Environment variables
The Orchestrator can read environment variables which alter the way it runs. These can be:
- Orchestrator-specific environment variables (normally prefixed with
MAVERICS_
) - Arbitrary environment variables which can be referenced in the config file itself
Orchestrator Environment Variables
The following environment variables are available for setting Orchestrator configuration:
- MAVERICS_CONFIG: configures the path to a local configuration file.
- MAVERICS_LICENSE: configures the path to a local license file.
- MAVERICS_SECRET_PROVIDER: sets up a connection to a secret provider.
- MAVERICS_DEBUG_MODE: sets logging to debug level.
- MAVERICS_HTTP_ADDRESS: the interface and port of the HTTP listener.
- MAVERICS_TLS_SERVER_CERT_FILE: the path to the certificate used for the HTTP listener
- MAVERICS_TLS_SERVER_KEY_FILE: the path to the corresponding key for the HTTP listener certificate.
- MAVERICS_TLS_SERVER_WINDOWS_THUMBPRINT: the certificate thumbprint used to search the Windows Certificate Store for HTTP listener certificate.
- MAVERICS_TLS_SERVER_WINDOWS_SUBJECT: the certificate subject used to search the Windows Certificate Store for HTTP listener certificate.
- MAVERICS_RELOAD_CONFIG: a boolean value to configure the Orchestrator to poll for configuration updates. It is
false
by default. - MAVERICS_POLLING_INTERVAL_SECONDS: the frequency of polling for configuration updates. If unset, the default is 30 seconds.
- MAVERICS_GCP_CONFIG: configures a connection to Google Cloud Storage for remote configuration.
- MAVERICS_AWS_CONFIG: configures a connection to AWS S3 for remote config configuration.
- MAVERICS_AZURE_CONFIG: configures a connection to Azure Blob for remote config configuration.
- MAVERICS_GITLAB_CONFIG: configures a connection to a GitLab repository for remote config configuration.
- MAVERICS_GITHUB_CONFIG: configures a connection to a GitHub repository for remote config configuration.
- MAVERICS_USER: sets the user that will run a maverics service in a linux installation. If unset, the default is
maverics
. - MAVERICS_GROUP: sets the group that will run a maverics service in a linux installation. If unset, the default is
maverics
. - HTTPS_PROXY, HTTP_PROXY, NO_PROXY: configures the network proxies maverics will use.
- MAVERICS_BUNDLE_PUBLIC_KEY_FILE: the path to the public key file used for verifying a signed configuration bundle.
Command line options for maverics
will override environment variables, which in
turn will override settings in the configuration file. The order of precedence is:
- command line options (e.g.
-verbose
for debug level logging) - environment variables (e.g.
MAVERICS_DEBUG_MODE=true
) - settings in the configuration file (e.g.
logger.level: debug
)
Arbitrary Environment Variables
Maverics supports referencing environment variables in configuration files. This enables deployment
specific variables to be set dynamically, and can enable selectively loading components when paired
with the include
field.
To express environment variables in config files, use the {{ env.VAR_NAME }}
syntax. Note, the
env.
namespace prefix is required.
Example
The following example represents a simple usage of how environment variables can be leveraged. The
example assumes that AZURE_METADATA_URL
, AZURE_ACS_URL
, and AZURE_ENTITY_ID
are set as
environment variables on the host machine.
version: 0.1
tls:
maverics:
certFile: certs/maverics.cert
keyFile: certs/maverics.key
http:
address: :443
tls: maverics
connectors:
- name: azure
type: azure
authType: saml
samlMetadataURL: '{{ env.AZURE_METADATA_URL }}'
samlConsumerServiceURL: '{{ env.AZURE_ACS_URL }}'
samlEntityID: '{{ env.AZURE_ENTITY_ID }}'
appgateways:
- name: finance-app
basePath: /
upstream: https://finance.enterprise.com
headers:
SM_USER: azure.username
firstName: azure.firstName
lastName: azure.lastName
policies:
- location: /
authentication:
idps:
- azure