Available with limitations in BE, SE, SE+, EE, CSE Lite (1.67), CSE Pro (1.67)

parameters

Schema version: 1

  • settings
    object
    • enableAuditLog
      boolean
      Enables audit log (EE only feature).

      Default: false

      Example: 


      enableAuditLog: true
    • enableUserInterface
      boolean
      Enables User Interface.

      Default: true

      Example: 


      enableUserInterface: false
    • https
      object

      What certificate type to use with Stronghold.

      This parameter completely overrides the global.modules.https settings.

      Examples: 


      customCertificate:
  secretName: stronghold-tls
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • https.certManager
        object
        • https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for Stronghold.

          Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

          Default: letsencrypt

      • https.customCertificate
        object

        Default: {}

        • https.customCertificate.secretName
          string

          The name of the secret in the d8-strognhold namespace to use with Stronghold.

          This secret must have the kubernetes.io/tls format.

          Default: false

      • https.mode
        string

        The HTTPS usage mode:

        • CertManager — Stronghold will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
        • CustomCertificate — Stronghold will use HTTPS using the certificate from the d8-system namespace.

        Default: CertManager

        Allowed values: CertManager, CustomCertificate

    • ingress
      object

      Default: {}

      • ingress.class
        string

        The class of the Ingress controller used for Stronghold.

        An optional parameter. By default, the modules.ingressClass global value is used.

        Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

        Example: 


        class: public
    • inlet
      string

      The way the connection to Stronghold is implemented.

      The following inlet types are supported:

      • Ingress — access via ingress-nginx controller.

      Default: Ingress

      Allowed values: Ingress

    • license
      string
      Stronghold EE License key. Leave empty to use Stronghold CE

      Default:

    • management
      object

      Default: {}

      • management.administrators
        array of objects
        An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.

        Example: 


        administrators:
- name: admins
  type: Group
- name: security
  type: Group
- name: manager@mycompany.tld
  type: User
        • management.administrators.name
          string
        • management.administrators.type
          string

          Allowed values: Group, User

      • management.mode
        string
        Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in stronghold-keys Secret resource

        Default: Automatic

        Allowed values: Automatic

        Example: 


        mode: Automatic