Environment Variables
To give you flexibility and independence from a hosting platform’s uptime, you can pull the ambassador and aes images from any of the following registries:
docker.io/datawire/- Note: In rare occasions, you may experience rate limits when using Docker Hub. See this page to learn how to deal with them.
quay.io/datawire/gcr.io/datawire/
For an even more robust installation, consider using a local registry as a pull through cache or configure a publicly accessible mirror.
Environment variables
Use the following variables for the environment of your Emissary container:
| Purpose | Variable | Default value | Value type |
|---|---|---|---|
| Core | AMBASSADOR_ID |
default |
Plain string |
| Core | AMBASSADOR_NAMESPACE |
default (1) |
Kubernetes namespace |
| Core | AMBASSADOR_SINGLE_NAMESPACE |
Empty | Boolean; non-empty=true, empty=false |
| Core | AMBASSADOR_ENVOY_BASE_ID |
0 |
Integer |
| Core | AMBASSADOR_LEGACY_MODE |
false |
Boolean; Go strconv.ParseBool |
| Core | AMBASSADOR_FAST_RECONFIGURE |
false |
EXPERIMENTAL – Boolean; true=true, any other value=false |
| Core | AMBASSADOR_ENVOY_API_VERSION |
V2 |
String Enum; V3 or V2 |
| Core | AMBASSADOR_UPDATE_MAPPING_STATUS |
false |
Boolean; true=true, any other value=false |
| Core | AMBASSADOR_DISABLE_SNAPSHOT_SERVER |
false |
Boolean; non-empty=true, empty=false |
| Core | AMBASSADOR_JSON_LOGGING |
false |
Boolean; non-empty=true, empty=false |
| Core | AMBASSADOR_AMBEX_SNAPSHOT_COUNT |
30 |
Integer; 0 value disables ambex snapshots |
| Core | AMBASSADOR_AMBEX_NO_RATELIMIT |
false |
Boolean; set to true to turn disable ratelimiting Envoy reconfiguration |
| Ambassador Edge Stack | AES_LOG_LEVEL |
warn |
Log level |
| Ambassador Edge Stack | AES_RATELIMIT_PREVIEW |
false |
Boolean; Go strconv.ParseBool |
| Ambassador Edge Stack | AES_AUTH_TIMEOUT |
4s |
Duration; Go time.ParseDuration |
| Primary Redis (L4) | REDIS_SOCKET_TYPE |
tcp |
Go network such as tcp or unix; see Go net.Dial |
| Primary Redis (L4) | REDIS_URL |
None, must be set explicitly | Go network address; for TCP this is a host:port pair; see Go net.Dial |
| Primary Redis (L4) | REDIS_TLS_ENABLED |
false |
Boolean; Go strconv.ParseBool |
| Primary Redis (L4) | REDIS_TLS_INSECURE |
false |
Boolean; Go strconv.ParseBool |
| Primary Redis (auth) | REDIS_USERNAME |
Empty | Plain string |
| Primary Redis (auth) | REDIS_PASSWORD |
Empty | Plain string |
| Primary Redis (auth) | REDIS_AUTH |
Empty | Requires AES_RATELIMIT_PREVIEW; Plain string |
| Primary Redis (tune) | REDIS_POOL_SIZE |
10 |
Integer |
| Primary Redis (tune) | REDIS_PING_INTERVAL |
10s |
Duration; Go time.ParseDuration |
| Primary Redis (tune) | REDIS_TIMEOUT |
0s |
Duration; Go time.ParseDuration |
| Primary Redis (tune) | REDIS_SURGE_LIMIT_INTERVAL |
0s |
Duration; Go time.ParseDuration |
| Primary Redis (tune) | REDIS_SURGE_LIMIT_AFTER |
The value of REDIS_POOL_SIZE |
Integer |
| Primary Redis (tune) | REDIS_SURGE_POOL_SIZE |
0 |
Integer |
| Primary Redis (tune) | REDIS_SURGE_POOL_DRAIN_INTERVAL |
1m |
Duration; Go time.ParseDuration |
| Primary Redis (tune) | REDIS_PIPELINE_WINDOW |
0 |
Requires AES_RATELIMIT_PREVIEW; Duration; Go time.ParseDuration |
| Primary Redis (tune) | REDIS_PIPELINE_LIMIT |
0 |
Requires AES_RATELIMIT_PREVIEW; Integer; [Go strconv.ParseInt][] |
| Primary Redis (tune) | REDIS_TYPE |
SINGLE |
Requires AES_RATELIMIT_PREVIEW; String; SINGLE, SENTINEL, or CLUSTER |
| Per-Second RateLimit Redis | REDIS_PERSECOND |
false |
Boolean; Go strconv.ParseBool |
| Per-Second RateLimit Redis (L4) | REDIS_PERSECOND_SOCKET_TYPE |
None, must be set explicitly (if REDIS_PERSECOND) |
Go network such as tcp or unix; see Go net.Dial |
| Per-Second RateLimit Redis (L4) | REDIS_PERSECOND_URL |
None, must be set explicitly (if REDIS_PERSECOND) |
Go network address; for TCP this is a host:port pair; see Go net.Dial |
