Skip to main content
Quick navigation

Configuration Properties and Environment Variables

Docker image environment variables

ENVSince VersionUntil VersionDefault Value
CDK_DEBUG1.0.0latestfalseFlag to enable platform debug logs. See log configuration for mor details.
RUN_MODE1.0.2latestnanoMemory presets for the platform see advanced settings
CDK_VOLUME_DIR1.0.2latest/var/conduktorVolume directory where Conduktor platform store data **
CDK_IN_CONF_FILE1.0.2latest/opt/conduktor/default-platform-config.yaml)Conduktor platform configuration file location **
CDK_LISTENING_PORT1.2.0latest8080Platform listening port **
CDK_SSL_TRUSTSTORE_PATH1.5.0latestNoneTruststore file path used by platform kafka, SSO, S3, ... clients SSL/TLS verification
CDK_SSL_TRUSTSTORE_PASSWORD1.5.0latestNoneTruststore password (optional)
CDK_SSL_TRUSTSTORE_TYPE1.5.0latestjksTruststore type (optional)
CDK_SSL_DEBUG1.9.0latestfalseEnable SSL/TLS debug logs
CDK_HTTP_PROXY_HOST1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_PORT1.10.0latest80Specify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_NON_PROXY_HOSTS1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_USERNAME1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_HTTP_PROXY_PASSWORD1.10.0latestNoneSpecify proxy settings that Conduktor Platform should use to access the Internet
CDK_GLOBAL_JAVA_OPTS1.10.0latestNoneCustom JAVA_OPTS parameters passed to platform modules.
CDK_ROOT_LOG_LEVEL1.11.0latestINFOSet the platform global log level (DEBUG, INFO, WARN, ERROR). See log configuration for mor details.
CDK_ROOT_LOG_COLOR1.11.0latesttrueEnable or disable ANSI colors in logs. See log configuration for mor details.
CDK_ONBOARDING_MODE1.14.0latestautoSpecify whether to start Conduktor with the onboarding wizard enabled. Accepted values: auto, never, always. Defaults to auto that will start onboarding when no configuration is provided.
TESTING_ENABLED1.15.0latestfalseSpecify whether to start Conduktor with Testing enabled.

Platform properties reference

Starting from Conduktor Platform 1.2.0 input configuration fields can be provided using environment variables.

Below shows the mapping of configuration fields in the platform-config.yaml to environment variables.

Note : Lists start at index 0 and are provided using _idx_ syntax.

Support of *_FILE environment variables

Since release 1.10.0, setting an environment variable matching *_FILE to a file path, the prefixed environment variable will be overridden with the value specified in that file.

For example, setting CDK_LICENSE_FILE to /run/secrets/license will override CDK_LICENSE with the content of the file /run/secrets/license.

Exception: CDK_IN_CONF_FILE is not supported

Global properties

PropertyDescriptionEnvironment VariableMandatoryTypeDefault
organization.nameYour organization's nameCDK_ORGANIZATION_NAMEtruestring"default"
admin.emailYour organization's root administrator account emailCDK_ADMIN_EMAILtruestring
admin.passwordYour organization's root administrator account passwordCDK_ADMIN_PASSWORDtruestring
licenseEnterprise license key. If not provided, fallback to free plan.CDK_LICENSE or LICENSE_KEYfalsestring
platform.external.urlForce Platform external URL. Useful for SSO callback URL when using a reverse proxy. By default, the platform will try to guess it automatically using X-Forwarded-* headers coming from upstream reverse proxy.CDK_PLATFORM_EXTERNAL_URLfalsestring
platform.https.cert.pathPath to the SSL certificate file.CDK_PLATFORM_HTTPS_CERT_PATHfalsestring
platform.https.key.pathPath to the SSL private key file.CDK_PLATFORM_HTTPS_KEY_PATHfalsestring
enable_product_metricsIn order to improve Conduktor Platform, we collect anonymous usage metrics. Set to false, this configuration disable all of our metrics collection.CDK_ENABLE_PRODUCT_METRICSfalsebooleantrue

Tips : If you need more that what free plan offer, you can contact us for a trial license.

