Reference: Self-hosted gateway container configuration settings
This article provides a reference for required and optional settings that are used to configure the API Management self-hosted gateway container.
Important
This reference applies only to the self-hosted gateway v2.
Deployment
| Name | Description | Required | Default |
|---|---|---|---|
| config.service.endpoint | Configuration endpoint in Azure API Management for the self-hosted gateway. Find this value in the Azure portal under Gateways > Deployment. | Yes | N/A |
| config.service.auth | Access token (authentication key) of the self-hosted gateway. Find this value in the Azure portal under Gateways > Deployment. | Yes | N/A |
| neighborhood.host | DNS name used to resolve all instances of a self-hosted gateway deployment for cross-instance synchronization. In Kubernetes, it can be achieved by using a headless Service. | No | N/A |
| neighborhood.heartbeat.port | UDP port used for instances of a self-hosted gateway deployment to send heartbeats to other instances. | No | 4291 |
| policy.rate-limit.sync.port | UDP port used for self-hosted gateway instances to synchronize rate limiting across multiple instances. | No | 4290 |
Metrics
| Name | Description | Required | Default |
|---|---|---|---|
| telemetry.metrics.local | Enable local metrics collection through StatsD. Value is one of the following options: none, statsd. |
No | none |
| telemetry.metrics.local.statsd.endpoint | StatsD endpoint. | Yes, if telemetry.metrics.local is set to statsd; otherwise no. |
N/A |
| telemetry.metrics.local.statsd.sampling | StatsD metrics sampling rate. Value must be between 0 and 1, for example, 0.5. | No | N/A |
| telemetry.metrics.local.statsd.tag-format | StatsD exporter tagging format. Value is one of the following options: ibrato, dogStatsD, influxDB. |
No | N/A |
| telemetry.metrics.cloud | Indication whether or not to enable emitting metrics to Azure Monitor. | No | true |
| observability.opentelemetry.enabled | Indication whether or not to enable emitting metrics to an OpenTelemetry collector on Kubernetes. | No | false |
| observability.opentelemetry.collector.uri | URI of the OpenTelemetry collector to send metrics to. | Yes, if observability.opentelemetry.enabled is set to true; otherwise no. |
N/A |
| observability.opentelemetry.histogram.buckets | Histogram buckets in which OpenTelemetry metrics should be reported. Format: "x,y,z,...". | No | "5,10,25,50,100,250,500,1000,2500,5000,10000" |
Logs
| Name | Description | Required | Default |
|---|---|---|---|
| telemetry.logs.std | Enable logging to a standard stream. Value is one of the following options: none, text, json. |
No | text |
| telemetry.logs.std.level | Defines the log level of logs sent to standard stream. Value is one of the following options: all, debug, info, warn, error or fatal. |
No | info |
| telemetry.logs.std.color | Indication whether or not colored logs should be used in standard stream. | No | true |
| telemetry.logs.local | Enable local logging. Value is one of the following options: none, auto, localsyslog, rfc5424, journal, json |
No | auto |
| telemetry.logs.local.localsyslog.endpoint | localsyslog endpoint. | Yes if telemetry.logs.local is set to localsyslog; otherwise no. |
N/A |
| telemetry.logs.local.localsyslog.facility | Specifies localsyslog facility code, for example, 7. |
No | N/A |
| telemetry.logs.local.rfc5424.endpoint | rfc5424 endpoint. | Yes if telemetry.logs.local is set to rfc5424; otherwise no. |
N/A |
| telemetry.logs.local.rfc5424.facility | Facility code per rfc5424, for example, 7 |
No | N/A |
| telemetry.logs.local.journal.endpoint | Journal endpoint. | Yes if telemetry.logs.local is set to journal; otherwise no. |
N/A |
| telemetry.logs.local.json.endpoint | UDP endpoint that accepts JSON data, specified as file path, IP:port, or hostname:port. | Yes if telemetry.logs.local is set to json; otherwise no. |
127.0.0.1:8888 |
Security
| Name | Description | Required | Default |
|---|---|---|---|
| certificates.local.ca.enabled | Indication whether or not to the self-hosted gateway should use local CA certificates that are mounted. It's required to run the self-hosted gateway as root or with user ID 1001. | No | false |
| net.server.tls.ciphers.allowed-suites | Comma-separated list of ciphers to use for TLS connection between API client and the self-hosted gateway. | No | N/A |
| net.client.tls.ciphers.allowed-suites | Comma-separated list of ciphers to use for TLS connection between the self-hosted gateway and the backend. | No | N/A |
How to configure settings
Kubernetes YAML file
When deploying the self-hosted gateway to Kubernetes using a YAML file, configure settings as name-value pairs in the data element of the gateway's ConfigMap. For example:
apiVersion: v1
kind: ConfigMap
metadata:
name: contoso-gateway-environment
data:
config.service.endpoint: "contoso.configuration.azure-api.net"
telemetry.logs.std: "text"
telemetry.logs.local.localsyslog.endpoint: "/dev/log"
telemetry.logs.local.localsyslog.facility: "7"
[...]
Helm chart
When using Helm to deploy the self-hosted gateway to Kubernetes, pass chart configuration settings as parameters to the helm install command. For example:
helm install azure-api-management-gateway \
--set gateway.configuration.uri='contoso.configuration.azure-api.net' \
--set gateway.auth.key='GatewayKey contosogw&xxxxxxxxxxxxxx...' \
--set secret.createSecret=false \
--set secret.existingSecretName=`mysecret` \
azure-apim-gateway/azure-api-management-gateway
Next steps
Feedback
Submit and view feedback for