Configuration Reference
Anka Build Cloud Configuration Reference
Controller Configuration Reference
Configuring your Anka Build Cloud Controller & Registry to enable features or customize URLs has several methods available.
Environment Variables
Depending on the package you’re using (native or docker), you can set ENV variables to modify the configuration of your controller and registry.
docker-compose.yml (docker)
version: '2'
services:
anka-controller:
build:
context: controller
ports:
- "80:80"
###### EDIT HERE FOR TLS ########
# volumes:
# Path to ssl certificates directory
# - ****EDIT_ME****:/mnt/cert
depends_on:
- etcd
- anka-registry
environment:
ANKA_ETCD_ENDPOINTS: etcd:2379
ANKA_LISTEN_ADDR: :80
ANKA_LOG_DIR: /var/log/anka-controller
ANKA_LOCAL_ANKA_REGISTRY: http://anka-registry:8089
ANKA_ENABLE_CENTRAL_LOGGING: "true"
ANKA_ANKA_REGISTRY: *******EDIT-ME******** # This URL must be reachable by your Anka nodes
# https://docs.veertu.com/anka/anka-build-cloud/configuration-reference/#configuration-envs
restart: always
anka-registry:
build:
context: registry
ports:
- "8089:8089"
restart: always
environment:
ANKA_BASE_PATH: /mnt/vol
ANKA_LISTEN_ADDR: :8089
ANKA_ENABLE_CENTRAL_LOGGING: "true"
# https://docs.veertu.com/anka/anka-build-cloud/configuration-reference/#configuration-envs
volumes:
###### EDIT HERE ########
# Path to registry data folder.
# VM data files and logs will be saved in this folder
# - ****EDIT_ME****:/mnt/vol
# Path to ssl certificates directory
# - ****EDIT_ME****:/mnt/cert
etcd:
build:
context: etcd
volumes:
- /var/etcd-data:/etcd-data
environment:
ETCD_DATA_DIR: /etcd-data
ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379
ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379
ETCD_LISTEN_PEER_URLS: http://0.0.0.0:2380
ETCD_INITIAL_ADVERTISE_PEER_URLS: http://0.0.0.0:2380
ETCD_INITIAL_CLUSTER: my-etcd=http://0.0.0.0:2380
ETCD_INITIAL_CLUSTER_TOKEN: my-etcd-token
ETCD_INITIAL_CLUSTER_STATE: new
ETCD_AUTO_COMPACTION_RETENTION: 30m
ETCD_AUTO_COMPACTION_MODE: periodic
ETCD_NAME: my-etcd
restart: always
/usr/local/bin/anka-controllerd (native)
When editing the /usr/local/bin/anka-controllerd, be sure to use export when setting the ENV.
#!/usr/bin/env bash
export ANKA_STANDALONE="true" # If false, will disable etcd
export ANKA_LISTEN_ADDR=":80"
export ANKA_DATA_DIR="/Library/Application Support/Veertu/Anka/anka-controller"
export ANKA_ENABLE_CENTRAL_LOGGING="true"
export ANKA_LOG_DIR="/Library/Logs/Veertu/AnkaController"
# SSL + Cert Auth
# export ANKA_USE_HTTPS="true"
# export ANKA_SKIP_TLS_VERIFICATION="true"
# export ANKA_SERVER_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_SERVER_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"
# export ANKA_ENABLE_AUTH="true"
# export ANKA_CA_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-ca-crt.pem"
# export ANKA_CLIENT_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_CLIENT_CERT_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"
# export ANKA_ROOT_TOKEN="1111111111"
${ANKA_USE_HTTPS:-false} && SCHEME="https://" || SCHEME="http://"
export ANKA_ANKA_REGISTRY="${SCHEME}anka.registry:8089"
/Library/Application\ Support/Veertu/Anka/bin/anka-controller
Configuration ENVs
General & Commonly used
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ANKA_REGISTRY | (string) | Anka Registry address that will be used by Nodes to pull/download VM Templates and Tags. This is not used by the Controller to communicate with the Registry. (format: “http[s]://address:[port]”). | |
ANKA_CLEAN_MAC_ADDRESS_INTERVAL | (duration) | Delay between cleaning mac addresses. | 1h0m0s |
ANKA_DEFRAG_DB_INTERVAL | (duration) | The interval for defragging ETCD (0 is disable). | 0 |
ANKA_ETCD_ENDPOINTS | (string) | Comma separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS). | 127.0.0.1:2379 |
ANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL | (duration) | Interval to execute the mac address range validation. | 3h0m0s |
ANKA_INSTANCE_TIME_OUT | (duration) | The time that instances stay in ‘Terminated’ or ‘Terminating’ state. | 1m0s |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “[address]:port”). | :80 |
ANKA_LOCAL_ANKA_REGISTRY | (string) | The Controller uses this to communicate with the Registry and is separate from the ANKA_ANKA_REGISTRY, which is used by external services like Anka Nodes. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”). | |
ANKA_MAC_ADDR_RANGE | (string) | Pass the range of mac addresses to use. manage-mac-addresses must be set to true to use this option. format is | |
ANKA_MAC_ADDR_RANGE_MAX_RETRIES | (int) | Times to retry to get mac address from the database before giving up and returning an error. | 100 |
ANKA_MANAGE_MAC_ADDRESSES | (boolean) | Enables the controller to manage mac addresses of VMs. Check our docs for more info and caveats. | false |
