Skip to content

Sync configuration

See syncs for a conceptual overview.

URI patterns

Any URI passed to flagd via the --uri (-f) flag must follow one of the 4 following patterns with prefixes to ensure that it is passed to the correct implementation:

Implied Sync Provider Prefix Example
file file: file:etc/flagd/my-flags.json
http http(s)://
grpc grpc(s):// grpc://my-flags-server

Source Configuration

While a URI may be passed to flagd via the --uri (-f) flag, some implementations may require further configurations. In these cases the --sources flag should be used.

The flagd accepts a string argument, which should be a JSON representation of an array of SourceConfig objects.

Alternatively, these configurations can be passed to flagd via config file, specified using the --config flag.

Field Type Note
uri required string Flag configuration source of the sync
provider required string Provider type - file, kubernetes, http, or grpc
authHeader optional string Used for http sync; set this to include the complete Authorization header value for any authentication scheme (e.g., "Bearer token_here", "Basic base64_credentials", etc.). Cannot be used with bearerToken
bearerToken optional string (Deprecated) Used for http sync; token gets appended to Authorization header with bearer schema. Cannot be used with authHeader
interval optional uint32 Used for http sync; requests will be made at this interval. Defaults to 5 seconds.
tls optional boolean Enable/Disable secure TLS connectivity. Currently used only by gRPC sync. Default (ex: if unset) is false, which will use an insecure connection
providerID optional string Value binds to grpc connection's providerID field. gRPC server implementations may use this to identify connecting flagd instance
selector optional string Value binds to grpc connection's selector field. gRPC server implementations may use this to filter flag configurations
certPath optional string Used for grpcs sync when TLS certificate is needed. If not provided, system certificates will be used for TLS connection

The uri field values do not follow the URI patterns. The provider type is instead derived from the provider field. Only exception is the remote provider where http(s):// is expected by default. Incorrect URIs will result in a flagd start-up failure with errors from the respective sync provider implementation.

Given below are example sync providers, startup command and equivalent config file definition:

Sync providers:

Startup command:

./bin/flagd start
            {"uri":"https://secure-remote/bearer-auth","provider":"http","authHeader":"Bearer bearer-dji34ld2l"},
            {"uri":"https://secure-remote/basic-auth","provider":"http","authHeader":"Basic dXNlcjpwYXNz"},
            {"uri":"my-flag-source:8080","provider":"grpc", "certPath": "/certs/ca.cert", "tls": true, "providerID": "flagd-weatherapp-sidecar", "selector": "source=database,app=weatherapp"}]'

Configuration file,

  - uri: config/samples/example_flags.json
    provider: file
  - uri: http://my-flag-source.json
    provider: http
    bearerToken: bearer-dji34ld2l
  - uri: default/my-flag-config
    provider: kubernetes
  - uri: my-flag-source:8080
    provider: grpc
  - uri: my-flag-source:8080
    provider: grpc
    certPath: /certs/ca.cert
    tls: true
    providerID: flagd-weatherapp-sidecar
    selector: "source=database,app=weatherapp"