Configuration settings catalog

Here is a catalog of the settings to use when configuring and managing Mission Control. The following Mission Control tables cover:

Mission Control topology

Category: Mission Control topology

Name

Type

Default Value

Range

Description

Control Plane

Boolean

TRUE

TRUE, FALSE

Specifies whether to deploy Mission Control in Control Plane mode rather than Data Plane mode.

Configure the topology setting in the KOTS Admin Console.

Mission Control Observability-advanced

Category: Observability-advanced

Name

Type

Default Value

Range

Description

Allow monitoring process to run on the control plane

Boolean

TRUE, FALSE

Allows deployment of monitoring components on the Kubernetes Control Plane. Only required in constrained environments where the Control Plane is tainted but should host these components.

Allow monitoring components on DataStax Enterprise (DSE) nodes

Boolean

TRUE, FALSE

Whether to deploy monitoring components, such as Vector, Mimir, and Loki, on database worker nodes. Only enable this for constrained environments.

Configure these advanced observability settings in the Control Plane.

Mission Control Observability-storage

Category: Observability-storage

Name

Type

Default Value

Range

Description

Storage backend

string

S3, GCS

Specifies which object storage backend to use for the observability stack (Mimir and Loki).

Category: Observability-S3 Storage

Region

string

us-east-1

Region where the bucket is located.

Access Key ID

string

AWS access key ID.

Secret Access Key

Password

AWS secret access key.

Bucket endpoint URL

string

URL to reach the S3 compatible object storage service.

Observability Bucket Insecure Access

Boolean

TRUE

TRUE, FALSE

Controls whether calls made to the storage backend use TLS. Disable only when your storage backend does not support HTTPS.

Category: Observability-GCS storage

Service Account

Password

Key file content for the service account accessing the GCS buckets storing Mimir and Loki data. JSON format expected.

Mission Control Observability-Mimir

Category: Observability-Mimir topology

Name

Type

Default Value

Range

Description

Tune Mimir Topology

Boolean

TRUE, FALSE

Change the replication factor and the number of replicas for each Mimir component.

Number of Ingester instances

number

1

1..

Number of Distributor instances

number

1

1..

Number of Querier instances

number

1

1..

Number of Query Frontend instances

number

1

1..

Number of Ruler instances

number

1

1..

Number of Alert Manager instances

number

2

2..

A minimum of two instances are required for the alertmanager component.

Number of Store Gateway instances

number

1

1..

Number of Query Scheduler instances

number

1

1..

Ingester replication factor

number

1

1..

Alert manager replication factor

number

2

2..

Mimir cannot handle a replication factor of 1 for the alertmanager component.

Category: Observability-Mimir resources

Name

Type

Default Value

Range

Description

CPU Requests

100m

Minimum available CPU cores requested to allow scheduling a Mimir microservice. 100m = 100 millicores = 0.1 core.

CPU Limits

Quantity

This is not a literal or updateable value

Maximum number of cores allocated to a Mimir microservice. In order to maximize resource utilization do not set this value.

Memory Requests

128Mi

Minumum available RAM requested to allow scheduling a Mimir microservice on a worker node.

Memory Limits

2Gi

Maximum allowed RAM usage per Mimir microservice. Any service using more than this value is terminated and rescheduled.

Category: Observability-Mimir advanced

Max Global Series Per User

number

0

The maximum allowed number of series that are accepted per tenant. 0 means unlimited. Mission Control uses a single tenant.

Category: Observability-Mimir storage

Name

Type

Default Value

Range

Description

Bucket Name

string

Name of the bucket (S3 or GCS) storing Mimir’s metrics data.

Storage retention

string

7d

#ms, #s, #h, #d, #m, #w, #y

Set the retention period for metrics data (in milliseconds, seconds, hours, days, months, weeks, or years). These values can be used in combination - for example, 11m 7d to specify an eleven month and seven days retention period.

Use Persistent Volumes

Boolean

TRUE

TRUE, FALSE

Secures data which is local to specific Mimir’s microservices by using persistent storage. Required for production deployments.

Storage Class

Storage Class

(default for K8s cluster)

All available storage classes

For embedded runtime installs, set this to standard. When using your own Kubernetes cluster, set it to one of your available storage classes that allows dynamic provisioning.

Access Modes

string

ReadWriteOnce

ReadWriteOnce

Set to ReadWriteOnce to allow a single node with multiple pods simultaneous access to the volume mount in read or write mode.

Alert Manager Volume Size

1Gi

Use 10GB for production deployments. [1]

Compactor Volume Size

2Gi

Use at least 300GB for production deployments. [1]

Store Gateway Volume Size

2Gi

Use 50GB for production deployments. [1]

Ingester Volume Size

2Gi

Use at least 100GB for production deployments. [1]

WARNING: Using too small a size results in metrics no longer being ingested.

Observability Loki

Category: Observability-Loki

Name

Type

Default Value

Range

Description

Loki Reader Instances

number

1

Loki Writer Instances

number

1

Loki Replication Factor

number

1

The number of ingesters to which Loki forwards writes. This should be less than or equal to the number of write instances.

Category: Observability-Loki storage

Storage retention

string

7d

#ms, #s, #h, #d, #m, #w, #y

Set the retention period for logging data (in milliseconds, seconds, hours, days, months, weeks, or years). These values can be used in combination - for example, 11m 7d to specify an eleven month and seven days retention period.

Force Path-Style Addressing

Boolean

FALSE

FALSE, TRUE

Forces requests to use AWS S3 path-style addressing, which does not prefix the endpoint URL with the bucket name. This is useful when Minio is the S3 storage backend.

