meshStack

meshStack

  • User Docs
  • Administrator Docs
  • API Docs
  • Release Notes
  • Feedback

›Concepts

Getting Started

  • How to get started with meshStack
  • AWS S3 Quickstart Guide
  • AKS Platform Quickstart Guide
  • AKS Developer Platform Guide

Concepts

  • Overview
  • Administration Roles
  • Onboarding
  • meshWorkspaces
  • meshProjects
  • meshTenants
  • Replication Configuration
  • Delete Tenants
  • meshUsers
  • meshPlatforms
  • Landing Zones
  • Open Service Brokers (OSB)
  • Guide: Emergency Users
  • Managing Tags
  • Policies
  • Unmanaged Tenants
  • meshStack Settings
  • Workspace Services
  • API Users
  • DNS and SSL Certificates
  • Customizing
  • Product Feedback Collection

Identity & Access

  • Identity and Access Management
  • Identity Provider
  • Identity Lookup
  • Authorization
  • User & Group LDAP Synchronisation
  • User & Group SCIM Synchronisation

Building Blocks

  • Building Blocks
  • Private Runners
  • Terraform/OpenTofu state managed by meshStack
  • Permission Delegation on AWS
  • Connecting meshStack and a Pipeline

Metering & Billing

  • Cost Management
  • Configuration

Amazon Web Services

  • Integration
  • Landing Zones
  • Metering
  • SSO Setup
  • Reserved Instances & Savings Plans Guide

Microsoft Azure

  • Integration
  • Landing Zones
  • Metering

Google Cloud Platform

  • Integration
  • Landing Zones
  • Metering

Cloud Foundry

  • Integration
  • Metering

Kubernetes

  • Integration
  • Landing Zones
  • Metering

GitHub

  • Pipeline Automation
  • Repository Provisioning

OpenShift

  • Integration
  • Landing Zones
  • Metering

OpenStack

  • Integration
  • Metering

OSB Services

  • Integration
  • Metering
  • meshcloud OSB API Profile
  • Tenant Services
  • Tutorial: Implement a Broker

Operations

  • Managed Service
  • Email
  • Logging & Auditing
  • Monitoring & Telemetry
  • Backup
  • Security FAQ

Guides

  • How to integrate a meshPlatform into meshStack
  • How to manually integrate AWS as meshPlatform
  • How to manually integrate Azure as meshPlatform
  • How to manually integrate GCP as meshPlatform
  • How to create your own platform
  • How to manage partner level permissions
  • How to use scoped API keys
  • How to setup and manage a Building block
Edit

Onboarding

meshStack enables self-service onboarding for your internal customers. Operators can use the following options to customize the experience.

Workspace Registration

Multiple options are available to control how meshWorkspaces can sign up to meshStack in self-service. meshStack can be configured to suit your organization's unique demands for sign up.

The following configuration options are available at mesh.panel.environment.mesh.registration:

Dhall Type
Example
let Registration =
{-
requirePayment:
Determines if the workspace registration wizard will collect a default "Cost Center" payment method.
Disabling this will cause new meshWorkspaces to be registered without a payment method.
This is useful if the meshStack implementation requires users to register payment methods via an external
process (e.g. via API createLimitedPaymentMethod).

See ui.costCenter for customizing the default cost center payment method.
-}

{ requirePayment : Bool }
let example = { requirePayment = True } : Registration

Additional Approval Flows

Additional configuration option control backend behavior in meshfed.web.register as follows:


{ {- Allow sign up only if valid payment information was provided during registration  -}
, requirePayment : Optional Bool
}

Additional remarks and configuration links:

  • requirePayment must be consistently configured between panel and meshfed configuration settings. The configuration model validates this.

Default Quotas

meshStack assigns a default quota to newly registered meshWorkspaces (see section above). Platform Operators can configure this default quota via meshfed.web.customer.defaultQuota:

{ {- the number of allowed meshProjects per meshWorkspace -}
  meshProjects : Natural
}

The default only applies to newly registered meshWorkspaces. meshPartners can change the individual quotas for managed meshWorkspaces at any time using the administration area.

Workspace User Invitations

When a user is invited to a workspace there are several configurations to customize this invitation flow which is explained below.

The following configuration options are available at mesh.web.user.rolerequest:

Dhall Type
Example
let UserRoleRequest =
{-
Configure settings related to role-requests for users. This includes
functionality like adding new users to a meshWorkspace.

min-approval-count:
The minimum number of approvals needed before a requested role binding is granted and made effective.
Using 2 or higher allows implementation of a 4-eyes principle and similar approval workflows.

set-email-as-euid:
When the role request is for a new meshUser, set the email address (either entered by the inviting
person or retrieved from identity lookup) as the new meshUser's euid.

The effect of this setting may be overridden, as IdentityLookup configuration takes precedence over
this.

restrict-customer-admin-role-assignment:
When enabled, prevents self-service assignment of the Workspace Manager role via meshPanel.
In this case, only meshObject API (or meshStack's Identity Connector) can be used for creating these role
bindings. This is useful when an external system is the source of truth regarding
Workspace Manager role assignments.

Also, partner users using the "add myself" functionality in the admin area will be restricted to granting
themselves 'Workspace Member' roles instead of 'Workspace Manager'.
-}

{ min-approval-count : Natural
, set-email-as-euid : Bool
, restrict-customer-admin-role-assignment : Bool
}
let example
: UserRoleRequest
= { min-approval-count = 1
, set-email-as-euid = True
, restrict-customer-admin-role-assignment = False
}
Last updated on 9/23/2024
← Administration RolesmeshWorkspaces →
  • Workspace Registration
    • Additional Approval Flows
    • Default Quotas
  • Workspace User Invitations
meshStack
Docs
User DocumentationAdministrator DocumentationSecurity FAQ
Get in Touch
SupportWebsiteLinkedIn
More
Release NotesGitHub
Copyright © 2025 meshcloud GmbH