The module is enabled by default in the following bundles: Default
, Managed
, Minimal
.
The module is configured using the ModuleConfig custom resource named deckhouse
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/deckhouse
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: deckhouse
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- settings
- settings.bundle
The Deckhouse bundle defines a set of modules enabled by default.
Default
— the recommended set of modules for cluster operation: monitoring, authorization control, networking and other needs.Managed
— the bundle aimed at clusters managed by cloud providers (e.g., Google Kubernetes Engine).Minimal
— the minimum possible bundle option (includes a single module — this one). Note that several basic modules are not included in the set of modulesMinimal
(for example, the CNI module). Deckhouse with the set of modulesMinimal
without the basic modules will be able to work only in an already deployed cluster.
Default:
"Default"
Allowed values:
Default
,Minimal
,Managed
Example:
bundle: Default
- settings.highAvailability
Manually enable the high availability mode.
By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.
Example:
highAvailability: true
- settings.logLevel
Deckhouse logging level.
Default:
"Info"
Allowed values:
Debug
,Info
,Error
Example:
logLevel: Info
- settings.nodeSelector
The same as in the Pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
,nodeSelector
will be determined automatically.Cation! Deckhouse will stop working if there is a nonexistent label in
nodeSelector
. You need to change the values to the correct ones inModuleConfig/deckhouse
anddeployment/deckhouse
to get Deckhouse back on track. - settings.releaseChannel
Desirable Deckhouse release channel (Deckhouse will switch to it when such an opportunity appears).
The order in which the stability of the release channel increases (from less stable to more stable):
Alpha
,Beta
,EarlyAccess
,Stable
,RockSolid
.Allowed values:
Alpha
,Beta
,EarlyAccess
,Stable
,RockSolid
Example:
releaseChannel: Stable
- settings.tolerations
The same as in the Pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
,tolerations
will be determined automatically.Cation! Deckhouse will stop working if
tolerations
specified are incorrect. You need to change the values to the correct ones inModuleConfig/deckhouse
anddeployment/deckhouse
to get Deckhouse back on track.- settings.tolerations.effect
- settings.tolerations.key
- settings.tolerations.operator
- settings.tolerations.tolerationSeconds
- settings.tolerations.value
- settings.update
Settings of the Deckhouse update mode and windows.
Example:
update: windows: - from: '8:00' to: '15:00' days: - Tue - Sat disruptionApprovalMode: Manual notification: webhook: https://release-webhook.mydomain.com minimalNotificationTime: 6h auth: basic: username: user password: password
- settings.update.disruptionApprovalMode
Deckhouse release update disruption mode:
Auto
— approves release with disruptions (potentially dangerous changes) automatically.Manual
— requires manual release confirmation (set therelease.deckhouse.io/disruption-approved=true
annotation on the appropriate DeckhouseRelease resource to apply the update).
Default:
"Auto"
Allowed values:
Auto
,Manual
- settings.update.mode
Update mode of Deckhouse on the selected release channel.
-
AutoPatch
— automatic update mode for patch releases.To change a minor version (for example, from
v1.65.*
tov1.66.*
), confirmation is required.A patch version update (for example, from
v1.65.1
tov1.65.4
) is applied according to the update windows, if they are set. -
Auto
— automatic update mode for all versions.A minor version update (for example, from
v1.65.*
tov1.66.*
) is applied according to the update windows, if they are set.A patch version update (for example, from
v1.65.1
tov1.65.4
) is applied regardless of the update windows (immediately). -
Manual
— manual update mode for all versions.Confirmation is required for updating both minor and patch versions.
To confirm the version update, it is necessary to set the
approved
field totrue
in the corresponding resource DeckhouseRelease.Default:
"AutoPatch"
Allowed values:
AutoPatch
,Auto
,Manual
-
- settings.update.notification
Settings for notifications of scheduled Deckhouse updates.
Has the effect only when the automatic update mode is set.
