The stronghold module: configuration

parameters

Schema version: 1

• settings

  object
  • settings.enableAuditLog

    boolean

    Enables audit log (EE only feature).

    Default: false

    Example:

    
    

    enableAuditLog: true
    

  • settings.enableUserInterface

    boolean

    Enables User Interface.

    Default: true

    Example:

    
    

    enableUserInterface: false
    

  • settings.https

    object

    What certificate type to use with Stronghold.

    This parameter completely overrides the global.modules.https settings.

    Examples:

    
    

    customCertificate:
      secretName: stronghold-tls
    mode: CustomCertificate
    

    certManager:
      clusterIssuerName: letsencrypt
    mode: CertManager
    

    • settings.https.certManager

      object
      • settings.https.certManager.clusterIssuerName

        string

        What ClusterIssuer to use for Stronghold.

        Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

        Default: letsencrypt

    • settings.https.customCertificate

      object

      Default: {}

      • settings.https.customCertificate.secretName

        string

        The name of the secret in the d8-strognhold namespace to use with Stronghold.

        This secret must have the kubernetes.io/tls format.

        Default: false

    • settings.https.mode

      string

      The HTTPS usage mode:

      • CertManager — Stronghold will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
      • CustomCertificate — Stronghold will use HTTPS using the certificate from the d8-system namespace.

      Default: CertManager

      Allowed values: CertManager, CustomCertificate

  • settings.ingress

    object

    Default: {}

    • settings.ingress.class

      string

      The class of the Ingress controller used for Stronghold.

      An optional parameter. By default, the modules.ingressClass global value is used.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Example:

      
      

      class: public
      

  • settings.inlet

    string

    The way the connection to Stronghold is implemented.

    The following inlet types are supported:

    • Ingress — access via ingress-nginx controller.

    Default: Ingress

    Allowed values: Ingress

  • settings.license

    string

    Stronghold EE License key. Leave empty to use Stronghold CE

    Default:

  • settings.management

    object

    Default: {}

    • settings.management.administrators

      array of objects

      An list of users and groups that can access Stronghold as administrators. Other authenticated users will access Stronghold with default policy.

      Example:

      
      

      administrators:
      - name: admins
        type: Group
      - name: security
        type: Group
      - name: manager@mycompany.tld
        type: User
      

      • settings.management.administrators.name

        string
      • settings.management.administrators.type

        string

        Allowed values: Group, User

    • settings.management.mode

      string

      Automatic - enable Stronghold auto-init and auto-unseal. Root token will be stored in stronghold-keys Secret resource

      Default: Automatic

      Allowed values: Automatic

      Example:

      
      

      mode: Automatic