1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
|
## etcd(1) daemon options
## See "/usr/share/doc/etcd-server/op-guide/configuration.md.gz"
### Member flags
##### --name
## Human-readable name for this member.
## This value is referenced as this node's own entries listed in the
## `--initial-cluster` flag (e.g., `default=http://localhost:2380`). This
## needs to match the key used in the flag if using static bootstrapping. When
## using discovery, each member must have a unique name. `Hostname` or
## `machine-id` can be a good choice.
## default: "default"
# ETCD_NAME="default"
##### --data-dir
## Path to the data directory.
## default: "${name}.etcd"
# ETCD_DATA_DIR="/var/lib/etcd/default"
##### --wal-dir
## Path to the dedicated wal directory. If this flag is set, etcd will write
## the WAL files to the walDir rather than the dataDir. This allows a
## dedicated disk to be used, and helps avoid io competition between logging
## and other IO operations.
## default: ""
# ETCD_WAL_DIR
##### --snapshot-count
## Number of committed transactions to trigger a snapshot to disk.
## default: "100000"
# ETCD_SNAPSHOT_COUNT="100000"
##### --heartbeat-interval
## Time (in milliseconds) of a heartbeat interval.
## default: "100"
# ETCD_HEARTBEAT_INTERVAL="100"
##### --election-timeout
## Time (in milliseconds) for an election to timeout. See
## /usr/share/doc/etcd-server/tuning.md.gz for details.
## default: "1000"
# ETCD_ELECTION_TIMEOUT="1000"
##### --listen-peer-urls
## List of URLs to listen on for peer traffic. This flag tells the etcd to
## accept incoming requests from its peers on the specified scheme://IP:port
## combinations. Scheme can be either http or https.If 0.0.0.0 is specified as
## the IP, etcd listens to the given port on all interfaces. If an IP address is
## given as well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen
## on. The etcd will respond to requests from any of the listed addresses and
## ports.
## default: "http://localhost:2380"
## example: "http://10.0.0.1:2380"
## invalid example: "http://example.com:2380" (domain name is invalid for binding)
# ETCD_LISTEN_PEER_URLS="http://localhost:2380"
##### --listen-client-urls
## List of URLs to listen on for client traffic. This flag tells the etcd to
## accept incoming requests from the clients on the specified scheme://IP:port
## combinations. Scheme can be either http or https. If 0.0.0.0 is specified as
## the IP, etcd listens to the given port on all interfaces. If an IP address is
## given as well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen
## on. The etcd will respond to requests from any of the listed addresses and
## ports.
## default: "http://localhost:2379"
## example: "http://10.0.0.1:2379"
## invalid example: "http://example.com:2379" (domain name is invalid for binding)
# ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
##### --max-snapshots
## Maximum number of snapshot files to retain (0 is unlimited)
## The default for users on Windows is unlimited, and manual purging down to 5
## (or some preference for safety) is recommended.
## default: 5
# ETCD_MAX_SNAPSHOTS="5"
##### --max-wals
## Maximum number of wal files to retain (0 is unlimited)
## The default for users on Windows is unlimited, and manual purging down to 5
## (or some preference for safety) is recommended.
## default: 5
# ETCD_MAX_WALS="5"
##### --cors
## Comma-separated white list of origins for CORS (cross-origin resource
## sharing).
## default: none
# ETCD_CORS
### Clustering flags
# `--initial` prefix flags are used in bootstrapping (static bootstrap,
# discovery-service bootstrap or runtime reconfiguration) a new member, and
# ignored when restarting an existing member.
# `--discovery` prefix flags need to be set when using discovery service.
##### --initial-advertise-peer-urls
## List of this member's peer URLs to advertise to the rest of the cluster.
## These addresses are used for communicating etcd data around the cluster. At
## least one must be routable to all cluster members. These URLs can contain
## domain names.
## default: "http://localhost:2380"
## example: "http://example.com:2380, http://10.0.0.1:2380"
# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
##### --initial-cluster
## Initial cluster configuration for bootstrapping.
## The key is the value of the `--name` flag for each node provided. The
## default uses `default` for the key because this is the default for the
## `--name` flag.
## default: "default=http://localhost:2380"
# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
##### --initial-cluster-state
## Initial cluster state ("new" or "existing"). Set to `new` for all members
## present during initial static or DNS bootstrapping. If this option is set to
## `existing`, etcd will attempt to join the existing cluster. If the wrong value
## is set, etcd will attempt to start but fail safely.
## default: "new"
# ETCD_INITIAL_CLUSTER_STATE="new"
##### --initial-cluster-token
## Initial cluster token for the etcd cluster during bootstrap.
## default: "etcd-cluster"
# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
