Global configuration

The global Deckhouse settings are stored in the ModuleConfig/global resource (see Deckhouse configuration).

The publicDomainTemplate parameter defines the DNS names template some Deckhouse modules use to create Ingress resources.

You can use the sslip.io service (or similar) for testing if wildcard DNS records are unavailable to you for some reason.

Parameters

Schema version: 1

highAvailabilityboolean
A global switch to enable the high availability mode for modules that support it.

If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

Examples:
```
highAvailability: true
```
```
highAvailability: false
```
modulesobject
Common parameters of Deckhouse modules.
- modules.httpsobject
  The HTTPS implementation used by the Deckhouse modules.
  
  Examples:
```
https:
  certManager:
    clusterIssuerName: letsencrypt
  mode: CertManager
```
```
https:
  mode: Disabled
```
```
https:
  mode: OnlyInURI
```
```
https:
  mode: CustomCertificate
  customCertificate:
    secretName: plainstring
```
  - modules.https.certManagerobject
    - modules.https.certManager.clusterIssuerNamestring
      Name of a ClusterIssuer to use for Deckhouse modules.
      
      The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.
      
      Default: "letsencrypt"
  - modules.https.customCertificateobject
    - modules.https.customCertificate.secretNamestring
      The name of the secret in the d8-system namespace to use with Deckhouse modules.
      
      This secret must have the kubernetes.io/tls format.
      
      Default: "false"
  - modules.https.modestring
    The HTTPS usage mode:
    - CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
    - CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
    - Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
    - OnlyInURI — Deckhouse modules use HTTP (in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS).
    Default: "CertManager"
    Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI
- modules.ingressClassstring
  The class of the Ingress controller (Ingress class) used for Deckhouse modules.
  
  Default: "nginx"
  Example:
```
ingressClass: nginx
```
- modules.placementobject
  Parameters regulating the layout of Deckhouse module components.
  - modules.placement.customTolerationKeysarray of strings
    A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.
    
    Example:
    customTolerationKeys: - dedicated.example.com - node-dedicated.example.com/master
- modules.proxyDeprecatedobject
  Global proxy setup for modules.
  
  Example:
```
proxy:
  httpProxy: http://1.2.3.4:80
  httpsProxy: https://1.2.3.4:443
  noProxy:
  - 127.0.0.1
  - 192.168.0.0/24
  - example.com
  - ".example.com"
```
  - modules.proxy.httpProxyDeprecatedstring
    Proxy URL for HTTP requests.
    
    Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$
  - modules.proxy.httpsProxyDeprecatedstring
    Proxy URL for HTTPS requests.
    
    Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$
  - modules.proxy.noProxyDeprecatedarray of strings
    List of no proxy IP and domain entries. For wildcard domains, use a domain name with a dot prefix, e.g., “.example.com”.
    - Element of the arraystring
      Pattern: ^[a-z0-9\-\./]+$
- modules.publicDomainTemplatestring
  The template with the %s key as the dynamic string parameter.
  
  Deckhouse modules use this template for creating Ingress resources.
  
  E.g., if the template is %s.kube.company.my, the prometheus module will create an Ingress resource for the grafana.kube.company.my hosts to access Grafana.
  
  Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.
  
  If this parameter is omitted, no Ingress resources will be created.
  
  Pattern: ^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  Example:
```
publicDomainTemplate: "%s.kube.company.my"
```
- modules.resourcesRequestsobject
  The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).
  
  More about resource units in Kubernetes.
  - modules.resourcesRequests.controlPlaneobject
    The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).
    
    Example:
    controlPlane: cpu: 1000m memory: 500M
    - modules.resourcesRequests.controlPlane.cpu
      The combined CPU requests for control-plane components on each master node.
    - modules.resourcesRequests.controlPlane.memorystring
      The combined memory requests for control-plane components on each master node.
      
      Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$
  - modules.resourcesRequests.everyNodeDeprecatedobject
    The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster.
    
    Example:
    everyNode: cpu: 100m memory: 150M
    - modules.resourcesRequests.everyNode.cpu
      The combined CPU requests for all the Deckhouse components on each node.
      
      Default: 300m
    - modules.resourcesRequests.everyNode.memorystring
      The combined memory requests for all the Deckhouse components on each node.
      
      Default: "512Mi"
      Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$
  - modules.resourcesRequests.masterNodeDeprecatedobject
    The amount of resources (CPU and memory) allocated to Deckhouse components running on the master nodes (including control plane components, if they are managed by Deckhouse).
    
    Caution! Deckhouse may not manage control plane components in KaaS clusters (Kubernetes as a Service, managed Kubernetes service, etc.). In such cases, all the specified resources are allocated to the Deckhouse components except the control plane.
    
    Example:
    masterNode: cpu: '1' memory: 150Mi
    - modules.resourcesRequests.masterNode.cpu
      The combined CPU requests for Deckhouse components on master nodes in addition to everyNode.cpu.
      
      For a Deckhouse-controlled cluster, the default value is calculated automatically: .status.allocatable.cpu of the smallest master node (no more than 4 (CPU cores)) minus everyNode.cpu.
      
      For a managed cluster, the default value is 1 (CPU core) minus everyNode.cpu.
    - modules.resourcesRequests.masterNode.memorystring
      The total amount of memory allocated to Deckhouse components on master nodes in addition to everyNode.memory.
      
      For a Deckhouse-managed cluster, the default value is calculated automatically: .status.allocatable.memory of the smallest master node (no more than 8Gi) minus everyNode.memory.
      
      For a managed cluster, the default value is 1Gi minus everyNode.memory.
      Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$
storageClassstring
The storage class to use with all Deckhouse components (Prometheus, Grafana, OpenVPN, etc.).
- If not defined, components use cluster.defaultStorageClass (which is determined automatically) or emptyDir (if cluster.defaultStorageClass isn’t defined).
- Use this parameter only in exceptional circumstances.
Default: ""