Search…
⌃K

Configuration Options

This part of the documentation is only intended in the context of a supported PoC (Proof of Concept) together with the Steadybit team. Please, book an appointment to scope your PoC before continuing to evaluate the on-prem solution.
If you just want to try out Steadybit, we recommend you sign up for our SaaS platform.

Machine Requirements (minimum)

The machine you are installing steadybit onto, must have 4 CPUs and 8 GB available memory.

Debug Docker Images

The platform docker image doesn't contain any shell by default. In case you need to exec into the container using a shell for debugging purposes, we provide an additional debug variant whith the platform-debug tag.

Database Configuration

Steadybit requires a PostgresSQL 13 database.
Environment Variable
Required
Description
SPRING_DATASOURCE_URL
yes
JDBC Url for the database connection Example: jdbc:postgresql://postgres:5432/steadybitdb
SPRING_DATASOURCE_USERNAME
yes
Database Username Example: postgres
SPRING_DATASOURCE_PASSWORD
yes
Database Password Example: postgres
STEADYBIT_DB_WEB_ENABLED
Enable Http Endpoint for Database export Default: true

Message Broker Configuration

For running the platform with multiple instances, a Redis message broker is required.
Environment Variable
Required
Description
SPRING_REDIS_HOST
yes
Redis server host Example: redis
SPRING_REDIS_PORT
Redis server port Default: 6379
SPRING_REDIS_USERNAME
Redis Username
SPRING_REDIS_PASSWORD
Redis Password
SPRING_REDIS_SSL
Wether to enable ssl support. Default: false
SPRING_REDIS_CLIENT_NAME
Client name to be set on connections with CLIENT SETNAME.

Tenant Configuration

Environment Variable
Required
Description
STEADYBIT_TENANT_AGENTKEY
yes
Agent key for the tenant assigned to you. Treat it as sensitive information. Example: foobar

Web Configuration

Environment Variable
Required
Description
STEADYBIT_WEB_PUBLIC_URL
URL to point to your steadybit installation. Use this if your platform is running behind a reverse proxy doing path rewriting. Also it is used for the links in notifications.
STEADYBIT_WEB_PUBLIC_EXPERIMENT_PORT
By default the Websocket connections are advertised to the agents on port 7878. If the public port differs (e.g. because of a proxy) use this property to advertise a different port.
STEADYBIT_WEB_PUBLIC_EXPERIMENT_URL
By default the Websocket connections are advertised on the same url name as the agents registers to. If you run a separate loadbalancer for the websockets you can override the advertised url.

Log Configuration

Environment Variable
Required
Description
LOGGING_FORMAT
By default steadybit uses text format. Set this this to json to switch the log format to JSON.

Static-Authentication

You can use a static username/password to authenticate as an admin user
Environment Variable
Required
Description
STEADYBIT_AUTH_PROVIDER
yes
Use STATIC for static authentication Example: LDAP
STEADYBIT_AUTH_STATIC_0_USERNAME
yes
Username Example: admin
STEADYBIT_AUTH_STATIC_0_PASSWORD
yes
Password Example: {noop}admin

LDAP-Authentication

You can use a LDAP Server for user authentication.
By default the ldap is accessed anonymously, unless STEADYBIT_AUTH_LDAP_MANAGER_DN and STEADYBIT_AUTH_LDAP_MANAGER_PASSWORD is set. The users are authenticated by doing a bind with their credentials, unless STEADYBIT_AUTH_LDAP_METHOD is set to password-compare.
Environment Variable
Required
Description
STEADYBIT_AUTH_PROVIDER
yes
Use LDAP for LDAP-Authentication Example: LDAP
STEADYBIT_AUTH_LDAP_URL
yes
LDAP-Server URL Example: ldap://openldap:389/dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_MANAGER_DN
Username (DN) of the "manager" user identity is used to authenticate to a LDAP server. If omitted anonymous access will be used. Example: uid=admin,ou=system
STEADYBIT_AUTH_LDAP_MANAGER_PASSWORD
The password for the manager DN. This is required if the manager-dn is specified.
STEADYBIT_AUTH_LDAP_USER_DN_PATTERNS
The search pattern to find the usernames Default: uid={0},ou=people
STEADYBIT_AUTH_LDAP_METHOD
The method to authenticate the user. Either bind or password-compare. Default: bind
STEADYBIT_AUTH_LDAP_PASSWORD_ATTRIBUTE
The attribute in the directory which contains the user password, used if using password-compare Default: userPassword
STEADYBIT_AUTH_SYNC_ADMIN_GROUP_DN
yes
The DN for the groupOfNames/groupOfUniqueNames for the Admin users Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_SYNC_USER_GROUP_DN
yes
The DN for the groupOfNames/groupOfUniqueNames for the User users Example: cn=steadybit_user,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_SEARCH_FILTER
The filter for the groupOfNames/groupOfUniqueNames for the teams Example: ou=teams,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_KEY_ATTRIBUTE
The attribute to use as Team key Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_LDAP_SYNC_TEAM_NAME_ATTRIBUTE
The attribute to use as Team name Example: cn=steadybit_admin,ou=groups,dc=steadybit,dc=com
STEADYBIT_AUTH_SYNC_CRON
Cron Expression which defines the periods for the LDAP synchronization Default: 0 0 */2 ? * * *

