Knowledge Graph Manager (KGM) Configuration

Static configurations to be set under the kgm key in the values.yaml file of the Witboost Helm chart.

note

KGM is disabled by default. To enable it set the enabled property to true.

References

• Knowledge Graph Manager (KGM)

Application configuration

Configuration overrides to be defined under configOverride.

kgm:
  enabled: true
  configOverride:
    # application configurations
    kgm:
      # many app configurations must be defined under this 'kgm' key

warning

Most application configurations must be defined under the kgm.configOverride.kgm key.
Be careful not to confuse this with the root-level kgm key.

Sources and Adapters

References

• Sources and Source Adapters
• Configuring an Ingestion Adapter in KGM
• Configuring a Passthrough Adapter in KGM

Every KGM Source must be configured under the kgm.sources list.

Example

# kgm.configOverride

kgm:
  sources:
    - id: first-source
      name: First Source
      baseUrl: 'http://my-source-adapter:8080'
      modes:
        ingestion:
          enabled: true
          schedule: '0 0 12 ? * * *'
        passthrough:
          enabled: false
      # ...
    - id: second-source
      name: Second Source
      # ...

warning

When a Source Adapter is unregistered (removed from the KGM configuration), all triples previously ingested from that source are automatically removed from KGM.

Key	Type	Required	Default	Description	Example
id	string	Yes		Unique source identifier	my-source
name	string	Yes		Source display name	My Source
baseUrl	string	Yes		Base URL of the Source Adapter. Make sure it is reachable from the KGM service	http://my-source-adapter:8080
modes	object	No		Modes enabled for this source
mtls.enabled	boolean	No	false	Enables mutual TLS for this specific Source Adapter. When set to true, KGM uses the globally configured client certificate for all requests made to this adapter (see mTLS configs). mTLS is ignored for HTTP adapters because TLS cannot be performed over plain HTTP	true

Modes

To setup an Ingestion Source, fill modes.ingestion:

Key	Type	Required	Description	Example
enabled	boolean	Yes	Ingestion mode is enabled for this source	true
schedule	string	Yes, if enabled	Cron expression in Quartz format. Defines how often KGM triggers ingestion from this source	0 0 12 ? * * *

To setup a Passthrough Source, fill modes.passthrough:

Key	Type	Required	Description	Example
enabled	boolean	Yes	Passthrough mode is enabled for this source	true

Search

References

• KGM Search

Example

# kgm.configOverride

kgm:
  search:
    predicates:
      - 'http://www.w3.org/2004/02/skos/core#prefLabel' # skos:prefLabel
      - 'http://www.w3.org/2004/02/skos/core#altLabel' # skos:altLabel
    fullReindex:
      schedule: '0 0 0/12 * * ?'

Key: kgm.search

Key	Type	Required	Default	Description
predicates	string list	No	See list below 1	List of RDF predicates whose literal values should be indexed for full-text search. Only literals attached to these predicates make a subject IRI searchable. Changing this list does not automatically trigger a full reindex. If predicates are modified, a full reindex must be manually triggered through the API or will occur when the next scheduled full reindex runs.
fullReindex.schedule	string	No	0 0 0/12 * * ? 2	Cron expression in Quartz format. Defines when KGM should run a full search index rebuild. A full reindex scans the entire triples store and regenerates the search index from scratch. This is useful for operational maintenance, recovery, or when predicate configuration changes require complete index regeneration.

Security

mTLS

References

• How to enable mTLS between KGM and Source Adapters

Key: kgm.security.mtls

Key	Type	Required	Default	Description
client.certificate.path	string	No	file:/opt/docker/etc/tls/client.p12	Filesystem path to the PKCS#12 archive containing the client certificate and private key used by KGM when establishing mTLS connections with HTTPS Source Adapters
client.certificate.password	string	No	KGM_MTLS_CLIENT_CERTIFICATE_PASSWORD environment variable	Password used to decrypt the PKCS#12 (.p12) archive. Must match the export password set when the certificate was generated
client.bypassCAFiltering	boolean	No	false	If true, it ignores the server-provided list of acceptable issuers when acting as a TLS client. This is useful in mutual TLS scenarios where the server provides a restricted list of acceptable certificate authorities (via the "certificate_authorities" TLS extension), but the client holds a certificate issued by a different (e.g., internal or private) CA. By ignoring the issuers list, the client can still present its certificate even if it is not trusted by the server

Footnotes

1. ["http://schema.org/description", "http://schema.org/name", "http://www.w3.org/2004/02/skos/core#prefLabel", "http://www.w3.org/2004/02/skos/core#altLabel"] ↩

2. every 12 hours starting at 00:00 am ↩