Skip to main content
Quick navigation

Configuration Properties and Environment Variables

Jump to:

Docker image environment variables

ENVSince VersionUntil VersionDefault Value
CDK_DEBUG1.0.0latestfalseFlag to enable platform debug logs. See log configuration for mor details.
RUN_MODE1.0.2latestnanoMemory presets for the platform see advanced settings
CDK_VOLUME_DIR1.0.2latest/var/conduktorVolume directory where Conduktor platform store data **
CDK_IN_CONF_FILE1.0.2latest/opt/conduktor/default-platform-config.yaml)Conduktor platform configuration file location **
CDK_LISTENING_PORT1.2.0latest8080Platform listening port **
CDK_SSL_TRUSTSTORE_PATH1.5.0latestNoneTruststore file path used by platform kafka, SSO, S3, ... clients SSL/TLS verification
CDK_SSL_TRUSTSTORE_PASSWORD1.5.0latestNoneTruststore password (optional)
CDK_SSL_TRUSTSTORE_TYPE1.5.0latestjksTruststore type (optional)
CDK_SSL_DEBUG1.9.0latestfalseEnable SSL/TLS debug logs
CDK_HTTP_PROXY_HOST1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_PORT1.10.0latest80Specify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_NON_PROXY_HOSTS1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_USERNAME1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_PASSWORD1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_GLOBAL_JAVA_OPTS1.10.0latestNoneCustom JAVA_OPTS parameters passed to platform modules.
CDK_ROOT_LOG_LEVEL1.11.0latestINFOSet the platform global log level (DEBUG, INFO, WARN, ERROR). See log configuration for mor details.
CDK_ROOT_LOG_COLOR1.11.0latesttrueEnable or disable ANSI colors in logs. See log configuration for mor details.

Platform properties reference

Starting from Conduktor Platform 1.2.0 input configuration fields can be provided using environment variables.

Below shows the mapping of configuration fields in the platform-config.yaml to environment variables.

Note : Lists start at index 0 and are provided using _idx_ syntax.

Support of *_FILE environment variables

Since release 1.10.0, setting an environment variable matching *_FILE to a file path, the prefixed environment variable will be overridden with the value specified in that file.

For example, setting CDK_LICENSE_FILE to /run/secrets/license will override CDK_LICENSE with the content of the file /run/secrets/license.

Exception: CDK_IN_CONF_FILE is not supported

Global properties

  • organization.name : Your organizations name

    • Env : CDK_ORGANIZATION_NAME
    • Mandatory : true
    • Type : string
    • Default : "default"
  • license : Enterprise license key. If not provided, fallback to free plan.

    • Env : CDK_LICENSE or LICENSE_KEY
    • Mandatory : false
    • Type : string
    • Default : ∅

Tips : If you need more that what free plan offer, you can contact us for a trial license.

  • platform.fqdn : Platform FQDN. Could be useful for SSO callback URL when using a reverse proxy. The platform will try to guess it automatically using X-Forwarded-Host header coming from upstream reverse proxy.

    • Env : CDK_PLATFORM_FQDN
    • Mandatory : false
    • Type : string
    • Default : "localhost"
  • platform.https.cert.path : Path to the SSL certificate file.

    • Env : CDK_PLATFORM_HTTPS_CERT_PATH
    • Mandatory : false
    • Type : string
    • Default : ∅
  • platform.https.key.path : Path to the SSL private key file.

    • Env : CDK_PLATFORM_HTTPS_KEY_PATH
    • Mandatory : false
    • Type : string
    • Default : ∅

Database properties

See database configuration documentation for more info

  • database.url : External Postgresql configuration URL in format [jdbc:]postgresql://[user[:password]@]netloc[:port][/dbname][?param1=value1&...].

    • Env : CDK_DATABASE_URL (prior to 1.2.0 it was PLATFORM_DB_URL)
    • Mandatory : false
    • Type : string
    • Default : ∅
  • database.host : External Postgresql server hostname

    • Env : CDK_DATABASE_HOST
    • Mandatory : false
    • Type : string
    • Default : ∅
  • database.port : External Postgresql server port

    • Env : CDK_DATABASE_PORT
    • Mandatory : false
    • Type : int
    • Default : ∅
  • database.name : External Postgresql database name

    • Env : CDK_DATABASE_NAME
    • Mandatory : false
    • Type : string
    • Default : ∅
  • database.username : External Postgresql login role

    • Env : CDK_DATABASE_USERNAME
    • Mandatory : false
    • Type : string
    • Default : ∅
  • database.password : External Postgresql login password

    • Env : CDK_DATABASE_PASSWORD
    • Mandatory : false
    • Type : string
    • Default : ∅
  • database.connection_timeout : External Postgresql connection timeout in seconds.

