Global configuration

Schema version: 2

• settings

  object
  • settings.defaultClusterStorageClass

    string

    The name of the StorageClass that DKP will define as the default StorageClass used in the cluster.

    DKP prohibits manually adding or modifying the default annotation (storageclass.kubernetes.io/is-default-class='true') for StorageClass. Use the parameter to define or change the StorageClass that is used as the default in the cluster.

    If the parameter is omitted, the default StorageClass is either:

    • A StorageClass in the cluster that has the default annotation (storageclass.kubernetes.io/is-default-class='true');
    • The first (alphabetically) StorageClass created by the cloud provider module (if any cloud provider module is used).

    Use this parameter to change the default StorageClass in the cluster, as manually adding the default annotation to a StorageClass is not allowed.

    Default: ""

  • settings.highAvailability

    boolean

    A global switch to enable the high availability mode for modules that support it.

    If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

    Examples:

    highAvailability: true
    

    highAvailability: false
    

  • settings.modules

    object

    Common parameters of Deckhouse modules.

    • settings.modules.https

      object

      The HTTPS implementation used by the Deckhouse modules.

      Examples:

      https:
        certManager:
          clusterIssuerName: letsencrypt
        mode: CertManager
      

      https:
        mode: Disabled
      

      https:
        mode: OnlyInURI
      

      https:
        mode: CustomCertificate
        customCertificate:
          secretName: plainstring
      

      • settings.modules.https.certManager

        object
        • settings.modules.https.certManager.clusterIssuerName

          string

          Name of a ClusterIssuer to use for Deckhouse modules.

          The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.

          Default: "letsencrypt"

      • settings.modules.https.customCertificate

        object
        • settings.modules.https.customCertificate.secretName

          string

          The name of the secret in the d8-system namespace to use with Deckhouse modules.

          This secret must have the kubernetes.io/tls format.

          Default: "false"

      • settings.modules.https.mode

        string

        The HTTPS usage mode:

        • CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
        • CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
        • Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
        • OnlyInURI — Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.

        Default: "CertManager"

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • settings.modules.ingressClass

      string

      The class of the Ingress controller (Ingress class) used for Deckhouse modules.

      Default: "nginx"

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Example:

      ingressClass: nginx
      

    • settings.modules.placement

      object

      Parameters regulating the layout of Deckhouse module components.

      • settings.modules.placement.customTolerationKeys

        array of strings

        A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.

        Example:

        customTolerationKeys:
        - dedicated.example.com
        - node-dedicated.example.com/master
        

    • settings.modules.publicDomainTemplate

      string

      The template with the %s key as the dynamic string parameter.

      Deckhouse modules use this template for creating Ingress resources.

      E.g., if the template is %s.kube.company.my, the prometheus module will create an Ingress resource for the grafana.kube.company.my hosts to access Grafana.

      Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.

      Pay attention to the following:

      • Domain must be different from clusterDomain!**
      • Domain used in the template must not match the domain specified in the clusterDomain parameter. For example, if clusterDomain is set to cluster.local (the default value), publicDomainTemplate cannot be set to %s.cluster.local.
      • Domain used in the template should not match the domain specified in the clusterDomain parameter and the internal service network zone. For example, if clusterDomain is set to cluster.local (default value) and the service network zone is ru-central1.internal, then publicDomainTemplate cannot be %s.cluster.local or %s.ru-central1.internal.
      • If this parameter is omitted, no Ingress resources will be created.

      Pattern: ^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Examples:

      publicDomainTemplate: "%s.kube.company.my"
      

      publicDomainTemplate: kube-%s.company.my
      

    • settings.modules.resourcesRequests

      object

      The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).

      More about resource units in Kubernetes.

      • settings.modules.resourcesRequests.controlPlane

        object

        The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).

        Example:

        controlPlane:
          cpu: 1000m
          memory: 500M
        

        • settings.modules.resourcesRequests.controlPlane.cpu

          The combined CPU requests for control-plane components on each master node.

        • settings.modules.resourcesRequests.controlPlane.memory

          string

          The combined memory requests for control-plane components on each master node.

          Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

    • settings.modules.storageClass

      string

      The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).

      • If the value is not specified, the default StorageClass set in the cluster is used.
      • Use this parameter only in exceptional circumstances.
      • This parameter is applied during module activation.

      Default: ""

  • settings.storageClass

    Deprecated

    string

    Deprecated. Use settings.modules.storageClass instead.

    The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).

    • If the value is not specified, the default StorageClass set in the cluster is used.
    • Use this parameter only in exceptional circumstances.
    • This parameter is applied during module activation.

    Default: ""