Available in:  BE, SE, SE+, EE

Experimental version. The functionality may undergo significant changes. Compatibility with future versions is not guaranteed.

parameters

Schema version: 1

  • settings
    object
    • externalMetricsAccess
      object
      Settings for external access to metrics.

      Default: {}

      • externalMetricsAccess.enabled
        boolean

        Whether to enable metrics external read access.

        If enabled, the observability module will expose the metrics via ingress for reading. Metrics can be read using the Prometheus-compatible API. Providing a valid ServiceAccount token via the Authorization: Bearer header is mandatory. See the documentation for more details.

        Default: false

      • externalMetricsAccess.whitelistSourceRanges
        array of strings
        An array if CIDRs that are allowed to read metrics. If not specified, no restrictions are applied.

        Default: []

        Example: 


        whitelistSourceRanges:
- 1.1.1.1/32
    • https
      object

      What certificate type to use with observability module.

      This parameter completely overrides the global.modules.https settings.

      Examples: 


      customCertificate:
  secretName: foobar
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • https.certManager
        object
        • https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for the observability module.

          Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

          Default: letsencrypt

      • https.customCertificate
        object

        Default: {}

        • https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with the observability module.

          This secret must have the kubernetes.io/tls format.

          Default: false

      • https.mode
        string

        The HTTPS usage mode:

        • Disabled — the observability module will work over HTTP only;
        • CertManager — the observability module will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
        • CustomCertificate — the observability module will use HTTPS using the certificate from the d8-system namespace.
        • OnlyInURI — the observability module will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

        Default: Disabled

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI