-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathexample.conf
276 lines (206 loc) · 10.1 KB
/
example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
############################
# Basic Config
############################
# The address GRPC requests will listen on
GUBER_GRPC_ADDRESS=0.0.0.0:1051
# The address HTTP requests will listen on
GUBER_HTTP_ADDRESS=0.0.0.0:1050
# The address gubernator peers will connect to. Ignored if using k8s peer
# discovery method.
#
# Should be the same as GUBER_GRPC_ADDRESS unless you are running behind a NAT
# or running in a docker container without host networking.
#
# If unset, will default to the hostname or if that fails will attempt
# to guess at a non loopback interface
GUBER_ADVERTISE_ADDRESS=localhost:1051
# A unique id which identifies this instance of gubernator. This
# id is used in tracing and logging to identify this instance.
# This can be set by kubernetes pod definitions or nomad job files.
# If not set, will default to the Docker CID or a random generated id
GUBER_INSTANCE_ID=<unique-id>
# Max size of the cache; This is the cache that holds
# all the rate limits. The cache size will never grow
# beyond this size.
# GUBER_CACHE_SIZE=50000
# The name of the datacenter this gubernator instance is in.
# GUBER_DATA_CENTER=datacenter1
# Time in seconds that the GRPC server will keep a client connection alive.
# If value is zero (default) time is infinity
# GUBER_GRPC_MAX_CONN_AGE_SEC=30
# A list of optional prometheus metric collection
# os - collect process metrics
# See https://pkg.go.dev/github.com/prometheus/client_golang@v1.11.0/prometheus/collectors#NewProcessCollector
# golang - collect golang internal metrics
# See https://pkg.go.dev/github.com/prometheus/client_golang@v1.11.0/prometheus/collectors#NewGoCollector
# GUBER_METRIC_FLAGS=os,golang
############################
# Log Config
############################
# Log Level, these are the log levels for logrus.
# GUBER_LOG_LEVEL=trace
# Log Format, currently supports either json or text
# GUBER_LOG_FORMAT=json
############################
# Behavior Config
############################
# How long a forwarding peer will wait for a response before timing out
#GUBER_BATCH_TIMEOUT=500ms
# The max number of requests in a single batch a node will forward to a peer
#GUBER_BATCH_LIMIT=1000
# How long a node will wait before sending a batch of requests to a peer
#GUBER_BATCH_WAIT=500ns
# How long a owning peer will wait for a response when sending GLOBAL updates to peers
#GUBER_GLOBAL_TIMEOUT=500ms
# The max number of requests in a single batch to a node when sending GLOBAL updates to peers
#GUBER_GLOBAL_BATCH_LIMIT=1000
# How long a node will wait before sending a batch of GLOBAL updates to a peer
#GUBER_GLOBAL_SYNC_WAIT=500ns
############################
# TLS Config
############################
# Path to the CA certificate. This is primarily used by gubernator
# when connecting to other gubernator peers.
# GUBER_TLS_CA=/path/to/ca.pem
# Path to the CA private key. See GUBER_TLS_AUTO for details
# GUBER_TLS_CA_KEY=/path/to/ca.key
# Path to the server certificate. Certificate used by the server/clients for TLS connections.
# Support hot reload on receiving the SIGHUB signal
# GUBER_TLS_CERT=/path/to/server.pem
# Path to the server private key. This is the key for the certificate. Must be unencrypted.
# Support hot reload on receiving the SIGHUB signal
# GUBER_TLS_KEY=/path/to/server.key
# If set to `true` gubernator will generate both the CA and self-signed server certificates.
