User Config Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/v0.40.1/config/schemas/config.yaml#/properties/user
Configuration for Application Developers (users), that use the workload cluster
Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
---|---|---|---|---|---|---|---|
Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object
(User Config)
PROPERTIES:
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
adminGroups | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
adminUsers | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
constraints | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
createNamespaces | boolean |
Optional | cannot be null | Compliant Kubernetes Apps Config |
namespaces | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
serviceAccounts | array |
Optional | cannot be null | Compliant Kubernetes Apps Config |
alertmanager | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
sealedSecrets | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
mongodb | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
fluxv2 | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
kafka | object |
Optional | cannot be null | Compliant Kubernetes Apps Config |
adminGroups¶
List of groups that Application Developers are apart of that should have access to the cluster.
adminGroups
-
is optional
-
Type:
string[]
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string[]
adminUsers¶
List of Application Developers that should have access to the cluster.
adminUsers
-
is optional
-
Type:
string[]
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string[]
constraints¶
Any namespace listed in constraints are exempted from HNC managed namespaces.
This to override the Pod Security Admission level.
Example of constraint can be found here: Example Constraint
The only extra label `psaLevel: \
<namespace>:
psaLevel: <baseline/privileged>
<service-name>:
...
constraints
-
is optional
-
Type:
object
(Constraints) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(Constraints)
createNamespaces¶
This only controls if the namespaces should be created, user RBAC is always created.
createNamespaces
-
is optional
-
Type:
boolean
(Enable Create Namespaces) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
boolean
(Enable Create Namespaces)
namespaces¶
List of namespaces that should be created for Application Developer.
It is common to create one namespace for the Application Developer and then create namespaces via HNC.
Requires that user.createNamespaces
is enabled.
namespaces
-
is optional
-
Type:
string[]
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string[]
serviceAccounts¶
List of serviceAccounts to create RBAC rules for, used for dev situations.
Application developer kube-config for contributors
serviceAccounts
-
is optional
-
Type:
string[]
-
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
string[]
alertmanager¶
Configuration for application developer controlled alertmanager.
alertmanager
-
is optional
-
Type:
object
(Alertmanager Config) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(Alertmanager Config)
sealedSecrets¶
Installs required cluster resources needed to install sealedSecrets.
Requires that gatekeeper.allowUserCRDs.enabled
is enabled.
sealedSecrets
-
is optional
-
Type:
object
(SealedSecrets) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(SealedSecrets)
mongodb¶
Installs required cluster resources needed to install MongoDB.
Requires that gatekeeper.allowUserCRDs.enabled
is enabled.
mongodb
-
is optional
-
Type:
object
(MongoDB) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(MongoDB)
fluxv2¶
Installs required cluster resources needed to install fluxv2.
Requires that gatekeeper.allowUserCRDs.enabled
is enabled.
fluxv2
-
is optional
-
Type:
object
(Fluxv2) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(Fluxv2)
kafka¶
Installs required cluster resources needed to install kafka-operator.
Requires that gatekeeper.allowUserCRDs.enabled
is enabled.
kafka
-
is optional
-
Type:
object
(Kafka) -
cannot be null
-
defined in: Compliant Kubernetes Apps Config
TYPE:
object
(Kafka)
Return to the root config schema
Generated Thu Nov 14 16:18:57 UTC 2024 from elastisys/compliantkubernetes-apps@v0.40.1