Configuration Properties and Environment Variables
Jump to:
Docker image environment variables
| ENV | Since Version | Until Version | Default Value | |
|---|---|---|---|---|
CDK_DEBUG | 1.0.0 | latest | false | Flag to enable platform debug logs. See log configuration for mor details. |
RUN_MODE | 1.0.2 | latest | nano | Memory presets for the platform see advanced settings |
CDK_VOLUME_DIR | 1.0.2 | latest | /var/conduktor | Volume directory where Conduktor platform store data ** |
CDK_IN_CONF_FILE | 1.0.2 | latest | /opt/conduktor/default-platform-config.yaml) | Conduktor platform configuration file location ** |
CDK_LISTENING_PORT | 1.2.0 | latest | 8080 | Platform listening port ** |
CDK_SSL_TRUSTSTORE_PATH | 1.5.0 | latest | None | Truststore file path used by platform kafka, SSO, S3, ... clients SSL/TLS verification |
CDK_SSL_TRUSTSTORE_PASSWORD | 1.5.0 | latest | None | Truststore password (optional) |
CDK_SSL_TRUSTSTORE_TYPE | 1.5.0 | latest | jks | Truststore type (optional) |
CDK_SSL_DEBUG | 1.9.0 | latest | false | Enable SSL/TLS debug logs |
CDK_HTTP_PROXY_HOST | 1.10.0 | latest | None | Specify proxy settings that Conduktor Platform should use to access the Internet |
CDK_HTTP_PROXY_PORT | 1.10.0 | latest | 80 | Specify proxy settings that Conduktor Platform should use to access the Internet |
CDK_HTTP_NON_PROXY_HOSTS | 1.10.0 | latest | None | Specify proxy settings that Conduktor Platform should use to access the Internet |
CDK_HTTP_PROXY_USERNAME | 1.10.0 | latest | None | Specify proxy settings that Conduktor Platform should use to access the Internet |
CDK_HTTP_PROXY_PASSWORD | 1.10.0 | latest | None | Specify proxy settings that Conduktor Platform should use to access the Internet |
CDK_GLOBAL_JAVA_OPTS | 1.10.0 | latest | None | Custom JAVA_OPTS parameters passed to platform modules. |
CDK_ROOT_LOG_LEVEL | 1.11.0 | latest | INFO | Set the platform global log level (DEBUG, INFO, WARN, ERROR). See log configuration for mor details. |
CDK_ROOT_LOG_COLOR | 1.11.0 | latest | true | Enable or disable ANSI colors in logs. See log configuration for mor details. |
Platform properties reference
Starting from Conduktor Platform 1.2.0 input configuration fields can be provided using environment variables.
Below shows the mapping of configuration fields in the platform-config.yaml to environment variables.
Note : Lists start at index 0 and are provided using
_idx_syntax.
Support of *_FILE environment variables
Since release 1.10.0, setting an environment variable matching *_FILE to a file path, the prefixed environment variable will be overridden with the value specified in that file.
For example, setting CDK_LICENSE_FILE to /run/secrets/license will override CDK_LICENSE with the content of the file /run/secrets/license.
Exception:
CDK_IN_CONF_FILEis not supported
Global properties
organization.name: Your organizations name- Env :
CDK_ORGANIZATION_NAME - Mandatory : true
- Type : string
- Default :
"default"
- Env :
license: Enterprise license key. If not provided, fallback to free plan.- Env :
CDK_LICENSEorLICENSE_KEY - Mandatory : false
- Type : string
- Default : ∅
- Env :
Tips : If you need more that what free plan offer, you can contact us for a trial license.
