Configuration

Environment variables

Flex is configured with these environment variables.

One instance of Flex can manage multiple Flink clusters and associated resources.

Web server

The Flex UI and Prometheus endpoints are served by Jetty.

The server can be configured to serve the UI via HTTPS or on a different port, or to redirect correctly when fronted with an HTTPS-terminating proxy.

LOG_FORMAT

Type: String, Default: plain

Set to 'json' to have Flex write application logs in JSON format.

PORT

Type: Long, Default: 3000

The server port of the Flex UI.

HTTP_FORWARDED

Type: Boolean, Default: false

See Jetty HTTP_FORWARDED module for more information.

Configure when running Flex with Jetty authentication and behind a reverse-proxy that is performing HTTP termination. When true the Jetty authentication process will respect the HTTPS scheme when redirecting post-authentication.

ENABLE_HTTPS

Type: Boolean, Default: false

See %{ link id="https-connections" product="flex-ee" /%} for more information.

Serve the Flex UI via HTTPS (requires further configuration, below)

HTTPS_SNI_HOST_CHECK

Type: Boolean, Default: false

When SSL is configured, confirm that the certificate sent to the client matches the Host header.

HTTPS_KEYSTORE_LOCATION

Type: String (e.g. /ssl/https.keystore.jks)

Path to the SSL Keystore.

HTTPS_KEYSTORE_TYPE

Type: String, Default: JKS

Type of the SSL Keystore.

HTTPS_KEYSTORE_PASSWORD

Type: String

Password of the SSL Keystore.

HTTPS_TRUSTSTORE_LOCATION

Type: String (e.g. /ssl/https.truststore.jks)

Path to the SSL Truststore.

HTTPS_TRUSTSTORE_TYPE

Type: String, Default: JKS

Type of the SSL Truststore.

HTTPS_TRUSTSTORE_PASSWORD

Type: String

Password of the SSL Truststore

Authentication

Flex supports Jetty (File, LDAP, DB, JAAS), SAML, OpenID and OAuth for authentication.

See User authentication for more details.

AUTH_PROVIDER_TYPE

Type: Enum, Values: okta, github, saml, jetty, auth0

Your choice of Authentication provider, specify Jetty for LDAP, DB, File, or JAAS.

OKTA_ORGANISATION

Type: String

When using Okta authentication - the name of your Okta organisation.

AUTH_LANDING_URI

Type: String (e.g. https://staging.flex.z-corp.com)

The absolute URL to redirect to after successful login.

OPENID_AUTH_URI

Type: String

The OpenID Auth URI, e.g.

OPENID_API_URI

Type: String

The OpenID API URI, e.g.

OPENID_TOKEN_URI

Type: String

The OpenID Token URI, e.g.

OPENID_CLIENT_ID

Type: String

The OpenID Client ID found in your configured OpenID App.

OPENID_CLIENT_SECRET

Type: String

The OpenID Client Secret found in your configured OpenID App.

SAML_RELYING_PARTY_IDENTIFIER

Type: String

Your Flex Application ID

SAML_ACS_URL

Type: String

The Assertion Consumer Service URL

SAML_METADATA_FILE

Type: String (e.g. /path/to/metadata.xml)

The Metadata File from your SAML provider.

SAML_CERT

Type: String (e.g. /path/to/saml.cert)

Optional SAML Certificate

SAML_SESSION_S

Type: Long, Default: 3600

The duration in seconds before re-authenticating SAML credentials.

DEBUG_AUTH

Type: Boolean, Default: False

Enable auth debug logging

JETTY_AUTH_METHOD

Type: Enum, Values: form, basic, Default: form

When using Jetty authentication, specifies to use form or basic-auth login UX

Authorization

RBAC_CONFIGURATION_FILE

Type: String (e.g. /path/to/rbac.yaml)

See {% link id="role-based-access-control product="flex-ee" /%} for more information

The path to your RBAC configuration file (optional, requires Authentication enabled)

Global Access Controls

See Simple Access Control for more information

Apply global access controls like ALLOW_TOPIC_CREATE, etc.

General

HTTP_PROXY and HTTPS_PROXY

Configures Flex to access all resources (AWS, Flink etc) through a proxy server.

Type: String

$ export HTTP_PROXY=http://10.15.20.25:1234
$ export HTTP_PROXY=http://proxy.example.com:1234
$ export HTTPS_PROXY=http://10.15.20.25:5678
$ export HTTPS_PROXY=http://proxy.example.com:5678

PROMETHEUS_EGRESS

Type: Boolean, Default: false

See Prometheus integration for more information.

Enable Prometheus endpoints for metrics and offsets egress.

PROMETHEUS_LABEL_ENV

Type: Boolean, Default: True

Include your ENVIRONMENT_NAME as 'env' label on Prometheus metrics.

PROMETHEUS_PASSWORD

Type: String

Optional. Sets the basic auth password for the Prometheus endpoints.

PROMETHEUS_USERNAME

Type: String

Optional. Sets the basic auth username for the Prometheus endpoints.

SNAPSHOT_PARALLELISM

Type: Long, Default: 3

The level of parallelism configured for Flex telemetry capture and snapshotting.

SNAPSHOT_DEBUG

Type: Boolean, Default: False

Add additional logging messages to help debug snapshotting.

MUTATION_SCHEDULER_EXPIRES_MS

Type: Long, Default: 900000

The duration (in ms) until a scheduled mutation is expired. Default is 15 minutes.

SAMPLER_TIMEOUT_MS

Type: Long, Default: 7000

The maximum period of a single data inspect query.

SLACK_WEBHOOK_URL

Type: String (e.g https://slack/webhook-url)

Send Audit log messages to Slack.

SLACK_WEBHOOK_URL_VERBOSITY

Type: Enum, Values: Mutations, Queries, All, Default: Mutations

Select the type of Audit log messages that are sent to Slack.

TEMPORARY_POLICY_MAX_MS

Type: Long, Default: 3600000

Configures the maximum allowed duration a temporary policy can be applied for.