Configuration

The KDCA loads configuration data from a file (typically backed by a Kubernetes config map). If the service is unable to retrieve the configuration data, it will not start. Refer to the configuration for details.

Service configuration structure

The recommended configuration format is YAML. The below sections describe the officially supported configuration options that influence various aspects of the service functionality. The service may support options other than the ones listed below, but those are not a part of the public API and may be changed or deleted at any time.

Data samples transmitter

Use the following options to configure the data samples transmission interface

kaa:
  kdca:
    data-transmitters:
      dstp-transmitters:
        service-instance:
          # Name of the data samples transmission service instance kdca will subscribe to.
          name: <service instance name>

For further details explore Spring Boot Kafka configuration properties.

Kaa applications

Many Kaa services can be configured for different behavior depending on the application version of the endpoint the processed data relates to. This is called appversion-specific behavior and is handled in service configurations under kaa.applications. Alternatively, the application-specific configuration can be sourced from Kaa Tekton. See the Tekton configuration section to find out how to configure such integration.

Despite KDCA currently does not support any appversion-specific configurations, it uses the application and appversion names to validate the API calls and protocols data.

kaa:
  applications:
    <application 1 name>:               # Kaa application name
      versions:
        <application 1 version 1 name>: # Kaa application version name

Tekton

KDCA supports integration with Kaa Tekton for centralized application configuration management. The below configuration options set up the integration interface.

kaa:
  tekton:
    enabled: <boolean>    # Enables Tekton integration. False by default. Also can be set with the KAA_TEKTON_ENABLED environment variable.
    url: <string>         # URL of the Tekton service. "http://tekton" by default. Also can be set with the KAA_TEKTON_URL environment variable.
  scmp.consumer:
    provider.service-instance.name: <string>  # Service instance name of the Tekton service. "tekton" by default. Also can be set with the KAA_SCMP_CONSUMER_PROVIDER_SERVICE_INSTANCE_NAME environment variable. 

Kafka

Use the following options to specify destination Kafka topic which KDCA will use for publishing data samples to.

spring:
  kafka:
    producer:
      bootstrap-servers: <bootstrap servers list>   # A comma-separated list of Kafka brokers.
      retries: <num of retries>                     # When greater than zero, enables retrying of failed sends. 
    template:
      default-topic: <topic>                        # Kafka topic to produce data samples to.
    admin:
      fail-fast: <boolean>                          # Whether to fail fast if the broker is not available on startup.

NATS

The below parameters configure KDCA’s connection to NATS.

NOTE For security, reasons NATS username and password are sourced from the environment variables.

nats:
  urls: <comma separated list of URL>   # NATS connection URLs

Management

KDCA monitoring and management implementation is based on the Spring Boot Actuator. Refer to the corresponding documentation for the list of supported configuration options.

Authentication, authorization, and multi-tenancy

KDCA’s REST API security is implemented according to OAuth2 protocol with a UMA profile.

Authentication and authorization is handled within the scope of a given Kaa tenant. Each tenant has a separate OAuth 2.0 issuer, managed by [the Kaa Tenant Manager][Tenant Manager]. When multi-tenancy is disabled, all authentication and authorization is conducted in the default system tenant (“kaa”).

KDCA security is controlled with the following configuration options (for security reasons it is advised to set these via environment variables).

kaa:
  security:
    enabled: <boolean>       # Enables authentication and authorization. False by default.
    issuer: <string>         # OAuth 2.0 issuer URL for the system tenant ("kaa").
    client-id: <string>      # Client ID for making requests in the system tenant scope.
    client-secret: <string>  # Client secret for making requests in the system tenant scope.

    multitenancy:
      enabled: <boolean>    # Enables multitenancy via integration with the Kaa Tenant Manager. Only effective when kaa.security.enabled is set to true. False by default.
      tenant-manager:
        url: <string>       # URL of the Kaa Tenant Manager that provides security configurations for tenants. "http://tenant-manager" by default.

Logging

By default, KDCA uses Spring Boot logging configuration with logback for logging. Refer to the corresponding documentation for the list of supported configuration options.

Built-in configuration profiles

For your convenience, KDCA comes with a default built-in configuration profile.

Built-in profile is optimized for a Kubernetes-based production deployment. It does not define any Kaa applications—you have to configure those for any specific Kaa-based solution.

Default

nats:
  urls: nats://nats:4222

management:
  server:
    port: 8080
  endpoint:
    shutdown:
      enabled: true
  endpoints:
    web:
      base-path: /

spring:
  jackson:
    default-property-inclusion: NON_NULL
    time-zone: GMT
    serialization:
      WRITE_DATES_AS_TIMESTAMPS: false
    deserialization:
      FAIL_ON_UNKNOWN_PROPERTIES: false

  kafka:
    producer:
      bootstrap-servers: kafka:9092
      value-serializer: org.springframework.kafka.support.serializer.JsonSerializer
      key-serializer: org.springframework.kafka.support.serializer.JsonSerializer
    admin:
      fail-fast: true

kaa:
  kdca:
    data-transmitters:
      dstp-transmitters:
        service-instance:
          name: dcx