Configure Platform Manager
This page outlines the configuration values for the Platform Manager deployed via Axual Governance Helm chart.
About Platform Manager
Platform Manager is the core component of the Axual Platform that allows to manage any Self-Service resource.
Platform Manager is based on Spring Boot 3.x
Platform Manager Configuration
Platform Manager requires configuration for interacting with all components defying the Axual Platform.
For a complete list of configurations, please refer to Platform Manager Configuration.
Platform Manager Repository Configuration
Initially, you can override the registry, tag, and pullPolicy for the Platform UI pod.
By default, these values come from the Axual Governance charts.
You can also override the imagePullSecrets; if not specify the Platform Manager pod will use the global.imagePullSecrets
platform-manager:
image:
registry: "docker.axual.io"
pullPolicy: "Always"
tag: "8.6.0"
imagePullSecrets:
- name: axualdockercredTLS Configuration
If needed, you can specify secrets containing the PEM certificates for keystore generation:
-
Server keypair
-
Client keypair
-
Truststore
Here is an example of how you can configure it.
platform-manager:
tls:
# -- Enables keystore generation
enabled: true
# -- Creates server keypair from PEM
createServerKeypairSecret: true
# -- PEM used to generate the server keypair if `createServerKeypairSecret` is true
serverCertificatePem: <server-certificate>
# -- PEM used to generate the server keypair if `createServerKeypairSecret` is true
serverKeyPem: <server-key>
# -- Creates client keypair from PEM
createClientKeypairSecret: true
# -- PEM used to generate the client keypair if `createClientKeypairSecret` is true
clientCertificatePem: <client-certificate>
# -- PEM used to generate the client keypair if `createClientKeypairSecret` is true
clientKeyPem: <client-key>
# -- Creates truststore from PEMs
createTruststoreCaSecret: true
# -- Set of PEMs used to generate the truststore if `createTruststoreCaSecret` is true
caCerts:
ca_one.crt: <first-cert>
ca_two.crt: <second-cert>For more information on the secrets defined above, refer to TLS secrets.
Application Configuration
Platform Manager is a Spring Boot application. Spring Boot applications can be configured with application.yml files.
What is present under config in the yml file, gets injected in a ConfigMap and mounted as an application.yml file.
platform-manager:
config: {}Spring Datasource Configuration
Platform Manager requires a database to persist the Self-Service resources.
Since it’s a Spring Boot application, we use the spring.datasource property to configure the database connection.
platform-manager:
config:
spring:
# Spring Datasource
datasource:
# -- Datasource Name
name: "platform-manager"
# -- Datasource Url with Database
url: "jdbc:mysql://platform-manager-mysql:3306/selfservice-db"
# -- Datasource Username
username: "platform-manager-username"
# -- Datasource Password
password: "platform-manager-password"
# -- Datasource Driver Class Name
driver-class-name: "com.mysql.cj.jdbc.Driver"
# Spring JPA
jpa:
# -- Database Platform
database-platform: "org.hibernate.dialect.MySQLDialect"
# Flyway Configuration
flyway:
# -- Flyway Script Location (`mariadb` or `mysql`)
# locations: "classpath:db/migration/mariadb"
locations: "classpath:db/migration/mysql"Axual and Governance Configuration
Platform Manager interacts with multiple Axual services and requires configuration for each service.
You can configure most of them using the axual and governance entries, for example, here we are configuring the Platform Manager
to use the new architecture to interact with Kafka clusters.
We disable the interaction with the Instance API and
configure the Platform Manager to retrieve governance secrets from the HashiCorp Vault.
platform-manager:
config:
# Axual Platform Manager
axual:
# Instance Manager Configuration
instance-api:
available: false
# Governance Vault Configuration
governance:
vault:
enabled: true
# -- Define the URI of the Vault
uri: "http://platform-manager-vault:8200"
# -- Define the path of the KV Secret in the Vault
path: "governance"
# -- RoleID of the platform-manager policy to access the KV Secret
roleId: "role-id-for-platform-manager-policy"
# -- SecretID of the platform-manager policy to access the KV Secret
secretId: "secret-id-for-platform-manager-policy"
# -- (Optional) The Namespace of the Vault
# namespace: "[your-governance-vault-namespace]"Connect Configuration
In case you want to configure the Platform Manager to interact with an Axual Connect,
you can use the axual.connect entry.
For each {tenant}-{instance} it’s possible to define the instance-connect-credentials.
platform-manager:
config:
# Axual Platform Manager
axual:
# Connect Configuration
connect:
# -- Enable Connect Support
available: true
# -- Connect Instance Credentials for each Tenant-Instance
instanceConnectCredentials:
tenant-instance1:
authorizer: basic
username: "[your-connect-username]"
password: "[your-connect-password]"
tenant-instance2:
authorizer: basic
username: "[your-connect-username-2]"
password: "[your-connect-password-2]"| The Axual Connect URL will be retrieved by the Instance definition in the Self-Service. |
Connect Vault Configuration
Each Axual Connect requires an HashiCorp Vault to store the connectors secrets.
Each Axual Connect can use a different HashiCorp Vault, so the Platform Manager should be able to
switch between different HashiCorp Vault to store the connectors secrets.
platform-manager:
config:
# Connectors Vault Configuration
connectorVault:
# -- Enable Connect Support
enabled: true
# -- Vault Instance for each Tenant-Instance
instances:
tenant-instance1:
# -- The URI of the Vault for the Tenant-Instance
uri: "http://vault-instance:8200"
# -- (Optional) The Namespace of the Vault for the Tenant-Instance
namespace: "[your-connect-namespace]"
# -- The path of the `connectors` KV secrets defined for the Tenant-Instance
connectorsPath: "connectors"
# -- The RoleID of the Vault policy to access the `connectors` KV secrets for this Tenant-Instance
roleId: "[your-connect-role-id]"
# -- The SecretID of the Vault policy to access the `connectors` KV secrets for this Tenant-Instance
secretId: "[your-connect-secret-id]"
# -- The Name identifying the `private.key` of the Connector for the Tenant-Instance
privateKeyName: "private.key"
# -- The Name identifying the `certificate.chain` of the Connector for the Tenant-Instance
certChainKeyName: "certificate.chain"
tenant-instance2:
uri: "http://vault-instance2:8200"
connectorsPath: "connectors"
roleId: "[your-connect-role-id]"
secretId: "[your-connect-secret-id]"
privateKeyName: "private.key"
certChainKeyName: "certificate.chain"Notifications Service Configuration
You can enable Notifications service using SMTP server for the Platform Manager, to notify application and stream owners by receiving emails whenever something important happens with their applications or streams.
Below you can find the configurations that are defined to enable/disable the Notifications service for the Platform Manager application.
Currently, we only support the SMTP server, and it needs to be enabled when the notifications is enabled.
platform-manager:
config:
axual:
# Notifications Configuration
notifications:
enabled: true
baseUrl: [UI advertised URL of the the running self-service application]
sender: [email address of the notification sender]
smtp:
enabled: trueThen you need to provide Spring configurations of the SMTP server:
platform-manager:
config:
spring:
mail:
host: [domain names or IP addresses of SMTP servers, e.g : smtp.gmail.com]
port: [port number of the SMTP server]
username: [username corresponds to the sender email account]
password: [password corresponds to the sender email account]
properties:
mail:
smtp:
auth: true
starttls:
enable: trueOther Configuration
Check Platform Manager Configuration to view all others possible configurations.