-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
131 lines (108 loc) · 7.84 KB
/
.env.example
File metadata and controls
131 lines (108 loc) · 7.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# ==============================================================================
# OtelContext — Environment Configuration Reference
# ==============================================================================
# Copy to `.env` and uncomment the lines you want to override.
# Booleans accept (case-insensitive): 1 | true | yes | on (parseTruthy in config.go)
# Lines shown as `=<default>` document the default applied when the var is unset.
# Keys marked [REQUIRED IN PROD] must be set for any production deployment.
# ------------------------------------------------------------------------------
# ---- Application ------------------------------------------------------------
# APP_ENV=development # development|production — gates DevMode (WS origin checks relaxed)
# LOG_LEVEL=INFO # DEBUG|INFO|WARN|ERROR
# HTTP_PORT=8080 # HTTP API + OTLP HTTP + WebSocket + UI
# GRPC_PORT=4317 # OTLP gRPC
# ---- Database ---------------------------------------------------------------
# DB_DRIVER=sqlite # sqlite|postgres|mysql|sqlserver
# DB_DSN= # driver-specific — pick ONE of the blocks below
# SQLite (default, zero-config):
# DB_DSN=otelcontext.db
# PostgreSQL:
# DB_DRIVER=postgres
# DB_DSN=host=localhost user=otel password=otel dbname=otelcontext port=5432 sslmode=disable TimeZone=UTC
# MySQL:
# DB_DRIVER=mysql
# DB_DSN=root:admin@tcp(127.0.0.1:3306)/OtelContext?charset=utf8mb4&parseTime=True&loc=Local
# SQL Server:
# DB_DRIVER=sqlserver
# DB_DSN=sqlserver://user:password@host:1433?database=OtelContext
# DB_AUTOMIGRATE=true # GORM AutoMigrate on startup. Set false in Postgres prod (schema out-of-band)
# ---- Database Pool ----------------------------------------------------------
# DB_MAX_OPEN_CONNS=50 # Max concurrent DB connections
# DB_MAX_IDLE_CONNS=10 # Idle connections kept in pool
# DB_CONN_MAX_LIFETIME=1h # Conn recycle window. Internally capped to 30m when DB_AZURE_AUTH=true
# ---- Azure Entra (passwordless Postgres) ------------------------------------
# DB_AZURE_AUTH=false # Enables DefaultAzureCredential for Postgres. Requires strict TLS
# # (sslmode=require|verify-ca|verify-full). DSN must omit password.
# # Credential order: env vars → workload identity → managed identity → az CLI → dev creds.
# # Local dev: `az login` is sufficient. AKS: workload or pod-managed identity.
# DB_DSN=host=my-server.postgres.database.azure.com user=my-mi@tenant.onmicrosoft.com dbname=otelcontext port=5432 sslmode=require
