The module does not have any mandatory parameters.

The module is enabled by default in the following bundles: Default, Managed. The module is disabled by default in the Minimal bundle.

How to explicitly enable the module…

Note that the configOverrides parameter of the InitConfiguration resource is used when installing Deckhouse, not ModuleConfig.

Set the documentationEnabled: true or documentationEnabled: false in the configOverrides parameter to explicitly enable or disable the module when installing Deckhouse.

Use the documentation section of the configOverrides parameter to configure the module when installing Deckhouse.

Set the spec.enabled module parameter to true or false to explicitly enable or disable the module.

Example of enabling the documentation module:

kind: ModuleConfig
  name: documentation
  enabled: true

Example of disabling the documentation module:

kind: ModuleConfig
  name: documentation
  enabled: false

The module is configured using the ModuleConfig custom resource named documentation (learn more about setting up Deckhouse…).

Example of the ModuleConfig/documentation resource for configuring the module:

kind: ModuleConfig
  name: documentation
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.


Schema version: 1

  • authobject

    Parameters to authenticate and authorize access to the documentation web interface.

    • auth.allowedUserGroupsarray of strings

      An array of groups whose users can browse the documentation.

      This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

      Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

      Default: []


      - admin
      - users
      allowedUserGroups: []
    • auth.externalAuthenticationobject

      Parameters to enable external authentication based on the Nginx Ingress external-auth mechanism that uses the Nginx auth_request module.

      External authentication is enabled automatically if the user-authn module is enabled.

      • auth.externalAuthentication.authSignInURLstring

        The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response.

        Default: ""


        authSignInURL: https://$host/dex-authenticator/sign_in
      • auth.externalAuthentication.authURLstring

        The URL of the authentication service.

        If the user is authenticated, the service should return an HTTP 200 response code.

        Default: ""


        authURL: https://documentation-dex-authenticator.d8-system.svc.cluster.local/dex-authenticator/auth
  • httpsobject

    What certificate type to use.

    This parameter completely overrides the global.modules.https settings.


      mode: Disabled
      mode: OnlyInURI
      mode: CustomCertificate
        secretName: foobar
      mode: CertManager
        clusterIssuerName: letsencrypt
    • https.certManagerobject

      Parameters for certmanager.

      • https.certManager.clusterIssuerNamestring

        What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own).

        Default: "letsencrypt"


        clusterIssuerName: letsencrypt
    • https.customCertificateobject

      Parameters for custom certificate usage.

      • https.customCertificate.secretNamestring

        The name of the secret in the d8-system namespace to use with the documentation web UI.

        This secret must have the format.

    • https.modestring

      The HTTPS usage mode:

      • CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
      • CustomCertificate — the web UI is accessed over HTTPS using a certificate from the d8-system namespace.
      • Disabled — in this mode, the documentation web UI can only be accessed over HTTP.
      • OnlyInURI — the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme.

      Default: "CertManager"

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • ingressClassstring

    The class of the Ingress controller of the documentation web UI.

    An optional parameter; by default, the modules.ingressClass global value is used.

    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

  • nodeSelectorobject

    The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.


      disktype: ssd
  • tolerationsarray of objects

    The same as in the pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.


    - key: key1
      operator: Equal
      value: value1
      effect: NoSchedule
    • tolerations.effectstring
    • tolerations.keystring
    • tolerations.operatorstring
    • tolerations.tolerationSecondsinteger
    • tolerations.valuestring


user-authn module provides authentication by default. Also, externalAuthentication can be configured (see below). If these options are disabled, the module will use basic auth with the auto-generated password.

Use kubectl to see password:

kubectl -n d8-system exec deploy/deckhouse -- deckhouse-controller module values documentation -o json | jq '.documentation.internal.auth.password'

Delete secret to re-generate password:

kubectl -n d8-system delete secret/documentation-basic-auth

Note! The auth.password parameter is deprecated.