Preliminary version. The functionality may change, but the basic features will be preserved. Compatibility with future versions is ensured, but may require additional migration actions.
CodeInstance
Scope: Cluster
Version: v1
CodeInstance is the Schema for the codeinstances API.
-
stringapiVersionAPIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-
stringkindKind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-
objectmetadata
-
objectspecCodeInstanceSpec defines the desired state of the CodeInstance.
-
objectspec.appConfigAppConfig defines application-specific configurations.
Default:
{}-
objectspec.appConfig.contentSecurityPolicyContent Security Policy (CSP) settings for prevent XSS attack
Default:
{}-
objectspec.appConfig.contentSecurityPolicy.directivesContent Security Policy directives
Default:
{}-
stringspec.appConfig.contentSecurityPolicy.directives.child_src
-
stringspec.appConfig.contentSecurityPolicy.directives.connect_src
-
stringspec.appConfig.contentSecurityPolicy.directives.default_src
-
stringspec.appConfig.contentSecurityPolicy.directives.font_src
-
stringspec.appConfig.contentSecurityPolicy.directives.frame_ancestors
-
stringspec.appConfig.contentSecurityPolicy.directives.frame_src
-
stringspec.appConfig.contentSecurityPolicy.directives.img_src
-
stringspec.appConfig.contentSecurityPolicy.directives.media_src
-
stringspec.appConfig.contentSecurityPolicy.directives.object_src
-
stringspec.appConfig.contentSecurityPolicy.directives.script_src
-
stringspec.appConfig.contentSecurityPolicy.directives.style_src
-
-
booleanspec.appConfig.contentSecurityPolicy.enabledEnable Content Security Policy
Default:
true -
booleanspec.appConfig.contentSecurityPolicy.reportOnlyEnable Content Security Policy in report-only mode
Default:
false
-
-
objectspec.appConfig.cronJobsPeriodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
Default:
{} -
stringspec.appConfig.customHtmlHeaderTagsOption to add some header tags for scripts and stylesheets
Default:
-
stringspec.appConfig.defaultColorModeDefault color mode for GitLab UI
Default:
LightAllowed values:
Light,Dark,Auto -
objectspec.appConfig.ldapSettings for LDAP integration with module
-
booleanspec.appConfig.ldap.preventSigninWhen LDAP web sign in is disabled, users don’t see an LDAP tab on the sign-in page
Default:
false -
objectspec.appConfig.ldap.servers
Required value
LDAP servers settings. Refer to documentation for more detailsDefault:
{}
-
-
objectspec.appConfig.omniauthOmniauth defines OmniAuth configurations.
-
array of stringsspec.appConfig.omniauth.allowBypassTwoFactorsign in without using two-factor authentication (2FA) with certain OmniAuth provider
Default:
[] -
array of stringsspec.appConfig.omniauth.allowSingleSignOnAllowSingleSignOn defines the list of providers that can be used for single sign-on
Default:
[] -
booleanspec.appConfig.omniauth.autoLinkLdapUserautomatically link OmniAuth users with existing GitLab users if their email addresses match
Default:
false -
booleanspec.appConfig.omniauth.autoLinkSamlUserautomatically link OmniAuth users with existing GitLab users if their email addresses match
Default:
false -
array of stringsspec.appConfig.omniauth.autoLinkUserautomatically link OmniAuth users with existing GitLab users if their email addresses match
Default:
[] -
stringspec.appConfig.omniauth.autoSignInWithProviderto redirect login requests to your OmniAuth provider for authentication
-
booleanspec.appConfig.omniauth.blockAutoCreatedUsersPlaces automatically-created users in a pending approval state (unable to sign in) until they are approved by an administrator
Default:
true -
booleanspec.appConfig.omniauth.enabledEnable OmniAuth
Default:
false -
array of stringsspec.appConfig.omniauth.externalProvidersEnables you to define which OmniAuth providers you want to be external, so that all users creating accounts, or signing in through these providers are unable to access internal projects
Default:
[] -
array of objectsspec.appConfig.omniauth.providersThe provider names are available in the supported providers list
Default:
[]-
objectspec.appConfig.omniauth.providers.args
-
stringspec.appConfig.omniauth.providers.icon
-
stringspec.appConfig.omniauth.providers.label
-
stringspec.appConfig.omniauth.providers.name
Allowed values:
alicloud,atlassioan_oauth2,auth0,cognito,azute_activedirectory_v2,bitbucket,oauth2_generic,github,gitlab,google_oauth2,jwt,kerberos,openid_connect,salesforce,saml,shibboleth
-
-
array of stringsspec.appConfig.omniauth.syncProfileAttributesList of profile attributes to sync from the provider when signing in
Default:
[ "name", "email" ] -
array of stringsspec.appConfig.omniauth.syncProfileFromProviderList of provider names that GitLab should automatically sync profile information from
Default:
[]
-
-
objectspec.appConfig.rackAttackRackAttack contains basic authentication settings.
