diff --git a/hack/vcluster/partials/main.go b/hack/vcluster/partials/main.go
index a6a973495..403ee9b97 100644
--- a/hack/vcluster/partials/main.go
+++ b/hack/vcluster/partials/main.go
@@ -10,7 +10,7 @@ import (
const OutDir = "vcluster/_partials/config"
// we only generate paths we actually need
-var paths = []string{
+var configPaths = []string{
"telemetry",
"sync/toHost/volumeSnapshots",
"sync/toHost/storageClasses",
@@ -59,6 +59,7 @@ var paths = []string{
"experimental/deploy",
"experimental/denyProxyRequests",
"experimental",
+ "external",
"controlPlane/advanced/workloadServiceAccount",
"controlPlane/advanced/virtualScheduler",
"controlPlane/advanced/serviceAccount",
@@ -85,12 +86,28 @@ var paths = []string{
"controlPlane",
}
+var platformConfigPaths = []string{
+ "external/platform/apiKey",
+}
+
+type Config struct {
+ External struct {
+ *config.PlatformConfig `json:"platform"`
+ } `json:"external"`
+}
+
func main() {
_ = os.RemoveAll(OutDir)
util.DefaultRequire = false
- schema := util.GenerateSchema(&config.Config{})
- for _, path := range paths {
- util.GenerateFromPath(schema, OutDir, path)
+ schemaPaths := map[*[]string]any{
+ &configPaths: &config.Config{},
+ &platformConfigPaths: &Config{},
+ }
+
+ for paths, schema := range schemaPaths {
+ for _, path := range *paths {
+ util.GenerateFromPath(util.GenerateSchema(schema), OutDir, path)
+ }
}
}
diff --git a/vcluster/_fragments/external-overview.mdx b/vcluster/_fragments/external-overview.mdx
new file mode 100644
index 000000000..c4990fadb
--- /dev/null
+++ b/vcluster/_fragments/external-overview.mdx
@@ -0,0 +1,2 @@
+External configurations are for setting up
+
diff --git a/vcluster/_partials/config/external.mdx b/vcluster/_partials/config/external.mdx
new file mode 100755
index 000000000..4cc89bb17
--- /dev/null
+++ b/vcluster/_partials/config/external.mdx
@@ -0,0 +1,13 @@
+
+
+
+
+## `external` required object pro {#external}
+
+External holds configuration for tools that are external to the vCluster.
+
+
+
+
+
+
diff --git a/vcluster/_partials/config/external/platform/apiKey.mdx b/vcluster/_partials/config/external/platform/apiKey.mdx
new file mode 100755
index 000000000..451be6208
--- /dev/null
+++ b/vcluster/_partials/config/external/platform/apiKey.mdx
@@ -0,0 +1,48 @@
+
+
+
+
+## `apiKey` required object pro {#apiKey}
+
+APIKey defines where to find the platform access key and host. By default, vCluster will search in the following locations in this precedence:
+* platform.api.accessKey
+* environment variable called LICENSE
+* secret specified under external.platform.apiKey.secretName
+* secret called "vcluster-platform-api-key" in the vCluster namespace
+
+
+
+
+
+
+
+
+
+### `secretName` required string pro {#apiKey-secretName}
+
+SecretName is the name of the secret where the platform access key is stored. This defaults to vcluster-platform-api-key if undefined.
+
+
+
+
+
+
+
+
+
+
+
+
+### `namespace` required string pro {#apiKey-namespace}
+
+Namespace defines the namespace where the access key secret should be retrieved from. If this is not equal to the namespace
+where the vCluster instance is deployed, you need to make sure vCluster has access to this other namespace.
+
+
+
+
+
+
+
+
+
diff --git a/vcluster/configure/vcluster-yaml/external/platform/api-key.mdx b/vcluster/configure/vcluster-yaml/external/platform/api-key.mdx
new file mode 100644
index 000000000..1dfd6f0fe
--- /dev/null
+++ b/vcluster/configure/vcluster-yaml/external/platform/api-key.mdx
@@ -0,0 +1,59 @@
+---
+title: apiKey
+sidebar_label: apiKey
+---
+
+import ApiKey from '@site/vcluster/_partials/config/external/platform/apiKey.mdx'
+import External from '@site/vcluster/_partials/config/external.mdx'
+
+
+
+## Config reference
+
+
+
+## Permissions
+You need to add the `spec.scope.roles[*].role=vcluster` in the Platform Access Key OwnedAccessKey CRD. The UI does not support this other than allowing you to enter freeform in the CRD editor.
+
+```yaml
+spec:
+ scope:
+ roles:
+ - role: "vcluster"
+```
+
+## Secret
+
+:::note
+`external.platform.apiKey.value` is no longer supported. It has to be in a secret, specified in the `external.platform.apiKey.secretName` field.
+:::
+
+Store the platform connection details in a secret on the host cluster.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vcluster-platform-api-key
+ namespace: my-namespace
+type: Opaque
+data:
+ access-key:
+ host:
+ project:
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: vcluster-platform-api-key
+ namespace: default
+stringData:
+ accessKey:
+ host:
+```
+
+## Projects
+
+Set the project key in the platform apiKey secret to allows you to specify the project where the vCluster should be imported into. If undefined, it goes into `default`.
+
+