Configuration

  • TOC

Service configuration structure

The recommended configuration format is YAML. The below sections describe the officially supported configuration options that influence various aspects of the service functionality. The service may support options other than the ones listed below, but those are not a part of the public API and may be changed or deleted at any time.

General

AA uses a standard server.port property to configure the port to expose the REST API at.

server:
  port: <integer>   # Server port used to expose the REST API at

NATS

The below parameters configure AA’s connection to NATS.

NOTE For security reasons NATS username and password are sourced from the environment variables.

nats:
  urls: <comma separated list of URL>   # NATS connection URLs. 'nats://nats:4222' by default.

Management / Logging

To control the AA management interface, use the following configuration options.

service:
  debug: <boolean>        # Enables debug level logging, false by default (disabled).
  monitoring:
    disabled: <boolean>   # Disables the monitoring interface entirely. False by default (enabled).

Data persistence interface

AA uses [PostgreSQL][postgresql] for persisting actions and their webhooks.

kaa:
  postgresql:
    host: <string>        # PostgreSQL host. PostgreSQL host. "aa-postgresql" by default. Also can be set with the KAA_POSTGRESQL_HOST environment variable.
    port: <string>        # PostgreSQL port. 5432 by default. Also can be set with the KAA_POSTGRESQL_PORT environment variable.
    username: <string>    # PostgreSQL user. "aa" by default. Also can be set with the KAA_POSTGRESQL_USERNAME environment variable.
    password: <string>    # PostgreSQL password. "aa" by default. Also can be set with the KAA_POSTGRESQL_PASSWORD environment variable.
    database: <string>    # PostgreSQL database. "aa" by default. Also can be set with the KAA_POSTGRESQL_DATABASE environment variable.
    sslMode: <string>     # PostgreSQL SSL mode ("disable", "require", "verify-ca", "verify-full"). "disable" by default. Also can be set with the KAA_POSTGRESQL_SSL_MODE environment variable.
    max-open-connections: <int>   # Maximum number of open connections to PostgreSQL. 100 by default. Also can be set with the KAA_POSTGRESQL_MAX_OPEN_CONNECTIONS environment variable.

Authentication, authorization, and multi-tenancy

AA supports two integrations for security:

  • [OAuth2][oauth2] protocol with a UMA profile. Enabled when kaa.security.enabled is true and kaa.security.iamcore.enabled is false.
  • [iamcore][iamcore]. Enabled when both kaa.security.enabled and kaa.security.iamcore.enabled are true.

OAuth2 with UMA profile

Authentication and authorization is handled within the scope of a given Kaa tenant. Each tenant has a separate OAuth 2.0 issuer, managed by [the Kaa Tenant Manager][TM]. When multi-tenancy is disabled, all authentication and authorization is conducted in the default system tenant (“kaa”).

AA OAuth2 with UMA profile security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).

kaa:
  security:
    enabled: <boolean>      # Enables authentication and authorization. False by default.
    issuer:
      public-url: <string>  # OAuth 2.0 issuer public URL for the system tenant ("kaa").
      private-url: <string> # OAuth 2.0 issuer private URL for the system tenant ("kaa").
    client-id: <string>     # Client ID for making requests in the system tenant scope.
    client-secret: <string> # Client secret for making requests in the system tenant scope.
    multitenancy:
      enabled: <boolean>    # Enables multitenancy via integration with the Kaa Tenant Manager. Only effective when kaa.security.enabled is set to true. False by default.
      tenant-manager:
        url: <string>       # URL of the Kaa Tenant Manager that provides security configurations for tenants. "http://tenant-manager" by default.

iamcore

Authentication and authorization is handled by [iamcore][iamcore].

AA iamcore security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).

kaa:
  security:
    enabled: <boolean>      # Enables authentication and authorization. False by default.
    iamcore:
      enabled: <boolean>    # Enables iamcore integration. False by default.
      api-key: <string>     # iamcore API KEY
      url: <string>         # iamcore server URL. "https://cloud.iamcore.io" by default.
      application: <string> # iamcore application. "kaa" by default

Tekton

AA supports integration with Kaa Tekton for centralized application configuration management. The below configuration options set up the integration interface.

kaa:
  tekton:
    enabled: <boolean>  # Enables Tekton integration. False by default.
    url: <string>       # URL of the Tekton service. "http://tekton" by default.

Default configuration

Summarizing the above, the default AA configuration is as follows. Note that no Kaa service instances are defined by default—you have to configure those for any specific Kaa-based solution.

server:
  port: 80

nats:
  urls: nats://nats:4222

service:
  debug: true
  monitoring:
    disabled: false

kaa:
  postgresql:
    host: aa-postgresql
    port: 5432
    username: aa
    password: aa
    database: aa
    sslMode: disable
    max-open-connections: 100

  security:
    enabled: false

  tekton:
    enabled: false
    url: https://tekton