##### --advertise-client-urls
## List of this member's client URLs to advertise to the rest of the cluster.
## These URLs can contain domain names.
## Be careful if advertising URLs such as http://localhost:2379 from a cluster
## member and are using the proxy feature of etcd. This will cause loops, because
## the proxy will be forwarding requests to itself until its resources (memory,
## file descriptors) are eventually depleted.
## default: "http://localhost:2379"
## example: "http://example.com:2379, http://10.0.0.1:2379"
# ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
##### --discovery
## Discovery URL used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY
##### --discovery-srv
## DNS srv domain used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY_SRV
##### --discovery-fallback
## Expected behavior ("exit" or "proxy") when discovery services fails. "proxy"
## supports v2 API only.
## default: "proxy"
# ETCD_DISCOVERY_FALLBACK="proxy"
##### --discovery-proxy
## HTTP proxy to use for traffic to discovery service.
## default: none
# ETCD_DISCOVERY_PROXY
##### --strict-reconfig-check
## Reject reconfiguration requests that would cause quorum loss.
## default: false
# ETCD_STRICT_RECONFIG_CHECK
##### --auto-compaction-retention
## Auto compaction retention for mvcc key value store in hour. 0 means disable
## auto compaction.
## default: 0
# ETCD_AUTO_COMPACTION_RETENTION="0"
##### --enable-v2
## Accept etcd V2 client requests
## default: true
# ETCD_ENABLE_V2="true"
### Proxy flags
# `--proxy` prefix flags configures etcd to run in proxy mode. "proxy" supports
# v2 API only.
##### --proxy
## Proxy mode setting ("off", "readonly" or "on").
## default: "off"
# ETCD_PROXY="off"
##### --proxy-failure-wait
## Time (in milliseconds) an endpoint will be held in a failed state before
## being reconsidered for proxied requests.
## default: 5000
# ETCD_PROXY_FAILURE_WAIT="5000"
##### --proxy-refresh-interval
## Time (in milliseconds) of the endpoints refresh interval.
## default: 30000
# ETCD_PROXY_REFRESH_INTERVAL="30000"
##### --proxy-dial-timeout
## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
## default: 1000
# ETCD_PROXY_DIAL_TIMEOUT="1000"
##### --proxy-write-timeout
## Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
## default: 5000
# ETCD_PROXY_WRITE_TIMEOUT="5000"
##### --proxy-read-timeout
## Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
## Don't change this value if using watches because use long polling requests.
## default: 0
# ETCD_PROXY_READ_TIMEOUT="0"
### Security flags
# The security flags help to build a secure etcd cluster.
##### --ca-file (**DEPRECATED**)
## Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced
## by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the
## same.
## default: none
# ETCD_CA_FILE
##### --cert-file
## Path to the client server TLS cert file.
## default: none
# ETCD_CERT_FILE
##### --key-file
## Path to the client server TLS key file.
## default: none
# ETCD_KEY_FILE
##### --client-cert-auth
## Enable client cert authentication.
## default: false
# ETCD_CLIENT_CERT_AUTH
##### --trusted-ca-file
## Path to the client server TLS trusted CA key file.
## default: none
# ETCD_TRUSTED_CA_FILE
##### --auto-tls
## Client TLS using generated certificates
## default: false
# ETCD_AUTO_TLS
##### --peer-ca-file (**DEPRECATED**)
## Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be
## replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd
## will perform the same.
## default: none
# ETCD_PEER_CA_FILE
##### --peer-cert-file
## Path to the peer server TLS cert file.
## default: none
# ETCD_PEER_CERT_FILE
##### --peer-key-file
## Path to the peer server TLS key file.
## default: none
# ETCD_PEER_KEY_FILE
##### --peer-client-cert-auth
## Enable peer client cert authentication.
## default: false
# ETCD_PEER_CLIENT_CERT_AUTH
##### --peer-trusted-ca-file
## Path to the peer server TLS trusted CA file.
## default: none
# ETCD_PEER_TRUSTED_CA_FILE
##### --peer-auto-tls
## Peer TLS using generated certificates
## default: false
# ETCD_PEER_AUTO_TLS
### Logging flags
##### --debug
## Drop the default log level to DEBUG for all subpackages.
## default: false (INFO for all packages)
# ETCD_DEBUG
##### --log-package-levels
## Set individual etcd subpackages to specific log levels. An example being
## `etcdserver=WARNING,security=DEBUG`
## default: none (INFO for all packages)
# ETCD_LOG_PACKAGE_LEVELS
### Unsafe flags
# Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol.
# For example, it may panic if other members in the cluster are still alive.
# Follow the instructions when using these flags.
##### --force-new-cluster
## Force to create a new one-member cluster. It commits configuration changes
## forcing to remove all existing members in the cluster and add itself. It needs
## to be set to restore a backup.
## default: false
# ETCD_FORCE_NEW_CLUSTER
|
