PIP Operator Service

The PIP Operator Service manages, deploys, and maps data sources within the PlainID environment. It supports integration with multiple Data Sources, JDBC drivers, and logging/monitoring APIs while maintaining runtime stability across Kubernetes or standalone deployments.

This guide provides a complete reference for installation, environment configuration, health checks, JDBC integration, Docker customization, and logging.

Configuration

Before starting, configure the required Environment Variables. The following table lists the minimum required Redis-related settings for running the PIP Operator Service:

Variable	Description	Default / Notes
`REDIS_HOST`	Redis host	Required
`REDIS_PORT`	Redis port	Required
`REDIS_PASS`	Redis password	Default: none

For staging or production environments, use a managed Redis instance.

Notice: Redis must enable notify-keyspace-events. Either allow the application to modify Redis configuration or configure it manually.

For Users with Custom Deployments

When upgrading to pip-operator image 5.2448.4 or higher, configure the PIP service by adding JAVA_OPTS with the new Java system property:
-Dorg.apache.cxf.transport.http.forceVersion=1.1

Environment Variables

The following environment variables are required to manage and configure the PIP Operator Service. They are grouped by functionality for clarity.

Management

These variables control server ports, authentication, transaction management, and Redis connections:

Variable	Description	Default / Notes
`SERVER_PORT`	Server port	Required
`MANAGEMENT_PORT`	Port for info & health checks	Required
`APP_AUTH_ENABLED`	Enable/disable JWT authentication	Default: false
`APP_AUTH_JWT`	JWT token	Required if auth enabled
`APP_AUTH_SECRET`	JWT secret key	Required if auth enabled
`APP_AUTH_ISS`	JWT issuer	Optional
`TRANSACTION_MANAGER_ENABLED`	Enable/disable transaction manager	Required
`TRANSACTION_MANAGER_COORDINATOR_ENVIRONMENT_BEAN_DEFAULT_TIMEOUT`	Transaction timeout (seconds)	Default: 300
`REDIS_HOST`	Redis host	Required
`REDIS_PORT`	Redis port	Required
`REDIS_PASS`	Redis password	Default: none
`REDIS_SSL_ENABLED`	Enable SSL	Default: false
`REDIS_TIMEOUT_MIL`	Connection timeout (ms)	Default: 60000
`REDIS_POOL_MAX_TOTAL`	Max number of connections	Required
`REDIS_POOL_MAX_IDLE`	Max idle connections	Required
`REDIS_POOL_MIN_IDLE`	Minimum warm connections	Required
`REDIS_POOL_MIN_EVIC_MI`	Min idle time before eviction	Required
`REDIS_POOL_TIME_BETWEEN_EVIC_MIL`	Interval between idle checks	Required
`REDIS_SETTINGS_KEY_NAME`	VDB deployed settings key	Default: VDBSettings
`MV_STATUS_LOGGING_FREQUENCY`	Materialized view logging frequency	Default: 60 min
`MV_STATUS_LOGGING_EXTERNAL_STATUS_TABLES`	Names of external materialized view status tables	Optional
`APP_MAX_THREADS`	Max threads for query engine	Default: 64
`APP_MAX_ACTIVE_PLANS`	Number of active query plans	Default: 20
`APP_USER_REQUEST_SOURCE_CONCURRENCY`	Concurrent source queries per request	Default: 0
`QUERY_QUEUE_STATUS_LOGGING_FREQUENCY`	Frequency of logging query queue	Default: 1 min
`ENABLE_VDB_HEALTH_METRICS`	Enable new Prometheus metrics	Optional

VDB

These variables configure the Virtual Database (VDB) connection, protocol, and bind address:

Variable	Description	Default / Notes
`VDB_USERNAME`	JDBC connection username	Default: pip
`VDB_PASSWORD`	JDBC connection password	Default: pa33word
`TRANSPORT_PROTOCOL`	VDB transport protocol	Default: teiid
`TRANSPORT_BIND_ADDRESS`	Transport bind address	Default: 0.0.0.0

Logging

Use these variables to define log levels and formats for different components of the PIP Operator Service:

Variable	Description	Default / Notes
`LOGGING_FORMAT`	Format (JSON or text)	Default: JSON
`LOGGING_ROOT_LEVEL`	Root logging level	Default: error
`LOGGING_TOMCAT_LEVEL`	Tomcat logging level	Default: error
`LOGGING_WEB_LEVEL`	Web logging level	Default: error
`LOGGING_PLAINID_LEVEL`	PlainID components logging level	Default: debug
`LOGGING_TEIID_LEVEL`	Teiid logging level	Default: info
`LOGGING_TEIID_RUNTIME_LEVEL`	Teiid runtime logging level	Default: info
`LOGGING_TEIID_CONNECTOR_LEVEL`	Teiid connector logging level	Default: info
`LOGGING_TEIID_COMMAND_LOG_LEVEL`	Teiid command log level	Default: info

Proxy

These settings control the proxy server behavior:

Variable	Description	Default / Notes
`PROXY_SOCKET_TIMEOUT`	Socket timeout	Default: 2 hours
`PROXY_SOCKET_BUFFER_SIZE`	Input stream buffer size	Default: 8192 bytes
`PROXY_SERVER_PORT`	Tiied proxy server port	Default: 31350

Agent

Variables used by the client-side PAA Agent:

Variable	Description	Default / Notes
`AGENT_URL`	Client-side Agent URL	Default: http://localhost:8761
`PAA_PACKAGE_VERSION`	PAA version for deployment	Required for custom deployments

Health-check

URL

http://<host>:<port>/actuator/health

OK Response

{
  "status": "UP"
}

Java

The PlainID Agent runs with Java 21 and above.

