Configuration List
Portal Configuration
Core Configuration
dsh_portal_secret
Your secret authentication code provided by Xeotek. This is a mandatory parameter required for Portal authentication.
Type: string Required: Yes
dsh_portal_team
Your team identifier provided by Xeotek. This is a mandatory parameter that uniquely identifies your team.
Type: string Required: Yes
dsh_portal_port
The port number through which the Portal Web UI will be accessible.
Type: integer Required: No Default: 8133 Example: 8080
dsh_portal_home
Additional path to access portal (e.g., https://localhost/portal instead of root https://localhost/).
Type: string Required: No Default: "" Example: "portal"
Authentication Configuration
dsh_portal_authentication_method
Specifies the authentication method to use. Available options are:
internal: Default internal authenticationldap: LDAP-based authenticationldap-nested: LDAP-based authentication with nested groups (advanced)openid: OpenID Connect authentication
Type: string Required: No Default: "internal"
LDAP Configuration
dsh_portal_authentication_ldap_url
The URL of the LDAP server for authentication, starting with ldap:// or ldaps://. Required when using LDAP authentication.
Type: string Required: No Default: "" Example: "ldap://10.20.30.40:389/"
dsh_portal_authentication_ldap_user
The distinguished name (DN) of the Portal service user. Used to list users and their groups.
Type: string Required: No Default: "" Example: "dshportal_srvc"
dsh_portal_authentication_ldap_password
The password for the Portal service user.
Type: string Required: No Default: "" Example: "dshportal_srvc_password"
dsh_portal_authentication_ldap_base
The base DN for LDAP searches, typically the path to the Portal user accounts.
Type: string Required: No Default: "" Example: "dc=example,dc=com"
dsh_portal_authentication_ldap_filter
The query filter for querying user accounts found under the base path. Portal retrieves all users that match this filter.
Type: string Required: No Default: "(objectClass=person)"
dsh_portal_authentication_ldap_debug
Outputs additional information for debugging purposes on log level INFO.
Type: boolean Required: No Default: false
dsh_portal_authentication_ldap_sync_interval_mins
The time interval in minutes at which Portal updates the users and their group memberships. The first update takes place immediately after Portal starts.
Type: integer Required: No Default: 60
dsh_portal_authentication_ldap_user_id_attribute
The attribute used for the userid in Portal (must be unique). This is the id that the user must enter when logging in.
Type: string Required: No Default: "cn" Example: "uid"
dsh_portal_authentication_ldap_user_fullname_attribute
The attribute used for the username in Portal. This is the displayed name of the user in Portal (when editing views for example). Uses the value of the user_id_attribute by default.
Type: string Required: No Default: dsh_portal_authentication_ldap_user_id_attribute Example: "givenName"
dsh_portal_authentication_ldap_group_attribute
The attribute used to retrieve the user's groups.
Type: string Required: No Default: "memberOf"
dsh_portal_authentication_ldap_group_regex
A regular expression used to extract the group name from the DNs/names listed under the group_attribute. Only the first matching group of the regular expression is used to match the Portal groups.
Type: string Required: No Default: "" Example: "(?i)cn=(\w+),ou=Groups.*"
dsh_portal_authentication_ldap_group_management
Enables automatic group assignment of groups in Portal via the configured group_attribute. If not enabled, the groups have to be assigned to the users manually in Portal.
Type: boolean Required: No Default: false
dsh_portal_authentication_ldap_group_search_filter
Filter for an alternative module for LDAP search.
Type: string Required: No Default: "(objectClass=groupOfUniqueNames)"
dsh_portal_authentication_ldap_group_search_user_filter
User filter for an alternative module for LDAP search.
Type: string Required: No Default: "(objectClass=person)"
dsh_portal_authentication_ldap_referral
LDAP referral URLs to deal with evolution and failover.
Type: string Required: No Default: ""
dsh_portal_authentication_ldap_scope
Search scope (default is subtree).
