# Human_readable name for this member. # # default: "default" # # ETCD_NAME="default" # Path to the data directory. # # default: "${name}.etcd" # distribution default: "/var/lib/etcd" # # ETCD_DATA_DIR="/var/lib/etcd" # Path to the dedicated wal directory. # If this flag is set, etcd will write the WAL files # to the walDir rather than the dataDir. # # default: "" # # ETCD_WAL_DIR="" # Number of committed transactions to trigger a snapshot to disk. # # default: 10000 # # ETCD_SNAPSHOT_COUNT=10000 # Time (in milliseconds) of a heartbeat interval. # # default: 100 # # ETCD_HEARTBEAT_INTERVAL=100 # Time (in milliseconds) for an election to timeout. # # default: 1000 # # ETCD_ELECTION_TIMEOUT=1000 # List of URLs to listen on for peer traffic. # # default: "http://localhost:2380,http://localhost:7001" # # ETCD_LISTEN_PEER_URLS="http://localhost:2380,http://localhost:7001" # List of URLs to listen on for client traffic. # # default: "http://localhost:2379,http://localhost:4001" # # ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://localhost:4001" # Maximum number of snapshot files to retain (0 is unlimited) # # default: 5 # # ETCD_MAX_SNAPSHOTS=5 # Maximum number of wal files to retain (0 is unlimited) # # default: 5 # # ETCD_MAX_WALS=5 # Comma_separated white list of origins for CORS (cross_origin resource sharing). # # default: none # # ETCD_CORS= # Raise alarms when backend size exceeds the given quota. 0 means use the # default quota. # # default: 0 # # ETCD_QUOTA_BACKEND_BYTES=0 # BackendBatchLimit is the maximum operations before commit the backend # transaction. # # default: 0 # # ETCD_BACKEND_BATCH_LIMIT=0 # The freelist type that etcd backend(bboltdb) uses (array and map are # supported types). # # default: () # # ETCD_BACKEND_BBOLT_FREELIST_TYPE=() # BackendBatchInterval is the maximum time before commit the backend # transaction. # # default: 0 # # ETCD_BACKEND_BATCH_INTERVAL=0 # Maximum number of operations permitted in a transaction. # # default: 128 # # ETCD_MAX_TXN_OPS=128 # Maximum client request size in bytes the server will accept. # # default: 1572864 # # ETCD_MAX_REQUEST_BYTES=1572864 # Minimum duration interval that a client should wait before pinging server. # # default: 5s # # ETCD_GRPC_KEEPALIVE_MIN_TIME=5s # Frequency duration of server-to-client ping to check if a connection is # alive (0 to disable). # # default: 2h # # ETCD_GRPC_KEEPALIVE_INTERVAL=2h # Additional duration of wait before closing a non-responsive connection # (0 to disable). # # default: 20s # # ETCD_GRPC_KEEPALIVE_TIMEOUT=20s # List of this member's peer URLs to advertise to the rest of the cluster. # These addresses are used for communicating etcd data around the cluster. # At least one must be routable to all cluster members. # # default: "http://localhost:2380,http://localhost:7001" # # ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380,http://localhost:7001" # Initial cluster configuration for bootstrapping. # # default: "default=http://localhost:2380,default=http://localhost:7001" # distribution default: "default=http://localhost:2380,default=http://localhost:7001" # # ETCD_INITIAL_CLUSTER="default=http://localhost:2380,default=http://localhost:7001" # Initial cluster state ("new" or "existing"). # Set to new for all members present during initial static or DNS bootstrapping. # If this option is set to existing, etcd will attempt to join the existing cluster. # If the wrong value is set, etcd will attempt to start but fail safely. # # default: "new" # # ETCD_INITIAL_CLUSTER_STATE="new" # Initial cluster token for the etcd cluster during bootstrap. # # default: "etcd_cluster" # # ETCD_INITIAL_CLUSTER_TOKEN="etcd_cluster" # List of this member's client URLs to advertise to the rest of the cluster. # # default: "http://localhost:2379,http://localhost:4001" # # ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379,http://localhost:4001" # Discovery URL used to bootstrap the cluster. # # default: none # # ETCD_DISCOVERY= # DNS srv domain used to bootstrap the cluster. # # default: none # # ETCD_DISCOVERY_SRV= # Suffix to the DNS srv name queried when bootstrapping using DNS. # # default: none # # ETCD_DISCOVERY_SRV_NAME= # Expected behavior ("exit" or "proxy") when discovery services fails. # "proxy" supports v2 API only. # # default: "proxy" # # ETCD_DISCOVERY_FALLBACK="proxy" # HTTP proxy to use for traffic to discovery service. # # default: none # # ETCD_DISCOVERY_PROXY= # Reject reconfiguration requests that would cause quorum loss. # # default: true # # ETCD_STRICT_RECONFIG_CHECK=true # Auto compaction retention for mvcc key value store in hour. 0 means disable # auto compaction. # # default: 0 # # ETCD_AUTO_COMPACTION_RETENTION=0 # Interpret 'auto-compaction-retention' one of: 'periodic', 'revision'. # 'periodic' for duration based retention, defaulting to hours if no time # unit is provided (e.g. '5m'). 