diff --git a/content/en/docs/18.0/reference/programs/vtgate.md b/content/en/docs/18.0/reference/programs/vtgate.md index 566f920a0..c423facd4 100644 --- a/content/en/docs/18.0/reference/programs/vtgate.md +++ b/content/en/docs/18.0/reference/programs/vtgate.md @@ -30,208 +30,209 @@ vtgate \ The following global options apply to `vtgate`: -| Name | Type | Definition | -|:-----------------------------------------------------------------|:----------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| --allowed_tablet_types | Strings | Specifies the tablet types this vtgate is allowed to route queries to. Should be provided as a comma-separated set of tablet types. | -| --alsologtostderr | Boolean | log to standard error as well as files | -| --buffer_drain_concurrency | Int | Maximum number of requests retried simultaneously. More concurrency will increase the load on the PRIMARY vttablet when draining the buffer. (default 1) | -| --buffer_implementation | String | Allowed values: healthcheck (legacy implementation), keyspace_events (default) (default "keyspace_events") | -| --buffer_keyspace_shards | String | If not empty, limit buffering to these entries (comma separated). Entry format: keyspace or keyspace/shard. Requires --enable_buffer=true. | -| --buffer_max_failover_duration | Duration | Stop buffering completely if a failover takes longer than this duration. (default 20s) | -| --buffer_min_time_between_failovers | Duration | Minimum time between the end of a failover and the start of the next one (tracked per shard). Faster consecutive failovers will not trigger buffering. (default 1m0s) | -| --buffer_size | Int | Maximum number of buffered requests in flight (across all ongoing failovers). (default 1000) | -| --buffer_window | Duration | Duration for how long a request should be buffered at most. (default 10s) | -| --catch-sigpipe | Boolean | catch and ignore SIGPIPE on stdout and stderr if specified | -| --cell | String | | | cell to use | -| --cells_to_watch | String | comma-separated list of cells for watching tablets | -| --consul_auth_static_file | String | JSON File to read the topos/tokens from. | -| --datadog-agent-host | String | host to send spans to. if empty, no tracing will be done | -| --datadog-agent-port | String | port to send spans to. if empty, no tracing will be done | -| --dbddl_plugin | String | controls how to handle CREATE/DROP DATABASE. use it if you are using your own database provisioning service (default "fail") | -| --ddl_strategy | String | Set default strategy for DDL statements. Override with @@ddl_strategy session variable (default "direct") | -| --default_tablet_type | Topodatapb.TabletType | The default tablet type to set for queries, when one is not explicitly selected. (default PRIMARY) | -| --discovery_high_replication_lag_minimum_serving | Duration | Threshold above which replication lag is considered too high when applying the min_number_serving_vttablets flag. (default 2h0m0s) | -| --discovery_low_replication_lag | Duration | Threshold below which replication lag is considered low enough to be healthy. (default 30s) | -| --emit_stats | Boolean | If set, emit stats to push-based monitoring and stats backends | -| --enable-partial-keyspace-migration | Boolean | (Experimental) Follow shard routing rules: enable only while migrating a keyspace shard by shard. See documentation on Partial MoveTables for more. (default false) | -| --enable-views | Boolean | Enable views support in vtgate. | -| --enable_buffer | Boolean | Enable buffering (stalling) of primary traffic during failovers. | -| --enable_buffer_dry_run | Boolean | Detect and log failover events, but do not actually buffer requests. | -| --enable_direct_ddl | Boolean | Allow users to submit direct DDL statements (default true) | -| --enable_online_ddl | Boolean | Allow users to submit, review and control Online DDL (default true) | -| --enable_set_var | Boolean | This will enable the use of MySQL's SET_VAR query hint for certain system variables instead of using reserved connections (default true) | -| --enable_system_settings | Boolean | This will enable the system settings to be changed per session at the database connection level (default true) | -| --foreign_key_mode | String | This is to provide how to handle foreign key constraint in create/alter table. Valid values are: allow, disallow (default "allow") | -| --gate_query_cache_lfu | Boolean | gate server cache algorithm. when set to true, a new cache algorithm based on a TinyLFU admission policy will be used to improve cache behavior and prevent pollution from sparse queries (default true) | -| --gate_query_cache_memory | Int | gate server query cache size in bytes, maximum amount of memory to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a lru cache. This config controls the capacity of the lru cache. (default 33554432) | -| --gate_query_cache_size | Int | gate server query cache size, maximum number of queries to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a cache. This config controls the expected amount of unique entries in the cache. (default 5000) | -| --gateway_initial_tablet_timeout | Duration | At startup, the tabletGateway will wait up to this duration to get at least one tablet per keyspace/shard/tablet type (default 30s) | -| --grpc-use-effective-groups | Boolean | If set, and SSL is not used, will set the immediate caller's security groups from the effective caller id's groups. | -| --grpc_auth_mode | String | Which auth plugin implementation to use (eg: static) | -| --grpc_auth_mtls_allowed_substrings | String | List of substrings of at least one of the client certificate names (separated by colon). | -| --grpc_auth_static_client_creds | String | When using grpc_static_auth in the server, this file provides the credentials to use to authenticate with server. | -| --grpc_auth_static_password_file | String | JSON File to read the users/passwords from. | -| --grpc_ca | String | server CA to use for gRPC connections, requires TLS, and enforces client certificate check | -| --grpc_cert | String | server certificate to use for gRPC connections, requires