Service configuration structure
The recommended configuration format is YAML. The below sections describe the officially supported configuration options that influence various aspects of the service functionality. The service may support options other than the ones listed below, but those are not a part of the public API and may be changed or deleted at any time.
AA uses a standard
server.port property to configure the port to expose the REST API at.
server: port: <integer> # Server port used to expose the REST API at
The below parameters configure AA’s connection to NATS.
NOTE For security reasons NATS username and password are sourced from the environment variables.
nats: urls: <comma separated list of URL> # NATS connection URLs. 'nats://nats:4222' by default.
Management / Logging
To control the AA management interface, use the following configuration options.
service: debug: <boolean> # Enables debug level logging, false by default (disabled). monitoring: disabled: <boolean> # Disables the monitoring interface entirely. False by default (enabled).
Data persistence interface
AA uses [PostgreSQL][postgresql] for persisting actions and their webhooks.
kaa: postgresql: host: <string> # PostgreSQL host. PostgreSQL host. "aa-postgresql" by default. Also can be set with the KAA_POSTGRESQL_HOST environment variable. port: <string> # PostgreSQL port. 5432 by default. Also can be set with the KAA_POSTGRESQL_PORT environment variable. username: <string> # PostgreSQL user. "aa" by default. Also can be set with the KAA_POSTGRESQL_USERNAME environment variable. password: <string> # PostgreSQL password. "aa" by default. Also can be set with the KAA_POSTGRESQL_PASSWORD environment variable. database: <string> # PostgreSQL database. "aa" by default. Also can be set with the KAA_POSTGRESQL_DATABASE environment variable. sslMode: <string> # PostgreSQL SSL mode ("disable", "require", "verify-ca", "verify-full"). "disable" by default. Also can be set with the KAA_POSTGRESQL_SSL_MODE environment variable. max-open-connections: <int> # Maximum number of open connections to PostgreSQL. 100 by default. Also can be set with the KAA_POSTGRESQL_MAX_OPEN_CONNECTIONS environment variable.
Authentication, authorization, and multi-tenancy
AA supports two integrations for security:
- [OAuth2][oauth2] protocol with a UMA profile. Enabled when
- [iamcore][iamcore]. Enabled when both
OAuth2 with UMA profile
Authentication and authorization is handled within the scope of a given Kaa tenant. Each tenant has a separate OAuth 2.0 issuer, managed by [the Kaa Tenant Manager][TM]. When multi-tenancy is disabled, all authentication and authorization is conducted in the default system tenant (“kaa”).
AA OAuth2 with UMA profile security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).
kaa: security: enabled: <boolean> # Enables authentication and authorization. False by default. issuer: public-url: <string> # OAuth 2.0 issuer public URL for the system tenant ("kaa"). private-url: <string> # OAuth 2.0 issuer private URL for the system tenant ("kaa"). client-id: <string> # Client ID for making requests in the system tenant scope. client-secret: <string> # Client secret for making requests in the system tenant scope. multitenancy: enabled: <boolean> # Enables multitenancy via integration with the Kaa Tenant Manager. Only effective when kaa.security.enabled is set to true. False by default. tenant-manager: url: <string> # URL of the Kaa Tenant Manager that provides security configurations for tenants. "http://tenant-manager" by default.
Authentication and authorization is handled by [iamcore][iamcore].
AA iamcore security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).
kaa: security: enabled: <boolean> # Enables authentication and authorization. False by default. iamcore: enabled: <boolean> # Enables iamcore integration. False by default. api-key: <string> # iamcore API KEY url: <string> # iamcore server URL. "https://cloud.iamcore.io" by default. application: <string> # iamcore application. "kaa" by default
AA supports integration with Kaa Tekton for centralized application configuration management. The below configuration options set up the integration interface.
kaa: tekton: enabled: <boolean> # Enables Tekton integration. False by default. url: <string> # URL of the Tekton service. "http://tekton" by default.
Summarizing the above, the default AA configuration is as follows. Note that no Kaa service instances are defined by default—you have to configure those for any specific Kaa-based solution.
server: port: 80 nats: urls: nats://nats:4222 service: debug: true monitoring: disabled: false kaa: postgresql: host: aa-postgresql port: 5432 username: aa password: aa database: aa sslMode: disable max-open-connections: 100 security: enabled: false tekton: enabled: false url: https://tekton