'revision' for revision number based retention. # # default: periodic # # ETCD_AUTO_COMPACTION_MODE=periodic # Accept etcd V2 client requests # # default: false # # ETCD_ENABLE_V2=false # Proxy mode setting ("off", "readonly" or "on"). # # default: "off" # # ETCD_PROXY="off" # Time (in milliseconds) an endpoint will be held # in a failed state before being reconsidered for proxied requests. # # default: 5000 # # ETCD_PROXY_FAILURE_WAIT=5000 # Time (in milliseconds) of the endpoints refresh interval. # # default: 30000 # # ETCD_PROXY_REFRESH_INTERVAL=30000 # Time (in milliseconds) for a dial to timeout or 0 to disable the timeout. # # default: 1000 # # ETCD_PROXY_DIAL_TIMEOUT=1000 # Time (in milliseconds) for a write to timeout or 0 to disable the timeout. # # default: 5000 # # ETCD_PROXY_WRITE_TIMEOUT=5000 # Time (in milliseconds) for a read to timeout or 0 to disable the timeout. # Don't change this value if you use watches because they are using long polling requests. # # default: 0 # # ETCD_PROXY_READ_TIMEOUT=0 # [DEPRECATED] Path to the client server TLS CA file. # # default: none # # ETCD_CA_FILE= # Path to the client server TLS cert file. # # default: none # # ETCD_CERT_FILE= # Path to the client server TLS key file. # # default: none # # ETCD_KEY_FILE= # Enable client cert authentication. # # default: false # # ETCD_CLIENT_CERT_AUTH=false # Path to the client certificate revocation list file. # # default: none # # ETCD_CLIENT_CRL_FILE= # Allowed Allowed TLS name for client cert authentication. # # default: none # # ETCD_CLIENT_CERT_ALLOWED_HOSTNAME= # Path to the client server TLS trusted CA key file. # # default: none # # ETCD_TRUSTED_CA_FILE= # Client TLS using generated certificates # # default: false # # ETCD_AUTO_TLS=false # [DEPRECATED] Path to the peer server TLS CA file. # # default: none # # ETCD_PEER_CA_FILE= # Path to the peer server TLS cert file. # # default: none # # ETCD_PEER_CERT_FILE= # Path to the peer server TLS key file. # # default: none # # ETCD_PEER_KEY_FILE= # Enable peer client cert authentication. # # default: false # # ETCD_PEER_CLIENT_CERT_AUTH=false # Path to the peer certificate revocation list file. # # default: none # # ETCD_PEER_CRL_FILE= # Path to the peer server TLS trusted CA file. # # default: none # # ETCD_PEER_TRUSTED_CA_FILE= # Peer TLS using generated certificates. # # default: false # # ETCD_PEER_AUTO_TLS=false # Allowed CommonName for inter peer authentication. # # default: none # # ETCD_PEER_CERT_ALLOWED_CN= # Allowed TLS certificate name for inter peer authentication. # # default: none # # ETCD_PEER_CERT_ALLOWED_HOSTNAME= # Comma-separated list of supported TLS cipher suites between server/client # and peers. # # default: none # # ETCD_CIPHER_SUITES= # Specify 'zap' for structured logging or 'capnslog'. # WARNING: --logger=capnslog to be deprecated in v3.5. # # default: capnslog # # ETCD_LOGGER=capnslog # Specify 'stdout' or 'stderr' to skip journald logging even when running # under systemd, or list of comma separated output targets. # # default: default # # ETCD_LOG_OUTPUTS=default # Configures log level. Only supports debug, info, warn, error, panic, # or fatal. # # default: info # # ETCD_LOG_LEVEL=info # [DEPRECATED] Drop the default log level to DEBUG for all subpackages. # # default: false (INFO for all packages) # # ETCD_DEBUG=false # [DEPRECATED] Set individual etcd subpackages to specific log levels. # An example being etcdserver=WARNING,security=DEBUG # # default: none (INFO for all packages) # # ETCD_LOG_PACKAGE_LEVELS= # Force to create a new one_member cluster. # It commits configuration changes in force to remove all existing members in the cluster and add itself. # It needs to be set to restore a backup. # # default: false # # ETCD_FORCE_NEW_CLUSTER=false # Enable runtime profiling data via HTTP server. Address is at client URL + # "/debug/pprof/" # # default: false # # ETCD_ENABLE_PPROF=false # Set level of detail for exported metrics, specify 'extensive to include # server side grpc histogram metrics. # # default: basic # # ETCD_METRICS=basic # List of additional URLs to listen on that will respond to both # the /metrics and /health endpoints. # # default: none # # ETCD_LISTEN_METRICS_URLS= # Specify a token type and token specific options, especially for JWT. # Its format is "type,var1=val1,var2=val2,...". Possible type is 'simple' # or 'jwt'. Possible variables are 'sign-method' for specifying a sign # method of jwt (its possible values are 'ES256', 'ES384', 'ES512', # 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'PS256', # 'PS384', or 'PS512'), 'pub-key' for specifying a path to a public # key for verifying jwt, 'priv-key' for specifying a path to a private key # for signing jwt, and 'ttl' for specifying TTL of jwt tokens. # # For asymmetric algorithms ('RS', 'PS', 'ES'), the public key # is optional, as the private key contains enough information to both sign # and verify tokens. # # Example option of JWT: '–auth-token jwt,pub-key=app.rsa.pub,priv- # key=app.rsa,sign-method=RS512,ttl=10m' # # default: "simple" # # ETCD_AUTH_TOKEN="simple" # Duration of time between cluster corruption check passes. # # default: 0s # # ETCD_EXPERIMENTAL_CORRUPT_CHECK_TIME=0s # Sets the maximum revisions deleted in each compaction batch. # # default: 1000 # # ETCD_EXPERIMENTAL_COMPACTION_BATCH_LIMIT=1000 # Skip verification of SAN field in client certificate for peer connections. # This can be helpful e.g. if cluster members run in different networks # behind a NAT. In this case make sure to use peer certificates based on a # private certificate authority using --peer-cert-file, --peer-key-file, # --peer-trusted-ca-file. # # default: false # # ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION=false