Deployment configuration samples
This section provides deployment.yaml file templates for ADS 2.x. These examples are designed for quick starts with minimal configuration or for adapting more extensive templates for advanced customization.
note
We recommend using environment variables to substitute sensitive information like passwords. This allows you to manage and protect sensitive data using generic mechanisms external to the deployment file.
Basic deployment template (Quick start)
The following configuration includes only the minimum required settings to start ADS. Use it to set up a development or testing environment quickly.
# Sample configuration for ADS version 2.x
# ─────────────────────────────────────────────
# ADS License Configuration (required)
# ─────────────────────────────────────────────
license: file:<path_to_file>/axiomatics_ADS.license # Path to the license file
# ─────────────────────────────────────────────
# Domain Configuration (required)
# ─────────────────────────────────────────────
domain:
path: file:<path_to_file>/domain.yaml # Local or HTTPS path to domain config
# ─────────────────────────────────────────────
# Authentication (basic auth, default method)
# ─────────────────────────────────────────────
spring:
security:
user:
name: ${ADS_USERNAME:admin} # Use env var USERNAME
password: ${PASSWORD:changeme} # Use env var PASSWORD
note
Unlike domain configuration, deployment configuration requires that default values for environment variables specified in deployment.yaml do not have hyphens (-) appended to them. This is because deployment configuration follows the standard method for setting environment variables as defined by the Spring framework.
Extended deployment template
The following extended template includes more configuration options for customization. All optional properties are commented or explained inline.
# Sample configuration for ADS version 2.x
# ─────────────────────────────────────────────
# License
# ─────────────────────────────────────────────
license: file:<path_to_file>/axiomatics_ADS.license
# ─────────────────────────────────────────────
# Domain
# ─────────────────────────────────────────────
domain:
path: file:<path_to_file>/domain.yaml # Required: local or remote path
# refreshInterval: 10 seconds
# reportNotReadyOnDomainRefreshError: true
# startup:
# maxRetries: 5
# retryInterval: 5 seconds
# authentication:
# username: ${DOMAIN_USER}
# password: ${DOMAIN_PASSWORD}
## Uncomment the following lines for OAuth 2 instead of username/password.
## Only one authentication method can be used at a time.
# oauth2ClientId: hub-adm-client # Uncomment for OAuth2
# tlsConfigurationId: admBundle # Reference to TLS bundle for secure comms
# ─────────────────────────────────────────────
# Authentication
# ─────────────────────────────────────────────
authentication:
enabled: true # Set this property to false to disable authentication.
# Basic authentication
spring:
security:
user:
name: ${ADS_USERNAME:admin}
password: ${PASSWORD:changeme}
# Encrypt password options.
## Select one of the following to further encrypt your password.
# password: "{bcrypt}$2a$10$dXJ3SW6G7P50lGmMkkmwe.20cQQubK3.HZWzG3YB1tlRy.fqvM/BG"
# password: "{pbkdf2}fc4dba2114351689c36b24566788f761fb2f9abf63b5c9fed009d2919808be57"
# password: "{sha256}97cde38028ad898ebc02e690819fa220e88c62e0699403e94fff291cfffaf8410849f27605abcbc0"
# oauth2: # This property is required for both Token and OAuth2 authentications.
# Token authentication
## Note: If Token authentication is enabled, basic authentication is automatically disabled.
# resourceserver:
# jwt:
# audiences: ads # Optional
# jwk-set-uri: <jwks_uri_or_file_path> # Provide the JWKS URI or local file path used for token verification.
# jws-algorithms: <jws_algorithm>
# OAuth2 client configuration (for remote domain retrieval)
## Note: The client ID set here must match the `oauth2ClientId` value defined in `domain.authentication`.
## In our example `hub-adm-client`.
# client:
# registration:
# hub-adm-client:
# client-id: <your_client_id>
# client-secret: ${OAUTH_CLIENT_SECRET}
# authorization-grant-type: <your_grant_type>
# provider: hub-adm-client
# provider:
# hub-adm-client:
# token-uri: <your_token_uri>
# TLS Bundle (Used for remote domain retrieval with mTLS) ####
## Use this bundle if the remote domain endpoint requires client authentication (mTLS).
### The `tlsConfigurationId` in `domain.authentication` must match the bundle ID defined here.
# ssl:
# bundle:
# jks:
# admBundle:
# keystore:
# location: file:<path_to_keystore.jks> # Or .p12 for PKCS12
# password: ${KEYSTORE_PASSWORD}
# type: JKS or PKCS12
# truststore:
# location: file:<path_to_truststore.jks>
# password: ${TRUSTSTORE_PASSWORD}
# type: JKS or PKCS12
# ─────────────────────────────────────────────
# Service ports
# ─────────────────────────────────────────────
server:
port: 8080 # This is the default HTTP port. To specify a custom port replace 8080 with your <custom_http_port> value.
