The Orchestrator can load and dynamically reload configuration bundles (maverics.tar.gz) published by the Maverics platform from shared storage providers such as AWS S3, Google Cloud Storage, Azure Blob Storage, GitHub, or GitLab.
For instructions specific to your storage provider, see the following guides:
Remote Configuration Bundle
To load a configuration bundle from a shared storage provider you must set environment variables on the orchestrator host for:
validating the bundle against the public key file for your environment
connecting to your storage provider
Signed Bundle Validation
Configuration bundles published by the Maverics platform are signed to ensure data integrity. The orchestrator cannot load remote configuration without validating the configuration file signatures against the public key for the specific remote configuration environment.
Download the public key file from the Maverics Environments page to the orchestrator host and set the path to the file in the MAVERICS_BUNDLE_PUBLIC_KEY_FILE environment variable.
Setting JSON in Environment Variables
The values for these environment variables are JSON objects. Depending on how your operating system sets environment variables, you may need to fold this into a single line (e.g. when declared in the /etc/maverics/maverics.env file).
The export command will accept multiline input if it is single-quoted.
export MAVERICS_GITHUB_CONFIG='{
"token": "github_pat_xxxxxxxxx_xxxxxxxxxxxxxx",
"owner": "ownername",
"repo": "reponame",
"configurationFilePath": "folder1/folder2"
}'
The set command only accepts a single line of input.
set MAVERICS_GITHUB_CONFIG={"token": "github_pat_xxxxxxxxx_xxxxxxxxxxxxxx", "owner": "ownername", "repo": "reponame", "configurationFilePath": "folder1/folder2" }
Auto-Reload
The Orchestrator can be set to check configuration periodically, and reload it when it changes. If the Orchestrator detects a change to the version field, it reloads the updated configuration without restarting the process. During a successful reload, user sessions and tokens issued on behalf of resource owners are invalidated to ensure policy updates take effect.
To enable this behavior, set the following environment variables:
MAVERICS_RELOAD_CONFIG: Set totrueto enableMAVERICS_POLLING_INTERVAL_SECONDS(optional): The frequency of polling for configuration updates. If unset, the default is 30 seconds.