ANKA_NUM_WORKERS | (int) | The number of concurrent workers processing node tasks. | 2 |
ANKA_PUSH_REGISTRY | (string) | Comma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building). | |
ANKA_QUEUE_ETCD_ENDPOINTS | (string) | Comma seperated list of ETCD endpoints to use for queue data (only available in standalone mode). | |
ANKA_STANDALONE | (boolean) | Run controller service with built etcd database in a single binary/service. | false |
Logging
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days). | 7 |
ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb). | 1024 |
ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry. | false |
ANKA_ENABLE_EVENT_LOGGING | (boolean) | (Enterprise Plus Only) Enables event logging. They will show under the Controller’s Logs section after the first instance is created. | false |
ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days). | 3 |
ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb). | 200 |
ANKA_EVENT_LOG_URL | (string) | (Enterprise Plus Only) The url to post events to in json format. | |
ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days). | 0 |
ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb). | 0 |
ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined. | 7 |
ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined. | 700 |
HTTPS / TLS
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CIPHER_SUITES | (string) | A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256 | |
ANKA_MAX_TLS_VERSION | (string) | The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_MIN_TLS_VERSION | (string) | The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format. | |
ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format. | |
ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable the verification of the HTTPS/TLS certificates when making outbound requests to services (for self-signed certs). | false |
ANKA_USE_HTTPS | (boolean) | Enable HTTPS/TLS protocol for the controller UI and API (requires server-cert & server-key). | false |
Built in ETCD
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ADVERTISE_CLIENT_URLS | (string) | Comma separated list of client urls for ETCD to advertise (only available in standalone mode) | http://127.0.0.1:2379 |
ANKA_AUTO_COMPACTION_MODE | (string) | The ETCD auto compaction mode, (‘periodic’ or ‘revision’) (only available in standalone mode) | periodic |
ANKA_AUTO_COMPACTION_RETENTION | (string) | The ETCD auto compaction retention length (0 is disabled) (only available in standalone mode) | 30m |
ANKA_DATA_DIR | (string) | The ETCD data directory location (only available in standalone mode) | /tmp/etcd-data |
ANKA_INITIAL_ADVERTISE_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to advertise (only available in standalone mode) | http://0.0.0.0:2380 |
ANKA_INITIAL_CLUSTER | (string) | The initial ETCD cluster configuration for bootstrapping (only available in standalone mode) | anka-etcd=http://0.0.0.0:2380 |
ANKA_INITIAL_CLUSTER_STATE | (string) | The initial cluster state for ETCD (’new’ or ’existing’) (only available in standalone mode) | new |
ANKA_INITIAL_CLUSTER_TOKEN | (string) | The cluster token used in ETCD during bootstrap (only available in standalone mode) | etcd-server |
ANKA_LISTEN_CLIENT_URLS | (string) | Comma separated list client urls for ETCD to use (only available in standalone mode) | http://127.0.0.1:2379 |
ANKA_LISTEN_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to use (only available in standalone mode) | http://0.0.0.0:2380 |
ANKA_NAME | (string) | The name for your ETCD server (only available in standalone mode) | anka-etcd |
Authentication and Authorization
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys. | 4h0m0s |
ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration). | 5m0s |
ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs. | |
ANKA_CRL | (string) | (Certificate Authentication) File containing certificate revocation list (CRL) used to authenticate incoming requests/certs. | |
ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication. | false |
ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID Connect or API Keys) (Not to be confused with Authorization). | false |
ANKA_ENABLE_CONTROLLER_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Controller. | false |
ANKA_ENABLE_INGRESS_NGINX | (boolean) | Enable Authentication based on headers set by Ingress Nginx (https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/ | false |
ANKA_ENABLE_RESOURCE_MANAGEMENT | (boolean) | Enable resource management for the controller (requires enable-controller-authorization) | false |
ANKA_ETCD_CA_CERT | (string) | (ETCD Certificate Authentication) The Etcd client will use this when connecting to the cluster. | |
