Configuration | Deckhouse modules

Schema version: 1

auth

object
Authentication configuration.

Default: {}
- auth.allowedUserGroups
  
  array of strings
  An array of user groups that can access the web UI.
  
  This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.
  
  Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.
- auth.externalAuthentication
  
  object
  Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.
  
  Note! External authentication is enabled automatically if the user-authn module is enabled.
  
  Default: {}
  - auth.externalAuthentication.authSignInURL
    
    string
    URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
  - auth.externalAuthentication.authURL
    
    string
    URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
- auth.password
  
  string
  Password for http authorization of the admin user. It is generated automatically, but you can change it.
  
  This parameter is used if the externalAuthentication is not enabled.
- auth.whitelistSourceRanges
  
  array of strings
  An array if CIDRs that are allowed to authenticate.
  
  Example:
  whitelistSourceRanges: - 1.1.1.1/32
highAvailability

boolean
Manually enable the high availability mode.

By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

Examples:
```
highAvailability: true
```
```
highAvailability: false
```
https

object
What certificate type to use with the web UI.

This parameter completely overrides the global.modules.https settings.

Examples:
```
customCertificate:
  secretName: foobar
mode: CustomCertificate
```
```
certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
```
- https.certManager
  
  object
  
  Default: {}
  - https.certManager.clusterIssuerName
    
    string
    What ClusterIssuer to use for the web UI.
    
    Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.
    
    Default: letsencrypt
- https.customCertificate
  
  object
  
  Default: {}
  - https.customCertificate.secretName
    
    string
    The name of the secret in the d8-system namespace to use with the web UI.
    
    This secret must have the kubernetes.io/tls format.
    
    Default: false
- https.mode
  
  string
  The HTTPS usage mode:
  - Disabled — in this mode, the web UI can only be accessed over HTTP.
  - CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
  - CustomCertificate — the web UI is accessed over HTTPS using the certificate from the d8-system namespace.
  - OnlyInURI — the web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.
  Default: Disabled
  
  Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI
ingressClass

string
The class of the Ingress controller used for the web UI.

An optional parameter. By default, the modules.ingressClass global value is used.

Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

Example:
```
ingressClass: nginx
```
nodeSelector

object
The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

If the parameter is omitted or false, it will be determined automatically.

Example:
```
disktype: ssd
```
postgres

object

Default: {}
- postgres.external
  
  object
  - postgres.external.db
    
    string
    Database name
  - postgres.external.host
    
    string
    Required value
    
    Server address
  - postgres.external.password
    
    string
    Required value
    
    User password
  - postgres.external.port
    
    string
    Required value
    
    Server port
  - postgres.external.user
    
    string
    Required value
    
    User name
- postgres.internal
  
  object
  
  Default: {}
  - postgres.internal.diskSizeGigabytes
    
    integer
    Disk size for PostgreSQL database in gigabytes.
    
    You should manually specify the desired disk size for the PostgreSQL database, but you can increase it later if necessary.
    
    The extended-monitoring module automatically monitors the percentage of used disk space.
    
    CAUTION! If the PostgreSQL data storage becomes full, the application may stop working.
    
    Default: 2
  - postgres.internal.storageClass
    
    string
    The name of the StorageClass to use.
    
    If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, either the global StorageClass or global.discovery.defaultStorageClass is used.
    
    Refer to the documentation section Changing the storage class if you want to change this value.
    
    Examples:
    storageClass: ceph-ssd
    storageClass: network-ssd
- postgres.mode
  
  string
  The PostgreSQL usage mode:
  - Internal — PostgreSQL is deployed in a cluster and managed using the postgres-operator.
  - External - an external PostgreSQL installation managed by the user is used.
  Default: Internal
  
  Allowed values: Internal, External
tolerations

array of objects
The same as in the Pods’ spec.tolerations parameter in Kubernetes;

If the parameter is omitted or false, it will be determined automatically.

Example:
```
tolerations:
- effect: NoSchedule
  key: key1
  operator: Equal
  value: value1
```
- tolerations.effect
  
  string
- tolerations.key
  
  string
- tolerations.operator
  
  string
- tolerations.tolerationSeconds
  
  integer
- tolerations.value
  
  string