Example:
notification: webhook: https://release-webhook.mydomain.com minimalNotificationTime: 8h
- settings.update.notification.auth
Authentication settings for the webhook.
If the parameter is omitted, the webhook will be called without authentication.
- settings.update.notification.auth.basic
Basic authentication settings for the webhook.
If the parameter is omitted, the webhook will be called without authentication.
- settings.update.notification.auth.basic.password
Required value
The password for the webhook.
The username and password will be sent in the
Authorization
header in the formatBasic <base64(username:password)>
. - settings.update.notification.auth.basic.username
Required value
The username for the webhook.
The username and password will be sent in the
Authorization
header in the formatBasic <base64(username:password)>
.
- settings.update.notification.auth.bearerToken
The token for the webhook.
The token will be sent in the
Authorization
header in the formatBearer <token>
.
- settings.update.notification.minimalNotificationTime
The minimum time that must pass before updating from the moment a new minor version appears on the release channel used.
It is specified as a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.
The update mechanism ensures that Deckhouse will not be updated until a specified period of time has passed.
When using update windows, the Deckhouse update will happen at the nearest possible update window but not before the time specified in
minimalNotificationTime
expires.Pattern:
^([0-9]+h([0-9]+m)?|[0-9]+m)$
Example:
minimalNotificationTime: 6h
- settings.update.notification.releaseType
Defines the type of version for which the notification will be sent:
Minor
— only for updating the minor version.All
— for any updates, including updating a patch version.
Default:
"Minor"
Allowed values:
All
,Minor
Example:
releaseType: All
- settings.update.notification.tlsSkipVerify
Skip TLS certificate verification while webhook request.
Default:
false
- settings.update.notification.webhook
URL for an external webhook handler.
The POST request will be sent to the webhook URL after a new minor version of Deckhouse appears on the update channel before it is applied to the cluster.
Caution! If you specify an invalid webhook address, Deckhouse update will be blocked.
Use the minimalNotificationTime parameter if necessary to set the minimum time that must pass before updating from the moment a new minor version appears on the release channel used.
Example of the POST request payload (
Content-Type: application/json
):{ "subject":"Deckhouse", "version": "1.36.0", "requirements": {"k8s": "1.20.0"}, "changelogLink": "https://github.com/deckhouse/deckhouse/changelog/1.36.md", "applyTime": "2023-01-01T14:30:00Z00:00", "message": "New Deckhouse Release 1.36.0 is available. Release will be applied at: Friday, 01-Jan-23 14:30:00 UTC" }
Description of POST request fields:
subject
— string, the update event type. Possible values:Deckhouse
,Module
;moduleName
— string, the name of the module. Set only ifsubject: Module
.version
- string, x.y.z (semantic versioning);requirements
- object, version requirements;changelogLink
- string, a URL to the minor version changelog;applyTime
- string, date and time of the scheduled update (taking into account the configured update windows) in RFC3339 format;message
- string, a text message about the availability of the new minor version and the scheduled update time.
Pattern:
^https?://[^\s/$.?#].[^\s]*$
Example:
webhook: https://webhook.site/#!/bc8f71ac-c182-4181-9159-6ba6950afffa
- settings.update.windows
List of update windows during the day.
- settings.update.windows.days
The days of the week on which the update window is applied.
Example:
days: - Mon - Wed
- Element of the array
Day of the week.
Allowed values:
Mon
,Tue
,Wed
,Thu
,Fri
,Sat
,Sun
Example:
Mon
- settings.update.windows.from
Required value
Start time of the update window (UTC timezone).
Should be less than the end time of the update window.
Pattern:
^(?:\d|[01]\d|2[0-3]):[0-5]\d$
Example:
from: '13:00'
- settings.update.windows.to
Required value
End time of the update window (UTC timezone).
Should be more than the start time of the update window.
Pattern:
^(?:\d|[01]\d|2[0-3]):[0-5]\d$
Example:
to: '18:30'