grpc_key, enables TLS | -| --grpc_compression | String | Which protocol to use for compressing gRPC. Default: nothing. Supported: snappy | -| --grpc_crl | String | path to a certificate revocation list in PEM format, client certificates will be further verified against this file during TLS handshake | -| --grpc_enable_optional_tls | Boolean | enable optional TLS mode when a server accepts both TLS and plain-text connections on the same port | -| --grpc_enable_tracing | Boolean | Enable gRPC tracing. | -| --grpc_initial_conn_window_size | Int | gRPC initial connection window size | -| --grpc_initial_window_size | Int | gRPC initial window size | -| --grpc_keepalive_time | Duration | After a duration of this time, if the client doesn't see any activity, it pings the server to see if the transport is still alive. (default 10s) | -| --grpc_keepalive_timeout | Duration | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. (default 10s) | -| --grpc_key | String | server private key to use for gRPC connections, requires grpc_cert, enables TLS | -| --grpc_max_connection_age | Duration | Maximum age of a client connection before GoAway is sent. (default 2562047h47m16.854775807s) | -| --grpc_max_connection_age_grace | Duration | Additional grace period after grpc_max_connection_age, after which connections are forcibly closed. (default 2562047h47m16.854775807s) | -| --grpc_max_message_size | Int | Maximum allowed RPC message size. Larger messages will be rejected by gRPC with the error 'exceeding the max size'. (default 16777216) | -| --grpc_port | Int | Port to listen on for gRPC calls. If zero, do not listen. | -| --grpc_prometheus | Boolean | Enable gRPC monitoring with Prometheus. | -| --grpc_server_ca | String | path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients | -| --grpc_server_initial_conn_window_size | Int | gRPC server initial connection window size | -| --grpc_server_initial_window_size | Int | gRPC server initial window size | -| --grpc_server_keepalive_enforcement_policy_min_time | Duration | gRPC server minimum keepalive time (default 10s) | -| --grpc_server_keepalive_enforcement_policy_permit_without_stream | Boolean | gRPC server permit client keepalive pings even when there are no active streams (RPCs) | -| --grpc_use_effective_callerid | Boolean | If set, and SSL is not used, will set the immediate caller id from the effective caller id's principal. | -| --grpc-use-static-authentication-callerid | boolean | If set, will set the immediate caller id to the username authenticated by the static auth plugin. | -| --healthcheck_retry_delay | Duration | health check retry delay (default 2ms) | -| --healthcheck_timeout | Duration | the health check timeout period (default 1m0s) | -| -h, --help | Boolean | display usage and exit | -| --jaeger-agent-host | String | host and port to send spans to. if empty, no tracing will be done | -| --keep_logs | Duration | keep logs for this long (using ctime) (zero to keep forever) | -| --keep_logs_by_mtime | Duration | keep logs for this long (using mtime) (zero to keep forever) | -| --keyspaces_to_watch | Strings | Specifies which keyspaces this vtgate should have access to while routing queries or accessing the vschema. | -| --lameduck-period | Duration | keep running at least this long after SIGTERM before stopping (default 50ms) | -| --legacy_replication_lag_algorithm | Boolean | Use the legacy algorithm when selecting vttablets for serving. (default true) | -| --lock-timeout | Duration | Maximum time for which a shard/keyspace lock can be acquired for (default 45s) | -| --lock_heartbeat_time | Duration | If there is lock function used. This will keep the lock connection active by using this heartbeat (default 5s) | -| --log_backtrace_at | TraceLocation | when logging hits line file:N, emit a stack trace (default :0) | -| --log_dir | String | If non-empty, write log files in this directory | -| --log_err_stacks | Boolean | log stack traces for errors | -| --log_queries_to_file | String | Enable query logging to the specified file | -| --log_rotate_max_size | Uint | size in bytes at which logs are rotated (glog.MaxSize) (default 1887436800) | -| --logtostderr | Boolean | log to standard error instead of files | -| --max-stack-size | Int | configure the maximum stack size in bytes (default 67108864) | -| --max_memory_rows | Int | Maximum number of rows that will be held in memory for intermediate results as well as the final result. (default 300000) | -| --max_payload_size | Int | The threshold for query payloads in bytes. A payload greater than this threshold will result in a failure to handle the query. | -| --message_stream_grace_period | Duration | the amount of time to give for a vttablet to resume if it ends a message stream, usually because of a reparent. (default 30s) | -| --min_number_serving_vttablets | Int | The minimum number of vttablets for each replicating tablet_type (e.g. replica, rdonly) that will be continue to be used even with replication lag above discovery_low_replication_lag, but still below discovery_high_replication_lag_minimum_serving. (default 2) | -| --mysql-server-pool-conn-read-buffers | Boolean | If set, the server will pool incoming connection read buffers | -| --mysql_allow_clear_text_without_tls | Boolean | If set, the server will allow the use of a clear text password over non-SSL connections. | -| --mysql_auth_server_impl | String | Which auth server implementation to use. Options: none, ldap, clientcert, static, vault. (default "static") | -| --mysql_auth_server_static_file | String | JSON File to read the users/passwords from. | -| --mysql_auth_server_static_string | String | JSON representation of the users/passwords config. | -| --mysql_auth_static_reload_interval | Duration | Ticker to reload credentials | -| --mysql_auth_vault_addr | String | URL to Vault server | -| --mysql_auth_vault_path | String | Vault path to vtgate credentials JSON blob, e.g.: secret/data/prod/vtgatecreds | -| --mysql_auth_vault_role_mountpoint | String | Vault AppRole mountpoint; can also be passed using VAULT_MOUNTPOINT environment variable (default "approle") | -| --mysql_auth_vault_role_secretidfile | String | Path to file containing Vault AppRole secret_id; can also be passed using VAULT_SECRETID environment variable | -| --mysql_auth_vault_roleid | String | Vault AppRole id; can also be passed using VAULT_ROLEID environment variable | -| --mysql_auth_vault_timeout | Duration | Timeout for vault API operations (default 10s) | -| --mysql_auth_vault_tls_ca | String | Path to CA PEM for validating Vault server certificate | -| --mysql_auth_vault_tokenfile | String | Path to file containing Vault auth token; token can also be passed using VAULT_TOKEN environment variable | -| --mysql_auth_vault_ttl | Duration | How long to cache vtgate credentials from the Vault server (default 30m0s) | -| --mysql_clientcert_auth_method | String | client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") | -| --mysql_default_workload | String | Default session workload (OLTP, OLAP, DBA) (default "OLTP") | -| --mysql_ldap_auth_config_file | String | JSON File from which to read LDAP server config. | -| --mysql_ldap_auth_config_string | String | JSON representation of LDAP server config. | -| --mysql_ldap_auth_method | String | client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") | -| --mysql_server_bind_address | String | Binds on this address when listening to MySQL binary protocol. Useful to restrict listening to 'localhost' only for instance. | -| --mysql_server_flush_delay | Duration | Delay after which buffered response will be flushed to the client. (default 100ms) | -| --mysql_server_port | Int | If set, also listen for MySQL binary protocol connections on this port. (default -1) | -| --mysql_server_query_timeout | Duration | mysql query timeout | -| --mysql_server_read_timeout | Duration | connection read timeout | -| --mysql_server_require_secure_transport | Boolean | Reject insecure connections but only if mysql_server_ssl_cert and mysql_server_ssl_key are provided | -| --mysql_server_socket_path | String | This option specifies the Unix socket file to use when listening for local connections. By default it will be empty and it won't listen to a unix socket | -| --mysql_server_ssl_ca | String | Path to ssl CA for mysql server plugin SSL. If specified, server will require and validate client certs. | -| --mysql_server_ssl_cert | String | Path to the ssl cert for mysql server plugin SSL | -| --mysql_server_ssl_crl | String | Path to ssl CRL for mysql server plugin SSL | -| --mysql_server_ssl_key | String | Path to ssl key for mysql server plugin SSL | -| --mysql_server_ssl_server_ca | String | path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients | -| --mysql_server_tls_min_version | String | Configures the minimal TLS version negotiated when SSL is enabled. Defaults to TLSv1.2. Options: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3. | -| --mysql_server_version | String | MySQL server version to advertise. | -| --mysql_server_write_timeout | Duration | connection write timeout | -| --mysql_slow_connect_warn_threshold | Duration | Warn if it takes more than the given threshold for a mysql connection to establish | -| --mysql_tcp_version | String | Select tcp, tcp4, or tcp6 to control the socket type. (default "tcp") | -| --no_scatter | Boolean | when set to true, the planner will fail instead of producing a plan that includes scatter queries | -| --normalize_queries | Boolean | Rewrite queries with bind vars. Turn this off if the app itself sends normalized queries with bind vars. (default true) | -| --onclose_timeout | Duration | wait no more than this for OnClose handlers before stopping (default 10s) | -| --onterm_timeout | Duration | wait no more than this for OnTermSync handlers before stopping (default 10s) | -| --opentsdb_uri | String | URI of opentsdb /api/put method | -| --pid_file | String | If set, the process will write its pid to the named file, and delete it on graceful shutdown. | -| --planner-version | String | Sets the default planner to use when the session has not changed it. Valid values are: V3, Gen4, Gen4Greedy and Gen4Fallback. Gen4Fallback tries the gen4 planner and falls back to the V3 planner if the gen4 fails. | -| --port | Int | port for the server | -| --pprof strings | Boolean | enable profiling | -| --proxy_protocol | Boolean | Enable HAProxy PROXY protocol on MySQL listener socket | -| --purge_logs_interval | Duration | how often try to remove old logs (default 1h0m0s) | -| --query-timeout | Int | Sets the default query timeout (in ms). Can be overridden by session variable (query_timeout) or comment directive (QUERY_TIMEOUT_MS) | -| --querylog-buffer-size | Int | Maximum number of buffered query logs before throttling log output (default 10) | -| --querylog-filter-tag | String | string that must be present in the query for it to be logged; if using a value as the tag, you need to disable query normalization | -| --querylog-format | String | format for query logs ("text" or "json") (default "text") | -| --querylog-row-threshold | Uint | Number of rows a query has to return or affect before being logged; not useful for streaming queries. 0 means all queries will be logged. | -| --redact-debug-ui-queries | Boolean | redact full queries and bind variables from debug UI | -| --remote_operation_timeout | Duration | time to wait for a remote operation (default 15s) | -| --retry-count | Int | retry count (default 2) | -| --schema_change_signal | Boolean | Enable the schema tracker; requires queryserver-config-schema-change-signal to be enabled on the underlying vttablets for this to work (default true) | -| --schema_change_signal_user | String | User to be used to send down query to vttablet to retrieve schema changes | -| --security_policy | String | the name of a registered security policy to use for controlling access to URLs - empty means allow all for anyone (built-in policies: deny-all, read-only) | -| --service_map | Strings | comma separated list of services to enable (or disable if prefixed with '-') Example: grpc-queryservice | -| --sql-max-length-errors | Int | truncate queries in error logs to the given length (default unlimited) | -| --sql-max-length-ui | Int | truncate queries in debug UIs to the given length (default 512) (default 512) | -| --srv_topo_cache_refresh | Duration | how frequently to refresh the topology for cached entries (default 1s) | -| --srv_topo_cache_ttl | Duration | how long to use cached entries for topology (default 1s) | -| --srv_topo_timeout | Duration | topo server timeout (default 5s) | -| --stats_backend | String | The name of the registered push-based monitoring/stats backend to use | -| --stats_combine_dimensions | String | List of dimensions to be combined into a single "all" value in exported stats vars | -| --stats_common_tags | Strings | Comma-separated list of common tags for the stats backend. It provides both label and values. Example: label1:value1,label2:value2 | -| --stats_drop_variables | String | Variables to be dropped from the list of exported variables. | -| --stats_emit_period | Duration | Interval between emitting stats to all registered backends (default 1m0s) | -| --statsd_address | String | Address for statsd client | -| --statsd_sample_rate | Float | Sample rate for statsd metrics (default 1) | -| --stderrthreshold | Severity | logs at or above this threshold go to stderr (default 1) | -| --stream_buffer_size | Int | the number of bytes sent from vtgate for each stream call. It's recommended to keep this value in sync with vttablet's query-server-config-stream-buffer-size. (default 32768) | -| --tablet_filters | Strings | Specifies a comma-separated list of 'keyspace | shard_name or keyrange' values to filter the tablets to watch. | -| --tablet_grpc_ca | String | the server ca to use to validate servers when connecting | -| --tablet_grpc_cert | String | the cert to use to connect | -| --tablet_grpc_crl | String | the server crl to use to validate server certificates when connecting | -| --tablet_grpc_key | String | the key to use to connect | -| --tablet_grpc_server_name | String | the server name to use to validate server certificate | -| --tablet_protocol | String | Protocol to use to make queryservice RPCs to vttablets. (default "grpc") | -| --tablet_refresh_interval | Duration | Tablet refresh interval. (default 1m0s) | -| --tablet_refresh_known_tablets | Boolean | Whether to reload the tablet's address/port map from topo in case they change. (default true) | -| --tablet_types_to_wait | Strings | Wait till connected for specified tablet types during Gateway initialization. Should be provided as a comma-separated set of tablet types. | -| --tablet_url_template | String | Format string describing debug tablet url formatting. See getTabletDebugURL() for how to customize this. (default "http://{{.GetTabletHostPort}}") | -| --topo_consul_lock_delay | Duration | LockDelay for consul session. (default 15s) | -| --topo_consul_lock_session_checks | String | List of checks for consul session. (default "serfHealth") | -| --topo_consul_lock_session_ttl | String | TTL for consul session. | -| --topo_consul_watch_poll_duration | Duration | time of the long poll for watch queries. (default 30s) | -| --topo_etcd_lease_ttl | Int | Lease TTL for locks and leader election. The client will use KeepAlive to keep the lease going. (default 30) | -| --topo_etcd_tls_ca | String | path to the ca to use to validate the server cert when connecting to the etcd topo server | -| --topo_etcd_tls_cert | String | path to the client cert to use to connect to the etcd topo server, requires topo_etcd_tls_key, enables TLS | -| --topo_etcd_tls_key | String | path to the client key to use to connect to the etcd topo server, enables TLS | -| --topo_global_root | String | the path of the global topology data in the global topology server | -| --topo_global_server_address | String | the address of the global topology server | -| --topo_implementation | String | the topology implementation to use | -| --topo_read_concurrency | Int | Concurrency of topo reads. (default 32) | -| --topo_zk_auth_file | String | auth to use when connecting to the zk topo server, file contents should be :, e.g., digest:user:pass | -| --topo_zk_base_timeout | Duration | zk base timeout (see zk.Connect) (default 30s) | -| --topo_zk_max_concurrency | Int | maximum number of pending requests to send to a Zookeeper server. (default 64) | -| --topo_zk_tls_ca | String | the server ca to use to validate servers when connecting to the zk topo server | -| --topo_zk_tls_cert | String | the cert to use to connect to the zk topo server, requires topo_zk_tls_key, enables TLS | -| --topo_zk_tls_key | String | the key to use to connect to the zk topo server, enables TLS | -| --tracer | String | tracing service to use (default "noop") | -| --tracing-enable-logging | Boolean | whether to enable logging in the tracing service | -| --tracing-sampling-rate | Float | sampling rate for the probabilistic jaeger sampler (default 0.1) | -| --tracing-sampling-type | String | sampling strategy to use for jaeger. possible values are 'const', 'probabilistic', 'rateLimiting', or 'remote' (default "const") | -| --transaction_mode | String | SINGLE: disallow multi-db transactions, MULTI: allow multi-db transactions with best effort commit, TWOPC: allow multi-db transactions with 2pc commit (default "MULTI") | -| --v | Level | log level for V logs | -| -v, --version | Boolean | print binary version | -| --vmodule | ModuleSpec | comma-separated list of pattern=N settings for file-filtered logging | -| --vschema_ddl_authorized_users | String | List of users authorized to execute vschema ddl operations, or '%' to allow all users. | -| --vtgate-config-terse-errors | Boolean | prevent bind vars from escaping in returned errors | -| --warn_memory_rows | Int | Warning threshold for in-memory results. A row count higher than this amount will cause the VtGateWarnings.ResultsExceeded counter to be incremented. (default 30000) | -| --warn_payload_size | Int | The warning threshold for query payloads in bytes. A payload greater than this threshold will cause the VtGateWarnings.WarnPayloadSizeExceeded counter to be incremented. | -| --warn_sharded_only | Boolean | If any features that are only available in unsharded mode are used, query execution warnings