platform.fqdn: Platform FQDN. Could be useful for SSO callback URL when using a reverse proxy. The platform will try to guess it automatically usingX-Forwarded-Hostheader coming from upstream reverse proxy.- Env :
CDK_PLATFORM_FQDN - Mandatory : false
- Type : string
- Default :
"localhost"
- Env :
platform.https.cert.path: Path to the SSLcertificatefile.- Env :
CDK_PLATFORM_HTTPS_CERT_PATH - Mandatory : false
- Type : string
- Default : ∅
- Env :
platform.https.key.path: Path to the SSLprivate keyfile.- Env :
CDK_PLATFORM_HTTPS_KEY_PATH - Mandatory : false
- Type : string
- Default : ∅
- Env :
Database properties
See database configuration documentation for more info
database.url: External Postgresql configuration URL in format[jdbc:]postgresql://[user[:password]@]netloc[:port][/dbname][?param1=value1&...].- Env :
CDK_DATABASE_URL(prior to1.2.0it wasPLATFORM_DB_URL) - Mandatory : false
- Type : string
- Default : ∅
- Env :
database.host: External Postgresql server hostname- Env :
CDK_DATABASE_HOST - Mandatory : false
- Type : string
- Default : ∅
- Env :
database.port: External Postgresql server port- Env :
CDK_DATABASE_PORT - Mandatory : false
- Type : int
- Default : ∅
- Env :
database.name: External Postgresql database name- Env :
CDK_DATABASE_NAME - Mandatory : false
- Type : string
- Default : ∅
- Env :
database.username: External Postgresql login role- Env :
CDK_DATABASE_USERNAME - Mandatory : false
- Type : string
- Default : ∅
- Env :
database.password: External Postgresql login password- Env :
CDK_DATABASE_PASSWORD - Mandatory : false
- Type : string
- Default : ∅
- Env :
database.connection_timeout: External Postgresql connection timeout in seconds.- Env :
CDK_DATABASE_CONNECTIONTIMEOUT - Mandatory : false
- Type : int
- Default : ∅
- Env :
Local users properties
Optional local accounts list used to login on conduktor-platform
auth.local-users[].email: User login- Env :
CDK_AUTH_LOCAL-USERS_0_EMAIL - Mandatory : true
- Type : string
- Default :
"admin@conduktor.io"
- Env :
auth.local-users[].password: User password- Env :
CDK_AUTH_LOCAL-USERS_0_PASSWORD - Mandatory : true
- Type : string
- Default :
"admin"
- Env :
SSO properties
SSO authentication properties (only on enterprise plan). See authentication documentation for snippets
sso.ignoreUntrustedCertificate: Disable SSL checks- Env :
SSO_IGNORE-UNTRUSTED-CERTIFICATE - Mandatory : false
- Type : boolean
- Default :
false - Since :
1.3.0
- Env :
LDAP properties
sso.ldap[].name: Ldap connection name- Env :
SSO_LDAP_0_NAME - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].server: Ldap server host and port- Env :
SSO_LDAP_0_SERVER - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].managerDn: Sets the manager DN- Env :
SSO_LDAP_0_MANAGERDN - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].managerPassword: Sets the manager password- Env :
SSO_LDAP_0_MANAGERPASSWORD - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].search-subtree: Sets if the subtree should be searched.- Env :
SSO_LDAP_0_SEARCH-SUBTREE - Mandatory : false
- Type : boolean
- Default :
true - Since :
1.5.0
- Env :
sso.ldap[].search-base: Sets the base DN to search.- Env :
SSO_LDAP_0_SEARCH-BASE - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].search-filter: Sets the search filter. By default, the filter is set to(uid={0})for users using class typeInetOrgPerson.- Env :
SSO_LDAP_0_SEARCH-FILTER - Mandatory : false
- Type : string
- Default :
"(uid={0})" - Since :
1.5.0
- Env :
sso.ldap[].search-attributes: Sets the attributes list to return. By default, all attributes are returned. Platform search foruid,cn,mail,email,givenName,sn,displayNameattributes to map into user token.- Env :
SSO_LDAP_0_SEARCH-ATTRIBUTES - Mandatory : false
- Type : string array
- Default :
[] - Since :
1.5.0
- Env :
sso.ldap[].groups-enabled: Sets if group search is enabled.- Env :
SSO_LDAP_0_GROUPS-ENABLED - Mandatory : false
- Type : boolean
- Default :
false - Since :
1.5.0
- Env :
sso.ldap[].groups-subtree: Sets if the subtree should be searched.- Env :
SSO_LDAP_0_GROUPS-SUBTREE - Mandatory : false
- Type : boolean
- Default :
true - Since :
1.5.0
- Env :
sso.ldap[].groups-base: Sets the base DN to search from.- Env :
