Configuration

The Lieutenant API is configured via environment variables:

Environment Variable Description Default

Environment Variable	Description	Default
API_HOST	API host to be used in generated Steward deployment manifests.	`Host` header of HTTP requests.
LIEUTENANT_INSTANCE	Name of the Lieutenant instance (for example `dev`, `int`, `prod`). This value will be set as fact on new clusters.	Empty
NAMESPACE	Namespace where the Kubernetes objects are stored.	`default`
OIDC_DISCOVERY_URL	The OpenID Connect discovery endpoint of the identity provider when using OIDC. It’s returned on the discovery URI and will be picked up by Commodore	Empty
OIDC_CLIENT_ID	The client id used to authenticate when using OIDC. It’s returned on the discovery URI and will be picked up by Commodore	Empty
VAULT_ADDR	The URI of the Vault instance associated with the Lieutenant instance. If not empty, it’s returned on the discovery URI and can be picked up by client tooling.	Empty
VAULT_LOGIN_METHOD	The login method to use for the Vault instance associated with the Lieutenant instance. If not empty, it’s returned on the discovery URI and can be picked up by client tooling.	Empty
K8S_AUTH_CLIENT_CACHE_SIZE	For each new API client (identified by the auth token), a Kubernetes client will be instantiated to pass through the request with the same token, which usually takes 2 seconds. The K8s client instance will be cached for subsequent API calls and this setting controls how many instances to keep in memory. The least-recently-used instances will be evicted from cache after reaching this limit.	Empty (uses internal hardcoded default value)
STEWARD_IMAGE	Image to use in generated Steward deployment manifests.	`docker.io/projectsyn/steward:latest`
DEFAULT_API_SECRET_REF_NAME	Name of a secret to be used as default for tenant’s APISecretRef.	Empty

API_HOST

API host to be used in generated Steward deployment manifests.

Host header of HTTP requests.

LIEUTENANT_INSTANCE

Name of the Lieutenant instance (for example dev, int, prod). This value will be set as fact on new clusters.

Empty

NAMESPACE

Namespace where the Kubernetes objects are stored.

default

OIDC_DISCOVERY_URL

The OpenID Connect discovery endpoint of the identity provider when using OIDC. It’s returned on the discovery URI and will be picked up by Commodore

Empty

OIDC_CLIENT_ID

The client id used to authenticate when using OIDC. It’s returned on the discovery URI and will be picked up by Commodore

Empty

VAULT_ADDR

The URI of the Vault instance associated with the Lieutenant instance. If not empty, it’s returned on the discovery URI and can be picked up by client tooling.

Empty

VAULT_LOGIN_METHOD

The login method to use for the Vault instance associated with the Lieutenant instance. If not empty, it’s returned on the discovery URI and can be picked up by client tooling.

Empty

K8S_AUTH_CLIENT_CACHE_SIZE

For each new API client (identified by the auth token), a Kubernetes client will be instantiated to pass through the request with the same token, which usually takes 2 seconds. The K8s client instance will be cached for subsequent API calls and this setting controls how many instances to keep in memory. The least-recently-used instances will be evicted from cache after reaching this limit.

Empty (uses internal hardcoded default value)

STEWARD_IMAGE

Image to use in generated Steward deployment manifests.

docker.io/projectsyn/steward:latest

DEFAULT_API_SECRET_REF_NAME

Name of a secret to be used as default for tenant’s APISecretRef.

Empty