ETL Controller Configuration
Please note that the ETL Controller feature is only available on the Enterprise plan. Contact us to enable the ETL Controller feature for your organization.
This page includes configuration details for the ETL Controller.
- For Kubernetes, see the Helm Values
- For Docker, see the Environment Variables
Helm Values
Configure the controller k8s installation by setting values in the values.yaml
file or using --set
in the helm install
command.
Controller Configuration
Configuration | Key | Value | Default |
---|---|---|---|
Rookout token | controller.token | Rookout token | - |
Server mode | controller.serverMode | PLAIN or TLS | PLAIN |
Proxy server | controller.proxy | URL | - |
Proxy username | controller.proxyUsername | URL | - |
Proxy password | controller.proxyPassword | URL | - |
Skip Datastore SSL verification | controller.datastore_no_ssl_verif | true or false | false |
Listen on port | controller.port | Integer | 7488 |
Additional Kubernetes Configuration
Configuration | Key | Value | Default |
---|---|---|---|
Token secret name | controller.tokenFromSecret.name | String | - |
Token secret key | controller.tokenFromSecret.key | String | - |
Proxy password secret name | controller.proxyPasswordFromSecret.name | String | - |
Proxy password secret key | controller.proxyPasswordFromSecret.key | String | - |
K8s labels | controller.labels | Key: value | - |
Pod memory request | controller.resources.requests.memory | Memory units | 32Mi |
Pod CPU request | controller.resources.requests.cpu | CPU units | 30m |
Pod memory limit | controller.resources.limits.memory | Bytes unit | 1024Mi |
Pod CPU limit | controller.resources.limits.cpu | CPU units | 4000m |
Container image tag | image.tag | Image tag | latest |
Container image pull policy | image.pullPolicy | Pull policy | Always |
Container image pull secret | image.pullSecrets | Pull secrets | - |
Service account name | serviceAccount.name | String | - |
Pod annotations | podAnnotations | Key: value | - |
Service annotations | service.annotations | Key: value | - |
Environment Variables
Configure a Controller docker container by passing environment variables to it.
Configuration | Environment Variable | Value | Default |
---|---|---|---|
Rookout token | ROOKOUT_TOKEN | Rookout token | - |
Server mode | ROOKOUT_CONTROLLER_SERVER_MODE | PLAIN or TLS | PLAIN |
Proxy server | ROOKOUT_PROXY | URL | - |
Proxy username | ROOKOUT_PROXY_USERNAME | String | - |
Proxy password | ROOKOUT_PROXY_PASSWORD | String | - |
Send data to Rookout | ROOKOUT_SEND_DATA | true or false | true |
Skip Datastore SSL verification | ROOKOUT_DOP_NO_SSL_VERIFY | true or false | false |
Limit CPU cores | ROOKOUT_CONTROLLER_MAX_CPU | Integer | 1 |
Limit memory | ROOKOUT_CONTROLLER_MAX_MEMORY | Integer (MB) | 512 |
Configuration Details
Rookout Token
Set this to your organization's token just like you would when configuring the Rookout SDK.
Server Mode
Configure the Controller to either use TLS encryption (TLS
mode) or plain text (PLAIN
mode) for incoming connections (SDK instances connecting to the Controller).
We recommend using PLAIN
mode if possible, as it is the most straightforward. For security best practice, only use PLAIN
if the connection is trusted and secure, or along with a TLS termination proxy.
If you can't provide a TLS termination proxy / load balancer, and the connection isn't secure, set the server mode to TLS
and configure the following:
-
For Docker deployments, place a certificate and a private key in
/var/controller-tls-secrets/tls.crt
and/var/controller-tls-secrets/tls.key
respectively. You can create volumes for the certificate and key and map them to these locations. -
For K8s deployments, create the following secret & configmap in your k8s cluster instead:
kubectl create configmap rookout-tls-cert --from-file=tls.crt=<path to cert file>
kubectl create secret generic rookout-tls-key --from-file=tls.key=<path to key file>
Proxy Server
Set this to your proxy URL/address to have the Controller manually connect through it.
If authentication is required, it is possible to add a username and password. The password can be added as a plain string or as a K8s secret.
Send Data to Rookout
Set this configuration to false
to send data collected by the Controller only to targets and not to Rookout's servers.
Skip Datastore SSL Verification
Set this to true
to make the Controller skip the verification of SSL certificates when connecting to the Datastore.
For security best practices, you should set this to false
unless the connection is trusted and secure.
Listen on Port
Set the port the Controller should listen on for incoming SDK instances.
Data Redaction
All data received by the ETL agent undergoes a data redaction process based on the configuration set by the user.
Health Check
If you would like to perform a health check on the Rookout ETL Controller, you can access http://<ROOKOUT_CONTROLLER_HOST>:<ROOKOUT_CONTROLLER_PORT>/healthz
. A healthy ETL Controller should return a response of "HTTP 200".