Docker image environment variables

Environment variableDescriptionDefault valueSince Console version
Logs
CDK_DEBUGEnable Console debug logs (equivalent to CDK_ROOT_LOG_LEVEL=DEBUG)false1.0.0
CDK_ROOT_LOG_LEVELSet the Console global log level (one of DEBUG, INFO, WARN, ERROR)INFO1.11.0
CDK_ROOT_LOG_FORMATSet logs format (one of TEXT, JSON)TEXT1.26.0
CDK_ROOT_LOG_COLOREnable ANSI colors in logstrue1.11.0
CDK_LOG_TIMEZONETimezone for dates in logs (in Olson timezone ID format, e.g. Europe/Paris)TZ environment variable or UTC if TZ is not defined1.28.0
Proxy settings
CDK_HTTP_PROXY_HOSTProxy hostname1.10.0
CDK_HTTP_PROXY_PORTProxy port801.10.0
CDK_HTTP_NON_PROXY_HOSTSList of hosts that should be reached directly, bypassing the proxy. Hosts must be separated by |, end with a * for wildcards, and not contain any /.1.10.0
CDK_HTTP_PROXY_USERNAMEProxy username1.10.0
CDK_HTTP_PROXY_PASSWORDProxy password1.10.0
SSL
CDK_SSL_TRUSTSTORE_PATHTruststore file path used by Console for Kafka, SSO, S3,… clients SSL/TLS verification1.5.0
CDK_SSL_TRUSTSTORE_PASSWORDTruststore password (optional)1.5.0
CDK_SSL_TRUSTSTORE_TYPETruststore type (optional)jks1.5.0
CDK_SSL_DEBUGEnable SSL/TLS debug logsfalse1.9.0
Java
CDK_GLOBAL_JAVA_OPTSCustom JAVA_OPTS parameters passed to Console1.10.0
CONSOLE_MEMORY_OPTSConfigure Java memory options-XX:+UseContainerSupport -XX:MaxRAMPercentage=801.18.0
Console
CDK_LISTENING_PORTConsole listening port80801.2.0
CDK_VOLUME_DIRVolume directory where Console stores data/var/conduktor1.0.2
CDK_IN_CONF_FILEConsole configuration file location/opt/conduktor/default-platform-config.yaml1.0.2
CDK_PLUGINS_DIRVolume directory for Custom Deserializer plugins/opt/conduktor/plugins1.22.0
Nginx
PROXY_BUFFER_SIZETune internal Nginx proxy_buffer_size8k1.16.0

Console properties reference

You can configure Console via environment variables or using the YAML file. Environment variables can be set on the container or imported from a file. When importing from a file, mount the file into the container and provide its path by setting the environment variable CDK_ENV_FILE. Use the .env file with key value pairs. 
MY_ENV_VAR1=value
MY_ENV_VAR2=otherValue
The logs will confirm, Sourcing environment variables from $CDK_ENV_FILE, or warn if set and the file is not found 
Warning: CDK_ENV_FILE is set but the file does not exist or is not readable.
Lists start at index 0 and are provided using the _idx_ syntax.If you set both the environment variable and a YAML value for a specific field, the environment variable will take precedence.

YAML property cases

YAML configuration supports multiple case formats (camelCase/kebab-case/lowercase) for property fragments such as:
  • clusters[].schemaRegistry.ignoreUntrustedCertificate
  • clusters[].schema-registry.ignore-untrusted-certificate
  • clusters[].schemaregistry.ignoreuntrustedcertificate
All are valid and equivalent in YAML.

Environment variable conversion

At startup, Conduktor Console will merge environment variables and YAML based configuration files into one unified configuration. The conversion rules are:
  • Filter for environment variables that start with CDK_
  • Remove the CDK_ prefix
  • Convert the variable name to lower case
  • Replace _ with . for nested properties
  • Replace _[0-9]+_ with [0-9]. for list properties. Lists start at index 0.
For example, the environment variable CDK_DATABASE_URL will be converted to database.url; CDK_SSO_OAUTH2_0_OPENID_ISSUER will be converted to sso.oauth2[0].openid.issuer. The YAML equivalent would be: 
database:
  url: "..."
sso:
  oauth2:
    - openid:
        issuer: "..."
When converting environment variables to YAML configuration, environment variables in UPPER-KEBAB-CASE will be converted to kebab-case in the YAML configuration.

