diff --git a/go/flags/endtoend/vtgate.txt b/go/flags/endtoend/vtgate.txt index 95e015c91d..47b0855547 100644 --- a/go/flags/endtoend/vtgate.txt +++ b/go/flags/endtoend/vtgate.txt @@ -1,415 +1,209 @@ Usage of vtgate: - --allowed_tablet_types value - Specifies the tablet types this vtgate is allowed to route queries to - --alsologtostderr - log to standard error as well as files - --buffer_drain_concurrency int - Maximum number of requests retried simultaneously. More concurrency will increase the load on the PRIMARY vttablet when draining the buffer. (default 1) - --buffer_implementation string - Allowed values: healthcheck (legacy implementation), keyspace_events (default) (default keyspace_events) - --buffer_keyspace_shards string - If not empty, limit buffering to these entries (comma separated). Entry format: keyspace or keyspace/shard. Requires --enable_buffer=true. - --buffer_max_failover_duration duration - Stop buffering completely if a failover takes longer than this duration. (default 20s) - --buffer_min_time_between_failovers duration - Minimum time between the end of a failover and the start of the next one (tracked per shard). Faster consecutive failovers will not trigger buffering. (default 1m0s) - --buffer_size int - Maximum number of buffered requests in flight (across all ongoing failovers). (default 1000) - --buffer_window duration - Duration for how long a request should be buffered at most. (default 10s) - --catch-sigpipe - catch and ignore SIGPIPE on stdout and stderr if specified - --cell string - cell to use (default test_nj) - --cells_to_watch string - comma-separated list of cells for watching tablets - --consul_auth_static_file string - JSON File to read the topos/tokens from. - --cpu_profile string - deprecated: use '-pprof=cpu' instead - --datadog-agent-host string - host to send spans to. if empty, no tracing will be done - --datadog-agent-port string - port to send spans to. if empty, no tracing will be done - --dbddl_plugin string - controls how to handle CREATE/DROP DATABASE. use it if you are using your own database provisioning service (default fail) - --ddl_strategy string - Set default strategy for DDL statements. Override with @@ddl_strategy session variable (default direct) - --default_tablet_type value - The default tablet type to set for queries, when one is not explicitly selected (default PRIMARY) - --disable_local_gateway - deprecated: if specified, this process will not route any queries to local tablets in the local cell - --discovery_high_replication_lag_minimum_serving duration - the replication lag that is considered too high when applying the min_number_serving_vttablets threshold (default 2h0m0s) - --discovery_low_replication_lag duration - the replication lag that is considered low enough to be healthy (default 30s) - --emit_stats - If set, emit stats to push-based monitoring and stats backends - --enable_buffer - Enable buffering (stalling) of primary traffic during failovers. - --enable_buffer_dry_run - Detect and log failover events, but do not actually buffer requests. - --enable_direct_ddl - Allow users to submit direct DDL statements (default true) - --enable_online_ddl - Allow users to submit, review and control Online DDL (default true) - --enable_set_var - This will enable the use of MySQL's SET_VAR query hint for certain system variables instead of using reserved connections (default true) - --enable_system_settings - This will enable the system settings to be changed per session at the database connection level (default true) - --foreign_key_mode string - This is to provide how to handle foreign key constraint in create/alter table. Valid values are: allow, disallow (default allow) - --gate_query_cache_lfu - gate server cache algorithm. when set to true, a new cache algorithm based on a TinyLFU admission policy will be used to improve cache behavior and prevent pollution from sparse queries (default true) - --gate_query_cache_memory int - gate server query cache size in bytes, maximum amount of memory to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a lru cache. This config controls the capacity of the lru cache. (default 33554432) - --gate_query_cache_size int - gate server query cache size, maximum number of queries to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a cache. This config controls the expected amount of unique entries in the cache. (default 5000) - --gateway_initial_tablet_timeout duration - At startup, the tabletGateway will wait up to this duration to get at least one tablet per keyspace/shard/tablet type (default 30s) - --gateway_route_replica_to_rdonly - route REPLICA queries to RDONLY tablets as well as REPLICA tablets - --grpc_auth_mode string - Which auth plugin implementation to use (eg: static) - --grpc_auth_mtls_allowed_substrings string - List of substrings of at least one of the client certificate names (separated by colon). - --grpc_auth_static_client_creds string - when using grpc_static_auth in the server, this file provides the credentials to use to authenticate with server - --grpc_auth_static_password_file string - JSON File to read the users/passwords from. - --grpc_ca string - server CA to use for gRPC connections, requires TLS, and enforces client certificate check - --grpc_cert string - server certificate to use for gRPC connections, requires grpc_key, enables TLS - --grpc_compression string - Which protocol to use for compressing gRPC. Default: nothing. Supported: snappy - --grpc_crl string - path to a certificate revocation list in PEM format, client certificates will be further verified against this file during TLS handshake - --grpc_enable_optional_tls - enable optional TLS mode when a server accepts both TLS and plain-text connections on the same port - --grpc_enable_tracing - Enable GRPC tracing - --grpc_initial_conn_window_size int - gRPC initial connection window size - --grpc_initial_window_size int - gRPC initial window size - --grpc_keepalive_time duration - After a duration of this time, if the client doesn't see any activity, it pings the server to see if the transport is still alive. (default 10s) - --grpc_keepalive_timeout duration - After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. (default 10s) - --grpc_key string - server private key to use for gRPC connections, requires grpc_cert, enables TLS - --grpc_max_connection_age duration - Maximum age of a client connection before GoAway is sent. (default 2562047h47m16.854775807s) - --grpc_max_connection_age_grace duration - Additional grace period after grpc_max_connection_age, after which connections are forcibly closed. (default 2562047h47m16.854775807s) - --grpc_max_message_size int - Maximum allowed RPC message size. Larger messages will be rejected by gRPC with the error 'exceeding the max size'. (default 16777216) - --grpc_port int - Port to listen on for gRPC calls - --grpc_prometheus - Enable gRPC monitoring with Prometheus - --grpc_server_ca string - path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients - --grpc_server_initial_conn_window_size int - gRPC server initial connection window size - --grpc_server_initial_window_size int - gRPC server initial window size - --grpc_server_keepalive_enforcement_policy_min_time duration - gRPC server minimum keepalive time (default 10s) - --grpc_server_keepalive_enforcement_policy_permit_without_stream - gRPC server permit client keepalive pings even when there are no active streams (RPCs) - --grpc_use_effective_callerid - If set, and SSL is not used, will set the immediate caller id from the effective caller id's principal. - --healthcheck_retry_delay duration - health check retry delay (default 2ms) - --healthcheck_timeout duration - the health check timeout period (default 1m0s) - --jaeger-agent-host string - host and port to send spans to. if empty, no tracing will be done - --keep_logs duration - keep logs for this long (using ctime) (zero to keep forever) - --keep_logs_by_mtime duration - keep logs for this long (using mtime) (zero to keep forever) - --keyspaces_to_watch value - Specifies which keyspaces this vtgate should have access to while routing queries or accessing the vschema - --lameduck-period duration - keep running at least this long after SIGTERM before stopping (default 50ms) - --legacy_replication_lag_algorithm - use the legacy algorithm when selecting the vttablets for serving (default true) - --lock_heartbeat_time duration - If there is lock function used. This will keep the lock connection active by using this heartbeat (default 5s) - --log_backtrace_at value - when logging hits line file:N, emit a stack trace - --log_dir string - If non-empty, write log files in this directory - --log_err_stacks - log stack traces for errors - --log_queries_to_file string - Enable query logging to the specified file - --log_rotate_max_size uint - size in bytes at which logs are rotated (glog.MaxSize) (default 1887436800) - --logtostderr - log to standard error instead of files - --max_memory_rows int - Maximum number of rows that will be held in memory for intermediate results as well as the final result. (default 300000) - --max_payload_size int - The threshold for query payloads in bytes. A payload greater than this threshold will result in a failure to handle the query. - --mem-profile-rate int - deprecated: use '-pprof=mem' instead (default 524288) - --message_stream_grace_period duration - the amount of time to give for a vttablet to resume if it ends a message stream, usually because of a reparent. (default 30s) - --min_number_serving_vttablets int - the minimum number of vttablets for each replicating tablet_type (e.g. replica, rdonly) that will be continue to be used even with replication lag above discovery_low_replication_lag, but still below discovery_high_replication_lag_minimum_serving (default 2) - --mutex-profile-fraction int - deprecated: use '-pprof=mutex' instead - --mysql-server-pool-conn-read-buffers - If set, the server will pool incoming connection read buffers - --mysql_allow_clear_text_without_tls - If set, the server will allow the use of a clear text password over non-SSL connections. - --mysql_auth_server_impl string - Which auth server implementation to use. Options: none, ldap, clientcert, static, vault. (default static) - --mysql_auth_server_static_file string - JSON File to read the users/passwords from. - --mysql_auth_server_static_string string - JSON representation of the users/passwords config. - --mysql_auth_static_reload_interval duration - Ticker to reload credentials - --mysql_auth_vault_addr string - URL to Vault server - --mysql_auth_vault_path string - Vault path to vtgate credentials JSON blob, e.g.: secret/data/prod/vtgatecreds - --mysql_auth_vault_role_mountpoint string - Vault AppRole mountpoint; can also be passed using VAULT_MOUNTPOINT environment variable (default approle) - --mysql_auth_vault_role_secretidfile string - Path to file containing Vault AppRole secret_id; can also be passed using VAULT_SECRETID environment variable - --mysql_auth_vault_roleid string - Vault AppRole id; can also be passed using VAULT_ROLEID environment variable - --mysql_auth_vault_timeout duration - Timeout for vault API operations (default 10s) - --mysql_auth_vault_tls_ca string - Path to CA PEM for validating Vault server certificate - --mysql_auth_vault_tokenfile string - Path to file containing Vault auth token; token can also be passed using VAULT_TOKEN environment variable - --mysql_auth_vault_ttl duration - How long to cache vtgate credentials from the Vault server (default 30m0s) - --mysql_clientcert_auth_method string - client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default mysql_clear_password) - --mysql_default_workload string - Default session workload (OLTP, OLAP, DBA) (default OLTP) - --mysql_ldap_auth_config_file string - JSON File from which to read LDAP server config. - --mysql_ldap_auth_config_string string - JSON representation of LDAP server config. - --mysql_ldap_auth_method string - client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default mysql_clear_password) - --mysql_server_bind_address string - Binds on this address when listening to MySQL binary protocol. Useful to restrict listening to 'localhost' only for instance. - --mysql_server_flush_delay duration - Delay after which buffered response will be flushed to the client. (default 100ms) - --mysql_server_port int - If set, also listen for MySQL binary protocol connections on this port. (default -1) - --mysql_server_query_timeout duration - mysql query timeout - --mysql_server_read_timeout duration - connection read timeout - --mysql_server_require_secure_transport - Reject insecure connections but only if mysql_server_ssl_cert and mysql_server_ssl_key are provided - --mysql_server_socket_path string - This option specifies the Unix socket file to use when listening for local connections. By default it will be empty and it won't listen to a unix socket - --mysql_server_ssl_ca string - Path to ssl CA for mysql server plugin SSL. If specified, server will require and validate client certs. - --mysql_server_ssl_cert string - Path to the ssl cert for mysql server plugin SSL - --mysql_server_ssl_crl string - Path to ssl CRL for mysql server plugin SSL - --mysql_server_ssl_key string - Path to ssl key for mysql server plugin SSL - --mysql_server_ssl_server_ca string - path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients - --mysql_server_tls_min_version string - Configures the minimal TLS version negotiated when SSL is enabled. Defaults to TLSv1.2. Options: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3. - --mysql_server_version string - MySQL server version to advertise. - --mysql_server_write_timeout duration - connection write timeout - --mysql_slow_connect_warn_threshold duration - Warn if it takes more than the given threshold for a mysql connection to establish - --mysql_tcp_version string - Select tcp, tcp4, or tcp6 to control the socket type. (default tcp) - --no_scatter - when set to true, the planner will fail instead of producing a plan that includes scatter queries - --no_vstream_copy - when set to true, vstream copy will not be allowed - temporary until we can properly support RDONLY for this - --normalize_queries - Rewrite queries with bind vars. Turn this off if the app itself sends normalized queries with bind vars. (default true) - --onclose_timeout duration - wait no more than this for OnClose handlers before stopping (default 1ns) - --onterm_timeout duration - wait no more than this for OnTermSync handlers before stopping (default 10s) - --opentsdb_uri string - URI of opentsdb /api/put method - --pid_file string - If set, the process will write its pid to the named file, and delete it on graceful shutdown. - --planner-version string - Sets the default planner to use when the session has not changed it. Valid values are: V3, Gen4, Gen4Greedy and Gen4Fallback. Gen4Fallback tries the gen4 planner and falls back to the V3 planner if the gen4 fails. - --planner_version string - Deprecated flag. Use planner-version instead - --port int - port for the server - --pprof string - enable profiling - --proxy_protocol - Enable HAProxy PROXY protocol on MySQL listener socket - --purge_logs_interval duration - how often try to remove old logs (default 1h0m0s) - --querylog-filter-tag string - string that must be present in the query for it to be logged; if using a value as the tag, you need to disable query normalization - --querylog-format string - format for query logs ("text" or "json") (default text) - --querylog-row-threshold uint - Number of rows a query has to return or affect before being logged; not useful for streaming queries. 0 means all queries will be logged. - --redact-debug-ui-queries - redact full queries and bind variables from debug UI - --remote_operation_timeout duration - time to wait for a remote operation (default 30s) - --retry-count int - retry count (default 2) - --schema_change_signal - Enable the schema tracker; requires queryserver-config-schema-change-signal to be enabled on the underlying vttablets for this to work (default true) - --schema_change_signal_user string - User to be used to send down query to vttablet to retrieve schema changes - --security_policy string - the name of a registered security policy to use for controlling access to URLs - empty means allow all for anyone (built-in policies: deny-all, read-only) - --service_map value - comma separated list of services to enable (or disable if prefixed with '-') Example: grpc-queryservice - --sql-max-length-errors int - truncate queries in error logs to the given length (default unlimited) - --sql-max-length-ui int - truncate queries in debug UIs to the given length (default 512) (default 512) - --srv_topo_cache_refresh duration - how frequently to refresh the topology for cached entries (default 1s) - --srv_topo_cache_ttl duration - how long to use cached entries for topology (default 1s) - --srv_topo_timeout duration - topo server timeout (default 5s) - --stats_backend string - The name of the registered push-based monitoring/stats backend to use - --stats_combine_dimensions string - List of dimensions to be combined into a single "all" value in exported stats vars - --stats_common_tags string - Comma-separated list of common tags for the stats backend. It provides both label and values. Example: label1:value1,label2:value2 - --stats_drop_variables