# If GUBER_TLS_CA and GUBER_TLS_CA_KEY are set but no GUBER_TLS_KEY or GUBER_TLS_CERT is set
# then gubernator will generate a self-signed key using the provided GUBER_TLS_CA and
# GUBER_TLS_CA_KEY. This avoids the need to distribute a new server cert for each gubernator
# instance at the cost of distributing the CA private key. If set but no CA or TLS certs are
# provided gubernator will generate a CA and certs needed TLS.
# Hot reload is disabled when GUBER_TLS_AUTO set to `true`.
# GUBER_TLS_AUTO=false
# Sets the minimum TLS version. If not set, defaults to 1.3
# GUBER_TLS_MIN_VERSION=1.3
# Sets the Client Authentication type as defined in the golang standard 'crypto/tls' package.
# Valid types are ('request-cert', 'verify-cert', 'require-any-cert', 'require-and-verify').
# Use `require-and-verify` to achieve secure client authentication which will apply to all
# client and gubernator peer to peer communication. If set then gubernator will attempt to
# load GUBER_TLS_CLIENT_AUTH_CA_CERT, GUBER_TLS_CLIENT_AUTH_KEY and
# GUBER_TLS_CLIENT_AUTH_CERT for use with client authentication. If not provided client
# auth will use GUBER_TLS_CA, GUBER_TLS_CERT and GUBER_TLS_KEY for client authentication.
# GUBER_TLS_CLIENT_AUTH=require-and-verify
# For use with GUBER_TLS_CLIENT_AUTH
# Support hot reload on receiving the SIGHUB signal for GUBER_TLS_CLIENT_AUTH_KEY and GUBER_TLS_CLIENT_AUTH_CERT
# GUBER_TLS_CLIENT_AUTH_KEY=/path/to/client.key
# GUBER_TLS_CLIENT_AUTH_CERT=/path/to/client.pem
# GUBER_TLS_CLIENT_AUTH_CA_CERT=/path/to/client-ca.pem
# If true, TLS peer to peer clients will accept any certificate presented by the remote
# gubernator instance and any host name in that certificate.
# GUBER_TLS_INSECURE_SKIP_VERIFY=false
# Configures the tls client used to make peer GRPC requests to verify that peer certificates
# contain the specified SAN. See ServerName field of https://pkg.go.dev/crypto/tls#Config.
# Useful if your peer certificates do not contain IP SANs, but all contain a common SAN.
# GUBER_TLS_CLIENT_AUTH_SERVER_NAME=gubernator
############################
# Peer Discovery Type
############################
# Which type of peer discovery gubernator will use ('member-list', 'etcd', 'k8s', `none`)
# GUBER_PEER_DISCOVERY_TYPE=member-list
############################
# Member-List Config (GUBER_PEER_DISCOVERY_TYPE=member-list)
############################
# The address peers will connect too. Defaults to GUBER_ADVERTISE_ADDRESS
# GUBER_MEMBERLIST_ADVERTISE_ADDRESS=localhost:1051
# The address the memberlist will listen to for TCP and UDP gossip.
# The default used by memberlist package is 0.0.0.0:7946.
# GUBER_MEMBERLIST_BIND_ADDRESS=0.0.0.0:7946
# The address the member list will listen to in order to discover other list members.
# This should be a different port than GUBER_ADVERTISE_ADDRESS.
# Used for nat traversal in the memberlist package.
# GUBER_MEMBERLIST_ADDRESS=localhost:1051
# This is an initial list or a single domain name that 'member-list' will connect to in order to
# begin discovering other peers.
# GUBER_MEMBERLIST_KNOWN_NODES=peer1:1051,peer2:1051,peer3:1051
# GUBER_MEMBERLIST_KNOWN_NODES=memberlist.example.com
############################
# Kubernetes Config (GUBER_PEER_DISCOVERY_TYPE=k8s)
############################
# The namespace the gubernator instances were deployed into
#GUBER_K8S_NAMESPACE=default
