Configuration Reference
Anka Build Cloud Configuration Reference
Controller Configuration Reference
Configuring your Anka Build Cloud Controller & Registry to enable features or customize URLs has several methods available.
Environment Variables
Depending on the package you’re using (native or docker), you can set ENV variables to modify the configuration of your controller and registry.
Our default docker package will use .env files to store the configuration ENVs. Both that and the below example are valid ways to configure the Anka Build Cloud.
docker-compose.yml (docker)
version: '3'
services:
anka-controller:
container_name: anka.controller
build:
context: controller
ports:
- "80:80" # You can change this to expose the controller on a different port
depends_on:
- etcd
- anka-registry
restart: always
environment:
ANKA_ANKA_REGISTRY: "http://anka-registry:8089"
ANKA_ENABLE_CENTRAL_LOGGING: "true"
anka-registry:
container_name: anka.registry
build:
context: registry
ports:
- "8089:8089"
restart: always
volumes:
- "~/anka-registry-data:/mnt/vol"
etcd:
container_name: anka.etcd
build:
context: etcd
volumes:
- /var/etcd-data:/etcd-data
restart: always
environment:
ETCD_DATA_DIR: "/etcd-data"
ETCD_LISTEN_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_ADVERTISE_CLIENT_URLS: "http://0.0.0.0:2379"
ETCD_LISTEN_PEER_URLS: "http://0.0.0.0:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS: "http://0.0.0.0:2380"
ETCD_INITIAL_CLUSTER: "my-etcd=http://0.0.0.0:2380"
ETCD_INITIAL_CLUSTER_TOKEN: "my-etcd-token"
ETCD_INITIAL_CLUSTER_STATE: "new"
ETCD_AUTO_COMPACTION_RETENTION: "30m"
ETCD_NAME: "my-etcd"
/usr/local/bin/anka-controllerd (native)
When editing the /usr/local/bin/anka-controllerd, be sure to use export when setting the ENV.
#!/bin/bash
export ANKA_STANDALONE="true"
export ANKA_LISTEN_ADDR=":80"
export ANKA_DATA_DIR="/Library/Application Support/Veertu/Anka/anka-controller"
export ANKA_ENABLE_CENTRAL_LOGGING="true"
export ANKA_LOG_DIR="/Library/Logs/Veertu/AnkaController"
export ANKA_RUN_REGISTRY="true"
export ANKA_ALLOW_EMPTY_REGISTRY="true"
export ANKA_REGISTRY_BASE_PATH="/Library/Application Support/Veertu/Anka/registry"
export ANKA_REGISTRY_LISTEN_ADDRESS="0.0.0.0:8089"
# SSL + Cert Auth
# export ANKA_USE_HTTPS="true"
# export ANKA_SKIP_TLS_VERIFICATION="true"
# export ANKA_SERVER_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_SERVER_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"
# export ANKA_ENABLE_AUTH="true"
# export ANKA_CA_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-ca-crt.pem"
# export ANKA_CLIENT_CERT="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-crt.pem"
# export ANKA_CLIENT_CERT_KEY="/Users/nathanpierce/anka-build-cloud-certs/anka-controller-key.pem"
# export ANKA_ROOT_TOKEN="1111111111"
${ANKA_USE_HTTPS:-false} && SCHEME="https://" || SCHEME="http://"
export ANKA_ANKA_REGISTRY="${SCHEME}anka.registry:8089"
/Library/Application\ Support/Veertu/Anka/bin/anka-controller
Configuration ENVs
General & Commonly used
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ANKA_REGISTRY | (string) | Anka Registry address that will be used by Nodes to pull/download VM Templates and Tags. This is not used by the Controller to communicate with the Registry. (format: “http[s]://address:[port]”). | |
ANKA_CLEAN_MAC_ADDRESS_INTERVAL | (duration) | Delay between cleaning mac addresses. | 1h0m0s |
ANKA_DEFRAG_DB_INTERVAL | (duration) | The interval for defragging ETCD (0 is disable). | 0 |
ANKA_ETCD_ENDPOINTS | (string) | Comma separated list of etcd addresses. These endpoints are used for the Application DB (instance, group, node information) and the Queue DB (if not defined separately with ANKA_QUEUE_ETCD_ENDPOINTS). | 127.0.0.1:2379 |
ANKA_FILL_MAC_ADDRESS_RANGE_INTERVAL | (duration) | Interval to execute the mac address range validation. | 3h0m0s |
ANKA_INSTANCE_TIME_OUT | (duration) | The time that instances stay in ‘Terminated’ state. | 1m0s |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “[address]:port”). | :80 |
ANKA_LOCAL_ANKA_REGISTRY | (string) | The Controller uses this to communicate with the Registry and is separate from the ANKA_ANKA_REGISTRY, which is used by external services like Anka Nodes. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”). | |
