Skip to main content
Version: Next

Configuration

You can configure the Connector runtime environment in the following ways:

  • The Zeebe instance to connect to.
  • The Connector functions to run.
  • The secrets that should be available to the Connectors.

Connecting to Zeebe

To use Camunda 8 SaaS specify the connection properties:

CAMUNDA_CLIENT_CLUSTER-ID=xxx
CAMUNDA_CLIENT_AUTH_CLIENT-ID=xxx
CAMUNDA_CLIENT_AUTH_CLIENT-SECRET=xxx
CAMUNDA_CLIENT_REGION=bru-2

You can further configure separate connection properties for Camunda Operate (otherwise it will use the properties configured for Zeebe above):

CAMUNDA_OPERATE_CLIENT_CLIENT-ID=xxx
CAMUNDA_OPERATE_CLIENT_CLIENT-SECRET=xxx

If you are connecting a local Connector runtime to a SaaS cluster, you may want to review our guide to using Connectors in hybrid mode.

Manual discovery of Connectors

By default, the Connector runtime picks up outbound Connectors available on the classpath automatically. To disable this behavior, use the following environment variables to configure Connectors explicitly:

Environment variablePurpose
CONNECTOR_{NAME}_FUNCTION (required)Function to be registered as job worker with the given NAME
CONNECTOR_{NAME}_TYPE (optional)Job type to register for worker with NAME
CONNECTOR_{NAME}_INPUT_VARIABLES (optional)Variables to fetch for worker with NAME
CONNECTOR_{NAME}_TIMEOUT (optional)Timeout in milliseconds for worker with NAME

Through this configuration, you define all job workers to run.

Specifying optional values allows you to override @OutboundConnector-provided Connector configuration.

CONNECTOR_HTTPJSON_FUNCTION=io.camunda.connector.http.rest.HttpJsonFunction
CONNECTOR_HTTPJSON_TYPE=non-default-httpjson-task-type

Secrets

Providing secrets to the runtime environment can be achieved in different ways, depending on your setup.

caution

By default, all environment variables can be used as Connector secrets.

To limit the environment that can be accessed by the default secret provider, configure a prefix. For example:

export CAMUNDA_CONNECTOR_SECRETPROVIDER_ENVIRONMENT_PREFIX='SUPER_SECRETS_'
export SUPER_SECRETS_MY_SECRET='foo' # This will be resolved by using {{ secrets.MY_SECRET }}

The following environment variables can be used to configure the default secret provider:

NameDescriptionDefault value
CAMUNDA_CONNECTOR_SECRETPROVIDER_ENVIRONMENT_ENABLEDWhether the default secret provider is enabled.true
CAMUNDA_CONNECTOR_SECRETPROVIDER_ENVIRONMENT_PREFIXThe prefix applied to the secret name before looking up the environment.""

Multi-tenancy

The Connector Runtime supports multiple tenants for inbound and outbound Connectors. These are configurable in Identity.

A single Connector Runtime can serve a single tenant or can be configured to serve multiple tenants. By default, the runtime uses the tenant ID <default> for all Zeebe-related operations like handling jobs and publishing messages.

info

Support for outbound Connectors with multiple tenants requires a dedicated tenant job worker config (described below). Inbound Connectors automatically work for all tenants the configured Connector Runtime client has access to. This can be configured in Identity via the application assignment.

Environment variables

The Connector Runtime uses the following environment variables to configure multi-tenancy:

NameDescriptionDefault value
ZEEBE_CLIENT_DEFAULT-TENANT-IDThe default tenant ID used to communicate with Zeebe. Changing this value will set a new default tenant ID used for fetching jobs and publishing messages.<default>
ZEEBE_CLIENT_DEFAULT-JOB-WORKER-TENANT-IDSThe default tenant IDs (comma separated) used to activate jobs. To run the Connector Runtime in a setup where a single runtime serves multiple tenants, add each tenant ID to this list.<default>

If you are using an embedded version of the Connector Runtime, you can specify the tenant information in your Spring configuration like in this example application.properties file:

zeebe.client.default-tenant-id=myTenant
zeebe.client.default-job-worker-tenant-ids=myTenant

Outbound Connector config

The Connector Runtime uses the default tenant for outbound Connector-related features. If support for a different tenant or multiple tenants should be enabled, the tenants need to be configured individually using the following environment variables.

If you want to use outbound Connectors for a single tenant that is different from the default tenant, you can specify a different default tenant ID using:

ZEEBE_CLIENT_DEFAULT-TENANT-ID=myTenant

This will change the default tenant ID used for fetching jobs and publishing messages to the tenant ID myTenant.

note

Inbound Connectors will still be enabled for all tenants the Connector Runtime client has access to.

To run the Connector Runtime in a setup where a single runtime serves multiple tenants, add each tenant ID to the list of the default job workers:

ZEEBE_CLIENT_DEFAULT-JOB-WORKER-TENANT-IDS=`myTenant, otherTenant`

In this case, the ZEEBE_CLIENT_DEFAULT-TENANT-ID will not be used for the configuration of job workers.

Inbound Connector configuration

The Connector Runtime fetches and executes all inbound Connectors it receives from Operate independently of the outbound Connector configuration without any additional configuration required from the user.

To restrict the Connector Runtime inbound Connector feature to a single tenant or multiple tenants, use Identity and assign the tenants the Connector application should have access to.

Troubleshooting

To ensure seamless integration and functionality, the multi-tenancy feature must also be enabled across all associated components if not configured in Helm so users can view any data from tenants for which they have authorizations configured in Identity.

Find more information (including links to individual component configuration) on the multi-tenancy concepts page.

Logging

Google Stackdriver (JSON) logging

To enable Google Stackdriver compatible JSON logging, set the environment variable CONNECTORS_LOG_APPENDER=stackdriver on the Connector Runtime.