The stronghold module: настройки

Версия схемы: 1

• enableAuditLog

  булевый

  Enables audit log.

  По умолчанию: false

  Пример:

  
  

  enableAuditLog: true
  

• enableUserInterface

  булевый

  Enables User Interface.

  По умолчанию: true

  Пример:

  
  

  enableUserInterface: false
  

• https

  объект

  What certificate type to use with Stronghold.

  This parameter completely overrides the global.modules.https settings.

  Примеры:

  
  

  customCertificate:
    secretName: stronghold-tls
  mode: CustomCertificate
  

  certManager:
    clusterIssuerName: letsencrypt
  mode: CertManager
  

  • https.certManager

    объект
    • https.certManager.clusterIssuerName

      строка

      What ClusterIssuer to use for Stronghold.

      Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

      По умолчанию: letsencrypt

  • https.customCertificate

    объект

    По умолчанию: {}

    • https.customCertificate.secretName

      строка

      The name of the secret in the d8-strognhold namespace to use with Stronghold.

      This secret must have the kubernetes.io/tls format.

      По умолчанию: false

  • https.mode

    строка

    The HTTPS usage mode:

    • CertManager — Stronghold will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
    • CustomCertificate — Stronghold will use HTTPS using the certificate from the d8-system namespace.

    По умолчанию: CertManager

    Допустимые значения: CertManager, CustomCertificate

• ingress

  объект

  По умолчанию: {}

  • ingress.class

    строка

    The class of the Ingress controller used for Stronghold.

    An optional parameter. By default, the modules.ingressClass global value is used.

    Шаблон: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    Пример:

    
    

    class: public
    

• inlet

  строка

  The way the connection to Stronghold is implemented.

  The following inlet types are supported:

  • Ingress — access via ingress-nginx controller.

  По умолчанию: Ingress

  Допустимые значения: Ingress

• management

  объект

  По умолчанию: {}

  • management.administrators

    массив объектов

    An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.

    Пример:

    
    

    administrators:
    - name: admins
      type: Group
    - name: security
      type: Group
    - name: manager@mycompany.tld
      type: User
    

    • management.administrators.name

      строка
    • management.administrators.type

      строка

      Допустимые значения: Group, User

  • management.mode

    строка

    Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in stronghold-keys Secret resource

    По умолчанию: Automatic

    Допустимые значения: Automatic

    Пример:

    
    

    mode: Automatic