Database properties

See database configuration documentation for more info

PropertyDescriptionEnvMandatoryTypeDefault
database.urlExternal Postgresql configuration URLCDK_DATABASE_URLfalsestring
in format [jdbc:]postgresql://[user[:password]@]netloc[:port][/dbname][?param1=value1&...]
database.hostExternal Postgresql server hostnameCDK_DATABASE_HOSTfalsestring
database.portExternal Postgresql server portCDK_DATABASE_PORTfalseint
database.nameExternal Postgresql database nameCDK_DATABASE_NAMEfalsestring
database.usernameExternal Postgresql login roleCDK_DATABASE_USERNAMEfalsestring
database.passwordExternal Postgresql login passwordCDK_DATABASE_PASSWORDfalsestring
database.connection_timeoutExternal Postgresql connection timeout in secondsCDK_DATABASE_CONNECTIONTIMEOUTfalseint

Local users properties

Optional local accounts list used to login on conduktor-platform

PropertyDescriptionEnv VariableMandatoryTypeDefault Value
auth.local-users[].emailUser loginCDK_AUTH_LOCAL-USERS_0_EMAILtruestring"admin@conduktor.io"
auth.local-users[].passwordUser passwordCDK_AUTH_LOCAL-USERS_0_PASSWORDtruestring"admin"

Monitoring properties

PropertyDescriptionEnvMandatoryTypeDefaultSince
monitoring.storage.s3.endpointExternal monitoring S3 storage endpointCDK_MONITORING_STORAGE_S3_ENDPOINTfalsestring1.5.0
monitoring.storage.s3.regionExternal monitoring S3 storage regionCDK_MONITORING_STORAGE_S3_REGIONfalsestring1.5.0
monitoring.storage.s3.bucketExternal monitoring S3 storage bucket nameCDK_MONITORING_STORAGE_S3_BUCKETtruestring1.5.0
monitoring.storage.s3.insecureExternal monitoring S3 storage SSL/TLS check flagCDK_MONITORING_STORAGE_S3_INSECUREfalseboolfalse1.5.0
monitoring.storage.s3.accessKeyIdExternal monitoring S3 storage access keyCDK_MONITORING_STORAGE_S3_ACCESSKEYIDtruestring1.5.0
monitoring.storage.s3.secretAccessKeyExternal monitoring S3 storage access key secretCDK_MONITORING_STORAGE_S3_SECRETACCESSKEYtruestring1.5.0

SSO properties

SSO authentication properties (only on enterprise and team plans). See authentication documentation for snippets

PropertyDescriptionEnvMandatoryTypeDefaultSince
sso.ignoreUntrustedCertificateDisable SSL checks.CDK_SSO_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse1.3.0
sso.trustedCertificatesSSL public certificates for SSO authentication (LDAPS and Oauth2) as PEM format.CDK_SSO_TRUSTEDCERTIFICATESfalsestring1.14.0

LDAP properties

PropertyDescriptionEnvMandatoryTypeDefaultSince
sso.ldap[].nameLdap connection nameCDK_SSO_LDAP_0_NAMEtruestring
sso.ldap[].serverLdap server host and portCDK_SSO_LDAP_0_SERVERtruestring
sso.ldap[].managerDnSets the manager DNCDK_SSO_LDAP_0_MANAGERDNtruestring
sso.ldap[].managerPasswordSets the manager passwordCDK_SSO_LDAP_0_MANAGERPASSWORDtruestring
sso.ldap[].search-subtreeSets if the subtree should be searched.CDK_SSO_LDAP_0_SEARCH-SUBTREEfalsebooleantrue1.5.0
sso.ldap[].search-baseSets the base DN to search.CDK_SSO_LDAP_0_SEARCH-BASEtruestring
sso.ldap[].search-filterSets the search filter. By default, the filter is set to (uid={0}) for users using class type InetOrgPerson.CDK_SSO_LDAP_0_SEARCH-FILTERfalsestring"(uid={0})"1.5.0
sso.ldap[].search-attributesSets the attributes list to return. By default, all attributes are returned. Platform search for uid, cn, mail, email, givenName, sn, displayName attributes to map into user token.CDK_SSO_LDAP_0_SEARCH-ATTRIBUTESfalsestring array[]1.5.0
sso.ldap[].groups-enabledSets if group search is enabled.CDK_SSO_LDAP_0_GROUPS-ENABLEDfalsebooleanfalse1.5.0
sso.ldap[].groups-subtreeSets if the subtree should be searched.CDK_SSO_LDAP_0_GROUPS-SUBTREEfalsebooleantrue1.5.0
sso.ldap[].groups-baseSets the base DN to search from.CDK_SSO_LDAP_0_GROUPS-BASEtruestring
sso.ldap[].groups-filterSets the group search filter. If using group class type GroupOfUniqueNames use the filter "uniqueMember={0}". For group class GroupOfNames use "member={0}". By default, the filter is set to "uniqueMember={0}".CDK_SSO_LDAP_0_GROUPS-FILTERfalsestring"uniquemember={0}"1.5.0
sso.ldap[].groups-filter-attributeSets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.CDK_SSO_LDAP_0_GROUPS-FILTER-ATTRIBUTEfalsestring1.5.0
sso.ldap[].groups-attributeSets the group attribute name. Defaults to cn.CDK_SSO_LDAP_0_GROUPS-ATTRIBUTEfalsestring"cn"1.5.0
sso.ldap[].propertiesAdditional properties that will be passed to identity provider context.CDK_SSO_LDAP_0_PROPERTIESfalsedictionary1.11.0