SSO_LDAP_0_GROUPS-BASE - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.ldap[].groups-filter: Sets the group search filter. If using group class typeGroupOfUniqueNamesuse the filter"uniqueMember={0}". For group classGroupOfNamesuse"member={0}". By default, the filter is set to"uniqueMember={0}".- Env :
SSO_LDAP_0_GROUPS-FILTER - Mandatory : false
- Type : string
- Default :
"uniquemember={0}" - Since :
1.5.0
- Env :
sso.ldap[].groups-filter-attribute: Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.- Env :
SSO_LDAP_0_GROUPS-FILTER-ATTRIBUTE - Mandatory : false
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :
sso.ldap[].groups-attribute: Sets the group attribute name. Defaults tocn.- Env :
SSO_LDAP_0_GROUPS-ATTRIBUTE - Mandatory : false
- Type : string
- Default :
"cn" - Since :
1.5.0
- Env :
sso.ldap[].properties: Additional properties that will be passed to identity provider context- Env :
SSO_LDAP_0_PROPERTIES - Mandatory : false
- Type : dictionary
- Default : ∅
- Since :
1.11.0
- Env :
Oauth2 properties
sso.oauth2[].name: Oauth2 connection name- Env :
SSO_OAUTH2_0_NAME - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.oauth2[].default: Use as default- Env :
SSO_OAUTH2_0_DEFAULT - Mandatory : true
- Type : boolean
- Default : ∅
- Env :
sso.oauth2[].client-id: Oauth2 client id- Env :
SSO_OAUTH2_0_CLIENT-ID - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.oauth2[].client-secret: Oauth2 client secret- Env :
SSO_OAUTH2_0_CLIENT-SECRET - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.oauth2[].openid.issuer: Issuer to check on token- Env :
SSO_OAUTH2_0_OPENID_ISSUER - Mandatory : true
- Type : string
- Default : ∅
- Env :
sso.oauth2[].scopes: Scope to be requested in the client credentials request.- Env :
SSO_OAUTH2_0_SCOPES - Mandatory : true
- Type : string
- Default :
[]
- Env :
sso.oauth2[].authorization-url: Authorization endpoint URL- Env :
SSO_OAUTH2_0_AUTHORIZATION-URL - Mandatory : false
- Type : string
- Default : ∅
- Env :
sso.oauth2[].token.url: Get token endpoint URL- Env :
SSO_OAUTH2_0_TOKEN_URL - Mandatory : false
- Type : string
- Default : ∅
- Env :
sso.oauth2[].token.auth-method: Authentication Method- Env :
SSO_OAUTH2_0_TOKEN_AUTH-METHOD - Mandatory : false
- Type : string one of :
"CLIENT_SECRET_BASIC","CLIENT_SECRET_JWT","CLIENT_SECRET_POST","NONE","PRIVATE_KEY_JWT","TLS_CLIENT_AUTH" - Default : ∅
- Env :
Kafka clusters properties
Configuring Kafka Clusters, Schema Registry and Kafka Connect with YAML is now deprecated.
Looking to configure your Kafka Clusters using GitOps processes?
Contact our Customer Success or give us feedback on this feature.
Please consider the following limitations regarding Kafka Cluster definition:
- This is not GitOps. If you later need to update a cluster defined this way, you must update it through the UI
- Some additional properties will interfere with the UI and you won't be able to update them.
ssl.truststore.pathandssl.keystore.pathare known to cause issues.
You can find sample configurations on the Configuration Snippets page
clusters[].id: String used to uniquely identify your Kafka cluster- Env :
CDK_CLUSTERS_0_ID - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].name: Alias or user-friendly name for your Kafka cluster- Env :
CDK_CLUSTERS_0_NAME - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].color: Attach a color to associate with your cluster in the UI- Env :
CDK_CLUSTERS_0_COLOR - Mandatory : false
- Type : string in hexadecimal format (
#FFFFFF) - Default : random
- Env :
clusters[].ignoreUntrustedCertificate: Skip SSL certificate validation- Env :
CDK_CLUSTERS_0_IGNOREUNTRUSTEDCERTIFICATE - Mandatory : false
- Type : boolean
- Default :
false
- Env :
clusters[].bootstrapServers: List of host:port for your Kafka brokers separated by coma,- Env :
CDK_CLUSTERS_0_BOOTSTRAPSERVERS - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].zookeeperServer: Zookeeper server url- Env :
CDK_CLUSTERS_0_ZOOKEEPERSERVER - Mandatory : false
- Type : string
- Default : ∅
- Env :
clusters[].properties: Any cluster configuration properties.- Env :
CDK_CLUSTERS_0_PROPERTIES - Mandatory : false
- Type : string where each line is a property
- Default : ∅
Tips : To set multi-line properties using environment variable, separate each properties with
\nlikeprop1=value1\nprop3=value3.
