Skip to main content

Datastore Configuration

Please note that the Data On-Premise feature is only available on the Enterprise plan. Contact us to enable the Data On-Premise feature for your organization.

This page includes configuration details for the Datastore.

  1. For Kubernetes, see the Helm Values
  2. For Docker, see the Environment Variables

Helm Values

Configure the Datastore k8s installation by setting values in the values.yaml file or using --set in the helm install or helm upgrade commands.

Datastore Configuration

Rookout tokendatastore.tokenRookout token-
Server modedatastore.serverModePLAIN, TLS, or AUTOTLSPLAIN
Listen on portdatastore.dopContainerPortInteger8080
In-memory databasedatastore.inMemoryDbtrue or falsetrue

Additional Kubernetes Configuration

Token secret namedatastore.tokenFromSecret.nameString-
Token secret keydatastore.tokenFromSecret.keyString-
K8s labelsdatastore.labelsKey: value-
memory request
datastore.resources.requests.memoryMemory units1Gi
CPU request
datastore.resources.requests.cpuCPU units1
memory limit
datastore.resources.limits.memoryBytes unit4Gi
CPU limit
datastore.resources.limits.cpuCPU units2
image tag
image.tagImage taglatest
image pull policy
image.pullPolicyPull policyAlways
image pull secret
image.pullSecretsPull secrets-
Service account
podAnnotationsKey: value-
service.annotationsKey: value-
Service portdatastore.servicePortInteger80
Service port (TLS mode)datastore.servicePortTLSInteger443

Environment Variables

Configure a Datastore docker container by passing environment variables to it.

ConfigurationEnvironment VariableValueDefault
Rookout tokenROOKOUT_DOP_LOGGING_TOKENRookout token-
Listen on portROOKOUT_DOP_PORTInteger8080
In-memory databaseROOKOUT_DOP_IN_MEMORY_DBtrue or falsetrue

Configuration Details

Rookout Token

Set this to your organization's token just like you would when configuring the Rookout SDK.

Server Mode

Configure the Datastore to either use TLS encryption or plain text for incoming connections.

There are three modes available to choose from:

We recommend using PLAIN mode when possible, as it is the most straightforward. For security best practice, only use PLAIN along with a TLS termination proxy, or if the connection is trusted and secure.


If you can't provide a TLS termination proxy / load balancer, set the server mode to TLS and configure the following:

  • For Docker deployments, place a certificate and a private key in /var/rookout/cert.pem /var/rookout/key.pem respectively. You can create volumes for the certificate and key and map them to these locations.

  • For K8s deployments, create the following secret & configmap in your k8s cluster instead:

kubectl create configmap rookout-tls-cert --from-file=cert.pem=<path to cert file>
kubectl create secret generic rookout-tls-key --from-file=key.pem=<path to key file>


If you can't provide a TLS termination proxy / load balancer and also can't provide a valid TLS certificate for the Datastore, set the server mode to AUTOTLS. This mode automatically fetches a certificate from the "Let's Encrypt" service. To use this mode configure the following:

  1. Set the datastore.autoTlsDomain variable for K8s deployments or the ROOKOUT_DOP_AUTO_TLS_DOMAIN environment variable for Docker deployments, to match a domain name of the Datastore, one that is accessible from the internet.

  2. Make sure that the TCP port 9090 of the Datastore container is accessible from the internet, so that the "Let's Encrypt" service can challenge it.

Read more about Let's Encrypt here.

Listen on Port

Set the internal port the Datastore should listen on for incoming connections.

Note that under K8s deployments, the external service port is 80 for PLAIN server mode and 443 otherwise.

In-memory database

Set this to false to have the Datastore store its data as a file on the disk (less recommended), instead of in the RAM.