diff --git a/.gitignore b/.gitignore index 11859db31..1a6a98d31 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ terraform.tfstate.backup envrc .env deploy/state +out/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index bbd6ae7d5..2c7b10f2b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -188,3 +188,7 @@ Also, both `go`, and `protoc` are required by `protoc.sh`. │   ├── template │   └── workflow ``` + +### environment variables + +Tink Server, CLI, and Worker environment variables are documented [here](docs/ENVVARS.md). diff --git a/docs/ENVVARS.md b/docs/ENVVARS.md new file mode 100644 index 000000000..9501b1838 --- /dev/null +++ b/docs/ENVVARS.md @@ -0,0 +1,38 @@ +# Environment Variables + +The follow describes environment variables available to be set when running Tink Server, Tink CLI, or Tink Worker. + +| Name | Type | Service(s) | Description | +| ---------------------------------------------------------------------------------------------- | ------ | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | +| `TINK_AUTH_USERNAME=tink` | string | server | username to use for basic auth to http endpoints | +| `TINK_AUTH_PASSWORD=tink` | string | server | password to use for basic auth to http endpoints | +| `TINKERBELL_CERT_URL=http://127.0.0.1:42114/cert` | string | cli/worker | url from which to get a TLS certificate, needed when Tink Server's TLS cert is signed by an unknown certificate authority, ie self-signed | +| `CERTS_DIR=/certs` | string | server | a directory which contains the `bundle.pem` and `server-key.pem` files, for use when running Tink with TLS | +| `TINKERBELL_CERTS_DIR=/certs` | string | server | same as `CERTS_DIR`, deprecated in server | +| `TLS_CERT="-----BEGIN RSA PRIVATE KEY-----\n....\n-----END RSA PRIVATE KEY-----\n"` | string | server | a TLS certificate for use with Tink server | +| `TINKERBELL_TLS_CERT="-----BEGIN RSA PRIVATE KEY-----\n....\n-----END RSA PRIVATE KEY-----\n"` | string | server | same as `TLS_CERT`, deprecated in server | +| `GRPC_AUTHORITY=127.0.0.1:42113` | string | server | url of the Tink gRPC server | +| `TINKERBELL_GRPC_AUTHORITY=127.0.0.1:42113` | string | server/cli/worker | same as `GRPC_AUTHORITY`, deprecated in server | +| `HTTP_AUTHORITY=127.0.0.1:42114` | string | server | url of the Tink HTTP server | +| `TINKERBELL_HTTP_AUTHORITY=127.0.0.1:42114` | string | server | same as `HTTP_AUTHORITY`, deprecated in server | +| `FACILITY=onprem` | string | server/cli | location for which the Tink server serves, deprecated in server | +| `POSTGRES_DATABASE=tinkerbell` | string | server | name of the PostgreSQL database for use in the Tink server | +| `PGDATABASE=tinkerbell` | string | server | same as `POSTGRES_DATABASE`, deprecated in server | +| `POSTGRES_USER=tink` | string | server | PostgreSQL username for connecting to the DB | +| `PGUSER=tink` | string | server | same as `POSTGRES_USER`, deprecated in server | +| `POSTGRES_PASSWORD=tink` | string | server | PostgreSQL password for connecting to the DB | +| `PGPASSWORD=tink` | string | server | same as `POSTGRES_PASSWORD`, deprecated in server | +| `POSTGRES_SSLMODE=disable` | string | server | sets the PostgreSQL SSL priority [docs](https://www.postgresql.org/docs/10/libpq-connect.html#LIBPQ-CONNECT-SSLMODE) | +| `PGSSLMODE=disable` | string | server | same as `POSTGRES_SSLMODE`, deprecated in server | +| `MAX_WORKFLOW_DATA_VERSIONS=` | int | server | maximum number of workflow data versions to be kept in database | +| `EVENTS_TTL=60` | string | server | purges the events in the events table that have passed this TTL in minutes | +| `ONLY_MIGRATION=true` | bool | server | if set to true, only POSTGRES migrations are executed | +| `TINK_CLI_VERSION="0.0.0"` | string | cli | if set to `0.0.0`, the old get command is used | +| `DOCKER_REGISTRY=` | string | worker | the docker registry to use for pulling images | +| `REGISTRY_PASSWORD=` | string | worker | the password for the docker registry | +| `REGISTRY_USERNAME=` | string | worker | the username for the docker registry | +| `ID=` | string | worker | the id of the workflow to be executed | +| `RETRY_INTERVAL=` | int | worker | the interval in seconds between retries for setting up connections to, querying for workflows from, and sending status reports to Tink Server | +| `MAX_RETRIES=` | int | worker | the maximum number of retries for setting up connections and sending status reports to Tink Server | +| `MAX_FILE_SIZE=` | int | worker | the maximum size in bytes for the Tink worker data file | +| `CAPTURE_ACTION_LOGS=` | bool | worker | Capture action container output as part of worker logs |