Skip to content

User Config Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/user

Configuration for Application Developers (users), that use the workload cluster

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (User Config)

PROPERTIES:

Property Type Required Nullable Defined by
adminGroups array Optional cannot be null Compliant Kubernetes Apps Config
adminUsers array Optional cannot be null Compliant Kubernetes Apps Config
constraints object Optional cannot be null Compliant Kubernetes Apps Config
createNamespaces boolean Optional cannot be null Compliant Kubernetes Apps Config
namespaces array Optional cannot be null Compliant Kubernetes Apps Config
serviceAccounts array Optional cannot be null Compliant Kubernetes Apps Config
alertmanager object Optional cannot be null Compliant Kubernetes Apps Config
sealedSecrets object Optional cannot be null Compliant Kubernetes Apps Config
mongodb object Optional cannot be null Compliant Kubernetes Apps Config
fluxv2 object Optional cannot be null Compliant Kubernetes Apps Config
kafka object Optional cannot be null Compliant Kubernetes Apps Config

adminGroups

List of groups that Application Developers are apart of that should have access to the cluster.

adminGroups

TYPE:

string[]

adminUsers

List of Application Developers that should have access to the cluster.

adminUsers

TYPE:

string[]

constraints

Any namespace listed in constraints are exempted from HNC managed namespaces.

This to override the Pod Security Admission level.

Example of constraint can be found here: Example Constraint

The only extra label `psaLevel: \`` is shown in the following example:

<namespace>:
  psaLevel: <baseline/privileged>
  <service-name>:
    ...

constraints

TYPE:

object (Constraints)

createNamespaces

This only controls if the namespaces should be created, user RBAC is always created.

createNamespaces

TYPE:

boolean (Enable Create Namespaces)

namespaces

List of namespaces that should be created for Application Developer.

It is common to create one namespace for the Application Developer and then create namespaces via HNC.

Requires that user.createNamespaces is enabled.

namespaces

TYPE:

string[]

serviceAccounts

List of serviceAccounts to create RBAC rules for, used for dev situations.

Application developer kube-config for contributors

serviceAccounts

TYPE:

string[]

alertmanager

Configuration for application developer controlled alertmanager.

alertmanager

TYPE:

object (Alertmanager Config)

sealedSecrets

Installs required cluster resources needed to install sealedSecrets.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

sealedSecrets

TYPE:

object (SealedSecrets)

mongodb

Installs required cluster resources needed to install MongoDB.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

mongodb

TYPE:

object (MongoDB)

fluxv2

Installs required cluster resources needed to install fluxv2.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

fluxv2

TYPE:

object (Fluxv2)

kafka

Installs required cluster resources needed to install kafka-operator.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

kafka

TYPE:

object (Kafka)

Return to the root config schema

Generated Sat Jun 22 03:48:20 UTC 2024 from elastisys/compliantkubernetes-apps@main