    • Env : CDK_DATABASE_CONNECTIONTIMEOUT
    • Mandatory : false
    • Type : int
    • Default : ∅

Local users properties

Optional local accounts list used to login on conduktor-platform

  • auth.local-users[].email : User login

    • Env : CDK_AUTH_LOCAL-USERS_0_EMAIL
    • Mandatory : true
    • Type : string
    • Default : "admin@conduktor.io"
  • auth.local-users[].password : User password

    • Env : CDK_AUTH_LOCAL-USERS_0_PASSWORD
    • Mandatory : true
    • Type : string
    • Default : "admin"

SSO properties

SSO authentication properties (only on enterprise plan). See authentication documentation for snippets

  • sso.ignoreUntrustedCertificate : Disable SSL checks
    • Env : SSO_IGNORE-UNTRUSTED-CERTIFICATE
    • Mandatory : false
    • Type : boolean
    • Default : false
    • Since : 1.3.0

LDAP properties

  • sso.ldap[].name : Ldap connection name

    • Env : SSO_LDAP_0_NAME
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].server : Ldap server host and port

    • Env : SSO_LDAP_0_SERVER
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].managerDn : Sets the manager DN

    • Env : SSO_LDAP_0_MANAGERDN
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].managerPassword : Sets the manager password

    • Env : SSO_LDAP_0_MANAGERPASSWORD
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].search-subtree : Sets if the subtree should be searched.

    • Env : SSO_LDAP_0_SEARCH-SUBTREE
    • Mandatory : false
    • Type : boolean
    • Default : true
    • Since : 1.5.0
  • sso.ldap[].search-base : Sets the base DN to search.

    • Env : SSO_LDAP_0_SEARCH-BASE
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].search-filter : Sets the search filter. By default, the filter is set to (uid={0}) for users using class type InetOrgPerson.

    • Env : SSO_LDAP_0_SEARCH-FILTER
    • Mandatory : false
    • Type : string
    • Default : "(uid={0})"
    • Since : 1.5.0
  • sso.ldap[].search-attributes : Sets the attributes list to return. By default, all attributes are returned. Platform search for uid, cn, mail, email, givenName, sn, displayName attributes to map into user token.

    • Env : SSO_LDAP_0_SEARCH-ATTRIBUTES
    • Mandatory : false
    • Type : string array
    • Default : []
    • Since : 1.5.0
  • sso.ldap[].groups-enabled : Sets if group search is enabled.

    • Env : SSO_LDAP_0_GROUPS-ENABLED
    • Mandatory : false
    • Type : boolean
    • Default : false
    • Since : 1.5.0
  • sso.ldap[].groups-subtree : Sets if the subtree should be searched.

    • Env : SSO_LDAP_0_GROUPS-SUBTREE
    • Mandatory : false
    • Type : boolean
    • Default : true
    • Since : 1.5.0
  • sso.ldap[].groups-base : Sets the base DN to search from.

    • Env : SSO_LDAP_0_GROUPS-BASE
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.ldap[].groups-filter : Sets the group search filter. If using group class type GroupOfUniqueNames use the filter "uniqueMember={0}". For group class GroupOfNames use "member={0}". By default, the filter is set to "uniqueMember={0}".

    • Env : SSO_LDAP_0_GROUPS-FILTER
    • Mandatory : false
    • Type : string
    • Default : "uniquemember={0}"
    • Since : 1.5.0
  • sso.ldap[].groups-filter-attribute : Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.

    • Env : SSO_LDAP_0_GROUPS-FILTER-ATTRIBUTE
    • Mandatory : false
    • Type : string
    • Default : ∅
    • Since : 1.5.0
  • sso.ldap[].groups-attribute : Sets the group attribute name. Defaults to cn.