Oauth2 properties

PropertyDescriptionEnvMandatoryTypeDefault
sso.oauth2[].nameOauth2 connection nameCDK_SSO_OAUTH2_0_NAMEtruestring
sso.oauth2[].defaultUse as defaultCDK_SSO_OAUTH2_0_DEFAULTtrueboolean
sso.oauth2[].client-idOauth2 client idCDK_SSO_OAUTH2_0_CLIENT-IDtruestring
sso.oauth2[].client-secretOauth2 client secretCDK_SSO_OAUTH2_0_CLIENT-SECRETtruestring
sso.oauth2[].openid.issuerIssuer to check on tokenCDK_SSO_OAUTH2_0_OPENID_ISSUERtruestring
sso.oauth2[].scopesScope to be requested in the client credentials request.CDK_SSO_OAUTH2_0_SCOPEStruestring[]
sso.oauth2[].authorization-urlAuthorization endpoint URLCDK_SSO_OAUTH2_0_AUTHORIZATION-URLfalsestring
sso.oauth2[].token.urlGet token endpoint URLCDK_SSO_OAUTH2_0_TOKEN_URLfalsestring
sso.oauth2[].token.auth-methodAuthentication MethodCDK_SSO_OAUTH2_0_TOKEN_AUTH-METHODfalsestring one of: "CLIENT_SECRET_BASIC", "CLIENT_SECRET_JWT", "CLIENT_SECRET_POST", "NONE", "PRIVATE_KEY_JWT", "TLS_CLIENT_AUTH"
sso.oauth2[].groups-claim Configure Group ClaimsCDK_SSO_OAUTH2_0_GROUPS-CLAIMfalsestring

Kafka clusters properties

Configuring Kafka Clusters, Schema Registry and Kafka Connect with YAML is limited.

Looking to configure your Kafka Clusters using GitOps processes?
Contact our Customer Success or give us feedback on this feature.

Please consider the following limitations regarding Kafka Cluster definition:
  • This is not GitOps. If you later need to update a cluster defined this way, you must update it through the UI
  • Some additional properties will interfere with the UI and you won't be able to update them.
    • ssl.truststore.path and ssl.keystore.path are known to cause issues.

You can find sample configurations on the Configuration Snippets page

PropertyDescriptionEnvMandatoryTypeDefault
clusters[].idString used to uniquely identify your Kafka clusterCDK_CLUSTERS_0_IDtruestring
clusters[].nameAlias or user-friendly name for your Kafka clusterCDK_CLUSTERS_0_NAMEtruestring
clusters[].colorAttach a color to associate with your cluster in the UICDK_CLUSTERS_0_COLORfalsestring in hexadecimal format (#FFFFFF)random
clusters[].ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
clusters[].bootstrapServersList of host:port for your Kafka brokers separated by coma ,CDK_CLUSTERS_0_BOOTSTRAPSERVERStruestring
clusters[].zookeeperServerZookeeper server urlCDK_CLUSTERS_0_ZOOKEEPERSERVERfalsestring
clusters[].propertiesAny cluster configuration properties.CDK_CLUSTERS_0_PROPERTIESfalsestring where each line is a property
clusters[].jmxScrapePortJMX-exporter port used to scrape kafka broker metrics for monitoringCDK_CLUSTERS_0_JMXSCRAPEPORTfalseint9101
clusters[].nodeScrapePortNode-exporter port used to scrape kafka host metrics for monitoringCDK_CLUSTERS_0_NODESCRAPEPORTfalseint9100

