The module is enabled by default in the following bundles: Default, Managed, Minimal.

How to explicitly enable the module…

Note that the configOverrides parameter of the InitConfiguration resource is used when installing Deckhouse, not ModuleConfig.

Set the deckhouseEnabled: true or deckhouseEnabled: false in the configOverrides parameter to explicitly enable or disable the module when installing Deckhouse.

Use the deckhouse section of the configOverrides parameter to configure the module when installing Deckhouse.

Set the spec.enabled module parameter to true or false to explicitly enable or disable the module.

Example of enabling the deckhouse module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: deckhouse
spec:
  enabled: true

Example of disabling the deckhouse module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: deckhouse
spec:
  enabled: false

The module is configured using the ModuleConfig custom resource named deckhouse (learn more about setting up Deckhouse…).

Example of the ModuleConfig/deckhouse resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: deckhouse
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • bundlestring

    The Deckhouse bundle defines a set of modules enabled by default.

    • Default — the recommended set of modules for cluster operation: monitoring, authorization control, networking and other needs.
    • Managed — the bundle aimed at clusters managed by cloud providers (e.g., Google Kubernetes Engine).
    • Minimal — the minimum possible bundle option (includes a single module — this one). Note that several basic modules are not included in the set of modules Minimal (for example, the CNI module). Deckhouse with the set of modules Minimal without the basic modules will be able to work only in an already deployed cluster.

    Default: "Default"

    Allowed values: Default, Minimal, Managed

    Example:

    bundle: Default
  • logLevelstring

    Deckhouse logging level.

    Default: "Info"

    Allowed values: Debug, Info, Error

    Example:

    logLevel: Info
  • nodeSelectorobject

    The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, nodeSelector will be determined automatically.

    Cation! Deckhouse will stop working if there is a nonexistent label in nodeSelector. You need to change the values to the correct ones in ModuleConfig/deckhouse and deployment/deckhouse to get Deckhouse back on track.

  • releaseChannelstring

    Desirable Deckhouse release channel (Deckhouse will switch to it when such an opportunity appears).

    The order in which the stability of the release channel increases (from less stable to more stable): Alpha, Beta, EarlyAccess, Stable, RockSolid.

    Allowed values: Alpha, Beta, EarlyAccess, Stable, RockSolid

    Example:

    releaseChannel: Stable
  • tolerationsarray of objects

    The same as in the Pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, tolerations will be determined automatically.

    Cation! Deckhouse will stop working if tolerations specified are incorrect. You need to change the values to the correct ones in ModuleConfig/deckhouse and deployment/deckhouse to get Deckhouse back on track.

    • tolerations.effectstring
    • tolerations.keystring
    • tolerations.operatorstring
    • tolerations.tolerationSecondsinteger
    • tolerations.valuestring
  • updateobject

    Settings of the Deckhouse update mode and windows.

    Example:

    update:
  windows:
  - from: '8:00'
    to: '15:00'
    days:
    - Tue
    - Sat
  disruptionApprovalMode: Manual
  notification:
    webhook: https://release-webhook.mydomain.com
    minimalNotificationTime: 6h
    auth:
      basic:
        username: user
        password: password
    • update.disruptionApprovalModestring

      Deckhouse release update disruption mode:

      • Auto — approves release with disruptions (potentially dangerous changes) automatically.
      • Manual — requires manual release confirmation (set annotation release.deckhouse.io/disruption-approved=true).

      Default: "Auto"

      Allowed values: Auto, Manual

    • update.modestring

      Deckhouse minor version update mode (release change). Does not affect patch version updates.

      • Auto — all updates are applied automatically.

        Deckhouse minor version updates (release updates, for example, from v1.26.* to v1.27.*), are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel;

      • Manual — to change a minor version of Deckhouse (for example, from v1.26.* to v1.27.*), manual confirmation is required.

        To confirm the update, edit custom resource ‘DeckhouseRelease’, which corresponds to the version by setting the `approved’ field to ‘true’.

      Default: "Auto"

      Allowed values: Auto, Manual

    • update.notificationobject

      Settings for sending notifications of scheduled Deckhouse updates.

      Notifications are sent only when the automatic update mode is set.

      Alerts are sent only for Deckhouse minor version changes — no alerts are sent for patch version changes.

      Example:

      notification:
  webhook: https://release-webhook.mydomain.com
  minimalNotificationTime: 8h
      • update.notification.authobject

        Authentication settings for the webhook.

        If the parameter is omitted, the webhook will be called without authentication.

        • update.notification.auth.basicobject

          Basic authentication settings for the webhook.

          If the parameter is omitted, the webhook will be called without authentication.

          • update.notification.auth.basic.passwordstring

            Required value

            The password for the webhook.

            The username and password will be sent in the Authorization header in the format Basic <base64(username:password)>.

          • update.notification.auth.basic.usernamestring

            Required value

            The username for the webhook.

            The username and password will be sent in the Authorization header in the format Basic <base64(username:password)>.

        • update.notification.auth.bearerTokenstring

          The token for the webhook.

          The token will be sent in the Authorization header in the format Bearer <token>.

      • update.notification.minimalNotificationTimestring

        The minimum time that must pass from the notification before the update.

        It is specified as a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.

        The update mechanism ensures that Deckhouse will not be updated before the specified time.

        When using update windows, the Deckhouse update after the notification will happen at the nearest possible update window, but not before the time specified in minimalNotificationTime expires.

        Pattern: ^([0-9]+h([0-9]+m)?|[0-9]+m)$

        Example:

        minimalNotificationTime: 6h
      • update.notification.tlsSkipVerifyboolean

        Skip TLS certificate verification while webhook request.

        Default: false

      • update.notification.webhookstring

        URL for an external webhook handler.

        The POST request will be sent on the webhook URL after a new minor version of Deckhouse appears on the update channel before it is applied to the cluster.

        Use the minimalNotificationTime parameter if necessary to set the minimum time that must elapse before updating from the moment of notification.

        Example of the POST request payload (Content-Type: application/json):

        {
  "version": "1.36",
  "requirements":  {"k8s": "1.20.0"},
  "changelogLink": "https://github.com/deckhouse/deckhouse/changelog/1.36.md",
  "applyTime": "2023-01-01T14:30:00Z00:00",
  "message": "New Deckhouse Release 1.36 is available. Release will be applied at: Friday, 01-Jan-23 14:30:00 UTC"
}

        Description of POST request fields:

        • version - string, minor version number;
        • requirements - object, version requirements;
        • changelogLink - string, a URL to the minor version changelog;
        • applyTime - string, date and time of the scheduled update (taking into account the configured update windows) in RFC3339 format;
        • message - string, a text message about the availability of the new minor version and the scheduled update time.

        Pattern: ^https?://[^\s/$.?#].[^\s]*$

        Example:

        webhook: https://webhook.site/#!/bc8f71ac-c182-4181-9159-6ba6950afffa
    • update.windowsarray of objects

      List of update windows during the day.

      • update.windows.daysarray of strings

        The days of the week on which the update window is applied.

        Example:

        days:
- Mon
- Wed
        • Element of the arraystring

          Day of the week.

          Allowed values: Mon, Tue, Wed, Thu, Fri, Sat, Sun

          Example:

          Mon
      • update.windows.fromstring

        Required value

        Start time of the update window (UTC timezone).

        Should be less than the end time of the update window.

        Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

        Example:

        from: '13:00'
      • update.windows.tostring

        Required value

        End time of the update window (UTC timezone).

        Should be more than the start time of the update window.

        Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

        Example:

        to: '18:30'