The module is enabled by default in the following bundles: Default
, Managed
, Minimal
.
The module is configured using the ModuleConfig custom resource named deckhouse
(learn more about setting up Deckhouse…).
Example of the ModuleConfig/deckhouse
resource for configuring the module:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: deckhouse
spec:
version: 1
enabled: true
settings: # <-- Module parameters from the "Parameters" section below.
Parameters
Schema version: 1
- bundlestring
The Deckhouse bundle defines a set of modules enabled by default.
Default
— the recommended set of modules for cluster operation: monitoring, authorization control, networking and other needs.Managed
— the bundle aimed at clusters managed by cloud providers (e.g., Google Kubernetes Engine).Minimal
— the minimum possible bundle option (includes a single module — this one). Note that several basic modules are not included in the set of modulesMinimal
(for example, the CNI module). Deckhouse with the set of modulesMinimal
without the basic modules will be able to work only in an already deployed cluster.
Default:
"Default"
Allowed values:
Default
,Minimal
,Managed
Example:
bundle: Default
- logLevelstring
Deckhouse logging level.
Default:
"Info"
Allowed values:
Debug
,Info
,Error
Example:
logLevel: Info
- nodeSelectorobject
The same as in the Pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
,nodeSelector
will be determined automatically.Cation! Deckhouse will stop working if there is a nonexistent label in
nodeSelector
. You need to change the values to the correct ones inModuleConfig/deckhouse
anddeployment/deckhouse
to get Deckhouse back on track. - releaseChannelstring
Desirable Deckhouse release channel (Deckhouse will switch to it when such an opportunity appears).
The order in which the stability of the release channel increases (from less stable to more stable):
Alpha
,Beta
,EarlyAccess
,Stable
,RockSolid
.Allowed values:
Alpha
,Beta
,EarlyAccess
,Stable
,RockSolid
Example:
releaseChannel: Stable
- tolerationsarray of objects
The same as in the Pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
,tolerations
will be determined automatically.Cation! Deckhouse will stop working if
tolerations
specified are incorrect. You need to change the values to the correct ones inModuleConfig/deckhouse
anddeployment/deckhouse
to get Deckhouse back on track.- tolerations.effectstring
- tolerations.keystring
- tolerations.operatorstring
- tolerations.tolerationSecondsinteger
- tolerations.valuestring
- updateobject
Settings of the Deckhouse update mode and windows.
Example:
update: windows: - from: '8:00' to: '15:00' days: - Tue - Sat disruptionApprovalMode: Manual notification: webhook: https://release-webhook.mydomain.com minimalNotificationTime: 6h auth: basic: username: user password: password
- update.disruptionApprovalModestring
Deckhouse release update disruption mode:
Auto
— approves release with disruptions (potentially dangerous changes) automatically.Manual
— requires manual release confirmation (set annotationrelease.deckhouse.io/disruption-approved=true
).
Default:
"Auto"
Allowed values:
Auto
,Manual
- update.modestring
Deckhouse minor version update mode (release change). Does not affect patch version updates.
-
Auto
— all updates are applied automatically.Deckhouse minor version updates (release updates, for example, from
v1.26.*
tov1.27.*
), are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel; -
Manual
— to change a minor version of Deckhouse (for example, fromv1.26.*
tov1.27.*
), manual confirmation is required.To confirm the update, edit custom resource ‘DeckhouseRelease’, which corresponds to the version by setting the `approved’ field to ‘true’.
Default:
"Auto"
Allowed values:
Auto
,Manual
-
- update.notificationobject
Settings for sending notifications of scheduled Deckhouse updates.
Notifications are sent only when the automatic update mode is set.
Alerts are sent only for Deckhouse minor version changes — no alerts are sent for patch version changes.
Example:
notification: webhook: https://release-webhook.mydomain.com minimalNotificationTime: 8h
- update.notification.authobject
Authentication settings for the webhook.
If the parameter is omitted, the webhook will be called without authentication.
- update.notification.auth.basicobject
Basic authentication settings for the webhook.
If the parameter is omitted, the webhook will be called without authentication.
- update.notification.auth.basic.passwordstring
Required value
The password for the webhook.
The username and password will be sent in the
Authorization
header in the formatBasic <base64(username:password)>
. - update.notification.auth.basic.usernamestring
Required value
The username for the webhook.
The username and password will be sent in the
Authorization
header in the formatBasic <base64(username:password)>
.
- update.notification.auth.basic.passwordstring
- update.notification.auth.bearerTokenstring
The token for the webhook.
The token will be sent in the
Authorization
header in the formatBearer <token>
.
- update.notification.auth.basicobject
- update.notification.minimalNotificationTimestring
The minimum time that must pass from the notification before the update.
It is specified as a string containing the time unit in hours and minutes: 30m, 1h, 2h30m, 24h.
The update mechanism ensures that Deckhouse will not be updated before the specified time.
When using update windows, the Deckhouse update after the notification will happen at the nearest possible update window, but not before the time specified in
minimalNotificationTime
expires.Pattern:
^([0-9]+h([0-9]+m)?|[0-9]+m)$
Example:
minimalNotificationTime: 6h
- update.notification.tlsSkipVerifyboolean
Skip TLS certificate verification while webhook request.
Default:
false
- update.notification.webhookstring
URL for an external webhook handler.
The POST request will be sent on the webhook URL after a new minor version of Deckhouse appears on the update channel before it is applied to the cluster.
Use the minimalNotificationTime parameter if necessary to set the minimum time that must elapse before updating from the moment of notification.
Example of the POST request payload (
Content-Type: application/json
):{ "version": "1.36", "requirements": {"k8s": "1.20.0"}, "changelogLink": "https://github.com/deckhouse/deckhouse/changelog/1.36.md", "applyTime": "2023-01-01T14:30:00Z00:00", "message": "New Deckhouse Release 1.36 is available. Release will be applied at: Friday, 01-Jan-23 14:30:00 UTC" }
Description of POST request fields:
version
- string, minor version number;requirements
- object, version requirements;changelogLink
- string, a URL to the minor version changelog;applyTime
- string, date and time of the scheduled update (taking into account the configured update windows) in RFC3339 format;message
- string, a text message about the availability of the new minor version and the scheduled update time.
Pattern:
^https?://[^\s/$.?#].[^\s]*$
Example:
webhook: https://webhook.site/#!/bc8f71ac-c182-4181-9159-6ba6950afffa
- update.notification.authobject
- update.windowsarray of objects
List of update windows during the day.
- update.windows.daysarray of strings
The days of the week on which the update window is applied.
Example:
days: - Mon - Wed
- Element of the arraystring
Day of the week.
Allowed values:
Mon
,Tue
,Wed
,Thu
,Fri
,Sat
,Sun
Example:
Mon
- Element of the arraystring
- update.windows.fromstring
Required value
Start time of the update window (UTC timezone).
Should be less than the end time of the update window.
Pattern:
^(?:\d|[01]\d|2[0-3]):[0-5]\d$
Example:
from: '13:00'
- update.windows.tostring
Required value
End time of the update window (UTC timezone).
Should be more than the start time of the update window.
Pattern:
^(?:\d|[01]\d|2[0-3]):[0-5]\d$
Example:
to: '18:30'
- update.windows.daysarray of strings
- update.disruptionApprovalModestring