ANKA_MAC_ADDR_RANGE | (string) | Pass the range of mac addresses to use. manage-mac-addresses must be set to true to use this option. format is | |
ANKA_MAC_ADDR_RANGE_MAX_RETRIES | (int) | Times to retry to get mac address from the database before giving up and returning an error. | 100 |
ANKA_MANAGE_MAC_ADDRESSES | (boolean) | Enables the controller to manage mac addresses of VMs. Check our docs for more info and caveats. | false |
ANKA_NUM_WORKERS | (int) | The number of concurrent workers processing node tasks. | 2 |
ANKA_PUSH_REGISTRY | (string) | Comma separated list of Registry addresses to use for push operations (saveImage/Jenkins cache building). | |
ANKA_QUEUE_ETCD_ENDPOINTS | (string) | Comma seperated list of ETCD endpoints to use for queue data (only available in standalone mode). | |
ANKA_STANDALONE | (boolean) | Run controller service, the built in registry, and etcd database together in a single binary/service. | false |
Logging
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days). | 7 |
ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb). | 1024 |
ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry. | false |
ANKA_ENABLE_EVENT_LOGGING | (boolean) | (Enterprise Plus Only) Enables event logging. They will show under the Controller’s Logs section after the first instance is created. | false |
ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days). | 3 |
ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb). | 200 |
ANKA_EVENT_LOG_URL | (string) | (Enterprise Plus Only) The url to post events to in json format. | |
ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days). | 0 |
ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb). | 0 |
ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined. | 7 |
ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined. | 700 |
HTTPS / TLS
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CIPHER_SUITES | (string) | A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256 | |
ANKA_MAX_TLS_VERSION | (string) | The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_MIN_TLS_VERSION | (string) | The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format. | |
ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format. | |
ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable the verification of the HTTPS/TLS certificates when making outbound requests to services (for self-signed certs). | false |
ANKA_USE_HTTPS | (boolean) | Enable HTTPS/TLS protocol for the controller UI and API (requires server-cert & server-key). | false |
Built in Registry
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ENABLE_REGISTRY_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Registry. | false |
ANKA_REGISTRY_ACCESS_LOGS | (boolean) | Enables registry access logs. | false |
ANKA_REGISTRY_BASE_PATH | (string) | Built-in Registry’s data storage path. | |
ANKA_REGISTRY_LISTEN_ADDRESS | (string) | Address for built in Registry to listen on. | :8089 |
ANKA_REGISTRY_VM_LIST_CACHE_TTL | (duration) | Registry’s template information cache TTL | 30s |
ANKA_RUN_REGISTRY | (boolean) | Run Built-in Registry (useful if not using standalone mode, but you still want the controller and registry to run together; no etcd). | false |
Built in ETCD
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ADVERTISE_CLIENT_URLS | (string) | Comma separated list of client urls for ETCD to advertise (only available in standalone mode) | http://127.0.0.1:2379 |
ANKA_AUTO_COMPACTION_MODE | (string) | The ETCD auto compaction mode, (‘periodic’ or ‘revision’) (only available in standalone mode) | periodic |
ANKA_AUTO_COMPACTION_RETENTION | (string) | The ETCD auto compaction retention length (0 is disabled) (only available in standalone mode) | 30m |
ANKA_DATA_DIR | (string) | The ETCD data directory location (only available in standalone mode) | /tmp/etcd-data |
ANKA_INITIAL_ADVERTISE_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to advertise (only available in standalone mode) | http://0.0.0.0:2380 |
ANKA_INITIAL_CLUSTER | (string) | The initial ETCD cluster configuration for bootstrapping (only available in standalone mode) | anka-etcd=http://0.0.0.0:2380 |
ANKA_INITIAL_CLUSTER_STATE | (string) | The initial cluster state for ETCD (’new’ or ’existing’) (only available in standalone mode) | new |
ANKA_INITIAL_CLUSTER_TOKEN | (string) | The cluster token used in ETCD during bootstrap (only available in standalone mode) | etcd-server |
