Configuration¶
The Dory Orchestrator is configured through four layers — environment variables, CLI flags, a YAML config file, and built-in defaults — resolved into a single StartupConfig. This page documents every knob and the precedence rules.
See Deployment for how these are wired into the Kubernetes manifests, and HTTP API Reference / Metrics for the surfaces they expose.
Precedence¶
All CLI flags default to empty/zero values so the layered loader can detect whether a flag was explicitly set before applying lower-priority sources.
CLI flags¶
Defined in cmd/orchestrator/main.go:
| Flag | Default | Purpose |
|---|---|---|
--config |
"" |
Path to a YAML config file (overrides discovery). |
--config-db |
"" |
PostgreSQL connection string (ConfigDB). |
--kubeconfig |
"" |
Path to kubeconfig (in-cluster if empty). |
--namespace |
"" |
Namespace to operate in. |
--poll-interval |
0 |
Reconcile / poll interval. |
--log-level |
"" |
debug / info / warn / error. |
--version |
false |
Print version and exit. |
--enable-monitor |
false |
Enable the event monitor. |
Environment variables¶
These are read directly by the Go code and have the highest priority:
| Env var | Maps to | Notes |
|---|---|---|
DORY_DATABASE_URL |
ConfigDB |
Applied unconditionally. |
KUBECONFIG |
Kubeconfig |
Applied only if Kubeconfig is otherwise unset. |
DORY_NAMESPACE |
Namespace |
|
DORY_LOG_LEVEL |
LogLevel |
Additional environment variables consumed elsewhere in the system:
| Env var | Default | Consumed by |
|---|---|---|
DORY_STATE_TOKEN |
— | State transfer manager (see State Migration). |
DORY_IMAGE_PULL_SECRET |
ecr-registry-secret |
Pod image pull secret. |
DORY_DATABASE_SECRET |
dory-db-secret |
Secret name for the DB URL. |
DORY_DATABASE_SECRET_KEY |
database-url |
Key within that secret. |
Note
The deployment manifest interpolates DATABASE_URL, NAMESPACE, POLL_INTERVAL, and LOG_LEVEL into CLI flags (--config-db, --namespace, --poll-interval, --log-level). The Go code itself reads only the four DORY_* / KUBECONFIG variables above directly. See Deployment.
Config file (FileConfig)¶
A YAML file with the following sections:
| Section | Contents |
|---|---|
Database |
DB connection settings. |
Kubernetes |
kubeconfig / namespace. |
Scheduler |
scheduling parameters. |
Migration |
migration timeouts. |
Logging |
log level. |
Metrics |
metrics.port (default 8080). |
Monitoring |
event monitor settings. |
Operational |
timeouts and operational tunables. |
Watcher |
config-watcher backoff/retries. |
Note
metrics.port (default 8080) can be set only via the config file — there is no environment-variable override for it.
Discovery order¶
When --config is not given, the orchestrator searches these paths in order:
./dory.yaml./config/dory.yaml/etc/dory/dory.yaml~/.dory/config.yaml
StartupConfig surface & defaults¶
The fully resolved configuration:
| Field | Default | Notes |
|---|---|---|
ConfigDB |
"" |
Required — postgres:// scheme. |
Kubeconfig |
"" |
In-cluster if empty. |
Namespace |
default |
Must be DNS-1123. |
PollInterval |
30s |
Range [1s, 10m]. |
LogLevel |
info |
debug/info/warn/error. |
EnableMonitor |
false |
|
MigrationTimeout |
5m |
Range [30s, 30m]. |
GracefulShutdownTimeout |
30s |
Must be ≥5s. |
MetricsPort |
8080 |
Range [1, 65535]. |
ReconciliationTimeout |
5m |
|
HealthCheckTimeout |
5s |
|
DefaultContainerPort |
8080 |
|
ImagePullSecretName |
ecr-registry-secret |
|
DatabaseSecretName |
dory-db-secret |
|
NodeFailureGracePeriod |
30s |
See Edge Failover. |
ConsolidationCooldown |
1m |
|
EnableStartupValidation |
true |
|
WatcherMaxRetries |
5 |
|
WatcherInitialBackoff |
5s |
|
WatcherMaxBackoff |
2m |
Validation¶
When EnableStartupValidation is true (the default), the resolved config is validated:
| Field | Rule |
|---|---|
ConfigDB |
Required; must use postgres:// scheme. |
Namespace |
Valid DNS-1123 label. |
PollInterval |
[1s, 10m]. |
LogLevel |
One of debug, info, warn, error. |
MigrationTimeout |
[30s, 30m]. |
GracefulShutdownTimeout |
≥5s. |
MetricsPort |
[1, 65535]. |
Warning
ConfigDB is mandatory and must use the postgres:// scheme. Startup fails validation otherwise.