- Env :
clusters[].jmxScrapePort: JMX-exporter port used to scrape kafka broker metrics for monitoring- Env :
CDK_CLUSTERS_0_JMXSCRAPEPORT - Mandatory : false
- Type : int
- Default :
9101
- Env :
clusters[].nodeScrapePort: Node-exporter port used to scrape kafka host metrics for monitoring- Env :
CDK_CLUSTERS_0_NODESCRAPEPORT - Mandatory : false
- Type : int
- Default :
9100
- Env :
Schema registry properties
clusters[].schemaRegistry.id: String used to uniquely identify your schema registry- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_ID - Mandatory : true
- Type : string
- Default : ∅
- Env :
Confluent schema registry properties
clusters[].schemaRegistry.url: The schema registry URL- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_URL - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].schemaRegistry.ignoreUntrustedCertificate: Skip SSL certificate validation- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_IGNOREUNTRUSTEDCERTIFICATE - Mandatory : false
- Type : boolean
- Default :
false
- Env :
clusters[].schemaRegistry.properties: Any schema registry configuration parameters- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_PROPERTIES - Mandatory : false
- Type : string where each line is a property
- Default : ∅
Tips : To set multi-line properties using environment variable, separate each properties with
\nlikeprop1=value1\nprop3=value3.
- Env :
If you need to authenticate with basic auth, you can use the following properties:
clusters[].schemaRegistry.security.username: Basic auth username- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_USERNAME - Mandatory : false
- Type : string
- Default : ∅
- Env :
clusters[].schemaRegistry.security.password: Basic auth password- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_PASSWORD - Mandatory : false
- Type : string
- Default : ∅
- Env :
If you need to authenticate with bearer auth, you can use the following property:
clusters[].schemaRegistry.security.token: Bearer auth token- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_TOKEN - Mandatory : false
- Type : string
- Default : ∅
- Env :
Amazon Glue schema registry properties
clusters[].schemaRegistry.region: The Glue schema registry region- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_REGION - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
clusters[].schemaRegistry.registryName: The Glue schema registry name- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_REGISTRYNAME - Mandatory : false
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
clusters[].schemaRegistry.amazonSecurity.type: Authentication with credentials- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_TYPE - Mandatory : true
- Type : string
- Values :
Credentials|FromContext|FromRole - Default : ∅
- Since :
1.x.x
- Env :
If amazonSecurity.type is Credentials, you must use the following properties:
clusters[].schemaRegistry.amazonSecurity.accessKeyId: Credentials auth access key- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ACCESSKEYID - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
clusters[].schemaRegistry.amazonSecurity.secretKey: Credentials auth secret key- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_SECRETKEY - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
If amazonSecurity.type is FromContext, you must use the following properties:
clusters[].schemaRegistry.amazonSecurity.profile: Authentication profile- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_PROFILE - Mandatory : false
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
If amazonSecurity.type is FromRole, you must use the following properties:
clusters[].schemaRegistry.amazonSecurity.role: Authentication role- Env :
CDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ROLE - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.x.x
- Env :
Kafka Connect properties
clusters[].kafkaConnects[].id: String used to uniquely identify your Kafka Connect- Env :
CDK_CLUSTERS_0_KAFKACONNECTS_0_ID - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].kafkaConnects[].url: The Kafka connect URL- Env :
CDK_CLUSTERS_0_KAFKACONNECTS_0_URL - Mandatory : true
- Type : string
- Default : ∅
- Env :
clusters[].kafkaConnects[].security.username: Basic auth username- Env :
CDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_USERNAME - Mandatory : false
- Type : string
- Default : ∅
- Env :
clusters[].kafkaConnects[].security.username: Basic auth password- Env :
CDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_PASSWORD - Mandatory : false
- Type : string
- Default : ∅
- Env :
Monitoring properties
monitoring.storage.s3.endpoint: External monitoring S3 storage endpoint- Env :
CDK_MONITORING_STORAGE_S3_ENDPOINT - Mandatory : false
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :
monitoring.storage.s3.region: External monitoring S3 storage region- Env :
CDK_MONITORING_STORAGE_S3_REGION - Mandatory : false
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :
monitoring.storage.s3.bucket: External monitoring S3 storage bucket name- Env :
CDK_MONITORING_STORAGE_S3_BUCKET - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :
monitoring.storage.s3.insecure: External monitoring S3 storage SSL/TLS check flag- Env :
CDK_MONITORING_STORAGE_S3_INSECURE - Mandatory : false
- Type : bool
- Default :
false - Since :
1.5.0
- Env :
monitoring.storage.s3.accessKeyId: External monitoring S3 storage access key- Env :
CDK_MONITORING_STORAGE_S3_ACCESSKEYID - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :
monitoring.storage.s3.secretAccessKey: External monitoring S3 storage access key secret- Env :
CDK_MONITORING_STORAGE_S3_SECRETACCESSKEY - Mandatory : true
- Type : string
- Default : ∅
- Since :
1.5.0
- Env :