Skip to main content

Configuration List

Kadeck Configuration

Core Configuration

xeotek_kadeck_secret

Your secret authentication code provided by Xeotek. This is a mandatory parameter required for Kadeck authentication.

Type: string
Required: Yes

xeotek_kadeck_teamid

Your team identifier provided by Xeotek. This is a mandatory parameter that uniquely identifies your team.

Type: string
Required: Yes

xeotek_kadeck_port

The port number through which the Kadeck Web UI will be accessible.

Type: integer
Required: No
Default: 8133
Example: 8080

xeotek_kadeck_home

Additional path to access Kadeck (e.g., https://localhost/kadeck instead of root https://localhost/).

Type: string
Required: No
Default: ""
Example: "kadeck"

Authentication Configuration

xeotek_kadeck_authentication_method

Specifies the authentication method to use. Available options are:

  • internal: Default internal authentication
  • ldap: LDAP-based authentication
  • ldap-nested: LDAP-based authentication with nested groups (advanced)
  • openid: OpenID Connect authentication

Type: string
Required: No
Default: "internal"

LDAP Configuration

xeotek_kadeck_authentication_ldap_url

The URL of the LDAP server for authentication, starting with ldap:// or ldaps://. Required when using LDAP authentication.

Type: string
Required: No
Default: ""
Example: "ldap://10.20.30.40:389/"

xeotek_kadeck_authentication_ldap_user

The distinguished name (DN) of the Kadeck service user. Used to list users and their groups.

Type: string
Required: No
Default: ""
Example: "kadeck_srvc"

xeotek_kadeck_authentication_ldap_password

The password for the Kadeck service user.

Type: string
Required: No
Default: ""
Example: "kadeck_srvc_password"

xeotek_kadeck_authentication_ldap_base

The base DN for LDAP searches, typically the path to the Kadeck user accounts.

Type: string
Required: No
Default: ""
Example: "dc=example,dc=com"

xeotek_kadeck_authentication_ldap_filter

The query filter for querying user accounts found under the base path. Kadeck retrieves all users that match this filter.

Type: string
Required: No
Default: "(objectClass=person)"

xeotek_kadeck_authentication_ldap_debug

Outputs additional information for debugging purposes on log level INFO.

Type: boolean
Required: No
Default: false

xeotek_kadeck_authentication_ldap_sync_interval_mins

The time interval in minutes at which Kadeck updates the users and their group memberships. The first update takes place immediately after Kadeck starts.

Type: integer
Required: No
Default: 60

xeotek_kadeck_authentication_ldap_user_id_attribute

The attribute used for the userid in Kadeck (must be unique). This is the id that the user must enter when logging in.

Type: string
Required: No
Default: "cn"
Example: "uid"

xeotek_kadeck_authentication_ldap_user_fullname_attribute

The attribute used for the username in Kadeck. This is the displayed name of the user in Kadeck (when editing views for example). Uses the value of the user_id_attribute by default.

Type: string
Required: No
Default: xeotek_kadeck_authentication_ldap_user_id_attribute
Example: "givenName"

xeotek_kadeck_authentication_ldap_group_attribute

The attribute used to retrieve the user's groups.

Type: string
Required: No
Default: "memberOf"

xeotek_kadeck_authentication_ldap_group_regex

A regular expression used to extract the group name from the DNs/names listed under the group_attribute. Only the first matching group of the regular expression is used to match the Kadeck groups.

Type: string
Required: No
Default: ""
Example: "(?i)cn=(\w+),ou=Groups.*"

xeotek_kadeck_authentication_ldap_group_management

Enables automatic group assignment of groups in Kadeck via the configured group_attribute. If not enabled, the groups have to be assigned to the users manually in Kadeck.

Type: boolean
Required: No
Default: false

xeotek_kadeck_authentication_ldap_group_search_filter

Filter for an alternative module for LDAP search.

Type: string
Required: No
Default: "(objectClass=groupOfUniqueNames)"

xeotek_kadeck_authentication_ldap_group_search_user_filter

User filter for an alternative module for LDAP search.

Type: string
Required: No
Default: "(objectClass=person)"

xeotek_kadeck_authentication_ldap_referral

LDAP referral URLs to deal with evolution and failover.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_ldap_scope

Search scope (default is subtree).

Type: string
Required: No
Default: "subtree"

OpenID Configuration

xeotek_kadeck_authentication_openid_client_id

The client ID provided by your OpenID provider.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_client_secret

The client secret provided by your OpenID provider.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_redirect_url

The URL where the OpenID provider will redirect after authentication.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_jwks_url

The URL of the JSON Web Key Set (JWKS) for verifying tokens.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_authorization_url

The URL for initiating the OpenID authorization process.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_token_url

The URL for exchanging authorization codes for tokens.

Type: string
Required: No
Default: ""

xeotek_kadeck_authentication_openid_groups_claim

The claim name in the ID token that contains user group information.

Type: string
Required: No
Default: "groups"

xeotek_kadeck_authentication_openid_scope

The OpenID scopes requested during authentication.

Type: string
Required: No
Default: "openid profile email offline_access"

xeotek_kadeck_authentication_openid_debug

Enable or disable debug mode for OpenID authentication.

Type: boolean
Required: No
Default: false

xeotek_kadeck_authentication_openid_group_management

Configuration for group management in OpenID.

Type: boolean
Required: No
Default: false

xeotek_kadeck_authentication_openid_login_url

The URL from which the Kadeck login page is reachable.

Type: string
Required: No
Default: "/#/login"

xeotek_kadeck_authentication_openid_sync_interval_mins

The interval for synchronizing group information.

