Configuration | Deckhouse modules

The module is available only in Deckhouse Enterprise Edition.

Schema version: 1

allowAnyoneToRuleTheCluster boolean
Turn off token authentification in HTTP requests

Default: false
auth object
Authentication configuration.

Default: {}
- auth.allowedUserGroups array of strings
  An array of user groups that can access Grafana & Prometheus.
  
  This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.
  
  Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.
- auth.externalAuthentication object
  Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.
  - auth.externalAuthentication.authSignInURL string
    URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
  - auth.externalAuthentication.authURL string
    URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
  - auth.externalAuthentication.useBearerTokens boolean
    The dashboard must use the user ID to work with the Kubernetes API (the authentication service must return the Authorization HTTP header that contains the bearer-token – the dashboard will use this token to make requests to the Kubernetes API server).
    
    Default value is false.
    
    Caution! For security reasons, this mode only works if https.mode (global or for a module) is not set to Disabled;
- auth.password string
  Password for http authorization of the admin user. It is generated automatically, but you can change it.
  
  This parameter is used if the externalAuthentication is not enabled.
- auth.sessionTTL string
  User session will be kept for specified amount of time even if user will not log in.
  
  Specified with s, m or h suffix.
  
  Default: 24h
- auth.whitelistSourceRanges array of strings
  An array if CIDRs that are allowed to authenticate.
  
  Example:
```
whitelistSourceRanges:
- 1.1.1.1/32
```
debug object
Debug configuration

Default: {}
- debug.backendLogLevel string
  Log level
  
  Default: info
  
  Allowed values: debug, info, warn, error
- debug.backendPprof boolean
  Enables pprof on /debug/pprof/
  
  Default: false
https object
What certificate type to use with frontend and status apps.

This parameter completely overrides the global.modules.https settings.

Examples:
```
customCertificate:
  secretName: foobar
mode: CustomCertificate
```
```
certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
```
- https.certManager object
  - https.certManager.clusterIssuerName string
    What ClusterIssuer to use for frontend.
    
    Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.
    
    Default: letsencrypt
- https.customCertificate object
  
  Default: {}
  - https.customCertificate.secretName string
    The name of the secret in the d8-system namespace to use with frontend.
    
    This secret must have the kubernetes.io/tls format.
    
    Default: false
- https.mode string
  The HTTPS usage mode:
  - Disabled — frontend will work over HTTP only;
  - CertManager — frontend will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
  - CustomCertificate — frontend will use HTTPS using the certificate from the d8-system namespace.
  - OnlyInURI — frontend will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme.
  Default: Disabled
  
  Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI
nodeSelector object
Node selector for frontend and backend pods. The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

If the parameter is omitted or false, it will be determined automatically.

Example:
```
disktype: ssd
```
tolerations array of objects
Node tolerations for frontend and backend pods. The same as in the Pods’ spec.tolerations parameter in Kubernetes;

If the parameter is omitted or false, it will be determined automatically.

Example:
```
tolerations:
- effect: NoSchedule
  key: key1
  operator: Equal
  value: value1
```
- tolerations.effect string
- tolerations.key string
- tolerations.operator string
- tolerations.tolerationSeconds integer
- tolerations.value string