Configuration List
Portal Configuration
Core Configuration
xtk_kadeck_secret
Your secret authentication code provided by Xeotek. This is a mandatory parameter required for Portal authentication.
Type: string
Required: Yes
xtk_kadeck_teamid
Your team identifier provided by Xeotek. This is a mandatory parameter that uniquely identifies your team.
Type: string
Required: Yes
xtk_kadeck_port
The port number through which the Portal Web UI will be accessible.
Type: integer
Required: No
Default: 8133
Example: 8080
xtk_kadeck_home
Additional path to access portal (e.g., https://localhost/portal instead of root https://localhost/).
Type: string
Required: No
Default: ""
Example: "portal"
Authentication Configuration
xtk_kadeck_authentication_method
Specifies the authentication method to use. Available options are:
internal: Default internal authenticationldap: LDAP-based authenticationldap-nested: LDAP-based authentication with nested groups (advanced)openid: OpenID Connect authentication
Type: string
Required: No
Default: "internal"
LDAP Configuration
xtk_kadeck_authentication_ldap_url
The URL of the LDAP server for authentication, starting with ldap:// or ldaps://. Required when using LDAP authentication.
Type: string
Required: No
Default: ""
Example: "ldap://10.20.30.40:389/"
xtk_kadeck_authentication_ldap_user
The distinguished name (DN) of the Portal service user. Used to list users and their groups.
Type: string
Required: No
Default: ""
Example: "dshportal_srvc"
xtk_kadeck_authentication_ldap_password
The password for the Portal service user.
Type: string
Required: No
Default: ""
Example: "dshportal_srvc_password"
xtk_kadeck_authentication_ldap_base
The base DN for LDAP searches, typically the path to the Portal user accounts.
Type: string
Required: No
Default: ""
Example: "dc=example,dc=com"
xtk_kadeck_authentication_ldap_filter
The query filter for querying user accounts found under the base path. Portal retrieves all users that match this filter.
Type: string
Required: No
Default: "(objectClass=person)"
xtk_kadeck_authentication_ldap_debug
Outputs additional information for debugging purposes on log level INFO.
Type: boolean
Required: No
Default: false
xtk_kadeck_authentication_ldap_sync_interval_mins
The time interval in minutes at which Portal updates the users and their group memberships. The first update takes place immediately after Portal starts.
Type: integer
Required: No
Default: 60
xtk_kadeck_authentication_ldap_user_id_attribute
The attribute used for the userid in Portal (must be unique). This is the id that the user must enter when logging in.
Type: string
Required: No
Default: "cn"
Example: "uid"
xtk_kadeck_authentication_ldap_user_fullname_attribute
The attribute used for the username in Portal. This is the displayed name of the user in Portal (when editing views for example). Uses the value of the user_id_attribute by default.
Type: string
Required: No
Default: xtk_kadeck_authentication_ldap_user_id_attribute
Example: "givenName"
xtk_kadeck_authentication_ldap_group_attribute
The attribute used to retrieve the user's groups.
Type: string
Required: No
Default: "memberOf"
xtk_kadeck_authentication_ldap_group_regex
A regular expression used to extract the group name from the DNs/names listed under the group_attribute. Only the first matching group of the regular expression is used to match the Portal groups.
Type: string
Required: No
Default: ""
Example: "(?i)cn=(\w+),ou=Groups.*"
xtk_kadeck_authentication_ldap_group_management
Enables automatic group assignment of groups in Portal via the configured group_attribute. If not enabled, the groups have to be assigned to the users manually in Portal.
Type: boolean
Required: No
Default: false
xtk_kadeck_authentication_ldap_group_search_filter
Filter for an alternative module for LDAP search.
Type: string
Required: No
Default: "(objectClass=groupOfUniqueNames)"
xtk_kadeck_authentication_ldap_group_search_user_filter
User filter for an alternative module for LDAP search.
Type: string
Required: No
Default: "(objectClass=person)"
xtk_kadeck_authentication_ldap_referral
LDAP referral URLs to deal with evolution and failover.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_ldap_scope
Search scope (default is subtree).