Conversion edge cases

Because of YAML multiple case formats support, the conversion rules have some edge cases when trying to mix environment variables and YAML configuration. Extra rules when mixing environment variables and YAML configuration:
  • Don’t use camelCase in YAML configuration. Use kebab-case or lowercase
  • Stick to one compatible case format for a given property fragment using the following compatibility matrix
Compatibility matrix:
YAML\EnvironmentUPPER-KEBAB-CASEUPPERCASE
kebab-case🚫
lowercase🚫
camelCase🚫🚫
For example, the CDK_CLUSTERS_0_SCHEMAREGISTRY_IGNOREUNTRUSTEDCERTIFICATE environment variable : 
# Is equivalent to and compatible with
clusters:
  - schemaregistry:
      ignoreuntrustedcertificate: true
# but not with
clusters:
  - schema-registry:
      ignore-untrusted-certificate: true
And conversely, for CDK_CLUSTERS_0_SCHEMA-REGISTRY_IGNORE-UNTRUSTED-CERTIFICATE environment variable. That’s why camelCase is not recommended in YAML configuration when mixing with environment variables.

Shell expansion in the YAML configuration file

Console supports shell expansion for environment variables and home tilde ~. This is useful if you have to use custom environment variables in your configuration. For example, you can use the following syntax:
YAML configuration file
database:
  url: "jdbc:postgresql://${DB_LOGIN}:${DB_PWD}@${DB_HOST}:${DB_PORT:-5432}/${DB_NAME}"
with the following environment variables:
Environment variableValue
DB_LOGINusr
DB_PWDpwd
DB_HOSTsome_host
DB_NAMEcdk
This will be expanded to:
Expanded configuration
database:
  url: "jdbc:postgresql://usr:pwd@some_host:5432/cdk"
If you want to escape the shell expansion, you can use the following syntax: $$. For example, if you want admin.password to be secret$123, set admin.password: "secret$$123".

Support for *_FILE environment variables

When an environment variable ending with _FILE is set to a file path, its corresponding unprefixed environment variable will be replaced with the content of that file. For instance, if you set CDK_LICENSE_FILE=/run/secrets/license, the value of CDK_LICENSE will be overridden by the content of the file located at /run/secrets/license.
The CDK_IN_CONF_FILE is not supported.

Global properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
organization.nameYour organization’s nameCDK_ORGANIZATION_NAMEfalsestring"default"
admin.emailYour organization’s root administrator account emailCDK_ADMIN_EMAILtruestring
admin.passwordYour organization’s root administrator account password. Must be at least 8 characters in length, and include at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special symbolCDK_ADMIN_PASSWORDtruestring
licenseEnterprise license key. If not provided, fallback to free plan.CDK_LICENSE or LICENSE_KEYfalsestring
platform.external.urlForce Console external URL. Useful for SSO callback URL when using a reverse proxy. By default, Console will try to guess it automatically using X-Forwarded-* headers coming from upstream reverse proxy.CDK_PLATFORM_EXTERNAL_URLfalsestring
platform.https.cert.pathPath to the SSL certificate fileCDK_PLATFORM_HTTPS_CERT_PATHfalsestring
platform.https.key.pathPath to the SSL private key fileCDK_PLATFORM_HTTPS_KEY_PATHfalsestring
enable_product_metricsIn order to improve Conduktor Console, we collect anonymous usage metrics. Set to false, this configuration disable all of our metrics collection.CDK_ENABLE_PRODUCT_METRICSfalsebooleantrue

Database properties

PropertyDescriptionEnvironment VariableMandatoryTypeDefault
database.urlExternal PostgreSQL configuration URL in format [jdbc:]postgresql://[user[:password]@][[netloc][:port],...][/dbname][?param1=value1&...]CDK_DATABASE_URLfalsestring
database.urlExternal PostgreSQL configuration URL in format [jdbc:]postgresql://[user[:password]@][[netloc][:port],...][/dbname][?param1=value1&...]CDK_DATABASE_URLfalsestring
database.hosts[].hostExternal PostgreSQL servers hostnameCDK_DATABASE_HOSTS_0_HOSTfalsestring
database.hosts[].portExternal PostgreSQL servers portCDK_DATABASE_HOSTS_0_PORTfalseint
database.hostExternal PostgreSQL server hostname (Deprecated, use database.hosts instead)CDK_DATABASE_HOSTfalsestring
database.portExternal PostgreSQL server port (Deprecated, use database.hosts instead)CDK_DATABASE_PORTfalseint
database.nameExternal PostgreSQL database nameCDK_DATABASE_NAMEfalsestring
database.usernameExternal PostgreSQL login roleCDK_DATABASE_USERNAMEfalsestring
database.passwordExternal PostgreSQL login passwordCDK_DATABASE_PASSWORDfalsestring
database.connection_timeoutExternal PostgreSQL connection timeout in secondsCDK_DATABASE_CONNECTIONTIMEOUTfalseint