Schema registry properties

PropertyDescriptionEnvMandatoryTypeDefault
clusters[].schemaRegistry.idString used to uniquely identify your schema registryCDK_CLUSTERS_0_SCHEMAREGISTRY_IDtruestring
clusters[].schemaRegistry.urlThe schema registry URLCDK_CLUSTERS_0_SCHEMAREGISTRY_URLtruestring
clusters[].schemaRegistry.ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_SCHEMAREGISTRY_IGNOREUNTRUSTEDCERTIFICATEfalsebooleanfalse
clusters[].schemaRegistry.propertiesAny schema registry configuration parametersCDK_CLUSTERS_0_SCHEMAREGISTRY_PROPERTIESfalsestring where each line is a property

If you need to authenticate with basic auth, you can use the following properties:

PropertyDescriptionEnvMandatoryTypeDefault
clusters[].schemaRegistry.security.usernameBasic auth usernameCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_USERNAMEfalsestring
clusters[].schemaRegistry.security.passwordBasic auth passwordCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_PASSWORDfalsestring

If you need to authenticate with bearer auth, you can use the following property:

PropertyDescriptionEnvironment VariableMandatoryTypeDefault
clusters[].schemaRegistry.security.tokenBearer auth tokenCDK_CLUSTERS_0_SCHEMAREGISTRY_SECURITY_TOKENfalsestring

Amazon Glue schema registry properties

PropertyDescriptionEnvMandatoryTypeDefaultValuesSince
clusters[].schemaRegistry.regionThe Glue schema registry regionCDK_CLUSTERS_0_SCHEMAREGISTRY_REGIONtruestring-1.x.x
clusters[].schemaRegistry.registryNameThe Glue schema registry nameCDK_CLUSTERS_0_SCHEMAREGISTRY_REGISTRYNAMEfalsestring-1.x.x
clusters[].schemaRegistry.amazonSecurity.typeAuthentication with credentialsCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_TYPEtruestringCredentials, FromContext, FromRole1.x.x

If amazonSecurity.type is Credentials, you must use the following properties:

PropertyDescriptionEnvMandatoryTypeDefaultSince
clusters[].schemaRegistry.amazonSecurity.accessKeyIdCredentials auth access keyCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ACCESSKEYIDtruestring1.x.x
clusters[].schemaRegistry.amazonSecurity.secretKeyCredentials auth secret keyCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_SECRETKEYtruestring1.x.x

If amazonSecurity.type is FromContext, you must use the following properties:

PropertyDescriptionEnvMandatoryTypeDefaultSince
clusters[].schemaRegistry.amazonSecurity.profileAuthentication profileCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_PROFILEfalsestring1.x.x

If amazonSecurity.type is FromRole, you must use the following properties:

PropertyDescriptionEnvMandatoryTypeDefaultSince
clusters[].schemaRegistry.amazonSecurity.roleAuthentication roleCDK_CLUSTERS_0_SCHEMAREGISTRY_AMAZONSECURITY_ROLEtruestring1.x.x

Kafka Connect properties

PropertyDescriptionEnvironment VariableMandatoryTypeDefault
clusters[].kafkaConnects[].idString used to uniquely identify your Kafka ConnectCDK_CLUSTERS_0_KAFKACONNECTS_0_IDtruestring
clusters[].kafkaConnects[].urlThe Kafka connect URLCDK_CLUSTERS_0_KAFKACONNECTS_0_URLtruestring
clusters[].kafkaConnects[].security.usernameBasic auth usernameCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_USERNAMEfalsestring
clusters[].kafkaConnects[].security.passwordBasic auth passwordCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_PASSWORDfalsestring
clusters[].kafkaConnects[].security.tokenBearer tokenCDK_CLUSTERS_0_KAFKACONNECTS_0_SECURITY_TOKENfalsestring
clusters[].kafkaConnects[].ignoreUntrustedCertificateSkip SSL certificate validationCDK_CLUSTERS_0_KAFKACONNECTS_0_IGNOREUNTRUSTEDCERTIFICATEfalsestring