Доступно с ограничениями в редакциях BE, SE, SE+, EE, CSE Lite (1.67), CSE Pro (1.67)

параметры

Версия схемы: 1

  • settings
    объект
    • enableAuditLog
      булевый
      Enables audit log.

      По умолчанию: false

      Пример: 


      enableAuditLog: true
    • enableUserInterface
      булевый
      Enables User Interface.

      По умолчанию: true

      Пример: 


      enableUserInterface: false
    • https
      объект

      What certificate type to use with Stronghold.

      This parameter completely overrides the global.modules.https settings.

      Примеры: 


      customCertificate:
  secretName: stronghold-tls
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • https.certManager
        объект
        • https.certManager.clusterIssuerName
          строка

          What ClusterIssuer to use for Stronghold.

          Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

          По умолчанию: letsencrypt

      • https.customCertificate
        объект

        По умолчанию: {}

        • https.customCertificate.secretName
          строка

          The name of the secret in the d8-strognhold namespace to use with Stronghold.

          This secret must have the kubernetes.io/tls format.

          По умолчанию: false

      • https.mode
        строка

        The HTTPS usage mode:

        • CertManager — Stronghold will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
        • CustomCertificate — Stronghold will use HTTPS using the certificate from the d8-system namespace.

        По умолчанию: CertManager

        Допустимые значения: CertManager, CustomCertificate

    • ingress
      объект

      По умолчанию: {}

      • ingress.class
        строка

        The class of the Ingress controller used for Stronghold.

        An optional parameter. By default, the modules.ingressClass global value is used.

        Шаблон: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

        Пример: 


        class: public
    • inlet
      строка

      The way the connection to Stronghold is implemented.

      The following inlet types are supported:

      • Ingress — access via ingress-nginx controller.

      По умолчанию: Ingress

      Допустимые значения: Ingress

    • management
      объект

      По умолчанию: {}

      • management.administrators
        массив объектов
        An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.

        Пример: 


        administrators:
- name: admins
  type: Group
- name: security
  type: Group
- name: manager@mycompany.tld
  type: User
        • management.administrators.name
          строка
        • management.administrators.type
          строка

          Допустимые значения: Group, User

      • management.mode
        строка
        Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in stronghold-keys Secret resource

        По умолчанию: Automatic

        Допустимые значения: Automatic

        Пример: 


        mode: Automatic