Parameters
The parent key for all of the following parameters is control_api.
odoo8.countries
| type |
dictionary |
| default | |
| example |
|
Dictionary containing allowed countries and their Odoo 8 configuration.
The key is the name of the country as it should be displayed in the UI.
The value is a dictionary containing the id and code of the country in Odoo 8.
odoo8.countries.*.id
| type |
integer |
The ID of the country in Odoo 8. Check the Odoo 8 database for the correct value. An export of the country IDs defined in the VSHN Odoo is available here.
odoo8.countries.*.code
| type |
string |
The ISO 3166-1 alpha-2 code of the country. Check the Odoo 8 database for the correct value. An export is available here.
apiserver.extraArgs
| type |
list(string) |
| default |
|
A list of extra command line arguments for the control-api API server deployment.
apiserver.extraEnv
| type |
list |
| default |
|
| example |
|
Additional environment that should be passed to the API server.
If a dict is given valueFrom: is assumed.
apiserver.apiservice
- type
-
dict
This key is applied directly as an APIService object.
The APIService object instructs the Kubernetes API server to delegate requests to the aggregate API server.
apiserver.resources
| type |
dict |
| default |
|
Custom resource requests and limits to use for the API server container. The contents of this parameter are merged over the default requests defined in the upstream API server manifest.
apiserver.tls
This key configures encryption of internal traffic from the Kubernetes API server to the aggregate API sever.
You have the option to provide a custom TLS key and certificate.
apiserver.tls.certSecretName
- type
-
string
- default
-
control-api-tls
If this field is set to null, the aggregate API server will generate its own certificates.
In that case the connection is still encrypted, but you need to disable TLS verification by setting insecureSkipTLSVerify to true in the APIService.
zones
| type |
dict |
| default |
|
This key deploys static APPUiO Zone definitions and manages ServiceAccounts for the agent on the zones.
Each subkey of zones results in the resource’s metadata.name and contains an object that’s an appuio.io/v1/Zone spec verbatim.
The subkeys are also used to create a ServiceAccount adn RBAC for the agent on the zones in the form of ${subkey}-cloud-agent.
parameters:
control_api:
zones:
example-zone-1:
data:
displayName: Example Zone 1
features:
kubernetesVersion: ${dynamic_facts:kubernetesVersion:major}.${dynamic_facts:kubernetesVersion:minor}
sdnPlugin: OVN-Kubernetes
urls:
console: https://console.example.zone
kubernetesAPI: https://api.example.zone:6443
cname: cname.example.zone
defaultAppDomain: apps.example.zone
gatewayIPs:
- 100.100.100.100
cloudProvider:
name: example
zones:
- zone1
region: region1zone_agent_service_accounts
| type |
list(string) |
| default |
|
Allows adding additional ServiceAccounts for zones that should not be shown in the portal.
The list is appended to keys(zones).
Entries can be removed by prefixing them with ~.
usage_profiles
| type |
dict |
| default |
|
| example |
|
Deploys UsageProfile definitions to the control-api.
Each subkey of usage_profiles results in the resource’s metadata.name and contains an object that’s an appuio.io/v1/UsageProfile spec verbatim.
Usage profiles are used to define resource limits and quotas for organizations. You can read more about usage profiles in the documentation.
cluster_admin_impersonation.oidc_administrator_role
| type |
string |
| default |
|
The name of the OpenID Connect role to allow administrator impersonation.
username_prefix
| type |
string |
| default |
|
The prefix used for OIDC users in the Kubernetes API server.
controller.extraArgs
| type |
list(string) |
| default |
|
A list of extra command line arguments for the control-api controller deployment.
controller.extraEnv
| type |
list |
| default |
|
| example |
|
Additional environment that should be passed to the controller.
If a dict is given valueFrom: is assumed.
controller.resources
| type |
dict |
| default |
|
Custom resource requests and limits to use for the controller container. The contents of this parameter are merged over the default requests defined in the upstream controller manifest.
controller.webhookTls
This key configures encryption of traffic to the controller’s admission webhook server.
The Kubernetes API server only communicates with admission webhooks over HTTPS.
Therefore, the component requires that both controller.webhookTls.certificate and controller.webhookTls.key are configured.
controller.webhookTls.certSecretName
| type |
string |
| default |
|
The name of the secret containing the TLS certificate and key for the controller’s webhook server.
controller.webhookTls.caCertificate
| type |
string |
| default |
|
The CA certificate used to sign the webhook service certificate. If left empty, the component assumes that the provided certificate can be verified using the cluster’s default CA bundle.
If you deploy a self-signed certificate, set this parameter to ${control_api:controller:webhookTls:certificate}.
idp_adapter.env
| type |
list |
| default |
|
| example |
|
Additional environment that should be passed to the IDP Adapter.
If a dict is given valueFrom: is assumed.
idp_adapter.resources
| type |
dict |
| default |
Resource requests and limits to apply to the IDP Adapter container.
secrets
| type |
dictionary |
| default |
|
| example |
|
A key-value map defining multiple Secret for referencing in secrets.
Each entry will generate a Secret with the key as its name.
cleanupJob.enabled
| type |
boolean |
| default |
|
Controls whether a cronjob for cleaning up stale inflight records should be created.
cleanupJob.extraArgs
| type |
list(string) |
| default |
|
A list of extra command line arguments for the cleanup container.
cleanupJob.extraEnv
| type |
list |
| default |
|
| example |
|
Additional environment that should be passed to the cleanup container.
If a dict is given valueFrom: is assumed.