The module lifecycle stage: General Availability
Available in: CE, BE, SE, SE+, EE
How to explicitly enable the module…
You may explicitly enable or disable the module in one of the following ways:
-
Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the
secrets-store-integrationmodule and enable (or disable) the “Module enabled” toggle. Save changes.Example:
-
Via Deckhouse CLI (d8).
Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).
Example of enabling the module:
d8 system module enable secrets-store-integration -
Using ModuleConfig
secrets-store-integration.Set
spec.enabledtotrueorfalsein ModuleConfigsecrets-store-integration(create it if necessary);Example of a manifest to enable module
secrets-store-integration:apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: secrets-store-integration spec: enabled: true
You can configure the module in one of the following ways:
-
Via Deckhouse web UI.
In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the
secrets-store-integrationmodule and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.Example:
You can also edit the ModuleConfig object
secrets-store-integrationon the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the modulesecrets-store-integration) by specifying the schema version in thespec.versionparameter and the necessary module parameters in thespec.settingssection. -
Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).
Edit the existing ModuleConfig
secrets-store-integration(for more details on configuring Deckhouse, see the documentation) by executing the following command:d8 k edit mc secrets-store-integrationMake the necessary changes in the
spec.settingssection. If necessary, specify the schema version in thespec.versionparameter. Save the changes.You can also create a file with manifest for ModuleConfig
secrets-store-integrationusing the example below. Fill in thespec.settingssection with the required module parameters. If necessary, specify the schema version in thespec.versionparameter.Apply the manifest using the following command (indicate the manifest file name):
d8 k apply -f <FILENAME>Example of a manifest for ModuleConfig
secrets-store-integration:apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: secrets-store-integration spec: version: 1 enabled: true settings: # Module parameters from the "Parameters" section below.
Requirements
To the Deckhouse version: 1.70 and above.
Parameters
Schema version: 1
-
-
objectsettings.connection
-
stringsettings.connection.authPathKubernetes Mount Path
Default:
kubernetesPattern:
^[A-Za-z0-9-_]+$Examples:
authPath: kubernetesauthPath: kube-dev -
stringsettings.connection.caCertStronghold or Vault CA in PEM format
Pattern:
^-----BEGIN CERTIFICATE----- (.+ ){5} -
stringsettings.connection.namespaceNamespace in Vault-compatible store
Pattern:
^[A-Za-z0-9-_\/]+$Examples:
namespace: ns1namespace: ns1/sub-ns2 -
stringsettings.connection.urlStronghold or Vault address
Pattern:
^https://[\.:0-9a-zA-Z-]+$Example:
url: https://vault.mycompany.com:8200
-
-
stringsettings.connectionConfigurationDiscoverLocalStronghold for use internal cluster stronghold. Manual for use external stronghold or vault.
Default:
DiscoverLocalStrongholdAllowed values:
Manual,DiscoverLocalStronghold
-