF:FF:FF:FF:FF will be included in the internal MAC address list)---mac-addr-range
MAC address request retriesintTimes to retry to get mac address from the database before giving up and returning an error.100--mac-addr-range-max-retries
MAC address range validation intervaldurationInterval to execute the mac address range validation.3h--fill-mac-address-range-interval

External Registry Address: Required | Nodes use the external URL Local Registry Address: Optional | Nodes do NOT use local URL | If not specified/empty, External URL is used

Logging

NameTypeDescriptionDefault Valueflag / opt
Log levelintLog level verbosity. Higher number means more verbose0--log-level
Log to stderrboollog to standard error instead of filesfalse--logtostderr
Log directorystringWrite log files in this directory--log_dir
Also log to stderrboolLog to standard error as well as filestrue--alsologtostderr

TLS

NameTypeDescriptionDefault Valueflag / opt
Enable httpsboolUse https protocol for the controller portal/APIs. Must pass this to enable TLSfalse--use-https
CA certificatestringPath to a CA cert to use for authenticating clients---ca-cert
Root certificatestringAlias of CA certificate---root-cert
Server certificatestringPath to TLS server certificate---server-cert
Server certificate keystringPath to the server certificate's private key---server-key
Skip TLS verificationboolDon't verify TLS certificatesfalse--skip-tls-verification
Client certificatestringPath to client certificate. The Controller will use this certificate when making http requests (mainly to the Registry).---client-cert
Client certificate keystringPath to the client certificate's private key---client-cert-key
Client keystorestringPath to a client keystore file in pkcs12 format. The Controller will use the certificate from this key store when making http requests (mainly to the Registry).---client-keystore
Client keystore passwordstringPassword for the client keystore (optional).---client-keypass
Allowed TLS Cipher Suitescomma separated, stringsA list of cipher suites to use for tls. Options: tls_rsa_with_3des_ede_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256None--cipher-suites
Minimal TLS VersionstringThe min tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3None--min-tls-version
Maximal TLS VersionstringThe max tls version to use. Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3None--max-tls-version

Built in Registry

NameTypeDescriptionDefault Valueflag / opt
Run registryboolRun the embedded Registry serverfalse--run-registry
Registry listen addressstringAddress for Registry to listen on (:8089 is equivalent to 0.0.0.0:8089). Use the format [address]:port:8089--registry-listen-address
Registry base pathstringPath for registry's data---registry-base-path
Registry access logsboolEnables registry access logsfalse--registry-access-logs
Enable registry authorizationEnables authorization for the Registryfalse--enable-registry-authorization

Built in ETCD

NameTypeDescriptionDefault Valueflag / opt
Server namestringHuman readable name for ETCD serveranka-etcd--name
Data directorystringPath to use for saving ETCD data/tmp/etcd-data--data-dir
Initial clusterstringInitial cluster configuration for bootstrapping etcd serveranka-etcd=http://0.0.0.0:2380--initial-cluster
Listen peer urlsstringComma separated URLs for ETCD server to server communication (when clustering ETCD)http://0.0.0.0:2380--listen-peer-urls
Initial advertise peer urlsstringComma separated URLs for ETCD server to server communication to advertisehttp://0.0.0.0:2380--initial-advertise-peer-urls
Initial ETCD statestringInitial ETCD cluster state (‘new’ or ‘existing’)new--initial-cluster-state
Initial ETCD tokenstringInitial token for the ETCD cluster during bootstrapetcd-server--initial-cluster-token
Listen client urlsstringComma separated URLs for ETCD to serve clients (Controller)http://127.0.0.1:2379--listen-client-urls
Auto compaction modestringAuto compaction mode, either ‘periodic’ or ‘revision’.periodic--auto-compaction-mode
Advertise client urlsstringClient urls for etcd server to advertisehttp://127.0.0.1:2379--advertise-client-urls
Compaction retention intervalstringAuto compaction retention length. 0 means disable auto compaction.30m--auto-compaction-retention

Authentication and Authorization

NameTypeDescriptionDefault Valueflag / opt
Anable authenticationboolEnable authentication module. Must pass this for authentication to workfalse--enable-auth
Root static tokenstringA token to authenticate as super user---root-token
OpenId connect display namestringName of open id server to display in login page. The text will say “Login with X”---oidc-display-name
OpenId connect provider urlstringOpen ID connect provider url---oidc-provider-url
OpenId connect client idstringOpen ID connect client id---oidc-client-id
OpenId connect username claimstringOpen ID connect claim key to use for user namename--oidc-username-claim
OpenId connect groups claimstringOpen ID connect claim key to use for groups,groups--oidc-groups-claim
Enable Etcd AuthenticationboolUse TLS certificates for authentication with etcd server. Must pass this for etcd authentication to workfalse--use-etcd-tls
Etcd CA CertstringPath to CA certificate to be used when connecting to Etcd server---etcd-ca-cert
Etcd Client CertstringPath to Etcd Client certificate to be used when connecting to Etcd server---etcd-cert
Etcd Client KeystringPath to Etcd Client Key to be used when connecting to Etcd server---etcd-cert-key
Skip Etcd TLS verificationboolDon't use TLS verification for Etcd Authenticationfalse--skip-etcd-tls-verification
Enable Etcd user loginboolEnable Etcd user login when connecting to Etcd serverfalse--use-etcd-login
Etcd UsernamestringEtcd username to be used to login to Etcd server---etcd-username
Etcd PasswordstringEtcd password to be used to login to Etcd server---etcd-password

Separate queue interface

This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster's Nodes

NameTypeDescriptionDefault Valueflag / opt
Queue addressstringSetting this address will activate a separate http server that will only serve queue requests (only for Node communication).---queue-addr
Queue CA certificatestringPath to a CA certificate to use for authenticating clients---queue-ca-cert
Queue server certificatestringPath to TLS server certificate---queue-server-cert
Queue server certificate keystringPath to the server certificate's private key---queue-server-key
Use queue TLSEnables queue tlsfalse--use-queue-tls
Enable queue authEnables queue authentication/authorizationfalse--enable-queue-auth

Internal

Parameters used internally. It's recommended to use the Default Values.

NameTypeDescriptionDefault Valueflag / opt
Clean process intervaldurationThe interval to clean the queues (delete any tasks older than 24 hours), 0 to disable1h--clean-queues-interval
allow corsboolIf true adds Acces-Control-Allow-Origin to all routesdefault--allow-cors
Scheduler intervaldurationInterval for checking scheduled tasks30m--scheduler-interval
allowUnknownFlagsDon't terminate the app if ini file contains unknown flags.default--allowUnknownFlags
Dump flagsboolDumps values for all flags defined in the app into stdout in ini-compatible syntax and terminates the app.false--dumpflags

Last modified September 9, 2021 : queue etcd endpoints (d594d42) by Nathan Pierce