Starting the Registry Docker container by retrieving parameters from Vault

Learn about how to start the Registry Docker container by specifying CONFIGURE_MODE=Vault.

Mandatory environment variables

These are the mandatory environment variables that you must specify to configure the Registry Docker container to retrieve additional parameters from Vault.
Environment variable name Description Comments
TENANT The name of the group that contains your set of environments. For example, MyCompany. Container environment variable. This can be specified in the values.yaml configuration file under common.tenant.
ENVIRONMENT The name of the environment. For example, Non-production. Container environment variable. This can be specified in the values.yaml configuration file under common.environmentName.
VAULT_TOKEN The Vault token to use to connect to Vault and request certification from Vault PKI. Container environment variable. This can be specified in the values.yaml configuration file under common.vaultToken.
VAULT_URL The Vault URL to use to connect to Vault and request certification from Vault PKI. Container environment variable. This can be specified in the values.yaml configuration file under common.vaultUrl.
CONFIGURE_MODE The configure mode.
Accepted values are:
  • Vault for Vault configuration.
  • EnvVariables for environment variables configuration.
Set this value to Vault to use Vault configuration, and the configurations present within this reference.
 Container environment variable. This can be specified in the values.yaml configuration file under common.configureMode.

Optional environment variables

These are the optional environment variables that you can specify to configure the Registry Docker container.

All parameters that you specify as container environment variables take precedence over the values that are stored in Vault.

Environment variable name Description Comments
HCL Commerce Version 9.1.14.0 or laterSCHEDULER_WAIT_SEC SCHEDULER_WAIT_SEC is used to control how often to run the scheduler job, in seconds.

The default value is 300 (5 minutes).

HCL Commerce Version 9.1.15.0 or laterAs of HCL Commerce 9.1.15.0, there is a corresponding Vault value that can be used for configuration, {VAULT_URL}/${TENANT}/${ENVIRONMENT}/search-registry-app/schedulerWaitSeconds.

 In the HCL Commerce 9.1.14.0 release, the NiFi Registry container is now run as a non-root user. However, the cron job that is used to run the scheduler is required to run as the root user. Therefore, this mechanism is introduced to run scheduled_job.sh. You can check the log at the following path, /SETUP/scheduler/job.log.

The environment variable SCHEDULER_WAIT_SEC can be added to the registry-app.yaml configuration file after the LICENSE acceptance parameter.

For example, to set the scheduler to run every 360 seconds:
env: 
- name: "LICENSE" 
value: {{ .Values.license | quote }} 
- name: SCHEDULER_WAIT_SEC 
value: "360"

Mandatory Vault configuration variables

These are the mandatory Vault key values that you must specify within Vault to configure the Registry Docker container to use the Vault configuration mode.

Vault path Description Reference Environment Variable
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchHost Specify an elasticSearchHost value. ELASTICSEARCH_HOST

Optional Vault configuration variables

These are the optional Vault key values that you can specify within Vault to configure the Registry Docker container when used with the Vault configuration mode.

Vault path Description Reference Environment Variable
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/domainName Specify the internal service domain name. If the deployed environment is on a special namespace on Kubernetes, then the domain name should be .svc.cluster.local.

If no value is specified, then the default, default.svc.cluster.local, is used.

 DOMAIN_NAME
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchPort Specify a value if you want to set an elasticSearchPort value, instead of using the default value. ELASTICSEARCH_PORT
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/elasticSearchScheme Specify a value if you want to set an elasticSearchScheme value, instead of using the default value. ELASTICSEARCH_SCHEME
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiHost The Nifi service host name.

The default value is {TENANT}{ENVIRONMENT}nifi-app.{DOMAIN_NAME}.

 NIFI_HOST
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiPort The Nifi service port.

The default value is 30600.

 NIFI_PORT
${VAULT_URL}/${TENANT}/${ENVIRONMENT}/nifiScheme The Nifi service scheme.

The default value is http.

 NIFI_SCHEME
HCL Commerce Version 9.1.15.0 or later${VAULT_URL}/${TENANT}/${ENVIRONMENT}/search-registry-app/schedulerWaitSeconds The registry service scheduler job run interval, in seconds.

The default value is 300 seconds (5 minutes).

As of the HCL Commerce9.1.14.0 release, the NiFi Registry container is now run as a non-root user. However, the cron job that is used to run the scheduler is required to run as the root user. Therefore, this mechanism is introduced to run scheduled_job.sh. You can check the log at the following path, /SETUP/scheduler/job.log.

 SCHEDULER_WAIT_SEC