Command Line

java -jar pip-operator-1.0.jar

PIP Operator Service Health Check

The PIP Operator Service GET request retrieves the PAA's PIP Operator health status.

K8:

GET http://plainid-paa-pip-operator/actuator/health

Standalone:

GET http://<pip-operator_address>:<pip-operator_management_port>/actuator/health

Authorization

None

Header

None

Standalone Parameters

Parameter	Value
<pip-operator_address>	Standalone - Server host name
<pip-operator_management_port>	8089 (Default)

Service Response:

{
  "status": "UP",
  "components": {
    "diskSpace": {
      "status": "UP",
      "details": {
        "total": 101203873792,
        "free": 92163268608,
        "threshold": 10485760,
        "exists": true
      }
    },
    "livenessState": {
      "status": "UP"
    },
    "ping": {
      "status": "UP"
    },
    "readinessState": {
      "status": "UP"
    },
    "vdbSettingsState": {
      "status": "UP"
    }
  },
  "groups": [
    "liveness",
    "readiness"
  ]
}

Preloading JDBC Drivers

In some scenarios, you may need to integrate with external data sources that require JDBC drivers not included by default. This section explains how to load third-party drivers into the pip-operator by modifying the container's startup command.

Modifying pipOperator Start Command

To pre-load JDBC drivers:

pipOperator:
  command: [
    - /bin/sh
    - -ec
    - |
      curl -o /app/lib/sample.driver.one.jar https://www.provider-one.com/sample.driver.one.jar && \
      curl -o /app/lib/sample.driver.two.jar https://www.provider-two.com/sample.driver.two.jar && \
      java ${JVM_OPTS} -cp $JAR_NAME -Djava.net.preferIPv4Stack=true -Dloader.path=/app/lib/ -Dloader.main=com.plainid.pipoperator.Starter org.springframework.boot.loader.launch.PropertiesLauncher]

The java command must be last, or the pip-operator will fail to start.

Using a Custom Dockerfile

You can extend the default plainid/pip-operator image to include additional libraries or third-party drivers required for your deployment.

FROM plainid/pip-operator:5.0.16
ADD third-party-driver.jar /app/lib/

Build the new image:

docker build -t plainid/pip-operator:5.0.16-custom-drivers .

Run the container to verify:

docker run -it plainid/pip-operator:5.0.16-custom-drivers ls /app/lib

Expected output:

pip-auth-extensions-1.1.0.jar  third-party-driver.jar

Use this image in your deployment configuration (values-custom.yaml) to ensure drivers are available at runtime.

PIP Operator Logging API

The PIP Operator Logger API lets you retrieve and update log levels for deployed PIP Operator services.

Important

Modify log levels only when troubleshooting. Do not leave lower log levels active in production environments.

Logging Configuration

Temporary changes made with the API are reset on service restart. For persistent changes, configure log levels through Helm or Standalone settings:

Helm: .Values.pipOperator.logLevel
Standalone: PIP Operator Environment Variables

Authentication

These APIs require JWT authentication with Tenant Admin permissions.

Security: Bearer Auth

For more details, see Authentication for Management APIs.

Use your bearer token in the Authorization header:
Authorization: Bearer 123

PAA Logger Endpoints

Retrieve loggers

GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/pip-operator/{PAA_ID}
GET https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/pip-operator/{PAA_ID}/{LOGGER_NAME}

Replace {region} with us1, ca1, or eu1
{PAA_ID}: found in Policy Authorization Agent details
{LOGGER_NAME}: optional, retrieves one specific logger

Append ?configured=false to include all loggers, not just configured ones.

Example GET response (PIP Operator):

{
  "data": {
    "levels": ["OFF","TRACE","DEBUG","INFO","WARN","ERROR"],
    "loggers": {
      "org.teiid.RUNTIME": {
        "configuredLevel": "INFO",
        "effectiveLevel": "INFO"
      },
      "root": {
        "configuredLevel": "INFO",
        "effectiveLevel": "INFO"
      }
    }
  }
}

Response Fields

Parameter	Type	Description
configuredLevel	string	The level set explicitly via configuration or API.
effectiveLevel	string	The actual level applied (may be inherited from a parent logger).

Modify log levels

POST https://api.{region}.plainid.io/pip-mgmt/1.0/monitor/loggers/pip-operator/{PAA_ID}/{LOGGER_NAME}

Example Request

{
  "configuredLevel": "TRACE"
}

Example Response

{
  "data": {
    "configuredLevel": "TRACE",
    "effectiveLevel": "TRACE"
  }
}