You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| cm_session_timeout_minutes | integer (default: 15) | The timeout (in minutes) for the session to the CM |
23
-
| cnm_http_max_threads_per_worker | integer (default: 10) | Maximum number of threads per worker in the `cnm_http` service (deprecated) |
22
+
|<spanclass="break-all">cm_session_timeout_minutes</span>| integer (default: 15) | The timeout (in minutes) for the session to the CM |
23
+
|<spanclass="break-all">cnm_http_max_threads_per_worker</span>| integer (default: 10) | Maximum number of threads per worker in the `cnm_http` service (deprecated) |
24
24
| cnm_http_port | integer, (range: 1024-65535) | API HTTP listening port |
25
25
| cnm_http_workers | integer (default: 1) | Number of workers in the `cnm_http` service |
26
26
| cnm_https_port | integer, (range: 1024-65535) | API HTTPS listening port |
27
27
| control_cipher_suites | string | Specifies the enabled ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. |
28
-
| control_cipher_suites_tls_1_3 | string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |
28
+
|<spanclass="break-all">control_cipher_suites_tls_1_3</span>| string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |
| crdt_rest_client_retries | integer | Maximum number of retries for the REST client used by the Active-Active management API |
31
31
| crdt_rest_client_timeout | integer | Timeout for REST client used by the Active-Active management API |
32
32
| created_time | string | Cluster creation date (read-only) |
33
33
| data_cipher_list | string | Specifies the enabled ciphers for the data plane. The ciphers are specified in the format understood by the OpenSSL library. |
34
-
| data_cipher_suites_tls_1_3 | string | Specifies the enabled TLS 1.3 ciphers for the data plane. |
34
+
|<spanclass="break-all">data_cipher_suites_tls_1_3</span>| string | Specifies the enabled TLS 1.3 ciphers for the data plane. |
35
35
| debuginfo_path | string | Path to a local directory used when generating support packages |
36
-
| default_non_sharded_proxy_policy | string (default: single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |
37
-
| default_sharded_proxy_policy | string (default: all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |
36
+
|<spanclass="break-all">default_non_sharded_proxy_policy</span>| string (default: single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |
37
+
|<spanclass="break-all">default_sharded_proxy_policy</span>| string (default: all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |
| encrypt_pkeys | boolean (default: false) | Enable or turn off encryption of private keys |
41
41
| envoy_admin_port | integer, (range: 1024-65535) | Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway.|
42
-
| envoy_max_downstream_connections | integer, (range: 100-2048) | The max downstream connections envoy is allowed to open |
42
+
|<spanclass="break-all">envoy_max_downstream_connections</span>| integer, (range: 100-2048) | The max downstream connections envoy is allowed to open |
43
43
| envoy_mgmt_server_port | integer, (range: 1024-65535) | Envoy management server port|
| handle_redirects | boolean (default: false) | Handle API HTTPS requests and redirect to the master node internally |
46
46
| http_support | boolean (default: false) | Enable or turn off HTTP support |
47
47
| min_control_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the control path |
48
48
| min_data_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the data path |
49
49
| min_sentinel_TLS_version | '1.2'<br />'1.3' | The minimum version of TLS protocol which is supported at the data path |
50
+
| mtls_authorized_subjects | object | {{<code>}}[{<br /> "CN": string,<br /> "O": string,<br /> "OU": [array of strings],<br /> "L": string,<br /> "ST": string,<br /> "C": string<br />}, ...]{{</code>}} A list of valid subjects used for additional certificate validations during TLS client authentication. All subject attributes are case-sensitive.<br />**Required subject fields**:<br />"CN" for Common Name<br />**Optional subject fields:**<br />"O" for Organization<br />"OU" for Organizational Unit (array of strings)<br />"L" for Locality (city)<br />"ST" for State/Province<br />"C" for 2-letter country code |
51
+
| <spanclass="break-all">mtls_certificate_authentication</span> | boolean | Require authentication of client certificates for mTLS connections to the cluster. The API_CA certificate should be configured as a prerequisite. |
52
+
| <spanclass="break-all">mtls_client_cert_subject_validation_type</span> |`disabled`<br />`san_cn`<br />`full_subject`| Enables additional certificate validations that further limit connections to clients with valid certificates during TLS client authentication.<br />Values:<br />**disabled**: Authenticates clients with valid certificates. No additional validations are enforced.<br />**san_cn**: A client certificate is valid only if its Common Name (CN) matches an entry in the list of valid subjects. Ignores other Subject attributes.<br />**full_subject**: A client certificate is valid only if its Subject attributes match an entry in the list of valid subjects. |
50
53
| name | string | Cluster's fully qualified domain name (read-only) |
| password_expiration_duration | integer (default: 0) | The number of days a password is valid until the user is required to replace it |
55
+
|<spanclass="break-all">password_expiration_duration</span>| integer (default: 0) | The number of days a password is valid until the user is required to replace it |
53
56
| password_min_length | integer, (range: 8-256) (default: 8) | The minimum length required for a password. |
| proxy_max_ccs_disconnection_time | integer | Cluster-wide proxy timeout policy between proxy and CCS |
58
+
|<spanclass="break-all">proxy_max_ccs_disconnection_time</span>| integer | Cluster-wide proxy timeout policy between proxy and CCS |
56
59
| rack_aware | boolean | Cluster operates in a rack-aware mode (read-only) |
57
60
| reserved_ports | array of strings | List of reserved ports and/or port ranges to avoid using for database endpoints (for example `"reserved_ports": ["11000", "13000-13010"]`) |
58
61
| s3_url | string | Specifies the URL for S3 export and import |
| sentinel_cipher_suites | array | Specifies the list of enabled ciphers for the sentinel service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package. |
61
-
| sentinel_cipher_suites_tls_1_3 | string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package.(read-only) |
64
+
|<spanclass="break-all">sentinel_cipher_suites_tls_1_3<span>| string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the [cipher_suites.go](<https://golang.org/src/crypto/tls/cipher_suites.go>) package.(read-only) |
62
65
| sentinel_tls_mode | 'allowed'<br />'disabled' <br />'required' | Determines whether the discovery service allows, blocks, or requires TLS connections (previously named `sentinel_ssl_policy`)<br />**allowed**: Allows both TLS and non-TLS connections<br />**disabled**: Allows only non-TLS connections<br />**required**: Allows only TLS connections |
| slave_ha_bdb_cooldown_period | integer (default: 86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |
65
-
| slave_ha_cooldown_period | integer (default: 3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |
66
-
| slave_ha_grace_period | integer (default: 900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |
67
-
| slowlog_in_sanitized_support | boolean | Whether to include slowlogs in the sanitized support package |
67
+
|<spanclass="break-all">slave_ha_bdb_cooldown_period</span>| integer (default: 86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |
68
+
|<spanclass="break-all">slave_ha_cooldown_period</span>| integer (default: 3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |
69
+
|<spanclass="break-all">slave_ha_grace_period</span>| integer (default: 900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |
70
+
|<spanclass="break-all">slowlog_in_sanitized_support</span>| boolean | Whether to include slowlogs in the sanitized support package |
68
71
| smtp_host | string | SMTP server for automated emails |
69
72
| smtp_password | string | SMTP server password |
70
73
| smtp_port | integer | SMTP server port for automated emails |
0 commit comments