-
objectspec.appConfig.rackAttack.gitlabBasicAuthGitlabBasicAuth defines rate-limiting configurations.
-
integerspec.appConfig.rackAttack.gitlabBasicAuth.banTime
Allowed values:
0 <= X -
integerspec.appConfig.rackAttack.gitlabBasicAuth.findTime
Allowed values:
0 <= X -
array of stringsspec.appConfig.rackAttack.gitlabBasicAuth.ipWhitelist
-
integerspec.appConfig.rackAttack.gitlabBasicAuth.maxRetry
Allowed values:
0 <= X
-
-
-
booleanspec.appConfig.signInEnabledwhether to enable sign-in page or not
Default:
true -
booleanspec.appConfig.signUpEnabledwhether to enable sign-up for new users or not
Default:
false -
booleanspec.appConfig.usernameChangingEnabledallow username changes for existing users
Default:
false
-
-
objectspec.backupBackup defines backup configurations.
Default:
{}-
booleanspec.backup.backupBeforeUpdateAutomatic backup creation before module update
Default:
false -
integerspec.backup.backupStorageGbexpected overall size of backups (tar archive) to tune up underlying storage
Default:
3Allowed values:
1 <= X -
stringspec.backup.cronScheduleCron schedule for automatic backups
Default:
0 0 1 * * -
booleanspec.backup.enabledEnable automatic backups
Default:
false -
objectspec.backup.nodeSelectorkubernetes selector to choose node where to run backup process from (by toolbox)
-
objectspec.backup.persistentVolumeClaimsection to describe params of persistent k8s storage used during backup and restore
Default:
{}-
booleanspec.backup.persistentVolumeClaim.enabledwhether to use persistent volumes. Otherwise
emptyDirwill be usedDefault:
false -
stringspec.backup.persistentVolumeClaim.storageClasswhether to use specific k8s storageClass for persistence volumes
-
-
booleanspec.backup.restoreFromBackupModeDeprecated
Default:
false -
objectspec.backup.s3prarams of remote object storage that will keep your backups
-
stringspec.backup.s3.bucketNamename of the backet where backups will be stored
Default:
d8-code-backups -
objectspec.backup.s3.external
-
stringspec.backup.s3.external.accessKeyaccess key for the bucket
-
stringspec.backup.s3.external.endpointendpoint for the bucket
Default:
-
stringspec.backup.s3.external.provider
Required value
object storage providerAllowed values:
Generic,YCloud -
stringspec.backup.s3.external.regionbucket’s region
Default:
-
stringspec.backup.s3.external.secretKeysecret key for the bucket
-
-
stringspec.backup.s3.modewhether to use external object storage or internal one
Default:
External -
stringspec.backup.s3.tmpBucketNamename of the temp bucket where backups will be stored before upload
Default:
d8-code-tmp
-
-
array of stringsspec.backup.skipComponentsList of components to skip during backup
Default:
[ "Artifacts" ]-
stringspec.backup.skipComponents.Element of the array
Allowed values:
Db,Repositories,Uploads,Builds,Artifacts,Pages,Lfs,TerraformState,Registry,Packages,CiSecureFiles,ExternalDiffs
-
-
array of objectsspec.backup.tolerationsTolerations for backup pod(toolbox)
Default:
[]-
stringspec.backup.tolerations.effect
-
stringspec.backup.tolerations.key
-
stringspec.backup.tolerations.operator
-
integerspec.backup.tolerations.tolerationSeconds
-
stringspec.backup.tolerations.value
-
-
-
objectspec.featuresFeatures defines additional feature configurations.
Default:
{}-
objectspec.features.mailMail defines configurations for email-related features.