ANKA_LISTEN_CLIENT_URLS | (string) | Comma separated list client urls for ETCD to use (only available in standalone mode) | http://127.0.0.1:2379 |
ANKA_LISTEN_PEER_URLS | (string) | Comma separated list of peer urls for ETCD to use (only available in standalone mode) | http://0.0.0.0:2380 |
ANKA_NAME | (string) | The name for your ETCD server (only available in standalone mode) | anka-etcd |
Authentication and Authorization
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_API_KEY_FILE | (string) | The API Key (UAK) file used for authentication between the controller and registry. Takes precedence over api-key-string. | |
ANKA_API_KEY_ID | (string) | The API Key (UAK) id used for authentication between the controller and registry. | |
ANKA_API_KEY_STRING | (string) | The API Key (UAK) string used for authentication between the controller and registry. The string is a stripped down version of the pem (cat myUAK.pem | sed ‘1,1d’ |
ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys. | 4h0m0s |
ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration). | 5m0s |
ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs. | |
ANKA_CLIENT_CERT | (string) | (Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry | |
ANKA_CLIENT_CERT_KEY | (string) | (Certificate Authentication) The Controller will use this when making http requests, mainly to the Registry | |
ANKA_CLIENT_KEYPASS | (string) | (Certificate Authentication) Password for certificate and keystore (optional) | |
ANKA_CLIENT_KEYSTORE | (string) | (Certificate Authentication) A client keystore file in pkcs12 format; The Controller will use this when making http requests (mainly to the Registry). | |
ANKA_CRL | (string) | (Certificate Authentication) File containing certificate revocation list (CRL) used to authenticate incoming requests/certs. | |
ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication. | false |
ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID Connect or API Keys) (Not to be confused with Authorization). | false |
ANKA_ENABLE_CONTROLLER_AUTHORIZATION | (boolean) | Enable Authorization (Users, groups, permission control for specific certificates) in the Controller. | false |
ANKA_ETCD_CA_CERT | (string) | (ETCD Certificate Authentication) The Etcd client will use this when connecting to the cluster. | |
ANKA_ETCD_CERT | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
ANKA_ETCD_CERT_KEY | (string) | (ETCD Certificate Authentication) The ETCD client will use this when connecting to the cluster. | |
ANKA_ETCD_PASSWORD | (string) | (ETCD Certificate Authentication) ETCD Password to use for login. | |
ANKA_ETCD_USERNAME | (string) | (ETCD Certificate Authentication) ETCD Username to use for login. | |
ANKA_OIDC_CACHE_TTL | (duration) | (OpenID Connect/SSO) Cache entry TTL | 1h0m0s |
ANKA_OIDC_CLIENT_ID | (string) | (OpenID Connect/SSO) Client id | |
ANKA_OIDC_DISPLAY_NAME | (string) | (OpenID Connect/SSO) Name to display on login page | |
ANKA_OIDC_GROUPS_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for groups, defaults to groups | groups |
ANKA_OIDC_PROVIDER_URL | (string) | (OpenID Connect/SSO) Provider URL | |
ANKA_OIDC_SCOPES | (string) | (OpenID Connect/SSO) Comma separated list of scopes, overrides default scopes used | |
ANKA_OIDC_USER_INFO | (boolean) | (OpenID Connect/SSO) Get claims from user info endpoint | false |
ANKA_OIDC_USERNAME_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for user name, defaults to name | |
ANKA_ROOT_CERT | (string) | (Certificate Authentication) Alias of ca-cert | |
ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the Controller UI and API (username is ‘root’). | |
ANKA_SKIP_ETCD_TLS_VERIFICATION | (boolean) | (ETCD Certificate Authentication) Don’t verify ETCD TLS certificates (for self signed certificates). | false |
ANKA_USE_ETCD_LOGIN | (boolean) | (ETCD Certificate Authentication) Enable ETCD client login with username and password. | false |
ANKA_USE_ETCD_TLS | (boolean) | (ETCD Certificate Authentication) Use TLS certificates for authentication with ETCD cluster. | false |
Separate Queue Interface
This is an advanced feature, it allows you to have a second http interface that will be used only by the cluster’s Nodes
You must join your nodes with --skip-tests
.
