Reference of the resources used during Deckhouse installation.

ClusterConfiguration

Version: deckhouse.io/v1

General parameters of a cluster.

Defines, for example, network and CRI parameters, control plane version, etc. Some parameters can be changed after the cluster is bootstrapped, during its operation.

To change the ClusterConfiguration resource in a running cluster, run the following command:

kubectl -n d8-system exec -ti deploy/deckhouse -- deckhouse-controller edit cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: ClusterConfiguration
podSubnetNodeCIDRPrefix: '24'
podSubnetCIDR: 10.244.0.0/16
serviceSubnetCIDR: 192.168.0.0/16
kubernetesVersion: '1.25'
clusterDomain: k8s.internal
clusterType: Cloud
cloud:
  prefix: k8s-dev
  provider: Yandex
proxy:
  httpProxy: https://user:password@proxy.company.my:8443
  httpsProxy: https://user:password@proxy.company.my:8443
  noProxy:
  - company.my
  • apiVersionstring

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • cloudobject

    Cloud provider-related settings (if the Cloud clusterType is used).

    • cloud.prefixstring

      A prefix of the objects to be created in the cloud.

      Is used, for example, to distinguish objects created for different clusters, to configure routing, etc.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

    • cloud.providerstring

      Required value

      Cloud provider.

      Allowed values: OpenStack, AWS, GCP, Yandex, vSphere, Azure

  • clusterDomainstring

    Required value

    Cluster domain (used for local routing).

    Default: "cluster.local"

  • clusterTypestring

    Required value

    Type of the cluster infrastructure:

    • Static — a cluster on bare metal (physical servers) or virtual machines. In the case of virtual machines, it is assumed that Deckhouse doesn’t have access to the API for managing virtual machines (they are managed by the administrator using the usual cloud infrastructure tools);
    • Cloud — a cluster deployed on the resources of a cloud infrastructure. This type implies that Deckhouse has access to the cloud infrastructure API for managing virtual machines.

    Allowed values: Cloud, Static

  • defaultCRIstring

    The container runtime type that used on cluster nodes (NodeGroups) by default.

    If the value NotManaged is used, then Deckhouse does not manage the container runtime (and doesn’t install it). In this case, it is necessary to use images for NodeGroups on which the container runtime is already installed.

    Default: "Containerd"

    Allowed values: Docker, Containerd, NotManaged

  • kindstring

    Required value

    Allowed values: ClusterConfiguration

  • kubernetesVersionstring

    Required value

    Kubernetes control plane version to use in a cluster.

    Changing a parameter in a running cluster will automatically update the cluster’s control plane version.

    If Automatic is specified, then the control plane version is used, which is considered stable at the moment. The version may change when the minor version of the Deckhouse release is changed (see a corresponding release message).

    Allowed values: 1.24, 1.25, 1.26, 1.27, 1.28, Automatic

  • podSubnetCIDRstring

    Required value

    Address space of the cluster’s Pods.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

  • podSubnetNodeCIDRPrefixstring

    The prefix of Pod network on a node.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

    Default: "24"

  • proxyobject

    Global proxy setup (mainly for working in air-gapped environments).

    The parameters described in this section will be translated into the environment variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY for all cluster nodes and Deckhouse components. This will result in HTTP(S) requests (curl, git, registry, etc.) to all resources not listed in the noProxy parameter being made through a proxy. Note that the podSubnetCIDR and serviceSubnetCIDR subnets, as well as the clusterDomain domain are added to noProxy automatically.

    Caution! To avoid interfering with internal requests, make sure you list all the host subnets in the noProxy parameter.

    This feature is available in enterprise edition only.

    • proxy.httpProxystring

      Proxy URL for HTTP requests.

      If necessary, specify the proxy server’s username, password, and port.

      This feature is available in enterprise edition only.

      Pattern: ^https?://[0-9a-zA-Z\.\-:@_]+$

      Examples:

      httpProxy: http://proxy.company.my
      
      httpProxy: https://user:password@proxy.company.my:8443
      
    • proxy.httpsProxystring

      Proxy URL for HTTPS requests.

      If necessary, specify the proxy server’s username, password, and port.

      This feature is available in enterprise edition only.

      Pattern: ^https?://[0-9a-zA-Z\.\-:@_]+$

      Examples:

      httpsProxy: http://proxy.company.my
      
      httpsProxy: https://user:password@proxy.company.my:8443
      
    • proxy.noProxyarray of strings

      List of no proxy IP and domain entries.

      For wildcard domains, use a domain name with a dot prefix, e.g., “.example.com”.

      This feature is available in enterprise edition only.

      • Element of the arraystring

        Pattern: ^[a-z0-9\-\./]+$

  • serviceSubnetCIDRstring

    Required value

    Address space of the cluster’s services.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

InitConfiguration

Version: deckhouse.io/v1

Deckhouse configuration to start after installation.

