The module does not have any mandatory parameters.
The module is enabled by default in the following bundles: Default
, Managed
.
The module is disabled by default in the Minimal
bundle.
The module is configured using the ModuleConfig custom resource named documentation
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/documentation
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: documentation
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- authobject
Parameters to authenticate and authorize access to the documentation web interface.
- auth.allowedUserGroupsarray of strings
An array of groups whose users can browse the documentation.
This parameter is used if the
user-authn
module is enabled or theexternalAuthentication
parameter is set.Caution! Note that you must add those groups to the appropriate field in the
DexProvider
config if this module is used together with theuser-authn
one.Default:
[]
Examples:
allowedUserGroups: - admin - users
allowedUserGroups: []
- auth.externalAuthenticationobject
Parameters to enable external authentication based on the Nginx Ingress external-auth mechanism that uses the Nginx auth_request module.
External authentication is enabled automatically if the user-authn module is enabled.
- auth.externalAuthentication.authSignInURLstring
The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response.
Default:
""
Example:
authSignInURL: https://$host/dex-authenticator/sign_in
- auth.externalAuthentication.authURLstring
The URL of the authentication service.
If the user is authenticated, the service should return an HTTP 200 response code.
Default:
""
Example:
authURL: https://documentation-dex-authenticator.d8-system.svc.cluster.local/dex-authenticator/auth
- auth.externalAuthentication.authSignInURLstring
- auth.allowedUserGroupsarray of strings
- httpsobject
What certificate type to use.
This parameter completely overrides the
global.modules.https
settings.Examples:
https: mode: Disabled
https: mode: OnlyInURI
https: mode: CustomCertificate customCertificate: secretName: foobar
https: mode: CertManager certManager: clusterIssuerName: letsencrypt
- https.certManagerobject
Parameters for certmanager.
- https.certManager.clusterIssuerNamestring
What ClusterIssuer to use for getting an SSL certificate (currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available; also, you can define your own).Default:
"letsencrypt"
Example:
clusterIssuerName: letsencrypt
- https.certManager.clusterIssuerNamestring
- https.customCertificateobject
Parameters for custom certificate usage.
- https.customCertificate.secretNamestring
The name of the secret in the
d8-system
namespace to use with the documentation web UI.This secret must have the kubernetes.io/tls format.
- https.customCertificate.secretNamestring
- https.modestring
The HTTPS usage mode:
CertManager
— the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in thecertManager.clusterIssuerName
parameter.CustomCertificate
— the web UI is accessed over HTTPS using a certificate from thed8-system
namespace.Disabled
— in this mode, the documentation web UI can only be accessed over HTTP.OnlyInURI
— the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in theuser-authn
will be generated using the HTTPS scheme.
Default:
"CertManager"
Allowed values:
Disabled
,CertManager
,CustomCertificate
,OnlyInURI
- https.certManagerobject
- ingressClassstring
The class of the Ingress controller of the documentation web UI.
An optional parameter; by default, the
modules.ingressClass
global value is used.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- nodeSelectorobject
The same as in the pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Example:
nodeSelector: disktype: ssd
- tolerationsarray of objects
The same as in the pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Example:
tolerations: - key: key1 operator: Equal value: value1 effect: NoSchedule
- tolerations.effectstring
- tolerations.keystring
- tolerations.operatorstring
- tolerations.tolerationSecondsinteger
- tolerations.valuestring
Authentication
user-authn module provides authentication by default. Also, externalAuthentication can be configured (see below). If these options are disabled, the module will use basic auth with the auto-generated password.
Use kubectl to see password:
kubectl -n d8-system exec deploy/deckhouse -- deckhouse-controller module values documentation -o json | jq '.documentation.internal.auth.password'
Delete secret to re-generate password:
kubectl -n d8-system delete secret/documentation-basic-auth
Note! The
auth.password
parameter is deprecated.