Auto upgrading of the Agent running on your nodes/hosts will fail since the Agent is not downloadable through the queue interface. You must manually download the proper agent pkg from https://downloads.veertu.com/#anka/ and install it on your node/host.
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CLEAN_QUEUES_INTERVAL | (duration) | The interval to clean the queues (delete any tasks older than 24 hours), 0 to disable | 1h0m0s |
ANKA_ENABLE_QUEUE_AUTH | (boolean) | Enable queue Authentication | false |
ANKA_QUEUE_ADDR | (string) | The address to use for the queue (format: “0.0.0.0:[port]”) | |
ANKA_QUEUE_CA_CERT | (string) | The HTTPS/TLS CA cert for the queue | |
ANKA_QUEUE_CRL | (string) | The HTTPS/TLS certificate revocation list (CRL) for the queue | |
ANKA_QUEUE_SERVER_CERT | (string) | The HTTPS/TLS certificate file in PEM format for the queue | |
ANKA_QUEUE_SERVER_KEY | (string) | The HTTPS/TLS private key in PEM format for the queue | |
ANKA_USE_QUEUE_TLS | (boolean) | Enable queue HTTPS/TLS | false |
Performance / Task Management
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BATCH_TASK_COUNT | (int) | The number of tasks to get from the queue in one request (max 40) | 2 |
ANKA_DIAL_TIMEOUT | (duration) | set http dial timeout | 5s |
ANKA_ETCD_REQUEST_TIMEOUT | (duration) | Client side timeout for ETCD requests | 20s |
ANKA_INSTANCE_ACTIVE_TIMEOUT | (duration) | How long before an instance is declared as ’not communicating' | 2m0s |
ANKA_MAX_IDLE_CONNECTION_PER_HOST | (int) | set mac idle connections per host | 50 |
ANKA_NODE_ACTIVE_TIMEOUT | (duration) | How long before a node is declared as ‘offline’ | 2m0s |
ANKA_NUM_HTTP_RETRIES | (int) | Number of times to retry on http error > 400 | 5 |
ANKA_REQUEST_TIMEOUT | (duration) | set http request timeout | 15s |
ANKA_SCHEDULER_INTERVAL | (duration) | The interval for checking scheduled tasks | 30m0s |
ANKA_TLS_HANDSHAKE_TIMEOUT | (duration) | set tls handshake timeout | 5s |
Internal
These are used internally. It’s recommended that you don’t modify them unless absolutely necessary
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ALLOW_CORS | (boolean) | Add Access-Control-Allow-Origin to all routes | false |
ANKA_NO_NODE_UPGRADES | (boolean) | Set this flag to true to turn off automatic node upgrade | false |
ANKA_VRAMTHRESHOLD | (float) | The minimum RAM percentage threshold to use for the UI graph | 0 |
Other
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ALLOW_EMPTY_REGISTRY | (boolean) | Allow controller to start without an external registry address (not recommended) | false |
General & Commonly used (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BASE_PATH | (string) | Set the registry data’s base path | . |
ANKA_IMAGE_DIR_PATH | (string) | Set the path to put images directory (relative to base) | images_dir |
ANKA_INTERNAL_LISTEN_ADDR | (string) | The secondary address and port to listen on. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”). | |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “http[s]://address:[port]”). | |
ANKA_STATE_FILE_DIR_PATH | (string) | Set the path to put the state files directory (relative to base) | state_file_dir |
ANKA_VM_DIR_PATH | (string) | Set the path to put vm directory (relative to base) | vm_dir |