string - Variables to be dropped from the list of exported variables. - --stats_emit_period duration - Interval between emitting stats to all registered backends (default 1m0s) - --statsd_address string - Address for statsd client - --statsd_sample_rate float - (default 1) - --stderrthreshold value - logs at or above this threshold go to stderr (default 1) - --stream_buffer_size int - the number of bytes sent from vtgate for each stream call. It's recommended to keep this value in sync with vttablet's query-server-config-stream-buffer-size. (default 32768) - --structured-logging - whether to use structured logging (Zap) or the original (glog) logger - --tablet_filters value - Specifies a comma-separated list of 'keyspace|shard_name or keyrange' values to filter the tablets to watch - --tablet_grpc_ca string - the server ca to use to validate servers when connecting - --tablet_grpc_cert string - the cert to use to connect - --tablet_grpc_crl string - the server crl to use to validate server certificates when connecting - --tablet_grpc_key string - the key to use to connect - --tablet_grpc_server_name string - the server name to use to validate server certificate - --tablet_manager_protocol string - the protocol to use to talk to vttablet (default grpc) - --tablet_protocol string - how to talk to the vttablets (default grpc) - --tablet_refresh_interval duration - tablet refresh interval (default 1m0s) - --tablet_refresh_known_tablets - tablet refresh reloads the tablet address/port map from topo in case it changes (default true) - --tablet_types_to_wait string - wait till connected for specified tablet types during Gateway initialization - --tablet_url_template string - format string describing debug tablet url formatting. See the Go code for getTabletDebugURL() how to customize this. (default http://{{.GetTabletHostPort}}) - --topo_consul_idle_conn_timeout duration - Maximum amount of time to pool idle connections. (default 1m30s) - --topo_consul_lock_delay duration - LockDelay for consul session. (default 15s) - --topo_consul_lock_session_checks string - List of checks for consul session. (default serfHealth) - --topo_consul_lock_session_ttl string - TTL for consul session. - --topo_consul_max_conns_per_host int - Maximum number of consul connections per host. - --topo_consul_max_idle_conns int - Maximum number of idle consul connections. (default 100) - --topo_consul_watch_poll_duration duration - time of the long poll for watch queries. (default 30s) - --topo_etcd_lease_ttl int - Lease TTL for locks and leader election. The client will use KeepAlive to keep the lease going. (default 30) - --topo_etcd_tls_ca string - path to the ca to use to validate the server cert when connecting to the etcd topo server - --topo_etcd_tls_cert string - path to the client cert to use to connect to the etcd topo server, requires topo_etcd_tls_key, enables TLS - --topo_etcd_tls_key string - path to the client key to use to connect to the etcd topo server, enables TLS - --topo_global_root string - the path of the global topology data in the global topology server - --topo_global_server_address string - the address of the global topology server - --topo_implementation string - the topology implementation to use - --topo_k8s_context string - The kubeconfig context to use, overrides the 'current-context' from the config - --topo_k8s_kubeconfig string - Path to a valid kubeconfig file. When running as a k8s pod inside the same cluster you wish to use as the topo, you may omit this and the below arguments, and Vitess is capable of auto-discovering the correct values. https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod - --topo_k8s_namespace string - The kubernetes namespace to use for all objects. Default comes from the context or in-cluster config - --topo_read_concurrency int - concurrent topo reads (default 32) - --topo_zk_auth_file string - auth to use when connecting to the zk topo server, file contents should be :, e.g., digest:user:pass - --topo_zk_base_timeout duration - zk base timeout (see zk.Connect) (default 30s) - --topo_zk_max_concurrency int - maximum number of pending requests to send to a Zookeeper server. (default 64) - --topo_zk_tls_ca string - the server ca to use to validate servers when connecting to the zk topo server - --topo_zk_tls_cert string - the cert to use to connect to the zk topo server, requires topo_zk_tls_key, enables TLS - --topo_zk_tls_key string - the key to use to connect to the zk topo server, enables TLS - --tracer string - tracing service to use (default noop) - --tracing-enable-logging - whether to enable logging in the tracing service - --tracing-sampling-rate value - sampling rate for the probabilistic jaeger sampler (default 0.1) - --tracing-sampling-type value - sampling strategy to use for jaeger. possible values are 'const', 'probabilistic', 'rateLimiting', or 'remote' (default const) - --transaction_mode string - SINGLE: disallow multi-db transactions, MULTI: allow multi-db transactions with best effort commit, TWOPC: allow multi-db transactions with 2pc commit (default MULTI) - --v value - log level for V logs - --version - print binary version - --vmodule value - comma-separated list of pattern=N settings for file-filtered logging - --vschema_ddl_authorized_users string - List of users authorized to execute vschema ddl operations, or '%' to allow all users. - --vtctld_addr string - address of a vtctld instance - --vtgate-config-terse-errors - prevent bind vars from escaping in returned errors - --warn_memory_rows int - Warning threshold for in-memory results. A row count higher than this amount will cause the VtGateWarnings.ResultsExceeded counter to be incremented. (default 30000) - --warn_payload_size int - The warning threshold for query payloads in bytes. A payload