OpenID-Connect Authentication

You can use an OpenID Connect compatible authentication provider for user authentication. Steadybit uses the authorization_code grant type.
The first user to login will be assigned the ADMIN role, all other will be assigned the USER role. The roles can be changed by an admin user via the UI.
Environment Variable
Required
Description
STEADYBIT_AUTH_PROVIDER
yes
Use OAUTH2 for OIDC-Authentication Example: OAUTH2
STEADYBIT_AUTH_OAUTH2_ISSUER_URI
yes
URI for the OpenID Connect discovery endpoint. Example: https://keycloak/auth/realms/demo
STEADYBIT_AUTH_OAUTH2_CLIENT_ID
yes
The client ID to use for the OIDC registration Example: steadybit
STEADYBIT_AUTH_OAUTH2_CLIENT_SECRET
yes
The client secret to use for the OIDC registration Example: ijhdfpjdf80wiphubfqwd113342r
STEADYBIT_AUTH_OAUTH2_USER_NAME_ATTRIBUTE
Name of the OidcIdToken attribute that will be used to identify the user Default: sub
STEADYBIT_AUTH_OAUTH2_FULL_NAME_ATTRIBUTE
Name of the OidcIdToken attribute that will be used to pick the full name of the user Default: name
STEADYBIT_AUTH_OAUTH2_CLAIMS_TEAM_NAME_ATTRIBUTE_NAME
Name of the OidcIdToken claims attribute that will be used to pick up the assigned team names from. steadybit automatically creates the specified teams in the platform and assigns the user to them. Default: groups Example value in OIDC provider for single team: team1 Example value in OIDC provider for multiple teams: ["team1","team2"]

Using SSL/TLS Encryption

SSL can be configured by setting the various SERVER_SSL_* properties and requires a java keystore (typically PKCS12).
Environment Variable
Required
Description
SERVER_PORT
Port to use Default: 8080
SERVER_SSL_KEY_STORE
Path to the key store that holds the SSL certificate (typically a .jks or .p12 file). Example: file:/keystores/steadybit.p12
SERVER_SSL_KEY_STORE_TYPE
Type of the keystore Example: PKCS12
SERVER_SSL_KEY_STORE_PASSWORD
Password used to access the key store
SERVER_SSL_KEY_ALIAS
Alias that identifies the key in the keystore to be used
SERVER_SSL_KEY_PASSWORD
Password used to access the key in the key store.

Advanced Agent Authentication

OpenID Connect can be used to authenticate the agents to the platform.
Environment Variable
Required
Description
STEADYBIT_AUTH_AGENT_PROVIDER
Set to OAUTH2 to use the OIDC. Default: AGENT_KEY
STEADYBIT_AUTH_AGENT_OAUTH2_ISSUER_URI
yes
The issuer URI of your identity provider

Proxy Settings

Steadybit will use these proxy settings if the platform needs to connect to other services (for example your OIDC identity provider).
Environment Variable
Required
Description
STEADYBIT_PROXY_HOST
Hostname of your proxy
STEADYBIT_PROXY_PORT
Port of your proxy
STEADYBIT_PROXY_PROTOCOL
Protocol of your proxy Default: http
STEADYBIT_PROXY_USER
Username of your proxy
STEADYBIT_PROXY_PASSWORD
Password of your proxy