Session lifetime properties

PropertyDescriptionEnvironment VariableMandatoryTypeDefault value
auth.sessionLifetimeMax session lifetime in secondsCDK_AUTH_SESSIONLIFETIMEfalseint259200
auth.idleTimeoutMax idle session time in seconds (access token lifetime). Should be lower than auth.sessionLifetimeCDK_AUTH_IDLETIMEOUTfalseint259200

Local user properties

Optional local accounts list, used to log into Console.
PropertyDescriptionEnvironment VariableMandatoryTypeDefault Value
auth.local-users[].emailUser loginCDK_AUTH_LOCALUSERS_0_EMAILtruestring"admin@conduktor.io"
auth.local-users[].passwordUser passwordCDK_AUTH_LOCALUSERS_0_PASSWORDtruestring"admin"

Monitoring properties

Cortex is pre-configured to run with Console. It’s a custom implementation of Prometheus used in several production systems including Amazon Managed Service for Prometheus (AMP). You can choose to not deploy the Cortex image (conduktor/conduktor-console-cortex). Hoewever, you will then not be able to see the monitoring graphs or configure alerts. First, we need to configure Console to connect to Cortex services. By default these are Cortex ports:
  • Query port 9009
  • Alert manager port 9010
PropertyDescriptionEnvironment variableMandatoryTypeDefault
monitoring.cortex-urlCortex Search Query URL with port 9009CDK_MONITORING_CORTEXURLtruestring
monitoring.alert-manager-urlCortex Alert Manager URL with port 9010CDK_MONITORING_ALERTMANAGERURLtruestring
monitoring.callback-urlConsole APICDK_MONITORING_CALLBACKURLtruestring
monitoring.notifications-callback-urlWhere the Slack notification should redirectCDK_MONITORING_NOTIFICATIONCALLBACKURLtruestring
monitoring.clusters-refresh-intervalRefresh rate in seconds for metricsCDK_MONITORING_CLUSTERREFRESHINTERVALfalseint60
monitoring.use-aggregated-metricsDefines whether use the new aggregated metrics in the Console graphsCDK_MONITORING_USEAGGREGATEDMETRICSNoBooleanfalse
monitoring.enable-non-aggregated-metricsToggles the collection of obsolete granular metricsCDK_MONITORING_ENABLENONAGGREGATEDMETRICSNoBooleantrue
monitoring.use-aggregated-metrics and monitoring.enable-non-aggregated-metrics are temporary flags to help you transition to the new metrics collection system. They will be removed in a future release.Swap their default value if you experience performance issues when Console is connected with large Kafka clusters:
CDK_MONITORING_USEAGGREGATEDMETRICS: true
CDK_MONITORING_ENABLENONAGGREGATEDMETRICS: false

SSO properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
sso.ignoreUntrustedCertificateDisable SSL checksCDK_SSO_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
sso.trustedCertificatesSSL public certificates for SSO authentication (LDAPS and OAuth2) as PEMCDK_SSO_TRUSTEDCERTIFICATESfalsestring

LDAP properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
sso.ldap[].nameLdap connection nameCDK_SSO_LDAP_0_NAMEtruestring
sso.ldap[].serverLdap server host and portCDK_SSO_LDAP_0_SERVERtruestring
sso.ldap[].managerDnSets the manager DNCDK_SSO_LDAP_0_MANAGERDNtruestring
sso.ldap[].managerPasswordSets the manager passwordCDK_SSO_LDAP_0_MANAGERPASSWORDtruestring
sso.ldap[].search-subtreeSets if the subtree should be searched.CDK_SSO_LDAP_0_SEARCHSUBTREEfalsebooleantrue
sso.ldap[].search-baseSets the base DN to search.CDK_SSO_LDAP_0_SEARCHBASEtruestring
sso.ldap[].search-filterSets the search filter. By default, the filter is set to (uid={0}) for users using class type InetOrgPerson.CDK_SSO_LDAP_0_SEARCHFILTERfalsestring"(uid={0})"
sso.ldap[].search-attributesSets the attributes list to return. By default, all attributes are returned. Search for uid, cn, mail, email, givenName, sn, displayName attributes to map into user token.CDK_SSO_LDAP_0_SEARCHATTRIBUTESfalsestring array[]
sso.ldap[].groups-enabledSets if group search is enabled.CDK_SSO_LDAP_0_GROUPSENABLEDfalsebooleanfalse
sso.ldap[].groups-subtreeSets if the subtree should be searched.CDK_SSO_LDAP_0_GROUPSSUBTREEfalsebooleantrue
sso.ldap[].groups-baseSets the base DN to search from.CDK_SSO_LDAP_0_GROUPSBASEtruestring
sso.ldap[].groups-filterSets the group search filter. If using group class type GroupOfUniqueNames use the filter "uniqueMember={0}". For group class GroupOfNames use "member={0}".CDK_SSO_LDAP_0_GROUPSFILTERfalsestring"uniquemember={0}"
sso.ldap[].groups-filter-attributeSets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.CDK_SSO_LDAP_0_GROUPSFILTERATTRIBUTEfalsestring
sso.ldap[].groups-attributeSets the group attribute name. Defaults to cn.CDK_SSO_LDAP_0_GROUPSATTRIBUTEfalsestring"cn"
sso.ldap[].propertiesAdditional properties that will be passed to identity provider context.CDK_SSO_LDAP_0_PROPERTIESfalsedictionary

