The module does not have any mandatory parameters.

An example of the configuration

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: deckhouse-tools
spec:
  enabled: true
  version: 1

The module is enabled by default in the following bundles: Default, Managed. The module is disabled by default in the Minimal bundle.

How to explicitly enable the module…

Set the spec.enabled module parameter to true or false in the ModuleConfig/deckhouse-tools resource (create it, if necessary) to explicitly enable or disable the module, or use the deckhouse-controller module command in the d8-system/deckhouse pod.

Example of enabling the module:

  • by using the ModuleConfig resource:

    apiVersion: deckhouse.io/v1alpha1
    kind: ModuleConfig
    metadata:
      name: deckhouse-tools
    spec:
      enabled: true
    
  • by using the deckhouse-controller command (you need a kubectl, configured to work with the cluster):

    kubectl -ti -n d8-system exec svc/deckhouse-leader -c deckhouse -- deckhouse-controller module enable deckhouse-tools
    

Example of disabling the module:

  • by using the ModuleConfig resource:

    apiVersion: deckhouse.io/v1alpha1
    kind: ModuleConfig
    metadata:
      name: deckhouse-tools
    spec:
      enabled: false
    
  • by using the deckhouse-controller command (you need a kubectl, configured to work with the cluster):

    kubectl -ti -n d8-system exec svc/deckhouse-leader -c deckhouse -- deckhouse-controller module disable deckhouse-tools
    

The module is configured using the ModuleConfig custom resource named deckhouse-tools (learn more about setting up Deckhouse…).

Example of the ModuleConfig/deckhouse-tools resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: deckhouse-tools
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • auth
    object

    Parameters to authenticate and authorize access to the module’s web interface.

    • auth.allowedUserGroups
      array of strings

      An array of groups whose users can browse the module’s web interface.

      This parameter is used if the user-authn module is enabled or if the externalAuthentication parameter is set.

      Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

      Default: []

      Examples:

      allowedUserGroups:
      - admin
      - users
      
      allowedUserGroups: []
      
    • auth.externalAuthentication
      object

      Parameters to enable external authentication based on the NGINX Ingress external-auth mechanism that uses the Nginx auth_request module.

      External authentication is enabled automatically if the user-authn module is enabled.

      • auth.externalAuthentication.authSignInURL
        string

        The URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response).

        Default: ""

        Example:

        authSignInURL: https://$host/dex-authenticator/sign_in
        
      • auth.externalAuthentication.authURL
        string

        The URL of the authentication service.

        If the user is authenticated, the service should return an HTTP 200 response code.

        Default: ""

        Example:

        authURL: https://deckhouse-tools-dex-authenticator.d8-system.svc.cluster.local/dex-authenticator/auth
        
  • https
    object

    What certificate type to use.

    This parameter completely overrides the global.modules.https settings.

    Examples:

    https:
      mode: Disabled
    
    https:
      mode: OnlyInURI
    
    https:
      mode: CustomCertificate
      customCertificate:
        secretName: foobar
    
    https:
      mode: CertManager
      certManager:
        clusterIssuerName: letsencrypt
    
    • https.certManager
      object

      Parameters for certmanager.

      • https.certManager.clusterIssuerName
        string

        What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are supported; you can also define your own).

        Default: "letsencrypt"

        Example:

        clusterIssuerName: letsencrypt
        
    • https.customCertificate
      object

      Parameters for custom certificate usage.

      • https.customCertificate.secretName
        string

        The name of the secret in the d8-system namespace to use with the module’s web interface.

        Note that this secret must conform to the kubernetes.io/tls format.

    • https.mode
      string

      The HTTPS usage mode:

      • CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
      • CustomCertificate — the web UI is accessed over HTTPS using a certificate from the d8-system namespace.
      • Disabled — in this mode, the module’s web interface can only be accessed over HTTP.
      • OnlyInURI — the module’s web interface will work over HTTP (implies there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. The load balancer should provide redirection from HTTP to HTTPS.

      Default: "CertManager"

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • ingressClass
    string

    The class of the Ingress controller of the module web interface.

    An optional parameter; by default, the modules.ingressClass global value is used.

    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

  • nodeSelector
    object

    The same as in the pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    nodeSelector:
      disktype: ssd
    
  • tolerations
    array of objects

    The same as in the pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    tolerations:
    - key: key1
      operator: Equal
      value: value1
      effect: NoSchedule
    
    • tolerations.effect
      string
    • tolerations.key
      string
    • tolerations.operator
      string
    • tolerations.tolerationSeconds
      integer
    • tolerations.value
      string