Default:
{}-
objectspec.features.mail.incomingEmailMailIncomingEmail defines incoming email configurations for Mail.
Default:
{ "address": "", "enabled": false, "host": "", "password": "", "user": "" }-
stringspec.features.mail.incomingEmail.address
Required value
The email address to reference the item being replied to (example - gitlab-incoming+%{key}@gmail.com). Note that the +%{key} suffix should be included in its entirety within the email address and not replaced by another value.Default:
-
booleanspec.features.mail.incomingEmail.enabled
Required value
enable incoming emailDefault:
false -
stringspec.features.mail.incomingEmail.host
Required value
Host for IMAPDefault:
imap.gmail.com -
stringspec.features.mail.incomingEmail.password
Required value
IMAP passwordDefault:
-
integerspec.features.mail.incomingEmail.portPort for IMAP
Default:
993 -
objectspec.features.mail.incomingEmail.serviceDeskEmailMailServiceDeskEmail defines incoming email configurations for Mail.
Default:
{ "address": "", "enabled": false, "host": "", "password": "", "user": "" }-
stringspec.features.mail.incomingEmail.serviceDeskEmail.address
Required value
The email address to reference the item being replied to (example - project_contact+%{key}@gmail.com)Default:
-
booleanspec.features.mail.incomingEmail.serviceDeskEmail.enabled
Required value
Enable Service Desk emailDefault:
false -
stringspec.features.mail.incomingEmail.serviceDeskEmail.host
Required value
Host for IMAPDefault:
imap.gmail.com -
stringspec.features.mail.incomingEmail.serviceDeskEmail.password
Required value
Password for IMAPDefault:
-
integerspec.features.mail.incomingEmail.serviceDeskEmail.portPort for IMAP
Default:
993 -
booleanspec.features.mail.incomingEmail.serviceDeskEmail.sslWhether IMAP server uses SSL
Default:
true -
booleanspec.features.mail.incomingEmail.serviceDeskEmail.startTlsWhether IMAP server uses StartTLS
Default:
false -
stringspec.features.mail.incomingEmail.serviceDeskEmail.user
Required value
Username for IMAP authenticationDefault:
-
-
booleanspec.features.mail.incomingEmail.sslWhether IMAP server uses SSL
Default:
true -
booleanspec.features.mail.incomingEmail.startTlsWhether IMAP server uses StartTLS
Default:
false -
stringspec.features.mail.incomingEmail.user
Required value
Username for IMAP authenticationDefault:
-
-
objectspec.features.mail.outgoingEmail
Default:
{ "displayName": "Deckhouse", "from": "no-reply@deckhouse.io", "replyTo": "no-reply@deckhouse.io" }-
stringspec.features.mail.outgoingEmail.displayName
Required value
Name that appears as the sender for emails from GitLabDefault:
Deckhouse Code -
stringspec.features.mail.outgoingEmail.from
Required value
Email address that appears as the sender for emails from GitLabDefault:
deckhouse.code@example.com -
stringspec.features.mail.outgoingEmail.replyTo
Required value
Reply-to email listed in emails from GitLabDefault:
noreply@example.com -
objectspec.features.mail.outgoingEmail.smtpMailSMTP defines SMTP-related configurations for Mail.
Default:
{}-
stringspec.features.mail.outgoingEmail.smtp.addressHostname or IP of the remote mail server
Default:
smtp.mailgun.org -
stringspec.features.mail.outgoingEmail.smtp.authenticationType of SMTP authentication (
Plain,Login,CramMd5, orNonefor no authentication)Allowed values:
None,Plain,Login,CramMd5 -
stringspec.features.mail.outgoingEmail.smtp.domainOptional HELO domain for SMTP
Default:
-
booleanspec.features.mail.outgoingEmail.smtp.enabledenable outgoing email
Default:
false -
stringspec.features.mail.outgoingEmail.smtp.opensslVerifyModeTLS verification mode (“None”, “Peer”, “ClientOnce”, or “FailIfNoPeerCert”)
Default:
PeerAllowed values:
None,Peer,ClientOnce,FailIfNoPeerCert -
stringspec.features.mail.outgoingEmail.smtp.passwordSMTP password
Default:
-
integerspec.features.mail.outgoingEmail.smtp.portPort for SMTP
Default:
2525 -
booleanspec.features.mail.outgoingEmail.smtp.starttlsAutoUse STARTTLS if enabled on the mail server
Default:
false -
booleanspec.features.mail.outgoingEmail.smtp.tlsEnables SMTP/TLS (SMTPS - SMTP over direct TLS connection)
Default:
false -
stringspec.features.mail.outgoingEmail.smtp.usernameUsername for SMTP authentication https
Default:
-
-
stringspec.features.mail.outgoingEmail.subjectSuffixSuffix on the subject of all outgoing email from GitLab
Default:
-
-
-
objectspec.features.pagesPages defines configurations for GitLab Pages.