Type: string Required: No Default: "subtree"
OpenID Configuration
dsh_portal_authentication_openid_client_id
The client ID provided by your OpenID provider.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_client_secret
The client secret provided by your OpenID provider.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_redirect_url
The URL where the OpenID provider will redirect after authentication.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_jwks_url
The URL of the JSON Web Key Set (JWKS) for verifying tokens.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_authorization_url
The URL for initiating the OpenID authorization process.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_token_url
The URL for exchanging authorization codes for tokens.
Type: string Required: No Default: ""
dsh_portal_authentication_openid_groups_claim
The claim name in the ID token that contains user group information.
Type: string Required: No Default: "groups"
dsh_portal_authentication_openid_scope
The OpenID scopes requested during authentication.
Type: string Required: No Default: "openid profile email offline_access"
dsh_portal_authentication_openid_debug
Enable or disable debug mode for OpenID authentication.
Type: boolean Required: No Default: false
dsh_portal_authentication_openid_group_management
Configuration for group management in OpenID.
Type: boolean Required: No Default: false
dsh_portal_authentication_openid_login_url
The URL from which the Portal login page is reachable.
Type: string Required: No Default: "/#/login"
dsh_portal_authentication_openid_sync_interval_mins
The interval for synchronizing group information.
Type: integer Required: No Default: 60
Database Configuration
dsh_portal_db_url
The JDBC URL to your database. Currently supports H2 and Postgres. An H2 in-memory database is the default.
Type: string Required: No Default: "" Example: "jdbc:postgresql://host:port/database"
dsh_portal_db_username
The username of the user that has full permissions to run DDL and SQL queries.
Type: string Required: No Default: "" Example: "portal_db_admin"
dsh_portal_db_password
The password of the user that has full permissions to run DDL and SQL queries.
Type: string Required: No Default: "" Example: "portal_db_password"
Monitoring Configuration
dsh_portal_monitoring_mode
Controls the monitoring behavior. Available options are:
strict: Default mode with guaranteed monitoring intervalsflex: Limits the number of simultaneous monitoring scans per connection to one. When set to flex, the monitoring interval is no longer guaranteed.
Type: string Required: No Default: "strict"
Session Configuration
dsh_portal_session_timeout
The session timeout in seconds. After this period of inactivity, the user session will expire. A value of -1 means the session never expires.
Type: integer Required: No Default: -1 Example: 3600
Audit Configuration
dsh_portal_audit_mode
Specifies where audit logs are stored. Available options are:
DB: Store audit logs in the database (default)KAFKA: Additionally ingest audit logs into an Apache Kafka topic
Type: string Required: No Default: "DB"
dsh_portal_audit_topic
The Kafka topic to be used if audit_mode is set to "KAFKA".
Type: string Required: No Default: "_dsh.audit" Example: "_portal.audit"
dsh_portal_audit_connection
The ID of the configured Kafka connection to use for audit logging. Required if audit_mode is set to "KAFKA". The default is the first connection (0).
Type: integer Required: No Default: 0 Example: 1
Initialization Configuration
dsh_portal_init_with_userid
The user ID of the first user. Defaults to admin. The initial password is not affected by this setting.
Type: string Required: No Default: "admin" Example: "mycustomuserid"
dsh_portal_init_roles_file
Path to a YAML file defining all initial roles available in Portal.
Type: string Required: No Default: "" Example: "/opt/roles.yaml"
dsh_portal_init_groups_file
Path to a YAML file defining all initial groups available in Portal.
Type: string Required: No Default: "" Example: "/opt/groups.yaml"
dsh_portal_init_roles_file_always_init
Roles are only initialized if no previous roles exist. Set to true to always clear existing roles and initialize from file.
Type: boolean Required: No Default: false
dsh_portal_init_groups_file_always_init
Groups are only initialized if no previous groups exist. Set to true to always clear existing groups and initialize from file.
Type: boolean Required: No Default: false
TLS Configuration
dsh_portal_trust_proxy_ssl
Set to true if TLS termination is handled by ingress. This is useful when TLS termination happens at the ingress controller level.
Type: boolean Required: No Default: false
dsh_portal_keystore_path
The absolute path to the keystore file.
Type: string Required: No Default: "" Example: "/path/to/keystore"
dsh_portal_keystore_pass
The keystore password.
