Parameters
- authobject
Parameters to authenticate and authorize access to the documentation web interface.
- allowedUserGroupsarray of strings
An array of groups whose users can browse the documentation.
This parameter is used if the
user-authn
module is enabled or theexternalAuthentication
parameter is set.Caution! Note that you must add those groups to the appropriate field in the
DexProvider
config if this module is used together with theuser-authn
one.Default:
[]
Examples:
allowedUserGroups: - admin - users
allowedUserGroups: []
- externalAuthenticationobject
Parameters to enable external authentication (the Nginx Ingress external-auth mechanism is used that is based on the Nginx auth_request module).
- authSignInURLstring
The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response.
Default:
""
Example:
authSignInURL: https://$host/dex-authenticator/sign_in
- authURLstring
The URL of the authentication service.
If the user is authenticated, the service should return an HTTP 200 response code.
Default:
""
Example:
authURL: https://deckhouse-web-dex-authenticator.d8-system.svc.cluster.local/dex-authenticator/auth
- authSignInURLstring
- passwordstring
The password for HTTP authorization of the
admin
user (it is generated automatically, but you can change it).This parameter is used if the
externalAuthentication
is not enabled.Examples:
password: qwerty123
password: foobar
- allowedUserGroupsarray of strings
- httpsobject
What certificate type to use.
This parameter completely overrides the
global.modules.https
settings.Examples:
https: mode: Disabled
https: mode: OnlyInURI
https: mode: CustomCertificate customCertificate: secretName: foobar
https: mode: CertManager certManager: clusterIssuerName: letsencrypt
- certManagerobject
Parameters for certmanager.
- clusterIssuerNamestring
What ClusterIssuer to use for getting an SSL certificate (currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available; also, you can define your own).Default:
"letsencrypt"
Examples:
clusterIssuerName: letsencrypt
clusterIssuerName: letsencrypt-staging
clusterIssuerName: selfsigned
- clusterIssuerNamestring
- customCertificateobject
Parameters for custom certificate usage.
- secretNamestring
The name of the secret in the
d8-system
namespace to use with the documentation web UI.This secret must have the kubernetes.io/tls format.
- secretNamestring
- modestring
The HTTPS usage mode:
CertManager
— the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in thecertManager.clusterIssuerName
parameter.CustomCertificate
— the web UI is accessed over HTTPS using a certificate from thed8-system
namespace.Disabled
— in this mode, the documentation web UI can only be accessed over HTTP.OnlyInURI
— the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in theuser-authn
will be generated using the HTTPS scheme.
Default:
"CertManager"
Allowed values:
Disabled
,CertManager
,CustomCertificate
,OnlyInURI
- certManagerobject
- ingressClassstring
The class of the Ingress controller of the documentation web UI.
An optional parameter; by default, the
modules.ingressClass
global value is used. - nodeSelectorobject
The same as in the pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Example:
nodeSelector: disktype: ssd
- tolerationsarray of objects
The same as in the pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Example:
tolerations: - key: key1 operator: Equal value: value1 effect: NoSchedule
- effectstring
- keystring
- operatorstring
- tolerationSecondsinteger
- valuestring