User Config Schema¶

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/user

Configuration for Application Developers (users), that use the workload cluster

Abstract	Extensible	Status	Identifiable	Custom Properties	Additional Properties	Access Restrictions	Defined In
Can be instantiated	No	Unknown status	No	Forbidden	Forbidden	none	config/schemas/config.yaml*

TYPE:

object (User Config)

PROPERTIES:

Property	Type	Required	Nullable	Defined by
adminGroups	`array`	Optional	cannot be null	Welkin Apps Config
adminUsers	`array`	Optional	cannot be null	Welkin Apps Config
constraints	`object`	Optional	cannot be null	Welkin Apps Config
createNamespaces	`boolean`	Optional	cannot be null	Welkin Apps Config
namespaces	`array`	Optional	cannot be null	Welkin Apps Config
serviceAccounts	`array`	Optional	cannot be null	Welkin Apps Config
alertmanager	`object`	Optional	cannot be null	Welkin Apps Config
sealedSecrets	`object`	Optional	cannot be null	Welkin Apps Config
mongodb	`object`	Optional	cannot be null	Welkin Apps Config
fluxv2	`object`	Optional	cannot be null	Welkin Apps Config
kafka	`object`	Optional	cannot be null	Welkin Apps Config
extraRoles	`object`	Optional	cannot be null	Welkin Apps Config
extraRoleBindings	`object`	Optional	cannot be null	Welkin Apps Config
extraClusterRoles	`object`	Optional	cannot be null	Welkin Apps Config
extraClusterRoleBindings	`object`	Optional	cannot be null	Welkin Apps Config

adminGroups¶

List of groups that Application Developers are apart of that should have access to the cluster.

adminGroups

is optional
Type: string[]
cannot be null
defined in: Welkin Apps Config

TYPE:

string[]

adminUsers¶

List of Application Developers that should have access to the cluster.

adminUsers

is optional
Type: string[]
cannot be null
defined in: Welkin Apps Config

TYPE:

string[]

constraints¶

Any namespace listed in constraints are exempted from HNC managed namespaces.

This to override the Pod Security Admission level.

Example of constraint can be found here: Example Constraint

The only extra label `psaLevel: \`` is shown in the following example:

<namespace>:
  psaLevel: <baseline/privileged>
  <service-name>:
    ...

constraints

is optional
Type: object (Constraints)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Constraints)

createNamespaces¶

This only controls if the namespaces should be created, user RBAC is always created.

createNamespaces

is optional
Type: boolean (Enable Create Namespaces)
cannot be null
defined in: Welkin Apps Config

TYPE:

boolean (Enable Create Namespaces)

namespaces¶

List of namespaces that should be created for Application Developer.

It is common to create one namespace for the Application Developer and then create namespaces via HNC.

Requires that user.createNamespaces is enabled.

namespaces

is optional
Type: string[]
cannot be null
defined in: Welkin Apps Config

TYPE:

string[]

serviceAccounts¶

List of serviceAccounts to create RBAC rules for, used for dev situations.

Application developer kube-config for contributors

serviceAccounts

is optional
Type: string[]
cannot be null
defined in: Welkin Apps Config

TYPE:

string[]

alertmanager¶

Configuration for application developer controlled alertmanager.

alertmanager

is optional
Type: object (Alertmanager Config)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Alertmanager Config)

sealedSecrets¶

Installs required cluster resources needed to install sealedSecrets.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

sealedSecrets

is optional
Type: object (SealedSecrets)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (SealedSecrets)

mongodb¶

Installs required cluster resources needed to install MongoDB.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

mongodb

is optional
Type: object (MongoDB)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (MongoDB)

fluxv2¶

Installs required cluster resources needed to install fluxv2.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

fluxv2

is optional
Type: object (Fluxv2)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Fluxv2)

kafka¶

Installs required cluster resources needed to install kafka-operator.

Requires that gatekeeper.allowUserCRDs.enabled is enabled.

kafka

is optional
Type: object (Kafka)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Kafka)

extraRoles¶

Configure extra Roles for Application Developers The Roles are added to all Application Developer namespaces configured in user.namespaces

extraRoles

is optional
Type: object (Extra Application Developer Roles)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Extra Application Developer Roles)

extraRoleBindings¶

Configure extra RoleBindings for Application Developers The RoleBindings are added to all Application Developer namespaces configured in user.namespaces

extraRoleBindings

is optional
Type: object (Extra Application Developer RoleBindings)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Extra Application Developer RoleBindings)

extraClusterRoles¶

Configure extra ClusterRoles that are not originally part of Welkin These are intended to be used for Application Developers

extraClusterRoles

is optional
Type: object (Extra Application Developer ClusterRoles)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Extra Application Developer ClusterRoles)

extraClusterRoleBindings¶

Configure extra ClusterRoleBindings for Application Developers

extraClusterRoleBindings

is optional
Type: object (Extra Application Developer ClusterRoleBindings)
cannot be null
defined in: Welkin Apps Config

TYPE:

object (Extra Application Developer ClusterRoleBindings)

Return to the root config schema

Generated Sun Jan 19 03:48:14 UTC 2025 from elastisys/compliantkubernetes-apps@main