OAuth2 properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
sso.oauth2[].nameOAuth2 connection nameCDK_SSO_OAUTH2_0_NAMEtruestring
sso.oauth2[].defaultUse as defaultCDK_SSO_OAUTH2_0_DEFAULTtrueboolean
sso.oauth2[].client-idOAuth2 client IDCDK_SSO_OAUTH2_0_CLIENTIDtruestring
sso.oauth2[].client-secretOAuth2 client secretCDK_SSO_OAUTH2_0_CLIENTSECRETtruestring
sso.oauth2[].openid.issuerIssuer to check on tokenCDK_SSO_OAUTH2_0_OPENID_ISSUERtruestring
sso.oauth2[].scopesScopes to be requested in the client credentials requestCDK_SSO_OAUTH2_0_SCOPEStruestring[]
sso.oauth2[].groups-claimGroup attribute from your identity providerCDK_SSO_OAUTH2_0_GROUPSCLAIMfalsestring
sso.oauth2[].username-claimUsername attribute from your identity providerCDK_SSO_OAUTH2_0_USERNAMECLAIMfalsestringemail
sso.oauth2[].email-claimEmail attribute from your identity providerCDK_SSO_OAUTH2_0_EMAILCLAIMfalsestringemailemail
sso.oauth2[].allow-unsigned-id-tokensAllow unsigned ID tokensCDK_SSO_OAUTH2_0_ALLOWUNSIGNEDIDTOKENSfalsebooleanfalse
sso.oauth2[].preferred-jws-algorithmConfigure preferred JWS algorithmCDK_SSO_OAUTH2_0_PREFERREDJWSALGORITHMfalsestring one of: “HS256”, “HS384”, “HS512”, “RS256”, “RS384”, “RS512”, “ES256”, “ES256K”, “ES384”, “ES512”, “PS256”, “PS384”, “PS512”, “EdDSA”
sso.oauth2-logoutWether the central identity provider logout should be called or notCDK_SSO_OAUTH2LOGOUTfalsebooleantrue

JWT auth properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
sso.jwt-auth.issuerIssuer of your identity providerCDK_SSO_JWTAUTH_ISSUERtruestring
sso.jwt-auth.username-claimEmail attribute from your identity providerCDK_SSO_JWTAUTH_USERNAMECLAIMfalsestringemail
sso.jwt-auth.groups-claimGroup attribute from your identity providerCDK_SSO_JWTAUTH_GROUPSCLAIMfalsestringgroups
sso.jwt-auth.api-key-claimAPI key attribute from your identity providerCDK_SSO_JWTAUTH_APIKEYCLAIMfalsestringapikey

Kafka cluster properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].idString used to uniquely identify your Kafka clusterCDK_CLUSTERS_0_IDtruestring
clusters[].nameAlias or user-friendly name for your Kafka clusterCDK_CLUSTERS_0_NAMEtruestring
clusters[].colorAttach a color to associate with your cluster in the UICDK_CLUSTERS_0_COLORfalsestring in hexadecimal format (#FFFFFF)random
clusters[].ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
clusters[].bootstrapServersList of host:port for your Kafka brokers separated by coma ,CDK_CLUSTERS_0_BOOTSTRAPSERVERStruestring
clusters[].propertiesAny cluster configuration propertiesCDK_CLUSTERS_0_PROPERTIESfalsestring where each line is a property