Type: string Required: No Default: "" Example: "password"
dsh_portal_keystore_alias
The keystore alias.
Type: string Required: No Default: "" Example: "alias"
Public API Configuration
dsh_portal_api_key
Optional API key for access to the public API of Portal. Additional API keys can be created in Portal.
Type: string Required: No Default: ""
Cluster Configuration
dsh_portal_cluster_nodes
The host names or IPs and respective ports of the nodes that constitute the cluster. The current node will try to connect indefinitely to that list of nodes until it succeeds or is shutdown. Defaults to the local node only (cluster_hostname:cluster_port).
Type: string Required: No Default: "" Example: "10.20.30.40:2551,10.20.30.41:2551"
dsh_portal_cluster_port
The cluster port number.
Type: integer Required: No Default: 2551
dsh_portal_cluster_hostname
The cluster hostname or IP.
Type: string Required: No Default: "" Example: "10.20.30.40"
Runtime Configuration
dsh_portal_opts
VM options for Portal runtime (e.g., heap size, garbage collection tuning). Ensure the container memory limits match or exceed the -Xmx setting to prevent OOM errors. Recommendation: Explicitly set memory parameters to ensure stable performance.
Type: string Required: No Default: "" Example: "-Xms8g -Xmx12g"
Logging Configuration
dsh_portal_loglevel
The log level for Portal.
Type: string Required: No Default: WARN Example: DEBUG
dsh_portal_loglevel_kafka
The log level for Apache Kafka client libraries.
Type: string Required: No Default: WARN Example: DEBUG
dsh_portal_loglevel_hazelcast
The log level for Hazelcast clustering components.
Type: string Required: No Default: WARN Example: INFO
dsh_portal_loglevel_netty
The log level for Netty networking components.
Type: string Required: No Default: WARN Example: INFO
dsh_portal_loglevel_helidon
The log level for Helidon web server framework components.
Type: string Required: No Default: WARN Example: INFO
dsh_portal_logsize
The maximum size of a single log file before rollover occurs.
Type: string Required: No Default: 50MB Example: 100MB
dsh_portal_logfiles
The maximum number of log files to retain after rotation.
Type: integer Required: No Default: 1 Example: 5
Argus Configuration
Core Configuration
dsh_argus_id
Unique identifier for the Argus instance, used in API responses and Portal assignments.
Type: String Required: Yes Default: None Example: argus-1
dsh_argus_port
The port number through which Argus endpoints are accessible.
Type: Integer Required: No Default: 8080 Example: 8080
dsh_argus_api_key
API key (secret) for authenticating requests to Argus endpoints.
Type: String Required: Yes Default: None
TLS Configuration
dsh_argus_keystore_path
The absolute path to the keystore file.
Type: string Required: No Default: "" Example: "/path/to/keystore"
dsh_argus_keystore_pass
The keystore password.
Type: string Required: No Default: "" Example: "password"
dsh_argus_keystore_alias
The keystore alias.
Type: string Required: No Default: "" Example: "alias"
Prometheus Configuration
dsh_argus_prometheus_enabled
Enables the Prometheus endpoint for metrics scraping.
Type: boolean Required: No Default: false
dsh_argus_prometheus_auth_enabled
Requires API key for Prometheus endpoint.
Type: boolean Required: No Default: false
dsh_argus_prometheus_auth_api_key
API key (secret) for authenticating requests to Prometheus endpoint.
Type: String Required: No (yes, if prometheus_auth_enabled) Default: None
Logging Configuration
dsh_argus_loglevel
The log level for Argus components.
Type: string Required: No Default: WARN Example: DEBUG
Standalone Mode
dsh_argus_standalone_enabled
Activates standalone mode, allowing Argus to collect metrics directly without endpoint configuration.
Type: boolean Required: No Default: false
dsh_argus_standalone_clusters
JSON string of Kafka clusters in standalone mode (if not attached to Portal).
Type: JSON Required: No Default: None Example: [{"id":"kafka-1","bootstrapServers":"kafka1:9092","credentials":{"username":"user","password":"pass"}}]
Last updated
Was this helpful?