Skip to content

Secrets

This table was generated from secrets.yaml.

Cells marked with "—" mean "not specified in schema".

alerts

Configure secrets for alerting.

Key Type Default Description
alerts.opsGenie object Configure secrets for alerting with OpsGenie.
alerts.opsGenie.apiKey
alerts.slack object Configure secrets for alerting with Slack.
alerts.slack.apiUrl string

dex

Configure secrets for Dex.

Key Type Default Description
dex.additionalStaticClients[] array of object See note
dex.connectors[] array of object See note
dex.extraStaticLogins[] array of object Configure additional static logins for Dex.

Additional static logins for Dex.
dex.kubeloginClientSecret string
dex.staticPassword string

Notes for dex.additionalStaticClients[]

Configure additional static clients in Dex.

Clients in this case is application that wants to allow users to authenticate via Dex.

Note

See the upstream documentation for reference.

Configure an additional static client in Dex.

Notes for dex.connectors[]

Configure upstream Identity Providers.

Note

See the upstream documentation for reference.

Configure an upstream Identity Provider.

externalDns

Configure secrets for External DNS.

Key Type Default Description
externalDns.awsRoute53 object Configure AWS Route 53 secrets for External DNS.
externalDns.awsRoute53.accessKey string
externalDns.awsRoute53.secretKey string

fluentd

Secret configuration options for Fluentd.

Key Type Default Description
fluentd.objectStorage object Configuration options for using object storage specific to Fluentd.
fluentd.objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
fluentd.objectStorage.s3.accessKey string Access key to authenticate with.
fluentd.objectStorage.s3.secretKey string Secret key to authenticate with.

grafana

Configure secrets for Grafana.

Key Type Default Description
grafana.clientSecret string
grafana.ops object Configure secrets for Admin Grafana.
grafana.ops.envRenderSecret[] array
grafana.opsClientSecret string
grafana.password string
grafana.user object Configure secrets for Dev Grafana.
grafana.user.envRenderSecret[] array

harbor

Secret configuration options for Harbor.

Key Type Default Description
harbor.clientSecret string
harbor.coreSecret string
harbor.external object External database password config.
harbor.external.databasePassword string
harbor.internal object Internal database password config.
harbor.internal.databasePassword string
harbor.jobserviceSecret string
harbor.objectStorage object Configuration options for using object storage specific to harbor.
harbor.objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
harbor.objectStorage.s3.accessKey string Access key to authenticate with.
harbor.objectStorage.s3.secretKey string Secret key to authenticate with.
harbor.password string
harbor.registrySecret string
harbor.xsrf string

issuers

Configure secrets for issuers.

Key Type Default Description
issuers.secrets object See note

Notes for issuers.secrets

Configure secrets for issuers.

This must match the configuration set on the issuers.

Keys become the name of the secret, and the value the data of the secret.

kubeapiMetricsPassword

None

Key Type Default Description

kured

Notification secrets for Kured (Kubernetes Reboot Daemon).

Key Type Default Description
kured.slack object Notification secrets to send notifications from Kured to Slack.
kured.slack.botToken string

objectStorage

Configuration options for using object storage in Welkin.