Default:
{}-
booleanspec.features.pages.enabledwhether to enable GitLab Pages component
Default:
false -
objectspec.features.pages.s3StorageS3 defines S3 storage configurations.
-
stringspec.features.pages.s3.bucketPrefixprefix for bucket name
Default:
d8-code -
objectspec.features.pages.s3.externalS3External defines external S3 storage settings.
-
stringspec.features.pages.s3.external.accessKeyaccess key for the bucket
-
stringspec.features.pages.s3.external.endpointbucket endpoint
Default:
-
stringspec.features.pages.s3.external.provider
Required value
bucket provider nameAllowed values:
Generic,YCloud -
stringspec.features.pages.s3.external.regionbucket region
Default:
-
stringspec.features.pages.s3.external.secretKeybucket secret key
-
objectspec.features.pages.s3.external.storageOptions
Default:
{}-
stringspec.features.pages.s3.external.storageOptions.serverSideEncryptionEncryption mode for S3 bucket (
AES256orAwsKms)Allowed values:
AES256,AwsKms -
stringspec.features.pages.s3.external.storageOptions.serverSideEncryptionKmsKeyIdAmazon Resource Name. Only needed when
AwsKmsis used inserverSideEncryption.
-
-
-
stringspec.features.pages.s3.modewhether to use external or internal object storage for Pages component
Default:
ExternalAllowed values:
Internal,External
-
-
-
objectspec.features.registryRegistry defines configurations for GitLab Registry.
Default:
{}-
booleanspec.features.registry.enabledwhether registry service enabled or not
Default:
false -
objectspec.features.registry.ingressdefines the network-related configurations for registry
Default:
{}-
objectspec.features.registry.ingress.annotationsmap of additional annotations to be populated for registry service
-
stringspec.features.registry.ingress.hostnametop-level prefix for registry hostname
Default:
code. -
objectspec.features.registry.ingress.httpsHttpsConfig specifies the HTTPS configuration.
-
objectspec.features.registry.ingress.https.certManagerCertManager contains CertManager-related parameters.
-
stringspec.features.registry.ingress.https.certManager.clusterIssuerNamename of cluster issuer of SSL certificates
Default:
letsencrypt
-
-
objectspec.features.registry.ingress.https.customCertificateCustomCertificate contains parameters for custom certificate usage.
-
stringspec.features.registry.ingress.https.customCertificate.secretNamename of secret where custom certificate is stored
-
-
stringspec.features.registry.ingress.https.mode
Default:
CertManagerAllowed values:
CertManager,CustomCertificate,Global
-
-
-
objectspec.features.registry.maintenanceRegistryMaintenance defines maintenance-related configurations for Registry.
Default:
{}-
objectspec.features.registry.maintenance.readOnlyReadOnlyMaintenance enables or disables read-only mode.
Default:
{}-
booleanspec.features.registry.maintenance.readOnly.enabledEnable read-only mode for registry for maintenance purposes
Default:
false
-
-
objectspec.features.registry.maintenance.uploadPurgingUploadPurging defines configurations for purging uploads.
Default:
{}-
stringspec.features.registry.maintenance.uploadPurging.ageage thresholds for artifacts to be deleted. Measured in hours
Default:
168h -
booleanspec.features.registry.maintenance.uploadPurging.dryrunwhether to use in test / dry-run mode or not
Default:
false -
booleanspec.features.registry.maintenance.uploadPurging.enabledwhether to enable uploadPurging or not. Disabled while in readOnly mode
Default:
true -
stringspec.features.registry.maintenance.uploadPurging.intervalinterval of run
Default:
24h
-
-
-
objectspec.features.registry.s3StorageS3 defines S3 storage configurations.