Kafka vendor specific properties

Note that you only need to set the Kafka cluster properties to use the core features of Console. For additional benefits though, set the flavor of your cluster. To define that, go to Settings > Clusters and open the Provider tab.
PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].kafkaFlavor.typeKafka flavor type, one of Confluent, Aiven, GatewayCDK_CLUSTERS_0_KAFKAFLAVOR_TYPEfalsestring
Flavor is ConfluentManage Confluent Cloud service accounts, API keys, and ACLs
clusters[].kafkaFlavor.keyConfluent Cloud API KeyCDK_CLUSTERS_0_KAFKAFLAVOR_KEYtruestring
clusters[].kafkaFlavor.secretConfluent Cloud API SecretCDK_CLUSTERS_0_KAFKAFLAVOR_SECRETtruestring
clusters[].kafkaFlavor.confluentEnvironmentIdConfluent Environment IDCDK_CLUSTERS_0_KAFKAFLAVOR_CONFLUENTENVIRONMENTIDtruestring
clusters[].kafkaFlavor.confluentClusterIdConfluent Cluster IDCDK_CLUSTERS_0_KAFKAFLAVOR_CONFLUENTCLUSTERIDtruestring
Flavor is AivenManage Aiven service accounts and ACLs
clusters[].kafkaFlavor.apiTokenAiven API tokenCDK_CLUSTERS_0_KAFKAFLAVOR_APITOKENtruestring
clusters[].kafkaFlavor.projectAiven projectCDK_CLUSTERS_0_KAFKAFLAVOR_PROJECTtruestring
clusters[].kafkaFlavor.serviceNameAiven service nameCDK_CLUSTERS_0_KAFKAFLAVOR_SERVICENAMEtruestring
Flavor is GatewayManage Conduktor Gateway interceptors
clusters[].kafkaFlavor.urlGateway API endpoint URLCDK_CLUSTERS_0_KAFKAFLAVOR_URLtruestring
clusters[].kafkaFlavor.userGateway API usernameCDK_CLUSTERS_0_KAFKAFLAVOR_USERtruestring
clusters[].kafkaFlavor.passwordGateway API passwordCDK_CLUSTERS_0_KAFKAFLAVOR_PASSWORDtruestring
clusters[].kafkaFlavor.virtualClusterGateway virtual clusterCDK_CLUSTERS_0_KAFKAFLAVOR_VIRTUALCLUSTERtruestring

Schema registry properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].schemaRegistry.urlThe schema registry URLCDK_CLUSTERS_0_SCHEMAREGISTRY_URLtruestring
clusters[].schemaRegistry.ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_SCHEMAREGISTRY_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
clusters[].schemaRegistry.propertiesAny schema registry configuration parametersCDK_CLUSTERS_0_SCHEMAREGISTRY_PROPERTIESfalsestring where each line is a property
Basic authentication
clusters[].schemaRegistry.security.usernameBasic auth usernameCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_USERNAMEfalsestring
clusters[].schemaRegistry.security.passwordBasic auth passwordCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_PASSWORDfalsestring
Bearer token authentication
clusters[].schemaRegistry.security.tokenBearer auth tokenCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_TOKENfalsestring
mTLS authentication
clusters[].schemaRegistry.security.keyAccess KeyCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_KEYfalsestring
clusters[].schemaRegistry.security.certificateChainAccess certificateCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_CERTIFICATECHAINfalsestring

Amazon Glue properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].schemaRegistry.regionThe Glue schema registry regionCDK_CLUSTERS_0_SCHEMAREGISTRY_REGIONtruestring
clusters[].schemaRegistry.registryNameThe Glue schema registry nameCDK_CLUSTERS_0_SCHEMAREGISTRY_REGISTRYNAMEfalsestring
clusters[].schemaRegistry.amazonSecurity.typeAuthentication with credentials, one of Credentials, FromContext, FromRoleCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_TYPEtruestring
Credentials Security
clusters[].schemaRegistry.amazonSecurity.accessKeyIdCredentials auth access keyCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ACCESSKEYIDtruestring
clusters[].schemaRegistry.amazonSecurity.secretKeyCredentials auth secret keyCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_SECRETKEYtruestring
FromContext Security
clusters[].schemaRegistry.amazonSecurity.profileAuthentication profileCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_PROFILEfalsestring
FromRole Security
clusters[].schemaRegistry.amazonSecurity.roleAuthentication roleCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ROLEtruestring

Kafka Connect properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].kafkaConnects[].idString used to uniquely identify your Kafka ConnectCDK_CLUSTERS_0_KAFKACONNECTS_0_IDtruestring
clusters[].kafkaConnects[].nameName your Kafka ConnectCDK_CLUSTERS_0_KAFKACONNECTS_0_NAMEtruestring
clusters[].kafkaConnects[].urlThe Kafka connect URLCDK_CLUSTERS_0_KAFKACONNECTS_0_URLtruestring
clusters[].kafkaConnects[].headersOptional additional headers (ie: X-API-Token=123,X-From=Test)CDK_CLUSTERS_0_KAFKACONNECTS_0_HEADERSfalsestring
clusters[].kafkaConnects[].ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_KAFKACONNECTS_0_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
Basic authentication
clusters[].kafkaConnects[].security.usernameBasic auth usernameCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_USERNAMEfalsestring
clusters[].kafkaConnects[].security.passwordBasic auth passwordCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_PASSWORDfalsestring
Bearer token authentication
clusters[].kafkaConnects[].security.tokenBearer tokenCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_TOKENfalsestring
mTLS authentication
clusters[].kafkaConnects[].security.keyAccess keyCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_KEYfalsestring
clusters[].kafkaConnects[].security.certificateChainAccess certificateCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_CERTIFICATECHAINfalsestring