ANKA_VM_LIST_CACHE_TTL | (duration) | Template information cache TTL | 30s |
Logging (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_ACCESS_LOGS | (boolean) | Enables registry access logs. | false |
ANKA_CMD_LOG_MAX_DAYS | (int) | Number of days to keep cmd logs (0 will use the value in log-max-days). | 7 |
ANKA_CMD_LOG_MAX_MB | (int) | MB limit for cmd log files (0 will use the value in log-max-mb). | 1024 |
ANKA_ENABLE_CENTRAL_LOGGING | (boolean) | Enables central logging. This will forward all logs available to the service into the registry’s data directory using the REST API of the Registry. | false |
ANKA_ERROR_LOG_MAX_DAYS | (int) | Number of days to keep error logs (0 will use the value in log-max-days). | 3 |
ANKA_ERROR_LOG_MAX_MB | (int) | MB limit for error log files (0 will use the value in log-max-mb). | 200 |
ANKA_FILES_DIR | (string) | The directory to store non-VM related files. | /files |
ANKA_INFO_LOG_MAX_DAYS | (int) | Number of days to keep info logs (0 will use the value in log-max-days). | 0 |
ANKA_INFO_LOG_MAX_MB | (int) | MB limit for info log files (0 will use the value in log-max-mb). | 0 |
ANKA_KEEP_LOGS_FOR | (int) | The number of days to keep individual centralized logs. | 7 |
ANKA_LOG_MAX_DAYS | (int) | Number of days to keep logs for all log types unless otherwise defined. | 7 |
ANKA_LOG_MAX_MB | (int) | MB limit for log files, for all log types unless otherwise defined. | 700 |
ANKA_LOG_SERVER_BACKEND_TYPE | (string) | The log server backend type, either ‘disk’ or ‘azure’. | disk |
ANKA_LOG_SERVER_ADDR | (string) | The address and port the registry will send logs to. This is useful if you have multiple registries and only one is used for logging centralization (format: “http[s]://address:[port]”). | |
ANKA_LOGS_DIR | (string) | The directory to store centralized log files (relative to files-dir). | /central-logs |
ANKA_MAX_LOG_SIZE | (int) | The maximum size for a centralized log file in MB. | 1024 |
ANKA_ROTATE_LOG_FILES_AT_MAX_FILE_SIZE | (boolean) | Enable rotatation of centralized log files when they reach the size specified in max-log-size. | true |
ANKA_ROTATE_LOG_FILES_END_OF_DAY | (boolean) | Enable rotatation of centralized log files at the end of each day. | false |
HTTPS / TLS (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_CIPHER_SUITES | (string) | A list of cipher suites to use for HTTPS/TLS. Supported Options: tls_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_256_cbc_sha, tls_rsa_with_aes_128_gcm_sha256, tls_rsa_with_aes_256_gcm_sha384, tls_aes_128_gcm_sha256, tls_aes_256_gcm_sha384, tls_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_aes_256_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_256_cbc_sha, tls_ecdhe_ecdsa_with_aes_128_gcm_sha256, tls_ecdhe_ecdsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_aes_128_gcm_sha256, tls_ecdhe_rsa_with_aes_256_gcm_sha384, tls_ecdhe_rsa_with_chacha20_poly1305_sha256, tls_ecdhe_ecdsa_with_chacha20_poly1305_sha256 | |
ANKA_MAX_TLS_VERSION | (string) | The max tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_MIN_TLS_VERSION | (string) | The min tls version to use with HTTPS/TLS. Supported Options: tls_1.0, tls_1.1, tls_1.2, tls_1.3 | |