Key Type Default Description
objectStorage.azure object Secrets for using Azure as object storage in Welkin.
objectStorage.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore object Secrets for restoring object storage from a secondary site to the primary site with Rclone.
objectStorage.restore.decrypt object Secrets for encrypt data when syncing.
objectStorage.restore.decrypt.password string Crypt password, generate with pwgen 32 1.
objectStorage.restore.decrypt.passwordObscured string Obscured crypt password, generate with rclone obscure <password>.
objectStorage.restore.decrypt.salt string Crypt salt, generate with pwgen 32 1.
objectStorage.restore.decrypt.saltObscured string Obscured crypt salt, generate with rclone obscure <salt>.
objectStorage.restore.destinations object Allows for complete or partial overrides of the destinations of the restore, the main object storage configuration.
objectStorage.restore.destinations.azure object Secrets for using Azure as object storage in Welkin.
objectStorage.restore.destinations.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.restore.destinations.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore.destinations.s3 object Secrets for using S3 as object storage in Welkin.
objectStorage.restore.destinations.s3.accessKey string Access key to authenticate with.
objectStorage.restore.destinations.s3.secretKey string Secret key to authenticate with.
objectStorage.restore.destinations.swift object See note
objectStorage.restore.destinations.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.restore.destinations.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.restore.destinations.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.restore.destinations.swift.password string
objectStorage.restore.destinations.swift.username string
objectStorage.restore.sources object Allows for complete or partial overrides of the sources of the restore, the sync object storage configuration.
objectStorage.restore.sources.azure object Secrets for using Azure as object storage in Welkin.
objectStorage.restore.sources.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.restore.sources.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.restore.sources.s3 object Secrets for using S3 as object storage in Welkin.
objectStorage.restore.sources.s3.accessKey string Access key to authenticate with.
objectStorage.restore.sources.s3.secretKey string Secret key to authenticate with.
objectStorage.restore.sources.swift object See note
objectStorage.restore.sources.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.restore.sources.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.restore.sources.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.restore.sources.swift.password string
objectStorage.restore.sources.swift.username string
objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
objectStorage.s3.accessKey string Access key to authenticate with.
objectStorage.s3.secretKey string Secret key to authenticate with.
objectStorage.swift object See note
objectStorage.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.swift.password string
objectStorage.swift.username string
objectStorage.sync object Secrets for syncing object storage from the primary site to a secondary site with Rclone.
objectStorage.sync.azure object Secrets for using Azure as object storage in Welkin.
objectStorage.sync.azure.storageAccountKey string Storage account key to authenticate with.
objectStorage.sync.azure.storageAccountName string Storage account name to authenticate with.
objectStorage.sync.encrypt object Secrets for encrypt data when syncing.
objectStorage.sync.encrypt.password string Crypt password, generate with pwgen 32 1.
objectStorage.sync.encrypt.passwordObscured string Obscured crypt password, generate with rclone obscure <password>.
objectStorage.sync.encrypt.salt string Crypt salt, generate with pwgen 32 1.
objectStorage.sync.encrypt.saltObscured string Obscured crypt salt, generate with rclone obscure <salt>.
objectStorage.sync.s3 object Secrets for using S3 as object storage in Welkin.
objectStorage.sync.s3.accessKey string Access key to authenticate with.
objectStorage.sync.s3.secretKey string Secret key to authenticate with.
objectStorage.sync.swift object See note
objectStorage.sync.swift.applicationCredentialID string Application Credential ID to authenticate with.
objectStorage.sync.swift.applicationCredentialName string Application Credential Name to authenticate with, requires username to be set.
objectStorage.sync.swift.applicationCredentialSecret string Application Credential Secret to authenticate with, requires username to be set.
objectStorage.sync.swift.password string
objectStorage.sync.swift.username string

Notes for objectStorage.restore.destinations.swift

Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.restore.sources.swift

Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.swift

Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

Notes for objectStorage.sync.swift

Secrets for using Swift as object storage in Welkin.

Important

Currently Harbor only supports username and password authentication.

opensearch

Secrets for OpenSearch.

Key Type Default Description
opensearch.adminHash string
opensearch.adminPassword string
opensearch.clientSecret string
opensearch.configurerHash string
opensearch.configurerPassword string
opensearch.curatorPassword string
opensearch.dashboardsCookieEncKey string
opensearch.dashboardsHash string
opensearch.dashboardsPassword string
opensearch.extraUsers[] array of object See note
opensearch.fluentdPassword string
opensearch.metricsExporterPassword string
opensearch.objectStorage object Configuration options for using object storage specific to opensearch.
opensearch.objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
opensearch.objectStorage.s3.accessKey string Access key to authenticate with.
opensearch.objectStorage.s3.secretKey string Secret key to authenticate with.
opensearch.snapshotterPassword string

Notes for opensearch.extraUsers[]

Configures extra users for OpenSearch Security.

Configures extra user for OpenSearch Security.

Note

See the upstream documentation for reference.

thanos

Secrets for Thanos.

Key Type Default Description
thanos.objectStorage object Configuration options for using object storage specific to thanos.
thanos.objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
thanos.objectStorage.s3.accessKey string Access key to authenticate with.
thanos.objectStorage.s3.secretKey string Secret key to authenticate with.
thanos.receiver object Secrets for Thanos Receiver.
thanos.receiver.basic_auth object Configure authentication to Thanos Receiver,
thanos.receiver.basic_auth.password string Configure the password for authenticating to Thanos Receiver.

user

Admin password for user Grafana and user Alertmanager.

Key Type Default Description
user.alertmanagerPassword string
user.grafanaPassword string

velero

Secret configuration options for Velero.

Key Type Default Description
velero.objectStorage object Configuration options for using object storage specific to Velero.
velero.objectStorage.s3 object Secrets for using S3 as object storage in Welkin.
velero.objectStorage.s3.accessKey string Access key to authenticate with.
velero.objectStorage.s3.secretKey string Secret key to authenticate with.