will be added to the session | +| Name | Type | Definition | +|:-----------------------------------------------------------------|:----------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| --allowed_tablet_types | Strings | Specifies the tablet types this vtgate is allowed to route queries to. Should be provided as a comma-separated set of tablet types. | +| --alsologtostderr | Boolean | log to standard error as well as files | +| --buffer_drain_concurrency | Int | Maximum number of requests retried simultaneously. More concurrency will increase the load on the PRIMARY vttablet when draining the buffer. (default 1) | +| --buffer_implementation | String | Allowed values: healthcheck (legacy implementation), keyspace_events (default) (default "keyspace_events") | +| --buffer_keyspace_shards | String | If not empty, limit buffering to these entries (comma separated). Entry format: keyspace or keyspace/shard. Requires --enable_buffer=true. | +| --buffer_max_failover_duration | Duration | Stop buffering completely if a failover takes longer than this duration. (default 20s) | +| --buffer_min_time_between_failovers | Duration | Minimum time between the end of a failover and the start of the next one (tracked per shard). Faster consecutive failovers will not trigger buffering. (default 1m0s) | +| --buffer_size | Int | Maximum number of buffered requests in flight (across all ongoing failovers). (default 1000) | +| --buffer_window | Duration | Duration for how long a request should be buffered at most. (default 10s) | +| --catch-sigpipe | Boolean | catch and ignore SIGPIPE on stdout and stderr if specified | +| --cell | String | | | cell to use | +| --cells_to_watch | String | comma-separated list of cells for watching tablets | +| --consul_auth_static_file | String | JSON File to read the topos/tokens from. | +| --datadog-agent-host | String | host to send spans to. if empty, no tracing will be done | +| --datadog-agent-port | String | port to send spans to. if empty, no tracing will be done | +| --dbddl_plugin | String | controls how to handle CREATE/DROP DATABASE. use it if you are using your own database provisioning service (default "fail") | +| --ddl_strategy | String | Set default strategy for DDL statements. Override with @@ddl_strategy session variable (default "direct") | +| --default_tablet_type | Topodatapb.TabletType | The default tablet type to set for queries, when one is not explicitly selected. (default PRIMARY) | +| --discovery_high_replication_lag_minimum_serving | Duration | Threshold above which replication lag is considered too high when applying the min_number_serving_vttablets flag. (default 2h0m0s) | +| --discovery_low_replication_lag | Duration | Threshold below which replication lag is considered low enough to be healthy. (default 30s) | +| --emit_stats | Boolean | If set, emit stats to push-based monitoring and stats backends | +| --enable-partial-keyspace-migration | Boolean | (Experimental) Follow shard routing rules: enable only while migrating a keyspace shard by shard. See documentation on Partial MoveTables for more. (default false) | +| --enable-views | Boolean | Enable views support in vtgate. | +| --enable_buffer | Boolean | Enable buffering (stalling) of primary traffic during failovers. | +| --enable_buffer_dry_run | Boolean | Detect and log failover events, but do not actually buffer requests. | +| --enable_direct_ddl | Boolean | Allow users to submit direct DDL statements (default true) | +| --enable_online_ddl | Boolean | Allow users to submit, review and control Online DDL (default true) | +| --enable_set_var | Boolean | This will enable the use of MySQL's SET_VAR query hint for certain system variables instead of using reserved connections (default true) | +| --enable_system_settings | Boolean | This will enable the system settings to be changed per session at the database connection level (default true) | +| --foreign_key_mode | String | This is to provide how to handle foreign key constraint in create/alter table. Valid values are: allow, disallow (default "allow") | +| --gate_query_cache_lfu | Boolean | gate server cache algorithm. when set to true, a new cache algorithm based on a TinyLFU admission policy will be used to improve cache behavior and prevent pollution from sparse queries (default true) | +| --gate_query_cache_memory | Int | gate server query cache size in bytes, maximum amount of memory to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a lru cache. This config controls the capacity of the lru cache. (default 33554432) | +| --gate_query_cache_size | Int | gate server query cache size, maximum number of queries to be cached. vtgate analyzes every incoming query and generate a query plan, these plans are being cached in a cache. This config controls the expected amount of unique entries in the cache. (default 5000) | +| --gateway_initial_tablet_timeout | Duration | At startup, the tabletGateway will wait up to this duration to get at least one tablet per keyspace/shard/tablet type (default 30s) | +| --grpc-use-effective-groups | Boolean | If set, and SSL is not used, will set the immediate caller's security groups from the effective caller id's groups. | +| --grpc_auth_mode | String | Which auth plugin implementation to use (eg: static) | +| --grpc_auth_mtls_allowed_substrings | String | List of substrings of at least one of the client certificate names (separated by colon). | +| --grpc_auth_static_client_creds | String | When using grpc_static_auth in the server, this file provides the credentials to use to authenticate with server. | +| --grpc_auth_static_password_file | String | JSON File to read the users/passwords from. | +| --grpc_ca | String | server CA to use for gRPC connections, requires TLS, and enforces client certificate check | +| --grpc_cert | String | server certificate to use for gRPC connections, requires grpc_key, enables TLS | +| --grpc_compression | String | Which protocol to use for compressing gRPC. Default: nothing. Supported: snappy | +| --grpc_crl | String | path to a certificate revocation list in PEM format, client certificates will be further verified