greater than this threshold will cause the VtGateWarnings.WarnPayloadSizeExceeded counter to be incremented. - --warn_sharded_only - If any features that are only available in unsharded mode are used, query execution warnings will be added to the session + --allowed_tablet_types TabletTypeList Specifies the tablet types this vtgate is allowed to route queries to + --alsologtostderr log to standard error as well as files + --buffer_drain_concurrency int Maximum number of requests retried simultaneously. More concurrency will increase the load on the PRIMARY vttablet when draining the buffer. (default 1) + --buffer_implementation string Allowed values: healthcheck (legacy implementation), keyspace_events (default) (default "keyspace_events") + --buffer_keyspace_shards string If not empty, limit buffering to these entries (comma separated). Entry format: keyspace or keyspace/shard. Requires --enable_buffer=true. + --buffer_max_failover_duration duration Stop buffering completely if a failover takes longer than this duration. (default 20s) + --buffer_min_time_between_failovers duration Minimum time between the end of a failover and the start of the next one (tracked per shard). Faster consecutive failovers will not trigger buffering. (default 1m0s) + --buffer_size int Maximum number of buffered requests in flight (across all ongoing failovers). (default 1000) + --buffer_window duration Duration for how long a request should be buffered at most. (default 10s) + --catch-sigpipe catch and ignore SIGPIPE on stdout and stderr if specified + --cell string cell to use (default "test_nj") + --cells_to_watch string comma-separated list of cells for watching tablets + --consul_auth_static_file string JSON File to read the topos/tokens from. + --cpu_profile string deprecated: use '-pprof=cpu' instead + --datadog-agent-host string host to send spans to. if empty, no tracing will be done + --datadog-agent-port string port to send spans to. if empty, no tracing will be done + --dbddl_plugin string controls how to handle CREATE/DROP DATABASE. use it if you are using your own database provisioning service (default "fail") + --ddl_strategy string Set default strategy for DDL statements. Override with @@ddl_strategy session variable (default "direct") + --default_tablet_type TabletTypeFlag The default tablet type to set for queries, when one is not explicitly selected (default PRIMARY) + --disable_local_gateway deprecated: if specified, this process will not route any queries to local tablets in the local cell + --discovery_high_replication_lag_minimum_serving duration the replication lag that is considered too high when applying the min_number_serving_vttablets threshold (default 2h0m0s) + --discovery_low_replication_lag duration the replication lag that is considered low enough to be healthy (default 30s) + --emit_stats If set, emit stats to push-based monitoring and stats backends + --enable_buffer Enable buffering (stalling) of primary traffic during failovers. + --enable_buffer_dry_run Detect and log failover events, but do not actually buffer requests. + --enable_direct_ddl Allow users to submit direct DDL statements (default true) + --enable_online_ddl Allow users to submit, review and control Online DDL (default true) + --enable_set_var This will enable the use of MySQL's SET_VAR query hint for certain system variables instead of using reserved connections (default true) + --enable_system_settings This will enable the system settings to be changed per session at the database connection level (default true) + --foreign_key_mode string This is to provide how to handle foreign key constraint in create/alter table. Valid values are: allow, disallow (default "allow") + --gate_query_cache_lfu gate server cache algorithm. when set to true, a new cache algorithm based on a TinyLFU admission policy will be used to improve cache behavior and prevent pollution from sparse queries (default true) + --gate_query_cache_memory int gate server query cache size in bytes, maximum amount of memory to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a lru cache. This config controls the capacity of the lru cache. (default 33554432) + --gate_query_cache_size int gate server query cache size, maximum number of queries to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a cache. This config controls the expected amount of unique entries in the cache. (default 5000) + --gateway_initial_tablet_timeout duration At startup, the tabletGateway will wait up to this duration to get at least one tablet per keyspace/shard/tablet type (default 30s) + --gateway_route_replica_to_rdonly route REPLICA queries to RDONLY tablets as well as REPLICA tablets + --grpc_auth_mode string Which auth plugin implementation to use (eg: static) + --grpc_auth_mtls_allowed_substrings string List of substrings of at least one of the client certificate names (separated by colon). + --grpc_auth_static_client_creds string when using grpc_static_auth in the server, this file provides the credentials to use to authenticate with server + --grpc_auth_static_password_file string JSON File to read the users/passwords from. + --grpc_ca string server CA to use for gRPC connections, requires TLS, and enforces client certificate check + --grpc_cert string server certificate to use for gRPC connections, requires grpc_key, enables TLS + --grpc_compression string Which protocol to use for compressing gRPC. Default: nothing. Supported: snappy + --grpc_crl string path to a certificate revocation list in PEM format, client certificates will be further verified against this file during TLS handshake + --grpc_enable_optional_tls enable optional TLS mode when a server accepts both TLS and plain-text connections on the same port + --grpc_enable_tracing Enable GRPC tracing + --grpc_initial_conn_window_size