| Per-Second RateLimit Redis (L4) | REDIS_PERSECOND_TLS_ENABLED |
false |
Boolean; Go strconv.ParseBool |
| Per-Second RateLimit Redis (L4) | REDIS_PERSECOND_TLS_INSECURE |
false |
Boolean; Go strconv.ParseBool |
| Per-Second RateLimit Redis (auth) | REDIS_PERSECOND_USERNAME |
Empty | Plain string |
| Per-Second RateLimit Redis (auth) | REDIS_PERSECOND_PASSWORD |
Empty | Plain string |
| Per-Second RateLimit Redis (auth) | REDIS_PERSECOND_AUTH |
Empty | Requires AES_RATELIMIT_PREVIEW; Plain string |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_POOL_SIZE |
10 |
Integer |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_PING_INTERVAL |
10s |
Duration; Go time.ParseDuration |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_TIMEOUT |
0s |
Duration; Go time.ParseDuration |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_SURGE_LIMIT_INTERVAL |
0s |
Duration; Go time.ParseDuration |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_SURGE_LIMIT_AFTER |
The value of REDIS_PERSECOND_POOL_SIZE |
Integer |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_SURGE_POOL_SIZE |
0 |
Integer |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_SURGE_POOL_DRAIN_INTERVAL |
1m |
Duration; Go time.ParseDuration |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_TYPE |
SINGLE |
Requires AES_RATELIMIT_PREVIEW; String; SINGLE, SENTINEL, or CLUSTER |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_PIPELINE_WINDOW |
0 |
Requires AES_RATELIMIT_PREVIEW; Duration; Go time.ParseDuration |
| Per-Second RateLimit Redis (tune) | REDIS_PERSECOND_PIPELINE_LIMIT |
0 |
Requires AES_RATELIMIT_PREVIEW; Integer |
| RateLimit | EXPIRATION_JITTER_MAX_SECONDS |
300 |
Integer |
| RateLimit | USE_STATSD |
false |
Boolean; Go strconv.ParseBool |
| RateLimit | STATSD_HOST |
localhost |
Hostname |
| RateLimit | STATSD_PORT |
8125 |
Integer |
| RateLimit | GOSTATS_FLUSH_INTERVAL_SECONDS |
5 |
Integer |
| RateLimit | LOCAL_CACHE_SIZE_IN_BYTES |
0 |
Requires AES_RATELIMIT_PREVIEW; Integer |
| RateLimit | NEAR_LIMIT_RATIO |
0.8 |
Requires AES_RATELIMIT_PREVIEW; Float; [Go strconv.ParseFloat][] |
| Developer Portal | DEVPORTAL_CONTENT_URL |
https://github.com/datawire/devportal-content |
git-remote URL |
| Developer Portal | DEVPORTAL_CONTENT_DIR |
/ |
Rooted Git directory |
| Developer Portal | DEVPORTAL_CONTENT_BRANCH |
master |
Git branch name |
| Developer Portal | POLL_EVERY_SECS |
60 |
Integer |
| Envoy | STATSD_ENABLED |
false |
Boolean; Python value.lower() == "true" |
| Envoy | DOGSTATSD |
false |
Boolean; Python value.lower() == "true" |
| Envoy | DD_ENTITY_ID |
Empty | String |
| Envoy | ENVOY_CONCURRENCY |
Empty | Integer |
Log level names are case-insensitive. From least verbose to most
verbose, valid log levels are error, warn/warning, info,
debug, and trace.
Port assignments
Emissary uses the following ports to listen for HTTP/HTTPS traffic automatically via TCP:
| Port | Process | Function |
|---|---|---|
| 8001 | envoy | Internal stats, logging, etc.; not exposed outside pod |
| 8002 | watt | Internal watt snapshot access; not exposed outside pod |
| 8003 | ambex | Internal ambex snapshot access; not exposed outside pod |
| 8004 | diagd | Internal diagd access when AMBASSADOR_FAST_RECONFIGURE is set; not exposed outside pod |
| 8005 | snapshot | Exposes a scrubbed Emissary snapshot outside of the pod |
| 8080 | envoy | Default HTTP service port |
| 8443 | envoy | Default HTTPS service port |
| 8877 | diagd | Direct access to diagnostics UI; provided by busyambassador entrypoint when AMBASSADOR_FAST_RECONFIGURE is set |
-
This may change in a future release to reflect the Pods’s namespace if deployed to a namespace other than
default. https://github.com/emissary-ingress/emissary/issues/1583 ↩︎
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.