Default:
{}-
stringspec.features.registry.s3.bucketNamename of registry’s bucket
Default:
d8-code-registry -
objectspec.features.registry.s3.external
-
stringspec.features.registry.s3.external.accessKeyaccess key for the bucket
-
stringspec.features.registry.s3.external.endpointbucket endpoint
Default:
-
stringspec.features.registry.s3.external.provider
Required value
s3 storage provider nameAllowed values:
Generic,YCloud -
stringspec.features.registry.s3.external.regionbucket region
Default:
-
stringspec.features.registry.s3.external.secretKeysecret key for the bucket
-
-
stringspec.features.registry.s3.modewhether use external or internal object storage for Registry component
Default:
ExternalAllowed values:
Internal,External
-
-
-
-
objectspec.gitDataGitData defines Git-related data configurations.
-
objectspec.gitData.resourcesResourceList is a set of (resource name, quantity) pairs.
-
stringspec.gitData.storageClasskubernetes storageClass to be used for persistence volumes
-
integerspec.gitData.storagePerReplicaGbsize of all your git data. Needed to calculate size of Volumes for each replica
Default:
1Allowed values:
1 <= X
-
-
objectspec.networkNetworkSettings contains the network-related configurations.
Default:
{}-
objectspec.network.gitSshGitSshConfig contains SSH-related configurations.
-
stringspec.network.gitSsh.hostnameDefine hostname where Git SSH will be available. If prefix is stated, it defaults to cluster domain template. Set it to
'to inherit UI hostname. Be sure that Ingress Nginx controller and SSH Service share same IP address.Default:
code-ssh. -
objectspec.network.gitSsh.serviceGitSshService specifies the service type for Git SSH.
-
objectspec.network.gitSsh.service.annotationsmap of additional annotations to be populated for shell deployment
-
integerspec.network.gitSsh.service.nodePortnodePort used to expose your service. Applicable only for service.type=NodePort
Default:
32022Allowed values:
1024 <= X <= 65535 -
stringspec.network.gitSsh.service.typetype of kubernetes service for exposing your shell component. For singleNode cluster nodePort is reasonable, otherwise LoadBalancer is recommended
Allowed values:
LoadBalancer,NodePort,ClusterIP
-
-
-
stringspec.network.ingressClassIngress class to use in module. If empty defaults to deckhouse global ingress class
Default:
-
booleanspec.network.useOwnLoadBalancerIf true define one LoadBalance service for both Git SSH and UI.
Default:
false -
objectspec.network.webWebConfig defines the web-related configurations.
-
objectspec.network.web.annotationsmap of additional annotations to be populated for webservice deployment
-
stringspec.network.web.hostnameDefine hostname where UI will be available. If prefix is stated, it defaults to cluster domain template Warning! Be sure that https mode and TLS certificate are valid for given hostname
Default:
code. -
objectspec.network.web.httpsHttpsConfig specifies the HTTPS configuration.
-
objectspec.network.web.https.certManagerCertManager contains CertManager-related parameters.
-
stringspec.network.web.https.certManager.clusterIssuerNamename of the clusterIssuer to be used for certificate generations
Default:
letsencrypt
-
-
objectspec.network.web.https.customCertificateCustomCertificate contains parameters for custom certificate usage
-
stringspec.network.web.https.customCertificate.secretNamename of secret where custom certificate is tored
-
-
stringspec.network.web.https.modeway you store/issue certificate. Might be custom/certManager/global
Default:
CertManagerAllowed values:
CertManager,CustomCertificate,Global
-
-
-
-
objectspec.scalingscaling-related configurations
Default:
{}-
booleanspec.scaling.highAvailabilitySwitch to enable the high availability mode.
Default:
false -
integerspec.scaling.targetUserCounthow many users are expecte to use the app
Default:
100Allowed values:
10,100,300,500,1000
-
-
objectspec.storages
Required value
Storages defines the storage-related configurations.-
objectspec.storages.postgres
Required value
StoragePostgres defines Postgres database configurations.-
objectspec.storages.postgres.externalPostgresExternal defines external Postgres settings.