int gRPC initial connection window size + --grpc_initial_window_size int gRPC initial window size + --grpc_keepalive_time duration After a duration of this time, if the client doesn't see any activity, it pings the server to see if the transport is still alive. (default 10s) + --grpc_keepalive_timeout duration After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. (default 10s) + --grpc_key string server private key to use for gRPC connections, requires grpc_cert, enables TLS + --grpc_max_connection_age duration Maximum age of a client connection before GoAway is sent. (default 2562047h47m16.854775807s) + --grpc_max_connection_age_grace duration Additional grace period after grpc_max_connection_age, after which connections are forcibly closed. (default 2562047h47m16.854775807s) + --grpc_max_message_size int Maximum allowed RPC message size. Larger messages will be rejected by gRPC with the error 'exceeding the max size'. (default 16777216) + --grpc_port int Port to listen on for gRPC calls + --grpc_prometheus Enable gRPC monitoring with Prometheus + --grpc_server_ca string path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients + --grpc_server_initial_conn_window_size int gRPC server initial connection window size + --grpc_server_initial_window_size int gRPC server initial window size + --grpc_server_keepalive_enforcement_policy_min_time duration gRPC server minimum keepalive time (default 10s) + --grpc_server_keepalive_enforcement_policy_permit_without_stream gRPC server permit client keepalive pings even when there are no active streams (RPCs) + --grpc_use_effective_callerid If set, and SSL is not used, will set the immediate caller id from the effective caller id's principal. + --healthcheck_retry_delay duration health check retry delay (default 2ms) + --healthcheck_timeout duration the health check timeout period (default 1m0s) + -h, --help display usage and exit + --jaeger-agent-host string host and port to send spans to. if empty, no tracing will be done + --keep_logs duration keep logs for this long (using ctime) (zero to keep forever) (default 0s) + --keep_logs_by_mtime duration keep logs for this long (using mtime) (zero to keep forever) (default 0s) + --keyspaces_to_watch StringList Specifies which keyspaces this vtgate should have access to while routing queries or accessing the vschema + --lameduck-period duration keep running at least this long after SIGTERM before stopping (default 50ms) + --legacy_replication_lag_algorithm use the legacy algorithm when selecting the vttablets for serving (default true) + --lock_heartbeat_time duration If there is lock function used. This will keep the lock connection active by using this heartbeat (default 5s) + --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) + --log_dir string If non-empty, write log files in this directory + --log_err_stacks log stack traces for errors + --log_queries_to_file string Enable query logging to the specified file + --log_rotate_max_size uint size in bytes at which logs are rotated (glog.MaxSize) (default 1887436800) + --logtostderr log to standard error instead of files + --max_memory_rows int Maximum number of rows that will be held in memory for intermediate results as well as the final result. (default 300000) + --max_payload_size int The threshold for query payloads in bytes. A payload greater than this threshold will result in a failure to handle the query. + --mem-profile-rate int deprecated: use '-pprof=mem' instead (default 524288) + --message_stream_grace_period duration the amount of time to give for a vttablet to resume if it ends a message stream, usually because of a reparent. (default 30s) + --min_number_serving_vttablets int the minimum number of vttablets for each replicating tablet_type (e.g. replica, rdonly) that will be continue to be used even with replication lag above discovery_low_replication_lag, but still below discovery_high_replication_lag_minimum_serving (default 2) + --mutex-profile-fraction int deprecated: use '-pprof=mutex' instead + --mysql-server-pool-conn-read-buffers If set, the server will pool incoming connection read buffers + --mysql_allow_clear_text_without_tls If set, the server will allow the use of a clear text password over non-SSL connections. + --mysql_auth_server_impl string Which auth server implementation to use. Options: none, ldap, clientcert, static, vault. (default "static") + --mysql_auth_server_static_file string JSON File to read the users/passwords from. + --mysql_auth_server_static_string string JSON representation of the users/passwords config. + --mysql_auth_static_reload_interval duration Ticker to reload credentials (default 0s) + --mysql_auth_vault_addr string URL to Vault server + --mysql_auth_vault_path string Vault path to vtgate credentials JSON blob, e.g.: secret/data/prod/vtgatecreds + --mysql_auth_vault_role_mountpoint string Vault AppRole mountpoint; can also be passed using VAULT_MOUNTPOINT environment variable (default "approle") + --mysql_auth_vault_role_secretidfile string Path to file containing Vault AppRole secret_id; can also be passed using VAULT_SECRETID environment variable + --mysql_auth_vault_roleid string Vault AppRole id; can also be passed using VAULT_ROLEID environment variable + --mysql_auth_vault_timeout duration Timeout for vault API operations (default 10s) + --mysql_auth_vault_tls_ca string Path to CA PEM for validating Vault server certificate + --mysql_auth_vault_tokenfile string Path to file containing Vault auth token; token can also be passed using VAULT_TOKEN environment variable + --mysql_auth_vault_ttl duration How long to cache vtgate credentials from the Vault server (default 30m0s) + --mysql_clientcert_auth_method string client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") + --mysql_default_workload