Версия схемы: 1

  • enableAuditLog
    булевый
    Enables audit log.

    По умолчанию: false

    Пример:


    enableAuditLog: true
    
  • enableUserInterface
    булевый
    Enables User Interface.

    По умолчанию: true

    Пример:


    enableUserInterface: false
    
  • https
    объект

    What certificate type to use with Stronghold.

    This parameter completely overrides the global.modules.https settings.

    Примеры:


    customCertificate:
      secretName: stronghold-tls
    mode: CustomCertificate
    
    certManager:
      clusterIssuerName: letsencrypt
    mode: CertManager
    
    • https.certManager
      объект
      • https.certManager.clusterIssuerName
        строка

        What ClusterIssuer to use for Stronghold.

        Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

        По умолчанию: letsencrypt

    • https.customCertificate
      объект

      По умолчанию: {}

      • https.customCertificate.secretName
        строка

        The name of the secret in the d8-strognhold namespace to use with Stronghold.

        This secret must have the kubernetes.io/tls format.

        По умолчанию: false

    • https.mode
      строка

      The HTTPS usage mode:

      • CertManager — Stronghold will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
      • CustomCertificate — Stronghold will use HTTPS using the certificate from the d8-system namespace.

      По умолчанию: CertManager

      Допустимые значения: CertManager, CustomCertificate

  • ingress
    объект

    По умолчанию: {}

    • ingress.class
      строка

      The class of the Ingress controller used for Stronghold.

      An optional parameter. By default, the modules.ingressClass global value is used.

      Шаблон: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Пример:


      class: public
      
  • inlet
    строка

    The way the connection to Stronghold is implemented.

    The following inlet types are supported:

    • Ingress — access via ingress-nginx controller.

    По умолчанию: Ingress

    Допустимые значения: Ingress

  • management
    объект

    По умолчанию: {}

    • management.administrators
      массив объектов
      An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.

      Пример:


      administrators:
      - name: admins
        type: Group
      - name: security
        type: Group
      - name: manager@mycompany.tld
        type: User
      mode: Automatic
      
      • management.administrators.name
        строка
      • management.administrators.type
        строка

        Допустимые значения: Group, User

    • management.mode
      строка
      Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in stronghold-keys Secret resource

      По умолчанию: Automatic

      Допустимые значения: Automatic