Command line options

    -c <path string>, —config-path <path string>

    (optional) The path to the v2 JSON/YAML/proto3 configuration file. If this flag is missing, is required. This will be parsed as a v2 bootstrap configuration file. Valid extensions are , .yaml, .pb and .pb_text, which indicate JSON, YAML, and text proto3 formats respectively.

    --config-yaml <yaml string>

    (optional) The YAML string for a bootstrap configuration. If is also set, the values in this YAML string will override and merge with the bootstrap loaded from --config-path. Because YAML is a superset of JSON, a JSON string may also be passed to .

    Example overriding the node id on the command line:

    --mode <string>

    (optional) One of the operating modes for Envoy:

    • serve: (default) Validate the JSON configuration and then serve traffic normally.

    • validate: Validate the JSON configuration and then exit, printing either an “OK” message (in which case the exit code is 0) or any errors generated by the configuration file (exit code 1). No network traffic is generated, and the hot restart process is not performed, so no other Envoy process on the machine will be disturbed.

    --admin-address-path <path string>

    (optional) The output file path where the admin address and port will be written.

    --local-address-ip-version <string>

    (optional) The IP address version that is used to populate the server local IP address. This parameter affects various headers including what is appended to the X-Forwarded-For (XFF) header. The options are v4 or v6. The default is v4.

    --base-id <integer>

    (optional) The base ID to use when allocating shared memory regions. Envoy uses shared memory regions during hot restart. Most users will never have to set this option. However, if Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID so that the shared memory regions do not conflict.

    --use-dynamic-base-id

    (optional) Selects an unused base ID to use when allocating shared memory regions. Using preselected values with is preferred, however. If this option is enabled, it supersedes the --base-id value. This flag may not be used when the value of is non-zero. Instead, for subsequent hot restarts, set --base-id option with the selected base ID. See .

    --base-id-path <path_string>

    (optional) Writes the base ID to the given path. While this option is compatible with --base-id, its intended use is to provide access to the dynamic base ID selected by .

    --concurrency <integer>

    (optional) The number of worker threads to run. If not specified defaults to the number of hardware threads on the machine. If set to zero, Envoy will still run one worker thread.

    -l <string>, —log-level <string>

    (optional) The logging level. Non developers should generally never set this option. See the help text for the available log levels and the default.

    --component-log-level <string>

    (optional) The comma separated list of logging level per component. Non developers should generally never set this option. For example, if you want upstream component to run at debug level and component to run at trace level, you should pass upstream:debug,connection:trace to this flag. See ALL_LOGGER_IDS in for a list of components.

    --cpuset-threads

    (optional) This flag is used to control the number of worker threads if --concurrency is not set. If enabled, the assigned cpuset size is used to determine the number of worker threads on Linux-based systems. Otherwise the number of worker threads is set to the number of hardware threads on the machine. You can read more about cpusets in the .

    --log-path <path string>

    (optional) The output file path where logs should be written. This file will be re-opened when SIGUSR1 is handled. If this is not set, log to stderr.

    --log-format <format string>

    (optional) The format string to use for laying out the log message metadata. If this is not set, a default format string "[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v" is used.

    When used in conjunction with --log-format-escaped, the logger can be configured to log in a format that is parsable by log viewers. Known integrations are documented in the section.

    The supported format flags are (with example output):

    (optional) This flag enables application log sanitization to escape C-style escape sequences. This can be used to prevent a single log line from spanning multiple lines in the underlying log. This sanitizes all escape sequences in this list. Note that each line’s trailing whitespace characters (such as EOL characters) will not be escaped.

    --restart-epoch <integer>

    (optional) The epoch. (The number of times Envoy has been hot restarted instead of a fresh start). Defaults to 0 for the first start. This option tells Envoy whether to attempt to create the shared memory region needed for hot restart, or whether to open an existing one. It should be incremented every time a hot restart takes place. The hot restart wrapper sets the RESTART_EPOCH environment variable which should be passed to this option in most cases.

    --enable-fine-grain-logging

    (optional) Enables fine-grain logger with file level log control and runtime update at administration interface. If enabled, main log macros including ENVOY_LOG, ENVOY_CONN_LOG, ENVOY_STREAM_LOG and ENVOY_FLUSH_LOG will use a per-file logger, and the usage doesn’t need Envoy::Logger::Loggable any more. The administration interface usage is similar. Please see for more detail.

    --socket-path <path string>

    (optional) The output file path to the socket address for hot restart. Default to “@envoy_domain_socket” which will be created in the abstract namespace. Suffix _{role}_{id} is appended to provide name. All envoy processes wanting to participate in hot-restart together must use the same value for this option.

    NOTE: The path started with “@” will be created in the abstract namespace.

    --socket-mode <string>

    (optional) The socket file permission for . This must be a valid octal file permission, such as 644. The default value is 600. This flag may not be used when --socket-path is start with “@” or not set.

    --hot-restart-version

    (optional) Outputs an opaque hot restart compatibility version for the binary. This can be matched against the output of the admin endpoint to determine whether the new binary and the running binary are hot restart compatible.

    --service-cluster <string>

    (optional) Defines the local service cluster name where Envoy is running. The local service cluster name is first sourced from the Bootstrap node message’s field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if any of the following features are used: statsd, , runtime override directory, , HTTP global rate limiting, , and HTTP tracing, either via this CLI option or in the bootstrap configuration.

