Configuration ENVs
General & Commonly used
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ANKA_REGISTRY | (string) | The Anka Registry address used for communication from the Controller to the Registry as well as the address used by Nodes to pull VM Templates and Tags.) | |
| ANKA_CLEAN_MAC_ADDRESS_INTERVAL | (duration) | Delay between cleaning mac addresses.) | 1h0m0s |
| ANKA_DEFRAG_DB_INTERVAL | (duration) | The interval for defragging ETCD (0 is disable).) | 0 |
| ANKA_ETCD_ENDPOINTS | (string) | Comma separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS).) | 127.0.0.1:2379 |
| ANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL | (duration) | Interval to execute the mac address range validation.) | 3h0m0s |
| ANKA_INSTANCE_TIME_OUT | (duration) | The time that instances stay in ‘Terminated’ or ‘Terminating’ state.) | 1m0s |
| ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: [address]:port).) | :80 |
| ANKA_LOCAL_ANKA_REGISTRY | (string) | Do not set unless ANKA_ANKA_REGISTRY is set to a URL/IP the controller does not have access to. The Controller uses this to communicate with the Registry and is separate from the ANKA_ANKA_REGISTRY, which is used by external services like Anka Nodes. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: http[s]://address:[port]).) | |
| ANKA_MAC_ADDR_RANGE | (string) | Pass the range of mac addresses to use. manage-mac-addresses must be set to true to use this option. format is | |
| ANKA_MAC_ADDR_RANGE_MAX_RETRIES | (int) | Times to retry to get mac address from the database before giving up and returning an error.) | 100 |
| ANKA_MANAGE_MAC_ADDRESSES | (boolean) | Enables the controller to manage mac addresses of VMs. Check our docs for more info and caveats.) | false |
| ANKA_NUM_WORKERS | (int) | The number of concurrent workers processing node tasks.) | 2 |
| ANKA_PUSH_REGISTRY | (string) | Comma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building).) | |
| ANKA_QUEUE_ETCD_ENDPOINTS | (string) | Comma seperated list of ETCD endpoints to use for queue data (only available in standalone mode).) | |
| ANKA_STANDALONE | (boolean) | Run controller service with built etcd database in a single binary/service.) | false |
Logging
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days).) | 7 |
| ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb).) | 1024 |
| ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry.) | false |
| ANKA_ENABLE_EVENT_LOGGING | (boolean) | (Enterprise Plus Only) Enables event logging. They will show under the Controller’s Logs section after the first instance is created.) | false |
| ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days).) | 3 |
| ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb).) | 200 |
| ANKA_EVENT_LOG_URL | (string) | (Enterprise Plus Only) The url to post events to in json format.) | |
| ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days).) | 0 |
| ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb).) | 0 |
| ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined.) | 7 |
| ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined.) | 700 |
| ANKA_V | (string) | verbosity level of logs (0-10, 10 being the most verbose)) | 0 |
HTTPS / TLS
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CIPHER_SUITES | (string) | fmt.Sprintf(A list of cipher suites to use for HTTPS/TLS. Supported Options: %v, strings.Join(utils.GetTLSCipherSuitesNames(), , ))) | |
| ANKA_MAX_TLS_VERSION | (string) | fmt.Sprintf(The max tls version to use with HTTPS/TLS. Supported Options: %v, strings.Join(utils.GetTLSVersions(), , ))) | |
| ANKA_MIN_TLS_VERSION | (string) | fmt.Sprintf(The min tls version to use with HTTPS/TLS. Supported Options: %v, strings.Join(utils.GetTLSVersions(), , ))) | |
| ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format.) | |
| ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format.) | |
| ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable the verification of the HTTPS/TLS certificates when making outbound requests to services (for self-signed certs).) | false |
| ANKA_USE_HTTPS | (boolean) | Enable HTTPS/TLS protocol for the controller UI and API (requires server-cert & server-key).) | false |
Built in ETCD
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ADVERTISE_CLIENT_URLS | (string) | Comma separated list of client urls for ETCD to advertise (only available in standalone mode)) | http://127.0.0.1:2379 |
| ANKA_AUTO_COMPACTION_MODE | (string) | The ETCD auto compaction mode, (‘periodic’ or ‘revision’) (only available in standalone mode)) | periodic |