ksqlDB properties

PropertyDescriptionEnvironment variableMandatoryTypeDefault
clusters[].ksqlDBs[].idString used to uniquely identify your ksqlDB ClusterCDK_CLUSTERS_0_KSQLDBS_0_IDtruestring
clusters[].ksqlDBs[].nameName of your ksqlDB ClusterCDK_CLUSTERS_0_KSQLDBS_0_NAMEtruestring
clusters[].ksqlDBs[].urlThe ksqlDB API URLCDK_CLUSTERS_0_KSQLDBS_0_URLtruestring
clusters[].ksqlDBs[].ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_KSQLDBS_0_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
Basic Authentication
clusters[].ksqlDBs[].security.usernameBasic auth usernameCDK_CLUSTERS_0_KSQLDBS_0_SECURITY_USERNAMEfalsestring
clusters[].ksqlDBs[].security.passwordBasic auth passwordCDK_CLUSTERS_0_KSQLDBS_0_SECURITY_PASSWORDfalsestring
Bearer Token Authentication
clusters[].ksqlDBs[].security.tokenBearer tokenCDK_CLUSTERS_0_KSQLDBS_0_SECURITY_TOKENfalsestring
mTLS Authentication
clusters[].ksqlDBs[].security.keyAccess keyCDK_CLUSTERS_0_KSQLDBS_0_SECURITY_KEYfalsestring
clusters[].ksqlDBs[].security.certificateChainAccess certificateCDK_CLUSTERS_0_KSQLDBS_0_SECURITY_CERTIFICATECHAINfalsestring

