Command-Line Arguments#
ANIC supports a number of command-line arguments. The way to specify these arguments depends on how you install ANIC:
If you are using Kubernetes manifests (Deployment or DaemonSet) to install ANIC, modify these manifests accordingly to set the command-line arguments. See the installation documentation for manifests.
If you are using Helm to install ANIC, modify the Helm chart parameters corresponding to the command-line arguments. See the documentation for installation with Helm.
Below are the available command-line arguments:
-enable-snippets#
Enables custom configuration snippets for Angie in the Ingress, VirtualServer, VirtualServerRoute, and TransportServer resources.
Default is false.
-default-server-tls-secret <string>#
The secret containing the TLS certificate and key for TLS termination on the default server.
If the value is not set, the certificate and key from the file
/etc/angie/secrets/defaultare used.If
/etc/angie/secrets/defaultdoes not exist, ANIC will configure Angie to reject TLS connections to the default server.If the secret is set but ANIC cannot retrieve it from the Kubernetes API, or if it is not set and ANIC cannot read the file
/etc/angie/secrets/default, then ANIC will not start.
Format: <namespace>/<name>
-wildcard-tls-secret <string>#
The secret containing the TLS certificate and key for TLS termination of each Ingress or VirtualServer node for which TLS termination is enabled, but the secret is not specified.
If the argument is not set, such Ingress and VirtualServer nodes will reject any attempt to establish a TLS connection.
If the argument is set but ANIC cannot retrieve the secret from the Kubernetes API, then ANIC will not start.
Format: <namespace>/<name>
-enable-custom-resources#
Enables custom resources.
Default is true.
-enable-leader-election#
Allows leader election to avoid situations where multiple replicas of the controller report the status of Ingress, VirtualServer, and VirtualServerRoute resources; only one replica will report the status. Default is true.
See the flag -report-ingress-status.
-enable-tls-passthrough#
Enables TLS passthrough on port 443.
Requires -enable-custom-resources.
-tls-passthrough-port <int>#
Specifies the port for TLS passthrough. Format: [1024 - 65535] (default is 443)
Requires enabling -enable-custom-resources.
-enable-cert-manager#
Enables automatic management of x509 certificates for VirtualServer resources using cert-manager (cert-manager.io).
Requires -enable-custom-resources.
-enable-external-dns#
Enables integration with ExternalDNS to configure public DNS records for VirtualServer resources using ExternalDNS.
Requires -enable-custom-resources.
-enable-oidc#
Enables OpenID Connect authentication in Policy resources.
Default is false.
-enable-jwt#
Enables JWT authentication in Policy resources.
Default is false.
-external-service <string>#
Specifies the name of the LoadBalancer type service through which ANIC pods are made accessible externally. The external address of the service is used for reporting the status of Ingress, VirtualServer, and VirtualServerRoute resources.
For Ingress resources only: requires -report-ingress-status.
-ingresslink <string>#
Specifies the name of the IngressLink resource through which access to ANIC pods is provided via the BIG-IP system. The IP address of the BIG-IP system is used for reporting the status of Ingress, VirtualServer, and VirtualServerRoute resources.
For Ingress resources only: requires -report-ingress-status.
-global-configuration <string>#
GlobalConfiguration resource for global ANIC configuration.
Format: <namespace>/<name>
Requires -enable-custom-resources.
-health-status#
Adds the location "/angie-health" to the default server. The location responds with a status code 200 to any request.
This is useful for external health checks of ANIC.
-health-status-uri <string>#
Specifies the URI for the health check location on the default server. Requires -health-status.
Default is /angie-health.
-ingress-class <string>#
The ANIC class.
A corresponding IngressClass resource must be deployed with the name equal to the class. Otherwise, ANIC will not start. ANIC only processes resources that belong to its class, i.e., have the field ingressClassName equal to the class.
ANIC processes all resources that do not have the field
ingressClassName.
Default is angie.
-ingress-template-path <string>#
Path to the configuration template for Angie Ingress resource. The default for Angie is angie.ingress.tmpl.
-leader-election-lock-name <string>#
Specifies the name of the ConfigMap used for locking during leader election in the same namespace where the controller resides.
Requires -enable-leader-election.
-main-template-path <string>#
Path to the main configuration template for Angie.
The default for Angie is
angie.ingress.tmpl.
-angie-configmaps <string>#
ConfigMap resource for configuring Angie. If the ConfigMap is specified but ANIC cannot retrieve it from the Kubernetes API, then ANIC will not start.