Type: integer
Required: No
Default: 60

Database Configuration

xeotek_kadeck_db_url

The JDBC URL to your database. Currently supports H2 and Postgres. An H2 in-memory database is the default.

Type: string
Required: No
Default: ""
Example: "jdbc:postgresql://host:port/database"

xeotek_kadeck_db_username

The username of the user that has full permissions to run DDL and SQL queries.

Type: string
Required: No
Default: ""
Example: "kadeck_db_admin"

xeotek_kadeck_db_password

The password of the user that has full permissions to run DDL and SQL queries.

Type: string
Required: No
Default: ""
Example: "kadeck_db_password"

Monitoring Configuration

xeotek_kadeck_monitoring_mode

Controls the monitoring behavior. Available options are:

  • strict: Default mode with guaranteed monitoring intervals
  • flex: Limits the number of simultaneous monitoring scans per connection to one. When set to flex, the monitoring interval is no longer guaranteed.

Type: string
Required: No
Default: "strict"

Session Configuration

xeotek_kadeck_session_timeout

The session timeout in seconds. After this period of inactivity, the user session will expire. A value of -1 means the session never expires.

Type: integer
Required: No
Default: -1
Example: 3600

Audit Configuration

xeotek_kadeck_audit_mode

Specifies where audit logs are stored. Available options are:

  • DB: Store audit logs in the database (default)
  • KAFKA: Additionally ingest audit logs into an Apache Kafka topic

Type: string
Required: No
Default: "DB"

xeotek_kadeck_audit_topic

The Kafka topic to be used if audit_mode is set to "KAFKA".

Type: string
Required: No
Default: "_kadeck.audit"
Example: "_kadeck.audit"

xeotek_kadeck_audit_connection

The ID of the configured Kafka connection to use for audit logging. Required if audit_mode is set to "KAFKA". The default is the first connection (0).

Type: integer
Required: No
Default: 0
Example: 1

Initialization Configuration

xeotek_kadeck_init_with_userid

The user ID of the first user. Defaults to admin. The initial password is not affected by this setting.

Type: string
Required: No
Default: "admin"
Example: "mycustomuserid"

xeotek_kadeck_init_roles_file

Path to a YAML file defining all initial roles available in Kadeck.

Type: string
Required: No
Default: ""
Example: "/opt/roles.yaml"

xeotek_kadeck_init_groups_file

Path to a YAML file defining all initial groups available in Kadeck.

Type: string
Required: No
Default: ""
Example: "/opt/groups.yaml"

xeotek_kadeck_init_roles_file_always_init

Roles are only initialized if no previous roles exist. Set to true to always clear existing roles and initialize from file.

Type: boolean
Required: No
Default: false

xeotek_kadeck_init_groups_file_always_init

Groups are only initialized if no previous groups exist. Set to true to always clear existing groups and initialize from file.

Type: boolean
Required: No
Default: false

TLS Configuration

xeotek_kadeck_trust_proxy_ssl

Set to true if TLS termination is handled by ingress. This is useful when TLS termination happens at the ingress controller level.

Type: boolean
Required: No
Default: false

xeotek_kadeck_keystore_path

The absolute path to the keystore file.

Type: string
Required: No
Default: ""
Example: "/path/to/keystore"

xeotek_kadeck_keystore_pass

The keystore password.

Type: string
Required: No
Default: ""
Example: "password"

xeotek_kadeck_keystore_alias

The keystore alias.

Type: string
Required: No
Default: ""
Example: "alias"

Public API Configuration

xeotek_kadeck_api_key

Optional API key for access to the public API of Kadeck. Additional API keys can be created in Kadeck.

Type: string
Required: No
Default: ""

Cluster Configuration

xeotek_kadeck_cluster_nodes

The host names or IPs and respective ports of the nodes that constitute the cluster. The current node will try to connect indefinitely to that list of nodes until it succeeds or is shutdown. Defaults to the local node only (cluster_hostname:cluster_port).

Type: string
Required: No
Default: ""
Example: "10.20.30.40:2551,10.20.30.41:2551"

xeotek_kadeck_cluster_port

The cluster port number.

Type: integer
Required: No
Default: 2551

xeotek_kadeck_cluster_hostname

The cluster hostname or IP.

Type: string
Required: No
Default: ""
Example: "10.20.30.40"

Runtime Configuration

xeotek_kadeck_opts

VM options for Kadeck runtime (e.g., heap size, garbage collection tuning). Ensure the container memory limits match or exceed the -Xmx setting to prevent OOM errors.

Recommendation:
Explicitly set memory parameters to ensure stable performance.

Type: string
Required: No
Default: ""
Example: "-Xms8g -Xmx12g"

Logging Configuration

xeotek_kadeck_loglevel

The log level for Kadeck.

Type: string
Required: No
Default: WARN
Example: DEBUG

xeotek_kadeck_loglevel_kafka

The log level for Apache Kafka client libraries.

Type: string
Required: No
Default: WARN
Example: DEBUG

xeotek_kadeck_loglevel_hazelcast

The log level for Hazelcast clustering components.

Type: string
Required: No
Default: WARN
Example: INFO

xeotek_kadeck_loglevel_netty

The log level for Netty networking components.

Type: string
Required: No
Default: WARN
Example: INFO

xeotek_kadeck_loglevel_helidon

The log level for Helidon web server framework components.

Type: string
Required: No
Default: WARN
Example: INFO

xeotek_kadeck_logsize

The maximum size of a single log file before rollover occurs.

Type: string
Required: No
Default: 50MB
Example: 100MB

xeotek_kadeck_logfiles

The maximum number of log files to retain after rotation.

Type: integer
Required: No
Default: 1
Example: 5