# ---- TLS (HTTP + gRPC) ------------------------------------------------------
# Explicit cert files take precedence over self-signed. Both files must be set together.
# TLS_CERT_FILE=/etc/otelcontext/tls/server.crt
# TLS_KEY_FILE=/etc/otelcontext/tls/server.key
#
# Self-signed bootstrap (dev/internal). Ignored if TLS_CERT_FILE is set.
# Generates ECDSA-P256 cert at first start, caches under TLS_CACHE_DIR, reuses until expiry.
# Clients must trust the generated cert (insecure skip or CA pin).
# TLS_AUTO_SELFSIGNED=false
# TLS_CACHE_DIR=./data/tls
# ---- Auth -------------------------------------------------------------------
# API_KEY= # [REQUIRED IN PROD] Bearer token for /api/*, /v1/*, /mcp. Empty = auth disabled (dev only).
# ---- OTLP Ingest Filtering --------------------------------------------------
# INGEST_MIN_SEVERITY=INFO # Drop logs below this severity before storage
# INGEST_ALLOWED_SERVICES= # CSV allowlist of service.name (empty = accept all)
# INGEST_EXCLUDED_SERVICES= # CSV denylist (applied after allowlist)
# ---- Adaptive Sampling ------------------------------------------------------
# SAMPLING_RATE=1.0 # 0.0..1.0 probability for non-error, non-slow spans
# SAMPLING_ALWAYS_ON_ERRORS=true # Keep every error span regardless of rate
# SAMPLING_LATENCY_THRESHOLD_MS=500 # Keep every span slower than this
# ---- TSDB -------------------------------------------------------------------
# TSDB_RING_BUFFER_DURATION=1h # In-memory metric ring buffer window (e.g. 30m, 2h)
# ---- GraphRAG / Cardinality / Vector ----------------------------------------
# METRIC_ATTRIBUTE_KEYS= # CSV allowlist of attribute keys included in metric series key
# METRIC_MAX_CARDINALITY=10000 # Max unique series per metric; new series dropped above this
# VECTOR_INDEX_MAX_ENTRIES=100000 # TF-IDF index capacity (FIFO eviction)
# ---- DLQ (Dead Letter Queue) ------------------------------------------------
# DLQ_PATH=./data/dlq # Directory for typed-envelope files
# DLQ_REPLAY_INTERVAL=5m # Retry cadence with exponential backoff
# DLQ_MAX_FILES=1000 # Cap on enqueued envelope count
# DLQ_MAX_DISK_MB=500 # Disk budget — new writes fail when exceeded
# DLQ_MAX_RETRIES=10 # Give up after this many failed replays
# ---- Rate Limiting ----------------------------------------------------------
# API_RATE_LIMIT_RPS=100 # Per-IP token bucket rate for /api/*. 0 disables.
# ---- MCP Server -------------------------------------------------------------
# MCP_ENABLED=true # Expose MCP JSON-RPC 2.0 (POST) + SSE (GET) for AI agents
# MCP_PATH=/mcp # Mount path
# ---- Compression ------------------------------------------------------------
# COMPRESSION_LEVEL=default # default|fast|best — zstd level for compressed columns
# ---- Retention --------------------------------------------------------------
# HOT_RETENTION_DAYS=7 # RetentionScheduler purge cutoff. Range 1..36500. Set explicitly in prod.
# ---- OTel Self-Instrumentation ----------------------------------------------
# OTEL_EXPORTER_OTLP_ENDPOINT= # When set, OtelContext exports its own spans to this OTLP gRPC endpoint.
# # Use `localhost:4317` for dogfooding (self-ingest).
# ---- Multi-tenancy ----------------------------------------------------------
# DEFAULT_TENANT=default # Tenant ID for rows ingested without X-Tenant-ID (HTTP) /
# # x-tenant-id (gRPC metadata).
#
# OTLP_TRUST_RESOURCE_TENANT=false
# # When true, OTLP ingest falls back to the `tenant.id` resource
# # attribute if no header/metadata tenant was supplied. Disabled
# # by default because resource attributes are client-controlled —
# # a compromised SDK could forge another tenant's data. Only turn
# # on in closed environments where every OTLP producer is trusted.
#
# API_TENANT_KEYS_FILE= # Path to a file of `key=tenant` pairs (one per line; `#` comments).
# # When set, each API bearer token is bound to a specific tenant
# # and the matched tenant OVERRIDES any X-Tenant-ID header —
# # callers cannot read other tenants by swapping headers.
# # When empty, behaviour falls back to the single shared API_KEY
# # + self-asserted X-Tenant-ID header (legacy dev mode).
# ---- AI Service (optional — Azure OpenAI log insights) ----------------------
# AI_ENABLED=false # Master switch. When false, AI workers are not started.
# AZURE_OPENAI_ENDPOINT= # e.g. https://my-aoai.openai.azure.com/
# AZURE_OPENAI_KEY= # API key
# AZURE_OPENAI_MODEL= # Base model name
# AZURE_OPENAI_DEPLOYMENT= # Deployment name (overrides MODEL if set)
# AZURE_OPENAI_API_VERSION= # e.g. 2024-02-15-preview
# AI_QUEUE_SIZE=100 # Backlog capacity for AI log analysis
# AI_WORKER_POOL=3 # Concurrent AI workers