    • Env : SSO_LDAP_0_GROUPS-ATTRIBUTE
    • Mandatory : false
    • Type : string
    • Default : "cn"
    • Since : 1.5.0
  • sso.ldap[].properties : Additional properties that will be passed to identity provider context

    • Env : SSO_LDAP_0_PROPERTIES
    • Mandatory : false
    • Type : dictionary
    • Default : ∅
    • Since : 1.11.0

Oauth2 properties

  • sso.oauth2[].name : Oauth2 connection name

    • Env : SSO_OAUTH2_0_NAME
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.oauth2[].default : Use as default

    • Env : SSO_OAUTH2_0_DEFAULT
    • Mandatory : true
    • Type : boolean
    • Default : ∅
  • sso.oauth2[].client-id : Oauth2 client id

    • Env : SSO_OAUTH2_0_CLIENT-ID
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.oauth2[].client-secret : Oauth2 client secret

    • Env : SSO_OAUTH2_0_CLIENT-SECRET
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.oauth2[].openid.issuer : Issuer to check on token

    • Env : SSO_OAUTH2_0_OPENID_ISSUER
    • Mandatory : true
    • Type : string
    • Default : ∅
  • sso.oauth2[].scopes : Scope to be requested in the client credentials request.

    • Env : SSO_OAUTH2_0_SCOPES
    • Mandatory : true
    • Type : string
    • Default : []
  • sso.oauth2[].authorization-url : Authorization endpoint URL

    • Env : SSO_OAUTH2_0_AUTHORIZATION-URL
    • Mandatory : false
    • Type : string
    • Default : ∅
  • sso.oauth2[].token.url : Get token endpoint URL

    • Env : SSO_OAUTH2_0_TOKEN_URL
    • Mandatory : false
    • Type : string
    • Default : ∅
  • sso.oauth2[].token.auth-method : Authentication Method

    • Env : SSO_OAUTH2_0_TOKEN_AUTH-METHOD
    • Mandatory : false
    • Type : string one of : "CLIENT_SECRET_BASIC", "CLIENT_SECRET_JWT", "CLIENT_SECRET_POST", "NONE", "PRIVATE_KEY_JWT", "TLS_CLIENT_AUTH"
    • Default : ∅

Kafka clusters properties

info

Configuring Kafka Clusters, Schema Registry and Kafka Connect with YAML is now deprecated.
Looking to configure your Kafka Clusters using GitOps processes?
Contact our Customer Success or give us feedback on this feature.

danger

Please consider the following limitations regarding Kafka Cluster definition:

  • This is not GitOps. If you later need to update a cluster defined this way, you must update it through the UI
  • Some additional properties will interfere with the UI and you won't be able to update them.
    • ssl.truststore.path and ssl.keystore.path are known to cause issues.

You can find sample configurations on the Configuration Snippets page

  • clusters[].id : String used to uniquely identify your Kafka cluster

    • Env : CDK_CLUSTERS_0_ID
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].name : Alias or user-friendly name for your Kafka cluster

    • Env : CDK_CLUSTERS_0_NAME
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].color : Attach a color to associate with your cluster in the UI

    • Env : CDK_CLUSTERS_0_COLOR
    • Mandatory : false
    • Type : string in hexadecimal format (#FFFFFF)
    • Default : random
  • clusters[].ignoreUntrustedCertificate : Skip SSL certificate validation

    • Env : CDK_CLUSTERS_0_IGNOREUNTRUSTEDCERTIFICATE
    • Mandatory : false
    • Type : boolean
    • Default : false
  • clusters[].bootstrapServers : List of host:port for your Kafka brokers separated by coma ,

    • Env : CDK_CLUSTERS_0_BOOTSTRAPSERVERS
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].zookeeperServer : Zookeeper server url

    • Env : CDK_CLUSTERS_0_ZOOKEEPERSERVER
    • Mandatory : false
    • Type : string
    • Default : ∅
  • clusters[].properties : Any cluster configuration properties.

    • Env : CDK_CLUSTERS_0_PROPERTIES
    • Mandatory : false
    • Type : string where each line is a property
    • Default : ∅

      Tips : To set multi-line properties using environment variable, separate each properties with \n like prop1=value1\nprop3=value3.

  • clusters[].jmxScrapePort : JMX-exporter port used to scrape kafka broker metrics for monitoring

    • Env : CDK_CLUSTERS_0_JMXSCRAPEPORT
    • Mandatory : false
    • Type : int
    • Default : 9101
  • clusters[].nodeScrapePort : Node-exporter port used to scrape kafka host metrics for monitoring

    • Env : CDK_CLUSTERS_0_NODESCRAPEPORT
    • Mandatory : false
    • Type : int
    • Default : 9100

Schema registry properties

  • clusters[].schemaRegistry.id : String used to uniquely identify your schema registry

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_ID
    • Mandatory : true
    • Type : string
    • Default : ∅

Confluent schema registry properties

  • clusters[].schemaRegistry.url : The schema registry URL

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_URL
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].schemaRegistry.ignoreUntrustedCertificate : Skip SSL certificate validation

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_IGNOREUNTRUSTEDCERTIFICATE
    • Mandatory : false
    • Type : boolean
    • Default : false
  • clusters[].schemaRegistry.properties : Any schema registry configuration parameters

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_PROPERTIES
    • Mandatory : false
    • Type : string where each line is a property
    • Default : ∅

      Tips : To set multi-line properties using environment variable, separate each properties with \n like prop1=value1\nprop3=value3.

