Available in editions:  CE, BE, SE, SE+, EE

The module lifecycle stageGeneral Availability

The module does not have any mandatory parameters.

The module has 1 alert.

The module is enabled by default in the following bundles: Default, Managed. The module is disabled by default in the Minimal bundle.

How to explicitly enable the module…

You may explicitly enable or disable the module in one of the following ways:

  • Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the documentation module and enable (or disable) the “Module enabled” toggle. Save changes.

    Example:

    Module enable/disable interface

  • Via Deckhouse CLI (d8).

    Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).

    Example of enabling the module:

    d8 system module enable documentation

  • Using ModuleConfig documentation.

    Set spec.enabled to true or false in ModuleConfig documentation (create it if necessary);

    Example of a manifest to enable module documentation:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: documentation
spec:
  enabled: true

How to configure the module…

You can configure the module in one of the following ways:

  • Via Deckhouse web UI.

    In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the documentation module and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.

    Example:

    Module Setup Interface

    You can also edit the ModuleConfig object documentation on the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the module documentation) by specifying the schema version in the spec.version parameter and the necessary module parameters in the spec.settings section.

  • Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).

    Edit the existing ModuleConfig documentation (for more details on configuring Deckhouse, see the documentation) by executing the following command:

    d8 k edit mc documentation

    Make the necessary changes in the spec.settings section. If necessary, specify the schema version in the spec.version parameter. Save the changes.

    You can also create a file with manifest for ModuleConfig documentation using the example below. Fill in the spec.settings section with the required module parameters. If necessary, specify the schema version in the spec.version parameter.

    Apply the manifest using the following command (indicate the manifest file name):

    d8 k apply -f <FILENAME>

    Example of a manifest for ModuleConfig documentation:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: documentation
spec:
  version: 1
  enabled: true
  settings: # Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • settings
    object
    • settings.auth
      object

      Parameters to authenticate and authorize access to the documentation web interface.

      • settings.auth.allowedUserEmails
        array of strings

        An array of emails of users that can access module’s public web interfaces.

        This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

      • settings.auth.allowedUserGroups
        array of strings

        An array of groups whose users can browse the documentation.

        This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

        Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

        Default: []

        Examples:

        allowedUserGroups:
- admin
- users

        allowedUserGroups: []
      • settings.auth.externalAuthentication
        object

        Parameters to enable external authentication based on the Ingress NGINX external-auth mechanism that uses the Nginx auth_request module.

        External authentication is enabled automatically if the user-authn module is enabled.

        • settings.auth.externalAuthentication.authSignInURL
          string

          The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response.

          Default:

          Example:

          authSignInURL: https://$host/dex-authenticator/sign_in
        • settings.auth.externalAuthentication.authURL
          string

          The URL of the authentication service.

          If the user is authenticated, the service should return an HTTP 200 response code.

          Default:

          Example:

          authURL: https://documentation-dex-authenticator.d8-system.svc.cluster.local/dex-authenticator/auth
    • settings.https
      object

      What certificate type to use.

      This parameter completely overrides the global.modules.https settings.

      Examples:

      https:
  mode: Disabled

      https:
  mode: OnlyInURI

      https:
  mode: CustomCertificate
  customCertificate:
    secretName: foobar

      https:
  mode: CertManager
  certManager:
    clusterIssuerName: letsencrypt
      • settings.https.certManager
        object

        Parameters for certmanager.

        • settings.https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own).

          Default: letsencrypt

          Example:

          clusterIssuerName: letsencrypt
      • settings.https.customCertificate
        object

        Parameters for custom certificate usage.

        • settings.https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with the documentation web UI.

          This secret must have the kubernetes.io/tls format.

      • settings.https.mode
        string

        The HTTPS usage mode:

        • CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
        • CustomCertificate — the web UI is accessed over HTTPS using a certificate from the d8-system namespace.
        • Disabled — in this mode, the documentation web UI can only be accessed over HTTP.
        • OnlyInURI — HTTP access with an external HTTPS balancer. The balancer terminates HTTPS, and all links in user-authn are generated with the HTTPS scheme. The balancer must provide redirection from HTTP to HTTPS.

        Default: CertManager

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • settings.ingressClass
      string

      The class of the Ingress controller of the documentation web UI.

      An optional parameter; by default, the modules.ingressClass global value is used.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    • settings.nodeSelector
      object

      The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

      If the parameter is omitted or false, it will be determined automatically.

      Example:

      nodeSelector:
  disktype: ssd
    • settings.tolerations
      array of objects

      The same as in the pods’ spec.tolerations parameter in Kubernetes;

      If the parameter is omitted or false, it will be determined automatically.

      Example:

      tolerations:
- key: key1
  operator: Equal
  value: value1
  effect: NoSchedule
      • settings.tolerations.effect
        string
      • settings.tolerations.key
        string
      • settings.tolerations.operator
        string
      • settings.tolerations.tolerationSeconds
        integer
      • settings.tolerations.value
        string

Authentication

user-authn module provides authentication by default. Also, externalAuthentication can be configured (see below). If these options are disabled, the module will use basic auth with the auto-generated password.

Use d8 k to see password:

d8 k -n d8-system exec svc/deckhouse-leader -c deckhouse -- deckhouse-controller module values documentation -o json | jq '.internal.auth.password'

Delete the Secret to re-generate password:

d8 k -n d8-system delete secret/documentation-basic-auth

Note! The auth.password parameter is deprecated.