-
stringspec.storages.postgres.external.database
Required value
name of the main database -
stringspec.storages.postgres.external.host
Required value
FQDN address of database serverDefault:
localhost -
stringspec.storages.postgres.external.passwordpassword for main database
-
integerspec.storages.postgres.external.portport of the database server
Default:
5432 -
stringspec.storages.postgres.external.praefectDatabasename of the praefect database
Default:
-
stringspec.storages.postgres.external.praefectPasswordpassword for praefect database
-
stringspec.storages.postgres.external.praefectUsernameusername for praefect database
Default:
postgres -
stringspec.storages.postgres.external.sslModeSSL mode priority for database connection
Allowed values:
disabled,allow,prefer,require,verify-ca,verify-full -
stringspec.storages.postgres.external.username
Required value
username for main databaseDefault:
postgres
-
-
stringspec.storages.postgres.modewhether to use external database or internal one
Allowed values:
Internal,External
-
-
objectspec.storages.redis
Required value
StorageRedis defines Redis configurations.-
objectspec.storages.redis.externalRedisExternal defines external Redis settings.
-
objectspec.storages.redis.external.auth
Required value
RedisAuth defines authentication settings for Redis.-
booleanspec.storages.redis.external.auth.enabled
Required value
redis auth enabledDefault:
false -
stringspec.storages.redis.external.auth.passwordredis auth password
-
stringspec.storages.redis.external.auth.usernameredis auth username
-
-
stringspec.storages.redis.external.hostFQDN address of redis server
Default:
-
stringspec.storages.redis.external.masterNamename of the master node in case of sentinel
-
integerspec.storages.redis.external.portredis server port
Default:
6379 -
stringspec.storages.redis.external.schemeredis connection scheme
Default:
redisAllowed values:
redis,rediss,tcp -
array of objectsspec.storages.redis.external.sentinels
-
stringspec.storages.redis.external.sentinels.host
-
integerspec.storages.redis.external.sentinels.port
-
-
stringspec.storages.redis.external.serverCACA certificate for redis server
-
-
stringspec.storages.redis.mode
Required value
whether to use external redis or internal oneAllowed values:
Internal,External
-
-
objectspec.storages.s3
Required value
defines S3 storage configurations.-
objectspec.storages.s3.bucketNamesS3BucketNames defines bucket naming conventions for S3 storage
Default:
{}-
stringspec.storages.s3.bucketNames.artifactsname of the bucket for artifacts
Default:
d8-code-artifacts -
stringspec.storages.s3.bucketNames.ciSecureFilesname of the bucket for ci secure files like CI secrets
Default:
d8-code-ci-secure-files -
stringspec.storages.s3.bucketNames.dependencyProxyname of the bucket for dependecy proxy
Default:
d8-code-dependency-proxy -
stringspec.storages.s3.bucketNames.externalDiffsname of the bucket for mr diffs
Default:
d8-code-mr-diffs -
stringspec.storages.s3.bucketNames.lfsname of the bucket for git-lfs
Default:
d8-code-git-lfs -
stringspec.storages.s3.bucketNames.packagesname of the bucket for packages
Default:
d8-code-packages -
stringspec.storages.s3.bucketNames.terraformStatename of the bucket for terraform states
Default:
d8-code-terraform-state -
stringspec.storages.s3.bucketNames.uploadsname of the bucket for uploads
Default:
d8-code-uploads
-
-
objectspec.storages.s3.externaldefines external S3 storage settings.
-
stringspec.storages.s3.external.accessKeyaccess key for the bucket
-
stringspec.storages.s3.external.endpointbucket endpoint
Default:
-
stringspec.storages.s3.external.provider
Required value
s3 storage provider nameAllowed values:
Generic,YCloud -
booleanspec.storages.s3.external.proxyDownloadOption allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data
Default:
true -
stringspec.storages.s3.external.regionbucket region
Default:
-
stringspec.storages.s3.external.secretKeysecret key for the bucket
-
objectspec.storages.s3.external.storageOptions
Default:
{}-
stringspec.storages.s3.external.storageOptions.serverSideEncryptionEncryption mode for S3 bucket (
AES256orAwsKms)Allowed values:
AES256,AwsKms -
stringspec.storages.s3.external.storageOptions.serverSideEncryptionKmsKeyIdAmazon Resource Name. Only needed when
AwsKmsis used inserverSideEncryption.
-
-
-
stringspec.storages.s3.mode
Default:
ExternalAllowed values:
Internal,External
-
-
-