Модуль доступен только в Deckhouse Enterprise Edition, лицензируется и оплачивается отдельно
Версия схемы: 1
-
enableUserInterfaceEnables User Interface.
По умолчанию:
true
Пример:
enableUserInterface: false
-
https
What certificate type to use with Stronghold.
This parameter completely overrides the
global.modules.https
settings.Примеры:
customCertificate: secretName: stronghold-tls mode: CustomCertificate
certManager: clusterIssuerName: letsencrypt mode: CertManager
-
https.certManager
-
https.certManager.clusterIssuerName
What ClusterIssuer to use for Stronghold.
Currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available. Also, you can define your own.По умолчанию:
letsencrypt
-
-
https.customCertificate
По умолчанию:
{}
-
https.customCertificate.secretName
The name of the secret in the
d8-strognhold
namespace to use with Stronghold.This secret must have the kubernetes.io/tls format.
По умолчанию:
false
-
-
https.mode
The HTTPS usage mode:
CertManager
— Stronghold will use HTTPS and get a certificate from the clusterissuer defined in thecertManager.clusterIssuerName
parameter.CustomCertificate
— Stronghold will use HTTPS using the certificate from thed8-system
namespace.
По умолчанию:
CertManager
Допустимые значения:
CertManager
,CustomCertificate
-
-
ingress
По умолчанию:
{}
-
ingress.class
The class of the Ingress controller used for Stronghold.
An optional parameter. By default, the
modules.ingressClass
global value is used.Шаблон:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Пример:
class: public
-
-
inlet
The way the connection to Stronghold is implemented.
The following inlet types are supported:
Ingress
— access via ingress-nginx controller.
По умолчанию:
Ingress
Допустимые значения:
Ingress
-
management
По умолчанию:
{}
-
management.administratorsAn list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.
Пример:
administrators: - name: admins type: Group - name: security type: Group - name: manager@mycompany.tld type: User mode: Automatic
-
management.administrators.name
-
management.administrators.type
Допустимые значения:
Group
,User
-
-
management.modeAutomatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in
stronghold-keys
Secret resourceПо умолчанию:
Automatic
Допустимые значения:
Automatic
-