# Enable TLS
# ssl:
# enabled: true
# key-store: file:server_keystore.p12
# key-store-password: password
# key-store-type: PKCS12
# client-auth: none
# ─────────────────────────────────────────────
# Logging
# ─────────────────────────────────────────────
logging:
level:
root: WARN
# com.axiomatics.audit: INFO # Enable audit logging
# Logback configuration
## Add one of the following options to further customize your logging:
# config: <path_to_file>/logbackAdmin.xml
# config: <path_to_file>/logbackEval.xml
# config: <path_to_file>/logbackBothAdminEval.xml
# config: <path_to_file>/logbackSeparateAdminEval.xml
# config: <path_to_file>/logbackJSON.xml
# ─────────────────────────────────────────────
# Metrics
# ─────────────────────────────────────────────
management:
metrics:
enable:
all: false # All metrics are disabled by default. Set this to true to enable all metrics.
# If you want to enable or disable specific metrics uncomment any of the properties below and set true/false values.
# Note: The list below includes selected Spring Boot system metrics, but is not an exhaustive set.
# jvm: true
# logback: true
# process: true
# system: true
# spring: true
# tomcat: true
# http: true
# executor: true
# # ADS-specific metrics
# decisions: true
# error.requests: true
# successful.requests: true
# duration.info: true
# distribution:
# expiry:
# duration.info: 5m
# decisions: 3m
# successful.requests: 2m
# buffer-length:
# duration.info: 3
# successful.requests: 1
endpoints:
web:
exposure:
# This enables the prometheus endpoint.
include: health, info, prometheus # Caution: Avoid overriding with custom values.
# Metrics Backends
# Prometheus
prometheus:
metrics:
# Extra configuration properties for prometheus.
export:
enabled: true
descriptions: off
step: 30s
## InfluxDB
# influx:
# metrics:
# export:
# enabled: true ## Required
# step: 30s
# bucket: my-bucket ## Required
# org: my-organization ## Required
# token: <String that represents the authentication token> ## Required
# uri: <influx_uri> ## Required
# ─────────────────────────────────────────────
# Identity
# ─────────────────────────────────────────────
identity:
constant: default # Static ID (unchanged across restarts)
# prefix: <your-custom-prefix> # Dynamic ID with custom prefix
# ─────────────────────────────────────────────
# Concurrent evaluation (Optional)
# ─────────────────────────────────────────────
# concurrentEvaluation:
# numberOfWorkers: 3 # parallel evaluation for MDP
# ─────────────────────────────────────────────
# Attribute Connector JDBC connection pool (Optional)
# ─────────────────────────────────────────────
# attributeConnectorContext:
# jdbc:
# connectionPool:
# minimumSize: 5
# maximumSize: 10
# ─────────────────────────────────────────────
# Distributed cache (Optional)
# ─────────────────────────────────────────────
# distributedCache:
# enabled: true
# port: 9091
# mode: "REPL_ASYNC" # or "REPL_SYNC"
# clusterName: axio-cache-cluster
# discoveryMethod: multicast # or dns
# dnsQuery: ads-service.default.svc.cluster.local
# cacheStateLocation: /var/lib/ads/cache
# tls:
# keyStorePath: file:<path_to_file>/server_keystore.p12
# keyStorePassword: <your_keystore_password>
# keyStoreType: PKCS12
# ─────────────────────────────────────────────
# Notes
# - Avoid using deprecated ADS 1.x properties
# - Align with Spring Boot conventions
# - Use only supported keys as listed in ADS 2.x documentation
# - Always test configuration in staging before applying to production
How to use
Utilize the sample YAML deployment files as follows:
- Copy either the basic or extended YAML template.
- Replace all
<path_to_file>and placeholder values. - Save the file as
deployment.yaml. - Store it in a directory accessible by ADS, typically the same directory as the executable or container.
- Start the ADS service.
important
During configuration customization, be particularly careful not to unintentionally overwrite default settings, which are critical for the stable operation of ADS.
- Overriding certain properties, such as
domain,license,metrics, orauthentication, with invalid or incomplete values may prevent ADS from starting. - Modify advanced properties only if you understand their impact.
For a detailed explanation of configuration options and properties, see the Basic configuration and Additional configuration sections.