against this file during TLS handshake | +| --grpc_enable_optional_tls | Boolean | enable optional TLS mode when a server accepts both TLS and plain-text connections on the same port | +| --grpc_enable_tracing | Boolean | Enable gRPC tracing. | +| --grpc_initial_conn_window_size | Int | gRPC initial connection window size | +| --grpc_initial_window_size | Int | gRPC initial window size | +| --grpc_keepalive_time | Duration | After a duration of this time, if the client doesn't see any activity, it pings the server to see if the transport is still alive. (default 10s) | +| --grpc_keepalive_timeout | Duration | After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed. (default 10s) | +| --grpc_key | String | server private key to use for gRPC connections, requires grpc_cert, enables TLS | +| --grpc_max_connection_age | Duration | Maximum age of a client connection before GoAway is sent. (default 2562047h47m16.854775807s) | +| --grpc_max_connection_age_grace | Duration | Additional grace period after grpc_max_connection_age, after which connections are forcibly closed. (default 2562047h47m16.854775807s) | +| --grpc_max_message_size | Int | Maximum allowed RPC message size. Larger messages will be rejected by gRPC with the error 'exceeding the max size'. (default 16777216) | +| --grpc_port | Int | Port to listen on for gRPC calls. If zero, do not listen. | +| --grpc_prometheus | Boolean | Enable gRPC monitoring with Prometheus. | +| --grpc_server_ca | String | path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients | +| --grpc_server_initial_conn_window_size | Int | gRPC server initial connection window size | +| --grpc_server_initial_window_size | Int | gRPC server initial window size | +| --grpc_server_keepalive_enforcement_policy_min_time | Duration | gRPC server minimum keepalive time (default 10s) | +| --grpc_server_keepalive_enforcement_policy_permit_without_stream | Boolean | gRPC server permit client keepalive pings even when there are no active streams (RPCs) | +| --grpc_use_effective_callerid | Boolean | If set, and SSL is not used, will set the immediate caller id from the effective caller id's principal. | +| --grpc-use-static-authentication-callerid | boolean | If set, will set the immediate caller id to the username authenticated by the static auth plugin. | +| --healthcheck_retry_delay | Duration | health check retry delay (default 2ms) | +| --healthcheck_timeout | Duration | the health check timeout period (default 1m0s) | +| -h, --help | Boolean | display usage and exit | +| --jaeger-agent-host | String | host and port to send spans to. if empty, no tracing will be done | +| --keep_logs | Duration | keep logs for this long (using ctime) (zero to keep forever) | +| --keep_logs_by_mtime | Duration | keep logs for this long (using mtime) (zero to keep forever) | +| --keyspaces_to_watch | Strings | Specifies which keyspaces this vtgate should have access to while routing queries or accessing the vschema. | +| --lameduck-period | Duration | keep running at least this long after SIGTERM before stopping (default 50ms) | +| --legacy_replication_lag_algorithm | Boolean | Use the legacy algorithm when selecting vttablets for serving. (default true) | +| --lock-timeout | Duration | Maximum time for which a shard/keyspace lock can be acquired for (default 45s) | +| --lock_heartbeat_time | Duration | If there is lock function used. This will keep the lock connection active by using this heartbeat (default 5s) | +| --log_backtrace_at | TraceLocation | when logging hits line file:N, emit a stack trace (default :0) | +| --log_dir | String | If non-empty, write log files in this directory | +| --log_err_stacks | Boolean | log stack traces for errors | +| --log_queries_to_file | String | Enable query logging to the specified file | +| --log_rotate_max_size | Uint | size in bytes at which logs are rotated (glog.MaxSize) (default 1887436800) | +| --logtostderr | Boolean | log to standard error instead of files | +| --max-stack-size | Int | configure the maximum stack size in bytes (default 67108864) | +| --max_memory_rows | Int | Maximum number of rows that will be held in memory for intermediate results as well as the final result. (default 300000) | +| --max_payload_size | Int | The threshold for query payloads in bytes. A payload greater than this threshold will result in a failure to handle the query. | +| --message_stream_grace_period | Duration | the amount of time to give for a vttablet to resume if it ends a message stream, usually because of a reparent. (default 30s) | +| --min_number_serving_vttablets | Int | The minimum number of vttablets for each replicating tablet_type (e.g. replica, rdonly) that will be continue to be used even with replication lag above discovery_low_replication_lag, but still below discovery_high_replication_lag_minimum_serving. (default 2) | +| --mysql-server-keepalive-period | Duration | TCP period between keep-alives | +| --mysql-server-pool-conn-read-buffers | Boolean | If set, the server will pool incoming connection read buffers | +| --mysql_allow_clear_text_without_tls | Boolean | If set, the server will allow the use of a clear text password over non-SSL connections. | +| --mysql_auth_server_impl | String | Which auth server implementation to use. Options: none, ldap, clientcert, static, vault. (default "static") | +| --mysql_auth_server_static_file | String | JSON File to read the users/passwords from. | +| --mysql_auth_server_static_string | String | JSON representation of the users/passwords config. | +| --mysql_auth_static_reload_interval | Duration | Ticker to reload credentials | +| --mysql_auth_vault_addr | String | URL to Vault server | +| --mysql_auth_vault_path | String | Vault path to vtgate credentials JSON blob, e.g.: secret/data/prod/vtgatecreds | +| --mysql_auth_vault_role_mountpoint | String | Vault AppRole mountpoint; can also be passed using VAULT_MOUNTPOINT environment variable (default "approle") | +| --mysql_auth_vault_role_secretidfile | String | Path to file containing Vault AppRole secret_id; can also be passed using VAULT_SECRETID environment variable | +| --mysql_auth_vault_roleid | String | Vault AppRole id; can also be passed using VAULT_ROLEID environment variable | +| --mysql_auth_vault_timeout | Duration | Timeout for vault API operations (default 10s) | +| --mysql_auth_vault_tls_ca | String | Path to CA PEM for validating Vault server certificate | +| --mysql_auth_vault_tokenfile | String | Path to file containing Vault auth token; token can also be passed using VAULT_TOKEN environment variable | +| --mysql_auth_vault_ttl | Duration | How long to cache vtgate credentials from the Vault server (default 30m0s) | +| --mysql_clientcert_auth_method | String | client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") | +| --mysql_default_workload | String | Default session workload (OLTP, OLAP, DBA) (default "OLTP") | +| --mysql_ldap_auth_config_file | String | JSON File from which to read LDAP server config. | +| --mysql_ldap_auth_config_string | String | JSON representation of LDAP server config. | +| --mysql_ldap_auth_method | String | client-side authentication method to use. Supported values: mysql_clear_password, dialog. (default "mysql_clear_password") | +| --mysql_server_bind_address | String | Binds on this address when listening to MySQL binary protocol. Useful to restrict listening to 'localhost' only for instance. | +| --mysql_server_flush_delay | Duration | Delay after which buffered response will be flushed to the client. (default 100ms) | +| --mysql_server_port | Int | If set, also listen for MySQL binary protocol connections on this port. (default -1) | +| --mysql_server_query_timeout | Duration | mysql query timeout | +| --mysql_server_read_timeout | Duration | connection read timeout | +| --mysql_server_require_secure_transport | Boolean | Reject insecure connections but only if mysql_server_ssl_cert and mysql_server_ssl_key are provided | +| --mysql_server_socket_path | String | This option specifies the Unix socket file to use when listening for local connections. By default it will be empty and it won't listen to a unix socket | +| --mysql_server_ssl_ca | String | Path to ssl CA for mysql server plugin SSL. If specified, server will require and validate client certs. | +| --mysql_server_ssl_cert | String | Path to the ssl cert for mysql server plugin SSL | +| --mysql_server_ssl_crl | String | Path to ssl CRL for mysql server plugin SSL | +| --mysql_server_ssl_key | String | Path to ssl key for mysql server plugin SSL | +| --mysql_server_ssl_server_ca | String | path to server CA in PEM format, which will be combine with server cert, return full certificate chain to clients | +| --mysql_server_tls_min_version | String | Configures the minimal TLS version negotiated when SSL is enabled. Defaults to TLSv1.2. Options: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3. | +| --mysql_server_version | String | MySQL server version to advertise. | +| --mysql_server_write_timeout | Duration | connection write timeout | +| --mysql_slow_connect_warn_threshold | Duration | Warn if it takes more than the given threshold for a mysql connection to establish | +| --mysql_tcp_version | String | Select tcp, tcp4, or tcp6 to control the socket type. (default "tcp") | +| --no_scatter | Boolean | when set to true, the planner will fail instead of producing a plan that includes scatter queries | +| --normalize_queries | Boolean | Rewrite queries with bind vars. Turn this off if the app itself sends normalized queries with bind vars. (default true) | +| --onclose_timeout | Duration | wait no more than this for OnClose handlers before stopping (default 10s) | +| --onterm_timeout | Duration | wait no more than this for OnTermSync handlers before stopping (default 10s) | +| --opentsdb_uri | String | URI of opentsdb /api/put method | +| --pid_file | String | If set, the process will write its pid to the named file, and delete it on graceful shutdown. | +| --planner-version | String | Sets the default planner to use when the session has not changed it. Valid values are: V3, Gen4, Gen4Greedy and Gen4Fallback. Gen4Fallback tries the gen4 planner and falls back to the V3 planner if the gen4 fails. | +| --port | Int | port for the server | +| --pprof strings | Boolean | enable profiling | +| --proxy_protocol | Boolean | Enable HAProxy PROXY protocol on MySQL listener socket | +| --purge_logs_interval | Duration | how often try to remove old logs (default 1h0m0s) | +| --query-timeout | Int | Sets the default query timeout (in ms). Can be overridden by session variable (query_timeout) or comment directive (QUERY_TIMEOUT_MS) | +| --querylog-buffer-size | Int | Maximum number of buffered query logs before throttling log output (default 10) | +| --querylog-filter-tag | String | string that must be present in the query for it to be logged; if using a value as the tag, you need to disable query normalization | +| --querylog-format | String | format for query logs ("text" or "json") (default "text") | +| --querylog-row-threshold | Uint | Number of rows a query has to return or affect before being logged; not useful for streaming queries. 0 means all queries will be logged. | +| --redact-debug-ui-queries | Boolean | redact full queries and bind variables from debug UI | +| --remote_operation_timeout | Duration | time to wait for a remote operation (default 15s) | +| --retry-count | Int | retry count (default 2) | +| --schema_change_signal | Boolean | Enable the schema tracker; requires queryserver-config-schema-change-signal to be enabled on the underlying vttablets for this to work (default true) | +| --schema_change_signal_user | String | User to be used to send down query to vttablet to retrieve schema changes | +| --security_policy | String | the name of a registered security policy to use for controlling access to URLs - empty means allow all for anyone (built-in policies: deny-all, read-only) | +| --service_map | Strings | comma separated list of services to enable (or disable if prefixed with '-') Example: grpc-queryservice | +| --sql-max-length-errors | Int | truncate queries in error logs to the given length (default unlimited) | +| --sql-max-length-ui | Int | truncate queries in debug UIs to the given length (default 512) (default 512) | +| --srv_topo_cache_refresh | Duration | how frequently to refresh the topology for cached entries (default 1s) | +| --srv_topo_cache_ttl | Duration | how long to use cached entries for topology (default 1s) | +| --srv_topo_timeout | Duration | topo server timeout (default 5s) | +| --stats_backend | String | The name of the registered push-based monitoring/stats backend to use | +| --stats_combine_dimensions | String | List of dimensions to be combined into a single "all" value in exported stats vars | +| --stats_common_tags | Strings | Comma-separated list of common tags for the stats backend. It provides both label and values. Example: label1:value1,label2:value2 | +| --stats_drop_variables | String | Variables to be dropped from the list of exported variables. | +| --stats_emit_period | Duration | Interval between emitting stats to all registered backends (default 1m0s) | +| --statsd_address | String | Address for statsd client | +| --statsd_sample_rate | Float | Sample rate for statsd metrics (default 1) | +| --stderrthreshold | Severity | logs at or above this threshold go to stderr (default 1) | +| --stream_buffer_size | Int | the number of bytes sent from vtgate for each stream call. It's recommended to keep this value in sync with vttablet's query-server-config-stream-buffer-size. (default 32768) | +| --tablet_filters | Strings | Specifies a comma-separated list of 'keyspace | shard_name or keyrange' values to filter the tablets to watch. | +| --tablet_grpc_ca | String | the server ca to use to validate servers when connecting | +| --tablet_grpc_cert | String | the cert to use to connect | +| --tablet_grpc_crl | String | the server crl to use to validate server certificates when connecting | +| --tablet_grpc_key | String | the key to use to connect | +| --tablet_grpc_server_name | String | the server name to use to validate server certificate | +| --tablet_protocol | String | Protocol to use to make queryservice RPCs to vttablets. (default "grpc") | +| --tablet_refresh_interval | Duration | Tablet refresh interval. (default 1m0s) | +| --tablet_refresh_known_tablets | Boolean | Whether to reload the tablet's address/port map from topo in case they change. (default true) | +| --tablet_types_to_wait | Strings | Wait till connected for specified tablet types during Gateway initialization. Should be provided as a comma-separated set of tablet types. | +| --tablet_url_template | String | Format string describing debug tablet url formatting. See getTabletDebugURL() for how to customize this. (default "http://{{.GetTabletHostPort}}") | +| --topo_consul_lock_delay | Duration | LockDelay for consul session. (default 15s) | +| --topo_consul_lock_session_checks | String | List of checks for consul session. (default "serfHealth") | +| --topo_consul_lock_session_ttl | String | TTL for consul session. | +| --topo_consul_watch_poll_duration | Duration | time of the long poll for watch queries. (default 30s) | +| --topo_etcd_lease_ttl | Int | Lease TTL for locks and leader election. The client will use KeepAlive to keep the lease going. (default 30) | +| --topo_etcd_tls_ca | String | path to the ca to use to validate the server cert when connecting to the etcd topo server | +| --topo_etcd_tls_cert | String | path to the client cert to use to connect to the etcd topo server, requires topo_etcd_tls_key, enables TLS | +| --topo_etcd_tls_key | String | path to the client key to use to connect to the etcd topo server, enables TLS | +| --topo_global_root | String | the path of the global topology data in the global topology server | +| --topo_global_server_address | String | the address of the global topology server | +| --topo_implementation | String | the topology implementation to use | +| --topo_read_concurrency | Int | Concurrency of topo reads. (default 32) | +| --topo_zk_auth_file | String | auth to use when connecting to the zk topo server, file contents should be :, e.g., digest:user:pass | +| --topo_zk_base_timeout | Duration | zk base timeout (see zk.Connect) (default 30s) | +| --topo_zk_max_concurrency | Int | maximum number of pending requests to send to a Zookeeper server. (default 64) | +| --topo_zk_tls_ca | String | the server ca to use to validate servers when connecting to the zk topo server | +| --topo_zk_tls_cert | String | the cert to use to connect to the zk topo server, requires topo_zk_tls_key, enables TLS | +| --topo_zk_tls_key | String | the key to use to connect to the zk topo server, enables TLS | +| --tracer | String | tracing service to use (default "noop") | +| --tracing-enable-logging | Boolean | whether to enable logging in the tracing service | +| --tracing-sampling-rate | Float | sampling rate for the probabilistic jaeger sampler (default 0.1) | +| --tracing-sampling-type | String | sampling strategy to use for jaeger. possible values are 'const', 'probabilistic', 'rateLimiting', or 'remote' (default "const") | +| --transaction_mode | String | SINGLE: disallow multi-db transactions, MULTI: allow multi-db transactions with best effort commit, TWOPC: allow multi-db transactions with 2pc commit (default "MULTI") | +| --v | Level | log level for V logs | +| -v, --version | Boolean | print binary version | +| --vmodule | ModuleSpec | comma-separated list of pattern=N settings for file-filtered logging | +| --vschema_ddl_authorized_users | String | List of users authorized to execute vschema ddl operations, or '%' to allow all users. | +| --vtgate-config-terse-errors | Boolean | prevent bind vars from escaping in returned errors | +| --warn_memory_rows | Int | Warning threshold for in-memory results. A row count higher than this amount will cause the VtGateWarnings.ResultsExceeded counter to be incremented. (default 30000) | +| --warn_payload_size | Int | The warning threshold for query payloads in bytes. A payload greater than this threshold will cause the VtGateWarnings.WarnPayloadSizeExceeded counter to be incremented. | +| --warn_sharded_only | Boolean | If any features that are only available in unsharded mode are used, query execution warnings will be added to the session | ### Key Options