etcd is configurable through a configuration file, various command-line flags, and environment variables.
A reusable configuration file is a YAML file made with name and value of one or more command-line flags described below. In order to use this file, specify the file path as a value to the
--config-file flag. The sample configuration file can be used as a starting point to create a new configuration file as needed.
Options set on the command line take precedence over those from the environment. If a configuration file is provided, other command line flags and environment variables will be ignored.
etcd --config-file etcd.conf.yml.sample --data-dir /tmp will ignore the
The format of environment variable for flag
ETCD_MY_FLAG. It applies to all flags.
The official etcd ports are 2379 for client requests and 2380 for peer communication. The etcd ports can be set to accept TLS traffic, non-TLS traffic, or both TLS and non-TLS traffic.
To start etcd automatically using custom settings at startup in Linux, using a systemd unit is highly recommended.
default=http://localhost:2380). This needs to match the key used in the flag if using static bootstrapping. When using discovery, each member must have a unique name.
machine-idcan be a good choice.
--discovery prefix flags need to be set when using discovery service.
--nameflag for each node provided. The default uses
defaultfor the key because this is the default for the
newfor all members present during initial static or DNS bootstrapping. If this option is set to
existing, etcd will attempt to join the existing cluster. If the wrong value is set, etcd will attempt to start but fail safely.
|Interpret 'auto-compaction-retention' one of: periodic||revision. 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention.|
--proxy prefix flags configures etcd to run in proxy mode. "proxy" supports v2 API only.
The security flags help to build a secure etcd cluster.
--ca-file ca.crtcould be replaced by
--trusted-ca-file ca.crt --client-cert-authand etcd will perform the same.
--peer-ca-file ca.crtcould be replaced by
--peer-trusted-ca-file ca.crt --peer-client-cert-authand etcd will perform the same.
Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol. For example, it may panic if other members in the cluster are still alive. Follow the instructions when using these flags.