etcd is configurable through command-line flags and environment variables. Options set on the command line take precedence over those from the environment.
The format of environment variable for flag -my-flag
is ETCD_MY_FLAG
. It applies to all flags.
To start etcd automatically using custom settings at startup in Linux, using a systemd unit is highly recommended.
- Human-readable name for this member.
- default: "default"
- This value is referenced as this node's own entries listed in the
-initial-cluster
flag (Ex:default=http://localhost:2380
ordefault=http://localhost:2380,default=http://localhost:7001
). This needs to match the key used in the flag if you're using static boostrapping.
- Path to the data directory.
- default: "${name}.etcd"
- Number of committed transactions to trigger a snapshot to disk.
- default: "10000"
- Time (in milliseconds) of a heartbeat interval.
- default: "100"
- Time (in milliseconds) for an election to timeout. See Documentation/tuning.md for details.
- default: "1000"
- List of URLs to listen on for peer traffic.
- default: "http://localhost:2380,http://localhost:7001"
- List of URLs to listen on for client traffic.
- default: "http://localhost:2379,http://localhost:4001"
- Maximum number of snapshot files to retain (0 is unlimited)
- default: 5
- The default for users on Windows is unlimited, and manual purging down to 5 (or your preference for safety) is recommended.
- Maximum number of wal files to retain (0 is unlimited)
- default: 5
- The default for users on Windows is unlimited, and manual purging down to 5 (or your preference for safety) is recommended.
- Comma-separated white list of origins for CORS (cross-origin resource sharing).
- default: none
-initial
prefix flags are used in bootstrapping (static bootstrap, discovery-service bootstrap or runtime reconfiguration) a new member, and ignored when restarting an existing member.
-discovery
prefix flags need to be set when using discovery service.
- List of this member's peer URLs to advertise to the rest of the cluster. These addresses are used for communicating etcd data around the cluster. At least one must be routable to all cluster members.
- default: "http://localhost:2380,http://localhost:7001"
- Initial cluster configuration for bootstrapping.
- default: "default=http://localhost:2380,default=http://localhost:7001"
- The key is the value of the
-name
flag for each node provided. The default usesdefault
for the key because this is the default for the-name
flag.
- Initial cluster state ("new" or "existing"). Set to
new
for all members present during initial static or DNS bootstrapping. If this option is set toexisting
, etcd will attempt to join the existing cluster. If the wrong value is set, etcd will attempt to start but fail safely. - default: "new"
- Initial cluster token for the etcd cluster during bootstrap.
- default: "etcd-cluster"
- List of this member's client URLs to advertise to the rest of the cluster.
- default: "http://localhost:2379,http://localhost:4001"
- Discovery URL used to bootstrap the cluster.
- default: none
- DNS srv domain used to bootstrap the cluster.
- default: none
- Expected behavior ("exit" or "proxy") when discovery services fails.
- default: "proxy"
- HTTP proxy to use for traffic to discovery service.
- default: none
-proxy
prefix flags configures etcd to run in proxy mode.
- Proxy mode setting ("off", "readonly" or "on").
- default: "off"
- Time (in milliseconds) an endpoint will be held in a failed state before being reconsidered for proxied requests.
- default: 5000
- Time (in milliseconds) of the endpoints refresh interval.
- default: 30000
- Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
- default: 1000
- Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
- default: 5000
- Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
- Don't change this value if you use watches because they are using long polling requests.
- default: 0
The security flags help to build a secure etcd cluster.
- Path to the client server TLS CA file.
- default: none
- Path to the client server TLS cert file.
- default: none
- Path to the client server TLS key file.
- default: none
- Enable client cert authentication.
- default: false
- Path to the client server TLS trusted CA key file.
- default: none
- Path to the peer server TLS CA file.
- default: none
- Path to the peer server TLS cert file.
- default: none
- Path to the peer server TLS key file.
- default: none
- Enable peer client cert authentication.
- default: false
- Path to the peer server TLS trusted CA file.
- default: none
- Drop the default log level to DEBUG for all subpackages.
- default: false (INFO for all packages)
- Set individual etcd subpackages to specific log levels. An example being
etcdserver=WARNING,security=DEBUG
- default: none (INFO for all packages)
Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol. For example, it may panic if other members in the cluster are still alive. Follow the instructions when using these flags.
- Force to create a new one-member cluster. It commits configuration changes in force to remove all existing members in the cluster and add itself. It needs to be set to restore a backup.
- default: false
- Print the version and exit.
- default: false