Indexing properties

Indexing fetches metadata from your Kafka cluster (e.g. topics, consumer groups, subjects). You should only modify these parameters if you see an issue with the performance.
PropertyDescriptionEnvironment variableMandatoryTypeDefault
Lag exporter
lagexporter.frequencyFrequency in seconds of the execution of the lag exporterCDK_LAGEXPORTER_FREQUENCYfalseint30
lagexporter.clusterparallelismNumber of clusters indexed in parallel for the lag exporterCDK_LAGEXPORTER_CLUSTERPARALLELISMfalseint1
lagexporter.indexertimeoutLag exporter timeout in secondsCDK_LAGEXPORTER_INDEXERTIMEOUTfalseint300 (5 minutes)
lagexporter.blockingdurationCircuit breaker blocking duration in seconds - defines how long the indexer will wait after a series of failed requests before reattempting indexingCDK_LAGEXPORTER_BLOCKINGDURATIONfalseint60
lagexporter.sequentialfailurethresholdNumber of sequential failures before the circuit breaker activatesCDK_LAGEXPORTER_SEQUENTIALFAILURETHRESHOLDfalseint10
Metadata indexer
metadataindexer.frequencyFrequency in seconds of the execution of the metadata indexerCDK_METADATAINDEXER_FREQUENCYfalseint30
metadataindexer.clusterparallelismNumber of clusters indexed in parallel for the metadata indexerCDK_METADATAINDEXER_CLUSTERPARALLELISMfalseint1
metadataindexer.indexertimeoutMetadata indexer timeout in secondsCDK_METADATAINDEXER_INDEXERTIMEOUTfalseint300 (5 minutes)
metadataindexer.blockingdurationCircuit breaker blocking duration in seconds - defines how long the indexer will wait after a series of failed requests before reattempting indexingCDK_METADATAINDEXER_BLOCKINGDURATIONfalseint600
metadataindexer.sequentialfailurethresholdNumber of sequential failures before the circuit breaker activatesCDK_METADATAINDEXER_SEQUENTIALFAILURETHRESHOLDfalseint10
Monitoring indexer
monitoringconfig.frequencyFrequency in seconds of the execution of the monitoring indexerCDK_MONITORINGCONFIG_FREQUENCYfalseint30
monitoringconfig.clusterparallelismNumber of clusters indexed in parallel for the monitoring indexerCDK_MONITORINGCONFIG_CLUSTERPARALLELISMfalseint1
monitoringconfig.indexertimeoutMonitoring indexer timeout in secondsCDK_MONITORINGCONFIG_INDEXERTIMEOUTfalseint300 (5 minutes)
monitoringconfig.blockingdurationCircuit breaker blocking duration in seconds - defines how long the indexer will wait after a series of failed requests before reattempting indexingCDK_MONITORINGCONFIG_BLOCKINGDURATIONfalseint600
monitoringconfig.sequentialfailurethresholdNumber of sequential failures before the circuit breaker activatesCDK_MONITORINGCONFIG_SEQUENTIALFAILURETHRESHOLDfalseint10
Schema registry indexer
registryindexer.frequencyFrequency in seconds of the execution of the schema registry indexerCDK_REGISTRYINDEXER_FREQUENCYfalseint30
registryindexer.clusterparallelismNumber of clusters indexed in parallel for the schema registry indexerCDK_REGISTRYINDEXER_CLUSTERPARALLELISMfalseint1
registryindexer.indexertimeoutSchema registry indexer timeout in secondsCDK_REGISTRYINDEXER_INDEXERTIMEOUTfalseint300 (5 minutes)
registryindexer.blockingdurationCircuit breaker blocking duration in seconds - defines how long the indexer will wait after a series of failed requests before reattempting indexingCDK_REGISTRYINDEXER_BLOCKINGDURATIONfalseint600
registryindexer.sequentialfailurethresholdNumber of sequential failures before the circuit breaker activatesCDK_REGISTRYINDEXER_SEQUENTIALFAILURETHRESHOLDfalseint10
Kafka connect indexer
connectindexer.frequencyFrequency in seconds of the execution of the kafka connect indexerCDK_CONNECTINDEXER_FREQUENCYfalseint30
connectindexer.clusterparallelismNumber of clusters indexed in parallel for the kafka connect indexerCDK_CONNECTINDEXER_CLUSTERPARALLELISMfalseint1
connectindexer.indexertimeoutKafka connect indexer timeout in secondsCDK_CONNECTINDEXER_INDEXERTIMEOUTfalseint300 (5 minutes)
connectindexer.blockingdurationCircuit breaker blocking duration in seconds - defines how long the indexer will wait after a series of failed requests before reattempting indexingCDK_CONNECTINDEXER_BLOCKINGDURATIONfalseint600
connectindexer.sequentialfailurethresholdNumber of sequential failures before the circuit breaker activatesCDK_CONNECTINDEXER_SEQUENTIALFAILURETHRESHOLDfalseint10
Kafka admin client configuration
kafka_admin.list_consumer_group_offsets_batch_sizeThe number of consumer groups offset to fetch in a single query. Old versions of Kafka may time out when fetching too many offsets at once.CDK_KAFKAADMIN_LISTCONSUMERGROUPOFFSETSBATCHSIZEfalseint100
kafka_admin.describe_consumer_groups_batch_sizeThe number of consumer groups to be described in a single query.CDK_KAFKAADMIN_DESCRIBECONSUMERGROUPSBATCHSIZEfalseint10000
kafka_admin.list_consumer_group_offsets_batch_sizeThe number of consumer groups offset to fetch in a single query. Old versions of Kafka may time out when fetching too many offsets at once.CDK_KAFKAADMIN_LISTCONSUMERGROUPOFFSETSBATCHSIZEfalseint100
kafka_admin.describe_consumer_groups_batch_sizeThe number of consumer groups to be described in a single query.CDK_KAFKAADMIN_DESCRIBECONSUMERGROUPSBATCHSIZEfalseint10000
kafka_admin.batch_parallel_sizeMaximum of batched requests that can be sent in parallelCDK_KAFKAADMIN_BATCHPARALLELSIZEfalseint5
kafka_admin.record_size_limitMaximum size in bytes of a single message to display in the consume page. For larger messages, you’ll get a link to open in a dedicated page.CDK_KAFKAADMIN_RECORDSIZELIMITfalseint102400 (bytes)

Audit log export properties

The audit log can be exported to a Kafka topic, once configured in Console.
PropertyDescriptionEnvironment variableMandatoryTypeDefault
audit_log_publisher.clusterThe cluster ID where the audit logs will be exportedCDK_AUDITLOGPUBLISHER_CLUSTERfalsestring
audit_log_publisher.topicNameThe topic name where the audit logs will be exportedCDK_AUDITLOGPUBLISHER_TOPICNAMEfalsestring
audit_log_publisher.topicConfig.partitionThe number of partitions for the audit log topicCDK_AUDITLOGPUBLISHER_TOPICCONFIG_PARTITIONfalseint1
audit_log_publisher.topicConfig.replicationFactorThe replication factor for the audit log topicCDK_AUDITLOGPUBLISHER_TOPICCONFIG_REPLICATIONFACTORfalseint1

