Модуль доступен только в Deckhouse Enterprise Edition.
Версия схемы: 1
-
https
объект
What certificate type to use with Stronghold.
This parameter completely overrides the
global.modules.https
settings.Примеры:
customCertificate: secretName: stronghold-tls mode: CustomCertificate
certManager: clusterIssuerName: letsencrypt mode: CertManager
-
https.certManager
объект
-
https.certManager.clusterIssuerName
строка
What ClusterIssuer to use for Stronghold.
Currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available. Also, you can define your own.По умолчанию:
letsencrypt
-
https.certManager.clusterIssuerName
строка
-
https.customCertificate
объект
По умолчанию:
{}
-
https.customCertificate.secretName
строка
The name of the secret in the
d8-strognhold
namespace to use with Stronghold.This secret must have the kubernetes.io/tls format.
По умолчанию:
false
-
https.customCertificate.secretName
строка
-
https.mode
строка
The HTTPS usage mode:
CertManager
— Stronghold will use HTTPS and get a certificate from the clusterissuer defined in thecertManager.clusterIssuerName
parameter.CustomCertificate
— Stronghold will use HTTPS using the certificate from thed8-system
namespace.
По умолчанию:
CertManager
Допустимые значения:
CertManager
,CustomCertificate
-
https.certManager
объект
-
ingress
объект
По умолчанию:
{}
-
ingress.class
строка
The class of the Ingress controller used for Stronghold.
An optional parameter. By default, the
modules.ingressClass
global value is used.Шаблон:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Пример:
class: public
-
ingress.class
строка
-
inlet
строка
The way the connection to Stronghold is implemented.
The following inlet types are supported:
Ingress
— access via ingress-nginx controller.
По умолчанию:
Ingress
Допустимые значения:
Ingress
-
management
объект
По умолчанию:
{}
-
management.administrators
массив объектов
An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.
Пример:
administrators: - name: admins type: Group - name: security type: Group - name: manager@mycompany.tld type: User mode: Automatic
- management.administrators.name строка
-
management.administrators.type
строка
Допустимые значения:
Group
,User
-
management.mode
строка
Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in
stronghold-keys
Secret resourceПо умолчанию:
Automatic
Допустимые значения:
Automatic
-
management.administrators
массив объектов