Type: string
Required: No
Default: "subtree"
OpenID Configuration
xtk_kadeck_authentication_openid_client_id
The client ID provided by your OpenID provider.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_client_secret
The client secret provided by your OpenID provider.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_redirect_url
The URL where the OpenID provider will redirect after authentication.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_jwks_url
The URL of the JSON Web Key Set (JWKS) for verifying tokens.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_authorization_url
The URL for initiating the OpenID authorization process.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_token_url
The URL for exchanging authorization codes for tokens.
Type: string
Required: No
Default: ""
xtk_kadeck_authentication_openid_groups_claim
The claim name in the ID token that contains user group information.
Type: string
Required: No
Default: "groups"
xtk_kadeck_authentication_openid_scope
The OpenID scopes requested during authentication.
Type: string
Required: No
Default: "openid profile email offline_access"
xtk_kadeck_authentication_openid_debug
Enable or disable debug mode for OpenID authentication.
Type: boolean
Required: No
Default: false
xtk_kadeck_authentication_openid_group_management
Configuration for group management in OpenID.
Type: boolean
Required: No
Default: false
xtk_kadeck_authentication_openid_login_url
The URL from which the Portal login page is reachable.
Type: string
Required: No
Default: "/#/login"
xtk_kadeck_authentication_openid_sync_interval_mins
The interval for synchronizing group information.
Type: integer
Required: No
Default: 60
Database Configuration
xtk_kadeck_db_url
The JDBC URL to your database. Currently supports H2 and Postgres. An H2 in-memory database is the default.
Type: string
Required: No
Default: ""
Example: "jdbc:postgresql://host:port/database"
xtk_kadeck_db_username
The username of the user that has full permissions to run DDL and SQL queries.
Type: string
Required: No
Default: ""
Example: "portal_db_admin"
xtk_kadeck_db_password
The password of the user that has full permissions to run DDL and SQL queries.
Type: string
Required: No
Default: ""
Example: "portal_db_password"
Monitoring Configuration
xtk_kadeck_monitoring_mode
Controls the monitoring behavior. Available options are:
strict: Default mode with guaranteed monitoring intervalsflex: Limits the number of simultaneous monitoring scans per connection to one. When set to flex, the monitoring interval is no longer guaranteed.
Type: string
Required: No
Default: "strict"
Session Configuration
xtk_kadeck_session_timeout
The session timeout in seconds. After this period of inactivity, the user session will expire. A value of -1 means the session never expires.
Type: integer
Required: No
Default: -1
Example: 3600
Audit Configuration
xtk_kadeck_audit_mode
Specifies where audit logs are stored. Available options are:
DB: Store audit logs in the database (default)KAFKA: Additionally ingest audit logs into an Apache Kafka topic
Type: string
Required: No
Default: "DB"
xtk_kadeck_audit_topic
The Kafka topic to be used if audit_mode is set to "KAFKA".
Type: string
Required: No
Default: "_dsh.audit"
Example: "_portal.audit"
xtk_kadeck_audit_connection
The ID of the configured Kafka connection to use for audit logging. Required if audit_mode is set to "KAFKA". The default is the first connection (0).
Type: integer
Required: No
Default: 0
Example: 1
Initialization Configuration
xtk_kadeck_init_with_userid
The user ID of the first user. Defaults to admin. The initial password is not affected by this setting.
Type: string
Required: No
Default: "admin"
Example: "mycustomuserid"
xtk_kadeck_init_roles_file
Path to a YAML file defining all initial roles available in Portal.
Type: string
Required: No
Default: ""
Example: "/opt/roles.yaml"
xtk_kadeck_init_groups_file
Path to a YAML file defining all initial groups available in Portal.
Type: string
Required: No
Default: ""
Example: "/opt/groups.yaml"
xtk_kadeck_init_roles_file_always_init
Roles are only initialized if no previous roles exist. Set to true to always clear existing roles and initialize from file.
Type: boolean
Required: No
Default: false
xtk_kadeck_init_groups_file_always_init
Groups are only initialized if no previous groups exist. Set to true to always clear existing groups and initialize from file.
Type: boolean
Required: No
Default: false
TLS Configuration
xtk_kadeck_trust_proxy_ssl
Set to true if TLS termination is handled by ingress. This is useful when TLS termination happens at the ingress controller level.
Type: boolean
Required: No
Default: false
xtk_kadeck_keystore_path
The absolute path to the keystore file.
Type: string
Required: No
Default: ""
Example: "/path/to/keystore"
xtk_kadeck_keystore_pass
The keystore password.
