Here is new documentation version.
You are reading outdated documentation, which will be shutdown soon!

Configuration

The OTAO loads configuration data from a file (typically backed by a Kubernetes config map). If the service is unable to retrieve the configuration data, it will not start. Refer to the configuration for details.

Service configuration structure

The recommended configuration format is YAML. The below sections describe the officially supported configuration options that influence various aspects of the service functionality. The service may support options other than the ones listed below, but those are not a part of the public API and may be changed or deleted at any time.

General service configuration

OTAO uses a standard Spring Boot server.port property to configure the port to expose the REST API at.

server:
  port: <unsigned short integer>   # Server port used to expose the REST API at

Configuration data transport interface

Use the following options to configure the configuration data transport interface.

kaa:
  otao:
    software-consumer:
      service-instance:
        name: <service instance name>  # Name of the software data consumer service instance OTAO will subscribe to.

Data persistence interface

OTAO uses Spring Boot datasource configuration. Refer to the corresponding documentation for the list of supported configuration options.

NOTE For security reasons, username and password must be sourced from the environment variables.

NOTE OTAO has been tested with MariaDB data source only.

NATS

The below parameters configure OTAO’s connection to NATS. Note that for security reasons NATS username and password are sourced from the environment variables.

nats:
  urls: <comma separated list of URL>   # NATS connection URLs

Authentication and authorization

OTAO’s REST API security is implemented according to OAuth2 protocol with a UMA profile.

OTAO REST API protection is controlled with the following configuration options:

security:
  ignored: <value>         # Controls authentication and authorization on REST API endpoints. 
                           # Possible values: '/**' to disable security or 'none' to enable.
  oauth2:
    client:
      clientId: <clientId>   # Client ID on whose behalf the requests will be made.
      clientSecret: <secret> # Client secret on whose behalf the requests will be made.
      accessTokenUri: <URI>  # An OAuth2-compliant Token Endpoint for obtaining tokens via the 'Implicit Flow', 
                           # 'Direct Grants', or 'Client Grants'. 
                           # E.g. "https://your-url-to-auth-server/auth/realms/realm-a/protocol/openid-connect/token"
      resourceUri: <URI>     # An UMA-compliant Resource Registration Endpoint which resource servers can use
                           # to manage their protected resources and scopes. 
                           # E.g. "https://your-url-to-auth-server/auth/realms/realm-a/authz/protection/resource_set"
    resource:
      userInfoUri: <URI>  # URL endpoint for the User Info service described in the OIDC specification.
                          # E.g. "https://your-url-to-auth-server/auth/realms/realm-a/protocol/openid-connect/userinfo"

Management

OTAO monitoring and management implementation is based on the Spring Boot Actuator. Refer to the corresponding documentation for the list of supported configuration options.

Logging

By default, OTAO uses Spring Boot logging configuration with logback for logging. Refer to the corresponding documentation for the list of supported configuration options.

Built-in configuration profiles

For your convenience, OTAO comes with a default built-in configuration profile.

Built-in profile is optimized for a Kubernetes-based production deployment. It does not define any Kaa applications—you have to configure those for any specific Kaa-based solution.

Default

server:
  port: 80

nats:
  urls: nats://nats:4222

management:
  port: 8080
  security:
    enabled: false

endpoints:
  enabled: false
  health:
    enabled: true
    mapping.UNKNOWN: SERVICE_UNAVAILABLE
  info.enabled: true
  metrics.enabled: true

spring:
  datasource:
    type: com.zaxxer.hikari.HikariDataSource
    driver-class-name: org.mariadb.jdbc.Driver
    username: ${mariadb.username}
    password: ${mariadb.password}
    url: jdbc:mariadb://mariadb:3306/kaa
    hikari:
      idle-timeout: 10000
      minimum-idle: 5
      maximum-pool-size: 40
      data-source-properties:
        cachePrepStmts: true
        prepStmtCacheSize: 250
        prepStmtCacheSqlLimit: 2048
        useServerPrepStmts: true
  jpa:
    generate-ddl: true
    show-sql: false
    properties:
      hibernate:
        jdbc.time_zone: UTC

kaa:
  otao:
    software-consumer:
      service-instance:
        name: cmx