| ANKA_AUTO_COMPACTION_RETENTION | (string) | The ETCD auto compaction retention length (0 is disabled) (only available in standalone mode)) | 30m |
| ANKA_DATA_DIR | (string) | The ETCD data directory location (only available in standalone mode)) | /tmp/etcd-data |
| ANKA_INITIAL_ADVERTISE_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to advertise (only available in standalone mode)) | http://0.0.0.0:2380 |
| ANKA_INITIAL_CLUSTER | (string) | The initial ETCD cluster configuration for bootstrapping (only available in standalone mode)) | anka-etcd=http://0.0.0.0:2380 |
| ANKA_INITIAL_CLUSTER_STATE | (string) | The initial cluster state for ETCD (’new’ or ’existing’) (only available in standalone mode)) | new |
| ANKA_INITIAL_CLUSTER_TOKEN | (string) | The cluster token used in ETCD during bootstrap (only available in standalone mode)) | etcd-server |
| ANKA_LISTEN_CLIENT_URLS | (string) | Comma separated list client urls for ETCD to use (only available in standalone mode)) | http://127.0.0.1:2379 |
| ANKA_LISTEN_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to use (only available in standalone mode)) | http://0.0.0.0:2380 |
| ANKA_NAME | (string) | The name for your ETCD server (only available in standalone mode)) | anka-etcd |
Authentication and Authorization
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys.) | 4h0m0s |
| ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration).) | 5m0s |
| ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs.) | |
| ANKA_CRL | (string) | (Certificate Authentication) File containing certificate revocation list (CRL) used to authenticate incoming requests/certs.) | |
| ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication.) | false |
| ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID Connect or API Keys) (Not to be confused with Authorization).) | false |
| ANKA_ENABLE_CONTROLLER_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Controller.) | false |
| ANKA_ENABLE_INGRESS_NGINX | (boolean) | Enable Authentication based on headers set by Ingress Nginx (https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/) | false |
| ANKA_ENABLE_RESOURCE_MANAGEMENT | (boolean) | Enable resource management for the controller (requires enable-controller-authorization)) | false |
| ANKA_ETCD_CA_CERT | (string) | (ETCD Certificate Authentication) The Etcd client will use this when connecting to the cluster.) | |
| ANKA_ETCD_CERT | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster.) | |
| ANKA_ETCD_CERT_KEY | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster.) | |
| ANKA_ETCD_PASSWORD | (string) | (ETCD Certificate Authentication) ETCD Password to use for login.) | |
| ANKA_ETCD_USERNAME | (string) | (ETCD Certificate Authentication) ETCD Username to use for login.) | |
| ANKA_OIDC_CLIENT_ID | (string) | (OpenID Connect/SSO) Client id) | |
| ANKA_OIDC_CLIENT_SECRET | (string) | (OpenID Connect/SSO) Client secret) | |
| ANKA_OIDC_DISPLAY_NAME | (string) | (OpenID Connect/SSO) Name to display on login page) | |
| ANKA_OIDC_GROUPS_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for groups, defaults to groups) | groups |
| ANKA_OIDC_PROVIDER_URL | (string) | (OpenID Connect/SSO) Provider URL) | |
| ANKA_OIDC_SCOPES | (string) | (OpenID Connect/SSO) Comma separated list of scopes, overrides default scopes used) | |
| ANKA_OIDC_USER_INFO | (boolean) | (OpenID Connect/SSO) Get claims from user info endpoint) | false |
| ANKA_OIDC_USERNAME_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for user name, defaults to name) | |
| ANKA_ROOT_CERT | (string) | (Certificate Authentication) Alias of ca-cert) | |
| ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the Controller UI and API (username is ‘root’).) | |
| ANKA_SKIP_ETCD_TLS_VERIFICATION | (boolean) | (ETCD Certificate Authentication) Don’t verify ETCD TLS certificates (for self signed certificates).) | false |
| ANKA_USE_ETCD_LOGIN | (boolean) | (ETCD Certificate Authentication) Enable ETCD client login with username and password.) | false |
| ANKA_USE_ETCD_TLS | (boolean) | (ETCD Certificate Authentication) Use TLS certificates for authentication with ETCD cluster.) | false |
Separate Queue Interface
This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster’s Nodes
You must join your nodes with --skip-tests.Auto upgrading of the Agent running on your nodes/hosts will fail since the Agent is not downloadable through the queue interface. You must manually download the proper agent pkg from https://downloads.veertu.com/#anka/ and install it on your node/host.