Type: string
Required: No
Default: ""
Example: "password"
xtk_kadeck_keystore_alias
The keystore alias.
Type: string
Required: No
Default: ""
Example: "alias"
Public API Configuration
xtk_kadeck_api_key
Optional API key for access to the public API of Portal. Additional API keys can be created in Portal.
Type: string
Required: No
Default: ""
Cluster Configuration
xtk_kadeck_cluster_nodes
The host names or IPs and respective ports of the nodes that constitute the cluster. The current node will try to connect indefinitely to that list of nodes until it succeeds or is shutdown. Defaults to the local node only (cluster_hostname:cluster_port).
Type: string
Required: No
Default: ""
Example: "10.20.30.40:2551,10.20.30.41:2551"
xtk_kadeck_cluster_port
The cluster port number.
Type: integer
Required: No
Default: 2551
xtk_kadeck_cluster_hostname
The cluster hostname or IP.
Type: string
Required: No
Default: ""
Example: "10.20.30.40"
Runtime Configuration
xtk_kadeck_opts
VM options for Portal runtime (e.g., heap size, garbage collection tuning). Ensure the container memory limits match or exceed the -Xmx setting to prevent OOM errors.
Recommendation:
Explicitly set memory parameters to ensure stable performance.
Type: string
Required: No
Default: ""
Example: "-Xms8g -Xmx12g"
Logging Configuration
xtk_kadeck_loglevel
The log level for Portal.
Type: string
Required: No
Default: WARN
Example: DEBUG
xtk_kadeck_loglevel_kafka
The log level for Apache Kafka client libraries.
Type: string
Required: No
Default: WARN
Example: DEBUG
xtk_kadeck_loglevel_hazelcast
The log level for Hazelcast clustering components.
Type: string
Required: No
Default: WARN
Example: INFO
xtk_kadeck_loglevel_netty
The log level for Netty networking components.
Type: string
Required: No
Default: WARN
Example: INFO
xtk_kadeck_loglevel_helidon
The log level for Helidon web server framework components.
Type: string
Required: No
Default: WARN
Example: INFO
xtk_kadeck_logsize
The maximum size of a single log file before rollover occurs.
Type: string
Required: No
Default: 50MB
Example: 100MB
xtk_kadeck_logfiles
The maximum number of log files to retain after rotation.
Type: integer
Required: No
Default: 1
Example: 5
Argus Configuration
Core Configuration
dsh_argus_id
Unique identifier for the Argus instance, used in API responses and Portal assignments.
Type: String
Required: Yes
Default: None
Example: argus-1
dsh_argus_port
The port number through which Argus endpoints are accessible.
Type: Integer
Required: No
Default: 8080
Example: 8080
dsh_argus_api_key
API key (secret) for authenticating requests to Argus endpoints.
Type: String
Required: Yes
Default: None
TLS Configuration
dsh_argus_keystore_path
The absolute path to the keystore file.
Type: string
Required: No
Default: ""
Example: "/path/to/keystore"
dsh_argus_keystore_pass
The keystore password.
Type: string
Required: No
Default: ""
Example: "password"
dsh_argus_keystore_alias
The keystore alias.
Type: string
Required: No
Default: ""
Example: "alias"
Prometheus Configuration
dsh_argus_prometheus_enabled
Enables the Prometheus endpoint for metrics scraping.
Type: boolean
Required: No
Default: false
dsh_argus_prometheus_auth_enabled
Requires API key for Prometheus endpoint.
Type: boolean
Required: No
Default: false
dsh_argus_prometheus_auth_api_key
API key (secret) for authenticating requests to Prometheus endpoint.
Type: String
Required: No (yes, if prometheus_auth_enabled)
Default: None
Logging Configuration
dsh_argus_loglevel
The log level for Argus components.
Type: string
Required: No
Default: WARN
Example: DEBUG
Standalone Mode
dsh_argus_standalone_enabled
Activates standalone mode, allowing Argus to collect metrics directly without endpoint configuration.
Type: boolean
Required: No
Default: false
dsh_argus_standalone_clusters
JSON string of Kafka clusters in standalone mode (if not attached to Portal).
Type: JSON
Required: No
Default: None
Example: [{"id":"kafka-1","bootstrapServers":"kafka1:9092","credentials":{"username":"user","password":"pass"}}]