ANKA_ETCD_CERT | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
ANKA_ETCD_CERT_KEY | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
ANKA_ETCD_PASSWORD | (string) | (ETCD Certificate Authentication) ETCD Password to use for login. | |
ANKA_ETCD_USERNAME | (string) | (ETCD Certificate Authentication) ETCD Username to use for login. | |
ANKA_OIDC_CLIENT_ID | (string) | (OpenID Connect/SSO) Client id | |
ANKA_OIDC_CLIENT_SECRET | (string) | (OpenID Connect/SSO) Client secret | |
ANKA_OIDC_DISPLAY_NAME | (string) | (OpenID Connect/SSO) Name to display on login page | |
ANKA_OIDC_GROUPS_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for groups, defaults to groups | groups |
ANKA_OIDC_PROVIDER_URL | (string) | (OpenID Connect/SSO) Provider URL | |
ANKA_OIDC_SCOPES | (string) | (OpenID Connect/SSO) Comma separated list of scopes, overrides default scopes used | |
ANKA_OIDC_USER_INFO | (boolean) | (OpenID Connect/SSO) Get claims from user info endpoint | false |
ANKA_OIDC_USERNAME_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for user name, defaults to name | |
ANKA_ROOT_CERT | (string) | (Certificate Authentication) Alias of ca-cert | |
ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the Controller UI and API (username is ‘root’). | |
ANKA_SKIP_ETCD_TLS_VERIFICATION | (boolean) | (ETCD Certificate Authentication) Don’t verify ETCD TLS certificates (for self signed certificates). | false |
ANKA_USE_ETCD_LOGIN | (boolean) | (ETCD Certificate Authentication) Enable ETCD client login with username and password. | false |
ANKA_USE_ETCD_TLS | (boolean) | (ETCD Certificate Authentication) Use TLS certificates for authentication with ETCD cluster. | false |
Separate Queue Interface
This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster’s Nodes
You must join your nodes with --skip-tests
.
Auto upgrading of the Agent running on your nodes/hosts will fail since the Agent is not downloadable through the queue interface. You must manually download the proper agent pkg from https://downloads.veertu.com/#anka/ and install it on your node/host.
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CLEAN_QUEUES_INTERVAL | (duration) | The interval to clean the queues (delete any tasks older than 24 hours), 0 to disable | 1h0m0s |
ANKA_ENABLE_QUEUE_AUTH | (boolean) | Enable queue Authentication | false |
ANKA_QUEUE_ADDR | (string) | The address to use for the queue (format: “0.0.0.0:[port]”) | |
ANKA_QUEUE_CA_CERT | (string) | The HTTPS/TLS CA cert for the queue | |
ANKA_QUEUE_CRL | (string) | The HTTPS/TLS certificate revocation list (CRL) for the queue | |
ANKA_QUEUE_SERVER_CERT | (string) | The HTTPS/TLS certificate file in PEM format for the queue | |
ANKA_QUEUE_SERVER_KEY | (string) | The HTTPS/TLS private key in PEM format for the queue | |
ANKA_USE_QUEUE_TLS | (boolean) | Enable queue HTTPS/TLS | false |
Performance / Task Management
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BATCH_TASK_COUNT | (int) | The number of tasks to get from the queue in one request (max 40) | 2 |
ANKA_DIAL_TIMEOUT | (duration) | set http dial timeout | 5s |
ANKA_ETCD_REQUEST_TIMEOUT | (duration) | Client side timeout for ETCD requests | 20s |
ANKA_INSTANCE_ACTIVE_TIMEOUT | (duration) | How long before an instance is declared as ’not communicating' | 2m0s |
ANKA_MAX_IDLE_CONNECTION_PER_HOST | (int) | set mac idle connections per host | 50 |
ANKA_NODE_ACTIVE_TIMEOUT | (duration) | How long before a node is declared as ‘offline’ | 2m0s |
ANKA_NUM_HTTP_RETRIES | (int) | Number of times to retry on http error > 400 | 5 |
ANKA_QUERY_TASK_TIMEOUT | (duration) | Seconds nodes wait to reserve a start vm task if queue is empty | 10s |
ANKA_REQUEST_TIMEOUT | (duration) | set http request timeout | 15s |
ANKA_RESERVE_TASK_TIMEOUT | (duration) | Seconds queue clients wait to reserve a task if queue is empty | 10s |
ANKA_SCHEDULER_INTERVAL | (duration) | The interval for checking scheduled tasks | 30m0s |
ANKA_TLS_HANDSHAKE_TIMEOUT | (duration) | set tls handshake timeout | 5s |
ANKA_UNKNOWN_VM_THRESHOLD | (int) | Number of reports allowed for an unknown VM before terminating it | 30 |
Internal
These are used internally. It’s recommended that you don’t modify them unless absolutely necessary
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ALLOW_CORS | (boolean) | Add Access-Control-Allow-Origin to all routes | false |
ANKA_NO_NODE_UPGRADES | (boolean) | Set this flag to true to turn off automatic node upgrade | false |
ANKA_VRAMTHRESHOLD | (float) | The minimum RAM percentage threshold to use for the UI graph | 0 |
Other
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ALLOW_EMPTY_REGISTRY | (boolean) | Allow controller to start without an external registry address (not recommended) | false |