Conduktor SQL properties

In order to use Conduktor SQL, you need to configure a second database to store the Topics data. You can configure Conduktor SQL Database using CDK_KAFKASQL_DATABASE_URL or alternatively, set each value individually CDK_KAFKASQL_DATABASE_*.
PropertyDescriptionEnvironment variableMandatoryTypeDefault
kafka_sql.database.urlExternal PostgreSQL configuration URL in format [jdbc:]postgresql://[user[:password]@][[netloc][:port],...][/dbname][?param1=value1&...]CDK_KAFKASQL_DATABASE_URLfalsestring
kafka_sql.database.urlExternal PostgreSQL configuration URL in format [jdbc:]postgresql://[user[:password]@][[netloc][:port],...][/dbname][?param1=value1&...]CDK_KAFKASQL_DATABASE_URLfalsestring
kafka_sql.database.hosts[].hostExternal PostgreSQL servers hostnameCDK_KAFKASQL_DATABASE_HOSTS_0_HOSTfalsestring
kafka_sql.database.hosts[].portExternal PostgreSQL servers portCDK_KAFKASQL_DATABASE_HOSTS_0_PORTfalseint
kafka_sql.database.hostExternal PostgreSQL server hostname (Deprecated, use kafka_sql.database.hosts instead)CDK_KAFKASQL_DATABASE_HOSTfalsestring
kafka_sql.database.portExternal PostgreSQL server port (Deprecated, use kafka_sql.database.hosts instead)CDK_KAFKASQL_DATABASE_PORTfalseint
kafka_sql.database.nameExternal PostgreSQL database nameCDK_KAFKASQL_DATABASE_NAMEfalsestring
kafka_sql.database.usernameExternal PostgreSQL login roleCDK_KAFKASQL_DATABASE_USERNAMEfalsestring
kafka_sql.database.passwordExternal PostgreSQL login passwordCDK_KAFKASQL_DATABASE_PASSWORDfalsestring
kafka_sql.database.connection_timeoutExternal PostgreSQL connection timeout in secondsCDK_KAFKASQL_DATABASE_CONNECTIONTIMEOUTfalseint
Advanced properties (typically, these do not need to be altered)
PropertyDescriptionEnvironment variableMandatoryTypeDefault
kafka_sql.commit_offset_every_in_secFrequency at which Conduktor SQL commits offsets into Kafka and flushes rows in the databaseCDK_KAFKASQL_COMMITOFFSETEVERYINSECfalseint30 (seconds)
kafka_sql.clean_expired_record_every_in_hourHow often to check for expired records and delete them from the DatabaseCDK_KAFKASQL_CLEANEXPIREDRECORDEVERYINHOURfalseint1 (hour)
kafka_sql.refresh_topic_configuration_every_in_secFrequency at which Conduktor SQL looks for new topics to start indexing or stop indexingCDK_KAFKASQL_REFRESHTOPICCONFIGURATIONEVERYINSECfalseint30 (seconds)
kafka_sql.consumer_group_idConsumer group used to identify Conduktor SQLCDK_KAFKASQL_CONSUMER-GROUP-IDfalsestringconduktor-sql
kafka_sql.refresh_user_permissions_every_in_secFrequency at which Conduktor SQL refreshes the role permissions in the DB to match the RBAC setup in ConsoleCDK_KAFKASQL_REFRESHUSERPERMISSIONSEVERYINSECfalsestringconduktor-sql

Partner Zones properties

Advanced properties (typically, these do not need to be altered).
PropertyDescriptionEnvironment variableMandatoryTypeDefault
partner_zone.reconcile_with_gateway_every_secondsThe interval at which the partner zone’s state that is stored on Console, is synchronized with Gateway. A lower value results in faster alignment between the desired state and the current state on Gateway. The default value is set to 5 seconds.CDK_PARTNERZONE_RECONCILEWITHGATEWAYEVERYSECONDSfalseint5 (seconds)

Data quality properties

Advanced properties for Rules and Policies. Typically, these do not need to be altered.
PropertyDescriptionEnvironment variableMandatoryTypeDefault
data_quality.reconcile_every_secondsThe interval at which the data quality’s state on Console is synchronized with Gateway. A lower value results in faster alignment between the required state and the current state on Gateway. The default value is 5 seconds.CDK_DATAQUALITY_RECONCILEEVERYSECONDSfalseint5 (seconds)
data_quality.report_max_per_secondThe number of violations reported in data quality can be high. This value fixes the max number of violations that will be reported, per second. If more violations are produced, they won’t be reported in Console.CDK_DATAQUALITY_REPORTMAXPERSECONDfalseint10 (unit)
data_quality.report_retention_dayThe number of days that the violation history logs will be retained.CDK_DATAQUALITY_REPORTRETENTIONDAYSfalseint7 (days)