Format: <namespace>/<name>
-angie-debug#
Enables debugging for Angie. Uses the angie-debug binary. Requires 'error-log-level: debug' in the ConfigMap.
-angie-reload-timeout <value>#
Timeout in milliseconds that ANIC will wait for a successful reload of Angie after configuration changes or during initial startup.
Default value is 60000.
-angie-status#
Enables Angie stub_status.
Default is true.
-angie-status-allow-cidrs <string>#
Adds IP/CIDR blocks to the allow list for Angie stub_status.
Multiple IPs or CIDRs are separated by commas. (Default is 127.0.0.1,::1)
-angie-status-port <int>#
Specifies the port on which Angie stub_status is available.
Format: [1024 - 65535] (default is 8080)
-angie-status-prometheus <bool>#
Enables or disables the output of Angie statistics in Prometheus format.
Format: false or true (default is true)
-angie-status-prometheus-path <string>#
Allows changing the path for publishing Angie statistics in Prometheus format.
Default is /p8s.
-angie-status-prometheus-port <int>#
Specifies the port on which Angie statistics in Prometheus format are available.
Format: [1024 - 65535] (default is 8083)
-angie-status-prometheus-allow-cidrs#
Adds IP/CIDR blocks to the allow list for Angie statistics in Prometheus format.
Multiple IPs or CIDRs are separated by commas. (Default is 127.0.0.1,::1)
-proxy <string>#
Specifies the use of a proxy server for connecting to the Kubernetes API, launched by the "kubectl proxy" command. For testing purposes only.
ANIC does not start Angie and does not write any generated Angie configuration files to disk.
-report-ingress-status#
Updates the address field in the status of Ingress resources.
Requires the flag -external-service or
-ingresslink, or the key external-status-address in the ConfigMap.
-transportserver-template-path <string>#
Path to the configuration template for TransportServer Angie resource.
The default for Angie is
angie.transportserver.tmpl.
-v <value>#
Log verbosity level. The default value is 1, which logs the minimum amount of logs. The value 3 is useful for troubleshooting.
-version#
Outputs the version, git commit hash, and build date, then exits.
-virtualserver-template-path <string>#
Path to the configuration template for VirtualServer Angie resource.
The default for Angie is
angie.ingress.tmpl.
-vmodule <value>#
Comma-separated list of parameters pattern=N for file-filtered logging.
-watch-namespace <string>#
Comma-separated list of namespaces for which ANIC should watch resources. By default, ANIC watches all namespaces. Cannot be used with "watch-namespace-label".
-watch-namespace-label <string>#
Configures ANIC to watch only namespaces with the label foo=bar. By default, ANIC watches all namespaces. Cannot be used with "watch-namespace".
-watch-secret-namespace <string>#
Comma-separated list of namespaces that ANIC should watch for secrets. If this parameter is not set, ANIC watches the same namespaces for all resources. See also "watch-namespace" and "watch-namespace-label".
-enable-prometheus-metrics#
Allows publishing Angie metrics in Prometheus format.
-prometheus-metrics-listen-port <int>#
Specifies the port on which Prometheus metrics are published.
Format: [1024 - 65535] (default is 9113)
-prometheus-tls-secret <string>#
The secret containing the TLS certificate and key for TLS termination of the Prometheus metrics endpoint.
If the argument is not set, the Prometheus endpoint will not use a TLS connection.
If the argument is set but ANIC cannot retrieve the secret from the Kubernetes API, then ANIC will not start.
-enable-service-insight#
Publishes the Service Insight endpoint for ANIC.
-service-insight-listen-port <int>#
Specifies the port on which Service Insight is published.
Format: [1024 - 65535] (default is 9114)
-service-insight-tls-secret <string>#
The secret containing the TLS certificate and key for TLS termination of the Service Insight endpoint.
If the argument is not set, the Service Insight endpoint will not use a TLS connection.
If the argument is set but ANIC cannot retrieve the secret from the Kubernetes API, then ANIC will not start.
Format: <namespace>/<name>
-ready-status#
Enables the readiness endpoint /angie-ready. The endpoint returns a success code when Angie has loaded all configuration after startup.
Default is true.
-ready-status-port#
HTTP port for the readiness endpoint.
Format: [1024 - 65535] (default is 8081)
-disable-ipv6#
Explicitly disables IPV6 listeners for nodes that do not support the IPV6 stack.
Default is false.