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_CLEAN_QUEUES_INTERVAL | (duration) | The interval to clean the queues (delete any tasks older than 24 hours), 0 to disable) | 1h0m0s |
| ANKA_ENABLE_QUEUE_AUTH | (boolean) | Enable queue Authentication) | false |
| ANKA_QUEUE_ADDR | (string) | The address to use for the queue (format: 0.0.0.0:[port])) | |
| ANKA_QUEUE_CA_CERT | (string) | The HTTPS/TLS CA cert for the queue) | |
| ANKA_QUEUE_CRL | (string) | The HTTPS/TLS certificate revocation list (CRL) for the queue) | |
| ANKA_QUEUE_SERVER_CERT | (string) | The HTTPS/TLS certificate file in PEM format for the queue) | |
| ANKA_QUEUE_SERVER_KEY | (string) | The HTTPS/TLS private key in PEM format for the queue) | |
| ANKA_USE_QUEUE_TLS | (boolean) | Enable queue HTTPS/TLS) | false |
Performance / Task Management
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_BATCH_TASK_COUNT | (int) | The number of tasks to get from the queue in one request (max 40)) | 2 |
| ANKA_DIAL_TIMEOUT | (duration) | set http dial timeout) | 5s |
| ANKA_ETCD_REQUEST_TIMEOUT | (duration) | Client side timeout for ETCD requests) | 20s |
| ANKA_INSTANCE_ACTIVE_TIMEOUT | (duration) | How long before an instance is declared as ’not communicating') | 2m0s |
| ANKA_MAX_IDLE_CONNECTION_PER_HOST | (int) | set mac idle connections per host) | 50 |
| ANKA_NODE_ACTIVE_TIMEOUT | (duration) | How long before a node is declared as ‘offline’) | 2m0s |
| ANKA_NUM_HTTP_RETRIES | (int) | Number of times to retry on http error > 400) | 5 |
| ANKA_QUERY_TASK_TIMEOUT | (duration) | Seconds nodes wait to reserve a start vm task if queue is empty) | 10s |
| ANKA_REQUEST_TIMEOUT | (duration) | set http request timeout) | 15s |
| ANKA_RESERVE_TASK_TIMEOUT | (duration) | Seconds queue clients wait to reserve a task if queue is empty) | 10s |
| ANKA_SCHEDULER_INTERVAL | (duration) | The interval for checking scheduled tasks) | 30m0s |
| ANKA_TLS_HANDSHAKE_TIMEOUT | (duration) | set tls handshake timeout) | 5s |
| ANKA_UNKNOWN_VM_THRESHOLD | (int) | Number of reports allowed for an unknown VM before terminating it) | 30 |
Monitoring
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ENABLE_METRICS | (boolean) | Enables Prometheus metrics. By default available on *:2112/metrics) | false |
| ANKA_METRICS_PATH | (string) | Path to expose Prometheus metrics.) | /metrics |
| ANKA_METRICS_PORT | (uint) | Port to expose Prometheus metrics.) | 2112 |
Internal
These are used internally. It’s recommended that you don’t modify them unless absolutely necessary
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ALLOW_CORS | (boolean) | Add Access-Control-Allow-Origin to all routes) | false |
| ANKA_NO_NODE_UPGRADES | (boolean) | Set this flag to true to turn off automatic node upgrade) | false |
| ANKA_VRAMTHRESHOLD | (float) | The minimum RAM percentage threshold to use for the UI graph) | 0 |
Other
| ENV | Type | Description | Default Value |
|---|---|---|---|
| ANKA_ALLOW_EMPTY_REGISTRY | (boolean) | Allow controller to start without an external registry address (not recommended)) | false |