string Default session workload (OLTP, OLAP, DBA) (default "OLTP") + --mysql_ldap_auth_config_file string JSON File from which to read LDAP server config. + --mysql_ldap_auth_config_string string JSON representation of LDAP server config. + --mysql_ldap_auth_method string client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") + --mysql_server_bind_address string Binds on this address when listening to MySQL binary protocol. Useful to restrict listening to 'localhost' only for instance. + --mysql_server_flush_delay duration Delay after which buffered response will be flushed to the client. (default 100ms) + --mysql_server_port int If set, also listen for MySQL binary protocol connections on this port. (default -1) + --mysql_server_query_timeout duration mysql query timeout (default 0s) + --mysql_server_read_timeout duration connection read timeout (default 0s) + --mysql_server_require_secure_transport Reject insecure connections but only if mysql_server_ssl_cert and mysql_server_ssl_key are provided + --mysql_server_socket_path string This option specifies the Unix socket file to use when listening for local connections. By default it will be empty and it won't listen to a unix socket + --mysql_server_ssl_ca string Path to ssl CA for mysql server plugin SSL. If specified, server will require and validate client certs. + --mysql_server_ssl_cert string Path to the ssl cert for mysql server plugin SSL + --mysql_server_ssl_crl string Path to ssl CRL for mysql server plugin SSL + --mysql_server_ssl_key string Path to ssl key for mysql server plugin SSL + --mysql_server_ssl_server_ca string path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients + --mysql_server_tls_min_version string Configures the minimal TLS version negotiated when SSL is enabled. Defaults to TLSv1.2. Options: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3. + --mysql_server_version string MySQL server version to advertise. + --mysql_server_write_timeout duration connection write timeout (default 0s) + --mysql_slow_connect_warn_threshold duration Warn if it takes more than the given threshold for a mysql connection to establish (default 0s) + --mysql_tcp_version string Select tcp, tcp4, or tcp6 to control the socket type. (default "tcp") + --no_scatter when set to true, the planner will fail instead of producing a plan that includes scatter queries + --no_vstream_copy when set to true, vstream copy will not be allowed - temporary until we can properly support RDONLY for this + --normalize_queries Rewrite queries with bind vars. Turn this off if the app itself sends normalized queries with bind vars. (default true) + --onclose_timeout duration wait no more than this for OnClose handlers before stopping (default 1ns) + --onterm_timeout duration wait no more than this for OnTermSync handlers before stopping (default 10s) + --opentsdb_uri string URI of opentsdb /api/put method + --pid_file string If set, the process will write its pid to the named file, and delete it on graceful shutdown. + --planner-version string Sets the default planner to use when the session has not changed it. Valid values are: V3, Gen4, Gen4Greedy and Gen4Fallback. Gen4Fallback tries the gen4 planner and falls back to the V3 planner if the gen4 fails. + --planner_version string Deprecated flag. Use planner-version instead + --port int port for the server + --pprof string enable profiling + --proxy_protocol Enable HAProxy PROXY protocol on MySQL listener socket + --purge_logs_interval duration how often try to remove old logs (default 1h0m0s) + --querylog-filter-tag string string that must be present in the query for it to be logged; if using a value as the tag, you need to disable query normalization + --querylog-format string format for query logs ("text" or "json") (default "text") + --querylog-row-threshold uint Number of rows a query has to return or affect before being logged; not useful for streaming queries. 0 means all queries will be logged. + --redact-debug-ui-queries redact full queries and bind variables from debug UI + --remote_operation_timeout duration time to wait for a remote operation (default 30s) + --retry-count int retry count (default 2) + --schema_change_signal Enable the schema tracker; requires queryserver-config-schema-change-signal to be enabled on the underlying vttablets for this to work (default true) + --schema_change_signal_user string User to be used to send down query to vttablet to retrieve schema changes + --security_policy string the name of a registered security policy to use for controlling access to URLs - empty means allow all for anyone (built-in policies: deny-all, read-only) + --service_map StringList comma separated list of services to enable (or disable if prefixed with '-') Example: grpc-queryservice + --sql-max-length-errors int truncate queries in error logs to the given length (default unlimited) + --sql-max-length-ui int truncate queries in debug UIs to the given length (default 512) (default 512) + --srv_topo_cache_refresh duration how frequently to refresh the topology for cached entries (default 1s) + --srv_topo_cache_ttl duration how long to use cached entries for topology (default 1s) + --srv_topo_timeout duration topo server timeout (default 5s) + --stats_backend string The name of the registered push-based monitoring/stats backend to use + --stats_combine_dimensions string List of dimensions to be combined into a single "all" value in exported stats vars + --stats_common_tags string Comma-separated list of common tags for the stats backend. It provides both label and values. Example: label1:value1,label2:value2 + --stats_drop_variables string Variables to be dropped from the list of exported variables. + --stats_emit_period duration Interval between emitting stats to all registered backends (default 1m0s) + --statsd_address string Address for statsd client + --statsd_sample_rate float (default 1) + --stderrthreshold severity logs at or above this threshold go to stderr (default 1) + --stream_buffer_size int the number of bytes sent from vtgate for each stream call. It's recommended to keep this value in sync with vttablet's query-server-config-stream-buffer-size. (default 32768) + --structured-logging whether to use structured logging (Zap) or the original (glog) logger + --tablet_filters StringList Specifies a comma-separated list of 'keyspace|shard_name or keyrange' values to filter the tablets to watch + --tablet_grpc_ca string the server ca to use to validate servers when connecting + --tablet_grpc_cert string the cert to use to connect + --tablet_grpc_crl string the server crl to use to validate server certificates when connecting + --tablet_grpc_key string the key to use to connect + --tablet_grpc_server_name string the server name to use to validate server certificate + --tablet_manager_protocol string the protocol to use to talk to vttablet (default "grpc") + --tablet_protocol string how to talk to the vttablets (default "grpc") + --tablet_refresh_interval duration tablet refresh interval (default 1m0s) + --tablet_refresh_known_tablets tablet refresh reloads the tablet address/port map from topo in case it changes (default true) + --tablet_types_to_wait string wait till connected for specified tablet types during Gateway initialization + --tablet_url_template string format string describing debug tablet url formatting. See the Go code for getTabletDebugURL() how to customize this. (default "http://{{.GetTabletHostPort}}") + --topo_consul_idle_conn_timeout duration Maximum amount of time to pool idle connections. (default 1m30s) + --topo_consul_lock_delay duration LockDelay for consul session. (default 15s) + --topo_consul_lock_session_checks string List of checks for consul session. (default "serfHealth") + --topo_consul_lock_session_ttl string TTL for consul session. + --topo_consul_max_conns_per_host int Maximum number of consul connections per host. + --topo_consul_max_idle_conns int Maximum number of idle consul connections. (default 100) + --topo_consul_watch_poll_duration duration time of the long poll for watch queries. (default 30s) + --topo_etcd_lease_ttl int Lease TTL for locks and leader election. The client will use KeepAlive to keep the lease going. (default 30) + --topo_etcd_tls_ca string path to the ca to use to validate the server cert when connecting to the etcd topo server + --topo_etcd_tls_cert string path to the client cert to use to connect to the etcd topo server, requires topo_etcd_tls_key, enables TLS + --topo_etcd_tls_key string path to the client key to use to connect to the etcd topo server, enables TLS + --topo_global_root string the path of the global topology data in the global topology server + --topo_global_server_address string the address of the global topology server + --topo_implementation string the topology implementation to use + --topo_k8s_context string The kubeconfig context to use, overrides the 'current-context' from the config + --topo_k8s_kubeconfig string Path to a valid kubeconfig file. When running as a k8s pod inside the same cluster you wish to use as the topo, you may omit this and the below arguments, and Vitess is capable of auto-discovering the correct values. https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod + --topo_k8s_namespace string The kubernetes namespace to use for all objects. Default comes from the context or in-cluster config + --topo_read_concurrency int concurrent topo reads (default 32) + --topo_zk_auth_file string auth to use when connecting to the zk topo server, file contents should be :, e.g., digest:user:pass + --topo_zk_base_timeout duration zk base timeout (see zk.Connect) (default 30s) + --topo_zk_max_concurrency int maximum number of pending requests to send to a Zookeeper server. (default 64) + --topo_zk_tls_ca string the server ca to use to validate servers when connecting to the zk topo server + --topo_zk_tls_cert string the cert to use to connect to the zk topo server, requires topo_zk_tls_key, enables TLS + --topo_zk_tls_key string the key to use to connect to the zk topo server, enables TLS + --tracer string tracing service to use (default "noop") + --tracing-enable-logging whether to enable logging in the tracing service + --tracing-sampling-rate OptionalFloat64 sampling rate for the probabilistic jaeger sampler (default 0.1) + --tracing-sampling-type OptionalString sampling strategy to use for jaeger. possible values are 'const', 'probabilistic', 'rateLimiting', or 'remote' (default const) + --transaction_mode string SINGLE: disallow multi-db transactions, MULTI: allow multi-db transactions with best effort commit, TWOPC: allow multi-db transactions with 2pc commit (default "MULTI") + -v, --v Level log level for V logs + --version print binary version + --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging + --vschema_ddl_authorized_users string List of users authorized to execute vschema ddl operations, or '%' to allow all users. + --vtctld_addr string address of a vtctld instance + --vtgate-config-terse-errors prevent bind vars from escaping in returned errors + --warn_memory_rows int Warning threshold for in-memory results. A row count higher than this amount will cause the VtGateWarnings.ResultsExceeded counter to be incremented. (default 30000) + --warn_payload_size int The warning threshold for query payloads in bytes. A payload greater than this threshold will cause the VtGateWarnings.WarnPayloadSizeExceeded counter to be incremented. + --warn_sharded_only If any features that are only available in unsharded mode are used, query execution warnings will be added to the session