Example:

apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  releaseChannel: Stable
  imagesRepo: nexus.company.my/deckhouse/ee
  registryDockerCfg: eyJhdXRocyI6IHsgIm5leHVzLmNvbXBhbnkubXkiOiB7InVzZXJuYW1lIjoibmV4dXMtdXNlciIsInBhc3N3b3JkIjoibmV4dXMtcEBzc3cwcmQiLCJhdXRoIjoiYm1WNGRYTXRkWE5sY2pwdVpYaDFjeTF3UUhOemR6QnlaQW89In19fQo=
  registryScheme: HTTPS
  registryCA: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  configOverrides:
    global:
      modules:
        publicDomainTemplate: "%s.kube.company.my"
    cniFlannelEnabled: true
    cniFlannel:
      podNetworkMode: VXLAN
  • apiVersionstring

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • deckhouseobject

    Required value

    Initial parameters required to install Deckhouse.

    • deckhouse.bundleDeprecatedstring

      Instead of this parameter, use the bundle parameter of the ModuleConfig ‘deckhouse’.

      The Deckhouse bundle to use in the cluster.

      Default: "Default"

      Allowed values: Minimal, Managed, Default

    • deckhouse.configOverridesDeprecatedobject

      Instead of this parameter, use ModuleConfig resources to configure modules.

      Initial Deckhouse configuration.

      Specify here Deckhouse configuration parameters with which it should start after installation.

      The structure specified in the parameter will be used to create a global Deckhouse configuration (moduleConfig global) and module settings (moduleConfig <module-name>).

      Structure format

      configOverrides:
        global:
          ... global parameters section
        <moduleName>Enabled: true|false
        <moduleName>:
          ... the module parameters section
      

      Caution! The module name in camelCase is used to enable/disable the module and specify its settings (for example, userAuthn) in the configOverrides structure. After installing Deckhouse, the moduleConfig resource is used to manage the module with the module name in snake-case (for example, user-authn).

      Example:

      configOverrides:
        global:
          modules:
            publicDomainTemplate: "%s.k8s.company.my"
        linstorEnabled: true
        monitoringPingEnabled: false
        userAuthn:
          publishAPI:
            enable: true
            https:
              mode: Global
        prometheus:
          longtermRetentionDays: 5
      
    • deckhouse.devBranchDeprecatedstring

      The parameter is used for development needs. Will be replaced with the CLI-tools.

    • deckhouse.imagesRepostring

      Address of a container registry with Deckhouse images.

      Specify it if Deckhouse Enterprise Edition edition or third-party registry (e.g. proxy server in a closed environment) is used.

      The address matches the edition of Deckhouse used. The public container registry address for Deckhouse Enterprise Edition is registry.deckhouse.io/deckhouse/ee.

      Default: "registry.deckhouse.io/deckhouse/ce"

      Pattern: ^[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?(\/[0-9a-zA-Z\.\-\_\/]+)?$

    • deckhouse.logLevelDeprecatedstring

      Instead of this parameter, use the logLevel parameter of the ModuleConfig ‘deckhouse’.

      Deckhouse logging Level.

      Default: "Info"

      Allowed values: Debug, Info, Error

    • deckhouse.registryCAstring

      Root CA certificate to validate the container registry’s HTTPS certificate (if self-signed certificates are used).

    • deckhouse.registryDockerCfgstring

      A Base64-encoded string from the Docker client configuration file (in Linux it is usually $HOME/.docker/config.json), for accessing a third-party container registry.

      For example, to access the container registry registry.company.my under the user user with the password P@ssw0rd it will be eyJhdXRocyI6eyJyZWdpc3RyeS5jb21wYW55Lm15Ijp7ImF1dGgiOiJkWE5sY2pwUVFITnpkekJ5WkFvPSJ9fX0K (string {"auths":{"registry.company.my":{"auth":"dXNlcjpQQHNzdzByZAo="}}} in Base64).

      Default: "eyJhdXRocyI6IHsgInJlZ2lzdHJ5LmRlY2tob3VzZS5pbyI6IHt9fX0="

    • deckhouse.registrySchemestring

      Registry access scheme (HTTP or HTTPS).

      Default: "HTTPS"

      Allowed values: HTTP, HTTPS

    • deckhouse.releaseChannelDeprecatedstring

      Instead of this parameter, use the releaseChannel parameter of the ModuleConfig ‘deckhouse’.

      The release channel to use in the cluster.

      Allowed values: Alpha, Beta, EarlyAccess, Stable, RockSolid

  • kindstring

    Required value

    Allowed values: InitConfiguration

StaticClusterConfiguration

Version: deckhouse.io/v1

Parameters of a static (bare metal) cluster.

To change the StaticClusterConfiguration resource in a running cluster, run the following command:

kubectl -n d8-system exec -ti deploy/deckhouse -c deckhouse -- deckhouse-controller edit static-cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: StaticClusterConfiguration
internalNetworkCIDRs:
- 10.244.0.0/16
- 10.50.0.0/16
  • apiVersionstring

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • internalNetworkCIDRsarray of strings

    List of internal cluster networks.

    Internal cluster networks connect Kubernetes components (kube-apiserver, kubelet, etc.).

    The parameter can be omitted (and the StaticClusterConfiguration resource can be omitted) if each node in the cluster has only one network interface.

    • Element of the arraystring

      Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

      Example:

      192.168.42.0/24
      
  • kindstring

    Required value

    Allowed values: StaticClusterConfiguration