# Should be set to the IP of the pod the gubernator instance is running in.
# This allows gubernator to know which of the peers it discovers is it's self.
#GUBER_K8S_POD_IP=<pod-ip>
# Should be set to the port number of the pod, as defined by `containerPort` in the pod spec.
#GUBER_K8S_POD_PORT=<pod-port>
# The selector used when listing the endpoints API to find peers.
#GUBER_K8S_ENDPOINTS_SELECTOR=app=gubernator
# The mechanism by which gubernator watches for changes in k8s. (defaults to 'endpoints')
# endpoints - Watches the v1.Endpoints API for changes
# pods - Watches the v1.Pod API for changes
#GUBER_K8S_WATCH_MECHANISM=endpoints
############################
# Etcd Config (GUBER_PEER_DISCOVERY_TYPE=etcd)
############################
# A Comma separate list of etcd nodes
# GUBER_ETCD_ENDPOINTS=localhost:2379
# The address peers will connect too. Defaults to GUBER_ADVERTISE_ADDRESS
# GUBER_ETCD_ADVERTISE_ADDRESS=localhost:1051
# The prefix gubernator will use to register peers under in etcd
#GUBER_ETCD_KEY_PREFIX=/gubernator-peers
# How long etcd client will wait for a response when initial dialing a node
#GUBER_ETCD_DIAL_TIMEOUT=5s
# The name of the datacenter this gubernator instance is in.
# GUBER_ETCD_DATA_CENTER=datacenter1
# Authentication
#GUBER_ETCD_USER=my-user
#GUBER_ETCD_PASSWORD=my-password
# Enables TLS config, with an empty config
#GUBER_ETCD_TLS_EABLED=False
# Certificate file locations
#GUBER_ETCD_TLS_CERT=/path/to/cert
#GUBER_ETCD_TLS_KEY=/path/to/key
#GUBER_ETCD_TLS_CA=/path/to/ca
# Skip CERT verification
#GUBER_ETCD_TLS_SKIP_VERIFY=true
############################
# Picker Config
############################
# Choose which picker algorithm to use
# GUBER_PEER_PICKER=consistent-hash
# Choose the hash algorithm for `consistent-hash` (crc32, fnv1a, fnv1)
# GUBER_PEER_PICKER_HASH=crc32
# Choose which picker algorithm to use
# GUBER_PEER_PICKER=replicated-hash
# Choose the hash algorithm for `replicated-hash` (fnv1a, fnv1)
# GUBER_PEER_PICKER_HASH=fnv1a
# Choose the number of replications
# GUBER_REPLICATED_HASH_REPLICAS=512
############################
# OTEL Tracing Config
# See /tracing.md
############################
# Set the name of the service which will be reported in traces
# OTEL_SERVICE_NAME=gubernator
# Set the tracing level, this controls the number of spans included in a single trace.
# Valid options are (ERROR, INFO, DEBUG) Defaults to "ERROR"
# GUBER_TRACING_LEVEL=ERROR
# Set which sampler to use (always_on, always_off, traceidratio, parentbased_always_on,
# parentbased_always_off, parentbased_traceidratio)
# OTEL_TRACES_SAMPLER=always_on
# If traceidratio set the ratio to a value between 0.0 and 1.0
# OTEL_TRACES_SAMPLER_ARG=1.0
# Choose the transport protocol (otlp, grpc or http/protobuf)
# OTEL_EXPORTER_OTLP_PROTOCOL=grpc
# The endpoint to send traces to
# OTEL_EXPORTER_OTLP_ENDPOINT=https://collector:<port>
# If the endpoint is `https` specify the TLS certificate files
# OTEL_EXPORTER_OTLP_CERTIFICATE=/path/to/cert
# OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE=/path/to/client
# OTEL_EXPORTER_OTLP_CLIENT_KEY=/path/to/ca
# Optional headers appended to the http requests in the format key=value,key2=value2
# OTEL_EXPORTER_OTLP_HEADERS=header1=value1
############################
# Honeycomb.io Tracing Config
############################
# OTEL_EXPORTER_OTLP_PROTOCOL=otlp
# OTEL_EXPORTER_OTLP_ENDPOINT=https://api.honeycomb.io
# OTEL_EXPORTER_OTLP_HEADERS=x-honeycomb-team=<api-key>