Use Persistent Volumes

Boolean

TRUE

TRUE, FALSE

Required for production deployments.

Persistent Volumes size

string

10Gi

Use at least 50GB for production deployments. [1]

Storage Class

Storage Class

(default for K8s cluster)

All available storage classes

For embedded runtime installs, set to standard. When using your own Kubernetes cluster, set it to one of your available storage classes that allows dynamic provisioning.

Chunks Bucket Name

string

Name of the bucket to store the log entries sent to Loki.

Ruler Bucket Name

string

Name of the bucket to store the alerting rules for Loki.

Mission Control User Interface

Category: User Interface (UI)

Name

Type

Default Value

Range

Description

Create temporary admin user

Boolean

TRUE

TRUE, FALSE

Creates an admin user that authenticates to Mission Control without setting up LDAP or OpenID.

Category: User Interface Admin user

Email

string

admin@example.com

Email address of the admin user.

Password hash

string

The bcrypt hash of the password. On Linux and Unix systems, generate this by running:

echo yourPassword | htpasswd -BinC 10 admin | cut -d: -f2

Username

string

admin

Name of the admin user

Mission Control Identity Provider connector

Category: Identity Provider connector

Name

Type

Default Value

Range

Description

Dex Connector

string

None, LDAP, OpenID Connect

Defines which connector to be configured for authentication and authorization in Mission Control’s UI.

Category: LDAP connector

Name

Type

Default Value

Range

Description

Host

string

Host and optional port of the LDAP server.

No SSL

Boolean

FALSE

TRUE, FALSE

Required if the LDAP host is not using TLS (port 389).

This option inherently leaks passwords to anyone on the same network as Mission Control, do not use outside of explorative phases.

Skip TLS verify

Boolean

FALSE

TRUE, FALSE

Whether to turn off Transport Layer Security (TLS) certificate verification.

This is not secure, do not use outside of explorative phases.

Start TLS

Boolean

FALSE

TRUE, FALSE

When connecting to the server, connect using the ldap:// protocol and then issue a StartTLS command. If unspecified, connections use the ldaps:// protocol.

Root CA

string

A trusted root certificate file content (base64-encoded Privacy Enhanced Mail (PEM) file).

Bind DN

string

The DN to bind with when performing the search. When not provided, the search is performed anonymously.

Bind password

string

The password with which to bind when performing the search. When not provided, the search is performed anonymously.

Username prompt

string

The prompt the user sees when requesting their username. When unspecified, the default is Username.

User base DN

string

BaseDN from which to start the search. It translates to the query

(&(objectClass=person)(uid=<username>))

User filter

string

BaseDN from which to start the search. It translates to the query

(&(objectClass=person)(uid=<username>))

Username attribute

string

uid

Username attribute used for comparing user entries. This is translated and combined with the other filter as (<attr>=<username>).

User id attribute

string

uid

User email attribute

string

email

User display name attribute

string

uid

Preferred username attribute

Group base DN

string

BaseDN from which to start the search. It translates to the query

(&(objectClass=person)(uid=<username>))

Group filter

string

(objectClass=group)

Optional filter to apply when searching the directory.

Group/user matchers

string

- userAttr: uid groupAttr: member

A list of field pairs that matches a user to a group. It adds an additional requirement to the filter that an attribute in the group must match the user’s attribute value.

Expected format: multi-line YAML list of objects with userAttr and groupAttr keys.

Group name attribute

string

name

Category: OIDC connector

Name

Type

Default Value

Range

Description

Issuer URL

string

Canonical URL of the provider, also used for configuration discovery.

This value MUST match the value returned in the provider config discovery.

Client ID

string

Client Secret

Password

Basic auth unsupported

Boolean

FALSE

TRUE, FALSE

Some providers require passing client_secret via POST parameters instead of basic auth, despite the OAuth2 RFC discouraging it. Many of these cases are caught internally, but you may need to check this setting.

Scopes

string

- profile

- email

List of additional scopes to request in token response. Default is profile and email. See Full list.

Expected format: multi-line YAML list of strings.

Skip email verified

Boolean

FALSE

TRUE, FALSE

Not recommended. Some providers return claims without email_verified when they did not use emails verification in the enrollment process or if they are acting as a proxy for another IDP. An example is AWS Cognito with an upstream SAML IDP. Checking this box forces email_verified to TRUE.

Enable groups

Boolean

FALSE

TRUE, FALSE

Not recommended. Groups claims only refresh when the ID token is refreshed; meaning that the regular refresh flow does not update the groups claim. By default the OIDC connector does npt allow groups claims. If it is satisfactory to have potentially stale group claims then use this option to enable groups claims through the OIDC connector on a per-connector basis.

Get user info

Boolean

FALSE

TRUE, FALSE

When enabled, the OpenID Connector queries the UserInfo endpoint for additional claims. UserInfo claims take priority over claims returned by the IDToken. Use this option when the IDToken does not contain all of the claims requested. See OpenID user information.

User ID key

string

The claim used as user id. Defaults to sub. See full claims list.

Username key

string

The claim used as username.

Defaults to name.

ACR values

string

The Authentication Context Class values within the Authentication Request that the Authorization Server is being requested to process.

Expected format: multi-line YAML list of strings.

Prompt type

string

For offline_access, the prompt parameter is set by default to prompt=consent. However, this is not supported by all OIDC providers; some of them support a different value for prompt, like login or none.

Preferred username claim

string

The claim used as preferred username.

Defaults to preferred_username.

Email claim

string

email

The claim used as email.

Preferred groups claim

string

groups

The claim used as groups.


1. You cannot modify this size after the initialization of the cluster without deleting the existing Persistent Volumes and statefulsets, which can result in data loss.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com