General & Commonly used (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BASE_PATH | (string) | Set the registry data’s base path | . |
ANKA_IMAGE_DIR_PATH | (string) | Set the path to put images directory (relative to base) | images_dir |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “address:[port]”). | |
ANKA_STATE_FILE_DIR_PATH | (string) | Set the path to put the state files directory (relative to base) | state_file_dir |
ANKA_VM_DIR_PATH | (string) | Set the path to put vm directory (relative to base) | vm_dir |
ANKA_VM_LIST_CACHE_TTL | (duration) | Template information cache TTL | 30s |
Logging (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ACCESS_LOGS | (boolean) | Enables registry access logs. | false |
ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days). | 7 |
ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb). | 1024 |
ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry. | false |
ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days). | 3 |
ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb). | 200 |
ANKA_FILES_DIR | (string) | The directory to store non-VM related files. | /files |
ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days). | 0 |
ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb). | 0 |
ANKA_KEEP_LOGS_FOR | (int) | The number of days to keep individual centralized logs. | 7 |
ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined. | 7 |
ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined. | 700 |
ANKA_LOG_SERVER_BACKEND_TYPE | (string) | The log server backend type, either ‘disk’ or ‘azure’. | disk |
ANKA_LOG_SERVER_ADDR | (string) | The address and port the registry will send logs to. This is useful if you have multiple registries and only one is used for logging centralization (format: “http[s]://address:[port]”). | |
ANKA_LOGS_DIR | (string) | The directory to store centralized log files (relative to files-dir). | /central-logs |
ANKA_MAX_LOG_SIZE | (int) | The maximum size for a centralized log file in MB. | 1024 |
ANKA_ROTATE_LOG_FILES_AT_MAX_FILE_SIZE | (boolean) | Enable rotatation of centralized log files when they reach the size specified in max-log-size. | true |
ANKA_ROTATE_LOG_FILES_END_OF_DAY | (boolean) | Enable rotatation of centralized log files at the end of each day. | false |
HTTPS / TLS (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CIPHER_SUITES | (string) | A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256 | |
ANKA_MAX_TLS_VERSION | (string) | The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_MIN_TLS_VERSION | (string) | The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format. | |
ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format. | |
ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable verification of the HTTPS/TLS certificates (for self-signed certs). | false |
ANKA_USE_HTTPS | (boolean) | Enable the HTTPS/TLS protocol for the UI and API (requires server-cert & server-key). | false |
Authentication / Authorization (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys. | 4h0m0s |
ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration). | 5m0s |
ANKA_BACKEND_PLUGIN_PATH | (string) | The path to a backend plugin (instead of using disk) | |
ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs. | |
ANKA_CRL | (string) | (Certificate Authentication) File containing certificate revocation list (CRL) used to authenticate incoming requests/certs. | |
ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication. | false |
ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID Connect or API Keys) (Not to be confused with Authorization). | false |
ANKA_ENABLE_AUTHORIZATION | (boolean) | Enable Authorization for the standalone registry. | false |
ANKA_ENABLE_INGRESS_NGINX | (boolean) | Enable Authentication based on headers set by Ingress Nginx (https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/ | false |
ANKA_ENABLE_RESOURCE_MANAGEMENT | (boolean) | Enable resource management for the standalone registry (requires enable-authorization) | false |
ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the API (username is ‘root’). | |
ANKA_USE_BACKEND_PLUGIN | (boolean) | Turns on usage of backend plugin provided by backend-plugin-path | false |
General & Commonly used (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BASE_PATH | (string) | Set the registry data’s base path | . |
ANKA_IMAGE_DIR_PATH | (string) | Set the path to put images directory (relative to base) | images_dir |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “address:[port]”). | |
ANKA_STATE_FILE_DIR_PATH | (string) | Set the path to put the state files directory (relative to base) | state_file_dir |
ANKA_VM_DIR_PATH | (string) | Set the path to put vm directory (relative to base) | vm_dir |
ANKA_VM_LIST_CACHE_TTL | (duration) | Template information cache TTL | 30s |