If you need to authenticate with basic auth, you can use the following properties:

  • clusters[].schemaRegistry.security.username : Basic auth username

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_USERNAME
    • Mandatory : false
    • Type : string
    • Default : ∅
  • clusters[].schemaRegistry.security.password : Basic auth password

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_PASSWORD
    • Mandatory : false
    • Type : string
    • Default : ∅

If you need to authenticate with bearer auth, you can use the following property:

  • clusters[].schemaRegistry.security.token : Bearer auth token

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_TOKEN
    • Mandatory : false
    • Type : string
    • Default : ∅

Amazon Glue schema registry properties

  • clusters[].schemaRegistry.region : The Glue schema registry region

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_REGION
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.x.x
  • clusters[].schemaRegistry.registryName : The Glue schema registry name

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_REGISTRYNAME
    • Mandatory : false
    • Type : string
    • Default : ∅
    • Since : 1.x.x
  • clusters[].schemaRegistry.amazonSecurity.type : Authentication with credentials

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_TYPE
    • Mandatory : true
    • Type : string
    • Values : Credentials | FromContext | FromRole
    • Default : ∅
    • Since : 1.x.x

If amazonSecurity.type is Credentials, you must use the following properties:

  • clusters[].schemaRegistry.amazonSecurity.accessKeyId : Credentials auth access key

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ACCESSKEYID
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.x.x
  • clusters[].schemaRegistry.amazonSecurity.secretKey : Credentials auth secret key

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_SECRETKEY
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.x.x

If amazonSecurity.type is FromContext, you must use the following properties:

  • clusters[].schemaRegistry.amazonSecurity.profile : Authentication profile

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_PROFILE
    • Mandatory : false
    • Type : string
    • Default : ∅
    • Since : 1.x.x

If amazonSecurity.type is FromRole, you must use the following properties:

  • clusters[].schemaRegistry.amazonSecurity.role : Authentication role

    • Env : CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ROLE
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.x.x

Kafka Connect properties

  • clusters[].kafkaConnects[].id : String used to uniquely identify your Kafka Connect

    • Env : CDK_CLUSTERS_0_KAFKACONNECTS_0_ID
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].kafkaConnects[].url : The Kafka connect URL

    • Env : CDK_CLUSTERS_0_KAFKACONNECTS_0_URL
    • Mandatory : true
    • Type : string
    • Default : ∅
  • clusters[].kafkaConnects[].security.username : Basic auth username

    • Env : CDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_USERNAME
    • Mandatory : false
    • Type : string
    • Default : ∅
  • clusters[].kafkaConnects[].security.username : Basic auth password

    • Env : CDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_PASSWORD
    • Mandatory : false
    • Type : string
    • Default : ∅

Monitoring properties

  • monitoring.storage.s3.endpoint : External monitoring S3 storage endpoint

    • Env : CDK_MONITORING_STORAGE_S3_ENDPOINT
    • Mandatory : false
    • Type : string
    • Default : ∅
    • Since : 1.5.0
  • monitoring.storage.s3.region : External monitoring S3 storage region

    • Env : CDK_MONITORING_STORAGE_S3_REGION
    • Mandatory : false
    • Type : string
    • Default : ∅
    • Since : 1.5.0
  • monitoring.storage.s3.bucket : External monitoring S3 storage bucket name

    • Env : CDK_MONITORING_STORAGE_S3_BUCKET
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.5.0
  • monitoring.storage.s3.insecure : External monitoring S3 storage SSL/TLS check flag

    • Env : CDK_MONITORING_STORAGE_S3_INSECURE
    • Mandatory : false
    • Type : bool
    • Default : false
    • Since : 1.5.0
  • monitoring.storage.s3.accessKeyId : External monitoring S3 storage access key

    • Env : CDK_MONITORING_STORAGE_S3_ACCESSKEYID
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.5.0
  • monitoring.storage.s3.secretAccessKey : External monitoring S3 storage access key secret

    • Env : CDK_MONITORING_STORAGE_S3_SECRETACCESSKEY
    • Mandatory : true
    • Type : string
    • Default : ∅
    • Since : 1.5.0