ANKA_SERVER_CERT | (string) | The path to a HTTPS/TLS certificate file in PEM format. | |
ANKA_SERVER_KEY | (string) | The path to a HTTPS/TLS certificate private key file in PEM format. | |
ANKA_SKIP_TLS_VERIFICATION | (boolean) | Disable verification of the HTTPS/TLS certificates (for self-signed certs). | false |
ANKA_USE_HTTPS | (boolean) | Enable the HTTPS/TLS protocol for the UI and API (requires server-cert & server-key). | false |
ANKA_USE_HTTPS_INTERNAL | (boolean) | Enable the HTTPS/TLS protocol for the internal_listen_addr address/port. | false |
Authentication / Authorization (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_API_KEYS_CLEANING_INTERVAL | (duration) | The interval for cleaning of expired api keys. | 4h0m0s |
ANKA_API_KEYS_SESSION_TTL | (duration) | The API Keys session TTL (used for automatic expiration). | 5m0s |
ANKA_BACKEND_PLUGIN_PATH | (string) | The path to a backend plugin (instead of using disk) | |
ANKA_CA_CERT | (string) | (Certificate Authentication) The CA/root cert used to authenticate incoming requests/certs. | |
ANKA_ENABLE_API_KEYS | (boolean) | Enable API Key Authentication. | false |
ANKA_ENABLE_AUTH | (boolean) | Enable Authentication (Root Token, Certificate, SSO/OpenID Connect or API Keys) (Not to be confused with Authorization). | false |
ANKA_ENABLE_AUTHORIZATION | (boolean) | Enable Authorization for the standalone registry. | false |
ANKA_OIDC_CACHE_TTL | (duration) | (OpenID Connect/SSO) Cache entry TTL | 1h0m0s |
ANKA_OIDC_CLIENT_ID | (string) | (OpenID Connect/SSO) Client id | |
ANKA_OIDC_GROUPS_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for groups, defaults to groups | groups |
ANKA_OIDC_PROVIDER_URL | (string) | (OpenID Connect/SSO) Provider url | |
ANKA_OIDC_SCOPES | (string) | (OpenID Connect/SSO) Comma separated list of scopes, overrides default scopes used | |
ANKA_OIDC_USER_INFO | (boolean) | (OpenID Connect/SSO) Get claims from user info endpoint | false |
ANKA_OIDC_USERNAME_CLAIM | (string) | (OpenID Connect/SSO) Claim key to use for user name, defaults to name | |
ANKA_ROOT_TOKEN | (string) | Sets the basic auth token that will be used for accessing the API (username is ‘root’). | |
ANKA_USE_BACKEND_PLUGIN | (boolean) | Turns on usage of backend plugin provided by backend-plugin-path | false |
General & Commonly used (standalone registry)
ENV | Type | Description | Default Value |
---|---|---|---|
ANKA_BASE_PATH | (string) | Set the registry data’s base path | . |
ANKA_IMAGE_DIR_PATH | (string) | Set the path to put images directory (relative to base) | images_dir |
ANKA_INTERNAL_LISTEN_ADDR | (string) | The secondary address and port to listen on. This is for situations where the Controller and Registry are on the same network and you want to use localhost/local DNS for communication between them (format: “http[s]://address:[port]”). | |
ANKA_LISTEN_ADDR | (string) | The address and port to listen on (format: “http[s]://address:[port]”). | |
ANKA_STATE_FILE_DIR_PATH | (string) | Set the path to put the state files directory (relative to base) | state_file_dir |
ANKA_VM_DIR_PATH | (string) | Set the path to put vm directory (relative to base) | vm_dir |
ANKA_VM_LIST_CACHE_TTL | (duration) | Template information cache TTL | 30s |