Configuration
Environment variables
Flex is configured with these environment variables.
Flink
One instance of Flex can manage multiple Flink clusters and associated resources.
- See Flink cluster for Flink environment variable reference
Web server
The Flex UI and Prometheus endpoints are served by Jetty.
The server can be configured to serve the UI via HTTPS or on a different port, or to redirect correctly when fronted with an HTTPS-terminating proxy.
LOG_FORMAT
Type: String, Default: plain
Set to 'json' to have Flex write application logs in JSON format.
PORT
Type: Long, Default: 3000
The server port of the Flex UI.
HTTP_FORWARDED
Type: Boolean, Default: false
See Jetty HTTP_FORWARDED module for more information.
Configure when running Flex with Jetty authentication and behind a reverse-proxy that is performing HTTP termination. When true the Jetty authentication process will respect the HTTPS scheme when redirecting post-authentication.
ENABLE_HTTPS
Type: Boolean, Default: false
See %{ link id="https-connections" product="flex-ee" /%} for more information.
Serve the Flex UI via HTTPS (requires further configuration, below)
HTTPS_SNI_HOST_CHECK
Type: Boolean, Default: false
When SSL is configured, confirm that the certificate sent to the client matches the Host header.
HTTPS_KEYSTORE_LOCATION
Type: String (e.g. /ssl/https.keystore.jks)
Path to the SSL Keystore.
HTTPS_KEYSTORE_TYPE
Type: String, Default: JKS
Type of the SSL Keystore.
HTTPS_KEYSTORE_PASSWORD
Type: String
Password of the SSL Keystore.
HTTPS_TRUSTSTORE_LOCATION
Type: String (e.g. /ssl/https.truststore.jks)
Path to the SSL Truststore.
HTTPS_TRUSTSTORE_TYPE
Type: String, Default: JKS
Type of the SSL Truststore.
HTTPS_TRUSTSTORE_PASSWORD
Type: String
Password of the SSL Truststore
Authentication
Flex supports Jetty (File, LDAP, DB, JAAS), SAML, OpenID and OAuth for authentication.
See User authentication for more details.
AUTH_PROVIDER_TYPE
Type: Enum, Values: okta, github, saml, jetty, auth0
Your choice of Authentication provider, specify Jetty for LDAP, DB, File, or JAAS.
OKTA_ORGANISATION
Type: String
When using Okta authentication - the name of your Okta organisation.
AUTH_LANDING_URI
Type: String (e.g. https://staging.flex.z-corp.com)
The absolute URL to redirect to after successful login.
OPENID_AUTH_URI
Type: String
The OpenID Auth URI, e.g.
- GitHub: https://github.com/login/oauth/authorize
- GitHub Enterprise: [Server URL]/login/oauth/authorize
OPENID_API_URI
Type: String
The OpenID API URI, e.g.
- GitHub: https://api.github.com/user
- GitHub Enterprise: [Server URL]/api/v3/user
OPENID_TOKEN_URI
Type: String
The OpenID Token URI, e.g.
- GitHub: https://github.com/login/oauth/access_token
- GitHub Enterprise: [Server URL]/login/oauth/access_token
OPENID_CLIENT_ID
Type: String
The OpenID Client ID found in your configured OpenID App.
OPENID_CLIENT_SECRET
Type: String
The OpenID Client Secret found in your configured OpenID App.
SAML_RELYING_PARTY_IDENTIFIER
Type: String
Your Flex Application ID
SAML_ACS_URL
Type: String
The Assertion Consumer Service URL
SAML_METADATA_FILE
Type: String (e.g. /path/to/metadata.xml)
The Metadata File from your SAML provider.
SAML_CERT
Type: String (e.g. /path/to/saml.cert)
Optional SAML Certificate
SAML_SESSION_S
Type: Long, Default: 3600
The duration in seconds before re-authenticating SAML credentials.
DEBUG_AUTH
Type: Boolean, Default: False
Enable auth debug logging
JETTY_AUTH_METHOD
Type: Enum, Values: form, basic, Default: form
When using Jetty authentication, specifies to use form or basic-auth login UX
Authorization
RBAC_CONFIGURATION_FILE
Type: String (e.g. /path/to/rbac.yaml)
See {% link id="role-based-access-control product="flex-ee" /%} for more information
The path to your RBAC configuration file (optional, requires Authentication enabled)
Global Access Controls
See Simple Access Control for more information
Apply global access controls like ALLOW_TOPIC_CREATE, etc.
General
HTTP_PROXY and HTTPS_PROXY
Configures Flex to access all resources (AWS, Flink etc) through a proxy server.
Type: String
$ export HTTP_PROXY=http://10.15.20.25:1234
$ export HTTP_PROXY=http://proxy.example.com:1234
$ export HTTPS_PROXY=http://10.15.20.25:5678
$ export HTTPS_PROXY=http://proxy.example.com:5678
PROMETHEUS_EGRESS
Type: Boolean, Default: false
See Prometheus integration for more information.
Enable Prometheus endpoints for metrics and offsets egress.
PROMETHEUS_LABEL_ENV
Type: Boolean, Default: True
Include your ENVIRONMENT_NAME as 'env' label on Prometheus metrics.
PROMETHEUS_PASSWORD
Type: String
Optional. Sets the basic auth password for the Prometheus endpoints.
PROMETHEUS_USERNAME
Type: String
Optional. Sets the basic auth username for the Prometheus endpoints.
SNAPSHOT_PARALLELISM
Type: Long, Default: 3
The level of parallelism configured for Flex telemetry capture and snapshotting.
SNAPSHOT_DEBUG
Type: Boolean, Default: False
Add additional logging messages to help debug snapshotting.
MUTATION_SCHEDULER_EXPIRES_MS
Type: Long, Default: 900000
The duration (in ms) until a scheduled mutation is expired. Default is 15 minutes.
SAMPLER_TIMEOUT_MS
Type: Long, Default: 7000
The maximum period of a single data inspect query.
SLACK_WEBHOOK_URL
Type: String (e.g https://slack/webhook-url)
Send Audit log messages to Slack.
SLACK_WEBHOOK_URL_VERBOSITY
Type: Enum, Values: Mutations, Queries, All, Default: Mutations
Select the type of Audit log messages that are sent to Slack.
TEMPORARY_POLICY_MAX_MS
Type: Long, Default: 3600000
Configures the maximum allowed duration a temporary policy can be applied for.