The module is available only in Deckhouse Enterprise Edition and is licensed separately
Schema version: 1
-
enableUserInterfaceEnables User Interface.
Default:
true
Example:
enableUserInterface: false
-
https
What certificate type to use with Stronghold.
This parameter completely overrides the
global.modules.https
settings.Examples:
customCertificate: secretName: stronghold-tls mode: CustomCertificate
certManager: clusterIssuerName: letsencrypt mode: CertManager
-
https.certManager
-
https.certManager.clusterIssuerName
What ClusterIssuer to use for Stronghold.
Currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available. Also, you can define your own.Default:
letsencrypt
-
-
https.customCertificate
Default:
{}
-
https.customCertificate.secretName
The name of the secret in the
d8-strognhold
namespace to use with Stronghold.This secret must have the kubernetes.io/tls format.
Default:
false
-
-
https.mode
The HTTPS usage mode:
CertManager
— Stronghold will use HTTPS and get a certificate from the clusterissuer defined in thecertManager.clusterIssuerName
parameter.CustomCertificate
— Stronghold will use HTTPS using the certificate from thed8-system
namespace.
Default:
CertManager
Allowed values:
CertManager
,CustomCertificate
-
-
ingress
Default:
{}
-
ingress.class
The class of the Ingress controller used for Stronghold.
An optional parameter. By default, the
modules.ingressClass
global value is used.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Example:
class: public
-
-
inlet
The way the connection to Stronghold is implemented.
The following inlet types are supported:
Ingress
— access via ingress-nginx controller.
Default:
Ingress
Allowed values:
Ingress
-
management
Default:
{}
-
management.administratorsAn list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.
Example:
administrators: - name: admins type: Group - name: security type: Group - name: manager@mycompany.tld type: User mode: Automatic
-
management.administrators.name
-
management.administrators.type
Allowed values:
Group
,User
-
-
management.modeAutomatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in
stronghold-keys
Secret resourceDefault:
Automatic
Allowed values:
Automatic
-