    --service-node <string>

    (optional) Defines the local service node name where Envoy is running. The local service node name is first sourced from the message’s id field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if any of the following features are used: , CDS, and , either via this CLI option or in the bootstrap configuration.

    --service-zone <string>

    (optional) Defines the local service zone where Envoy is running. The local service zone is first sourced from the Bootstrap node message’s field. This CLI option provides an alternative method for specifying this value and will override any value set in bootstrap configuration. It should be set if discovery service routing is used and the discovery service exposes zone data, either via this CLI option or in the bootstrap configuration. The meaning of zone is context dependent, e.g. on AWS, Zone on GCP, etc.

    --file-flush-interval-msec <integer>

    (optional) The file flushing interval in milliseconds. Defaults to 10 seconds. This setting is used during file creation to determine the duration between flushes of buffers to files. The buffer will flush every time it gets full, or every time the interval has elapsed, whichever comes first. Adjusting this setting is useful when tailing in order to get more (or less) immediate flushing.

    --drain-time-s <integer>

    (optional) The time in seconds that Envoy will drain connections during a hot restart or when individual listeners are being modified or removed via . Defaults to 600 seconds (10 minutes). Generally the drain time should be less than the parent shutdown time set via the --parent-shutdown-time-s option. How the two settings are configured depends on the specific deployment. In edge scenarios, it might be desirable to have a very long drain time. In service to service scenarios, it might be possible to make the drain and shutdown time much shorter (e.g., 60s/90s).

    --drain-strategy <string>

    (optional) Determine behaviour of Envoy during the hot restart drain sequence. During the drain sequence, the drain manager encourages draining through terminating connections on request completion, sending “Connection: CLOSE” on HTTP1, and sending GOAWAY on HTTP2.

    • : (default) The percentage of requests encouraged to drain increases to 100% as the drain time elapses.

    • immediate: All requests are encouraged to drain as soon as the drain sequence begins.

    --parent-shutdown-time-s <integer>

    (optional) The time in seconds that Envoy will wait before shutting down the parent process during a hot restart. See the for more information. Defaults to 900 seconds (15 minutes).

    --disable-hot-restart

    (optional) This flag disables Envoy hot restart for builds that have it enabled. By default, hot restart is enabled.

    --enable-mutex-tracing

    (optional) This flag enables the collection of mutex contention statistics (MutexStats) as well as a contention endpoint (). Mutex tracing is not enabled by default, since it incurs a slight performance penalty for those Envoys which already experience mutex contention.

    --allow-unknown-fields

    (optional) Deprecated alias for --allow-unknown-static-fields.

    --allow-unknown-static-fields

    (optional) This flag disables validation of protobuf configurations for unknown fields. By default, the validation is enabled. For most deployments, the default should be used which ensures configuration errors are caught upfront and Envoy is configured as intended. Warnings are logged for the first use of any unknown field and these occurrences are counted in the statistic.

    --reject-unknown-dynamic-fields

    (optional) This flag disables validation of protobuf configuration for unknown fields in dynamic configuration. By default, this flag is set false, disabling validation for fields beyond bootstrap. This allows newer xDS configurations to be delivered to older Envoys. This can be set true for strict dynamic checking when this behavior is not wanted but the default should be desirable for most Envoy deployments. Warnings are logged for the first use of any unknown field and these occurrences are counted in the server.dynamic_unknown_fields statistic.

    --ignore-unknown-dynamic-fields

    (optional) This flag disables validation of protobuf configuration for unknown fields in dynamic configuration. Unlike setting to false, it does not log warnings or count occurrences of unknown fields, in the interest of configuration processing speed. If --reject-unknown-dynamic-fields is set to true, this flag has no effect.

    Attention

    In addition to not logging warnings or counting occurrences of unknown fields, setting this option also disables counting and warnings of deprecated fields as well as work-in-progress message and fields. It is strongly recommended that this option is not set on at least a small portion of the fleet (staging, canary, etc.) in order to monitor for unknown, deprecated, or work-in-progress usage.

    --disable-extensions <extension list>

    (optional) This flag disabled the provided list of comma-separated extension names. Disabled extensions cannot be used by static or dynamic configuration, though they are still linked into Envoy and may run start-up code or have other runtime effects. Extension names are created by joining the extension category and name with a forward slash, e.g. envoy.grpc_credentials/envoy.grpc_credentials.file_based_metadata.

    --version

    (optional) This flag is used to display Envoy version and build information, e.g. c93f9f6c1e5adddd10a3e3646c7e049c649ae177/1.9.0-dev/Clean/RELEASE/BoringSSL-FIPS.

    It consists of five slash-separated fields:

    • release number - either release (e.g. 1.9.0) or a development build (e.g. 1.9.0-dev),

    • status of the source tree at the build time - either Clean or Modified,

    • TLS library - either BoringSSL or .

    (optional) This flag is intended for Linux-based systems and it’s a no-op for all other platforms. It enables core dumps by invoking using the PR_SET_DUMPABLE option. This is useful for container environments when using capabilities, given that when Envoy has more capabilities than its base environment core dumping will be disabled by the kernel.