ClusterConfiguration
Version: deckhouse.io/v1
General parameters of a cluster.
Defines, for example, network and CRI parameters, control plane version, etc. Some parameters can be changed after the cluster is bootstrapped, during its operation.
To change the ClusterConfiguration resource in a running cluster, run the following command:
d8 platform edit cluster-configuration
Example:
apiVersion: deckhouse.io/v1
kind: ClusterConfiguration
podSubnetNodeCIDRPrefix: '24'
podSubnetCIDR: 10.244.0.0/16
serviceSubnetCIDR: 192.168.0.0/16
kubernetesVersion: '1.29'
clusterDomain: k8s.internal
clusterType: Cloud
cloud:
  prefix: k8s-dev
  provider: Yandex
proxy:
  httpProxy: https://user:password@proxy.company.my:8443
  httpsProxy: https://user:password@proxy.company.my:8443
  noProxy:
  - company.my
- stringapiVersionRequired value Version of the Deckhouse API. Allowed values: deckhouse.io/v1,deckhouse.io/v1alpha1
- stringcloud.prefixA prefix of the objects to be created in the cloud. Is used, for example, to distinguish objects created for different clusters, to configure routing, etc. Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
- stringcloud.providerRequired value Cloud provider. Allowed values: OpenStack,AWS,GCP,Yandex,vSphere,Azure,VCD,Zvirt,Dynamix,Huaweicloud,DVP
 
- stringclusterDomainRequired value Cluster domain (used for local routing). Please note: the domain must not match the domain used in the DNS name template in the publicDomainTemplate parameter. For example, you cannot set cluster Domain: cluster.localandpublicDomainTemplate: %s.cluster.localat the same time.If you need to change a parameter in a running cluster, it is recommended to use instructions Default: cluster.local
- stringclusterTypeRequired value Type of the cluster infrastructure: - Static— a cluster on bare metal (physical servers) or virtual machines. In the case of virtual machines, it is assumed that Deckhouse doesn’t have access to the API for managing virtual machines (they are managed by the administrator using the usual cloud infrastructure tools);
- Cloud— a cluster deployed on the resources of a cloud infrastructure. This type implies that Deckhouse has access to the cloud infrastructure API for managing virtual machines.
 Allowed values: Cloud,Static
- stringdefaultCRIThe container runtime type that used on cluster nodes (NodeGroups) by default. If the value NotManagedis used, then Deckhouse does not manage the container runtime (and doesn’t install it). In this case, it is necessary to use images for NodeGroups on which the container runtime is already installed.If ContainerdV2is set,CgroupsV2will be used (providing improved security and resource management). To useContainerdV2as the container runtime, cluster nodes must meet the following requirements:- Support for CgroupsV2.
- Linux kernel version 5.8or newer.
- Systemd version 244or newer.
- Support for erofskernel module.
 Default: ContainerdAllowed values: Containerd,ContainerdV2,NotManaged
- Support for 
- stringencryptionAlgorithmIn Kubernetes version 1.30 and earlier, only the RSA-2048algorithm is supported.Starting from version 1.31, kubeadm use the specified asymmetric encryption algorithm when generating keys and certificates for the following control-plane components: - apiserver
- apiserver-kubelet-client
- apiserver-etcd-client
- front-proxy-client
- etcd-server
- etcd-peer
- etcd-healthcheck-client
 Certificates for the components listed above will be reissued using the selected algorithm and key length. Warning. When reissuing certificates, the root certificate (CA) is not rotated. The root certificate is created with the selected algorithm only during the initial cluster bootstrap. Default: RSA-2048Allowed values: RSA-2048,RSA-3072,RSA-4096,ECDSA-P256
- stringkindRequired value Allowed values: ClusterConfiguration
- stringkubernetesVersionRequired value Kubernetes version (control plane components of the cluster). Changing a parameter in a running cluster will automatically update the cluster’s control plane version. If Automaticis specified, then the control plane version is used, which is considered stable at the moment. If the stable version of control plane is less than the maximum version that has ever been installed in the cluster, more than 1 minor version, then the version of the cluster will not be changed. The version may change when the minor version of the Deckhouse release is changed (see a corresponding release message).Allowed values: 1.29,1.30,1.31,1.32,1.33,Automatic
- stringpodSubnetCIDRRequired value Address space of the cluster’s Pods. Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag. 
- stringpodSubnetNodeCIDRPrefixThe prefix of Pod network on a node. Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag. Default: 24
- objectproxyAvailable in editions: BE, SE, SE+, EE Global proxy setup (mainly for working in air-gapped environments). The parameters described in this section will be translated into the environment variables HTTP_PROXY,HTTPS_PROXY, andNO_PROXYfor all cluster nodes and Deckhouse components. This will result in HTTP(S) requests (curl, git, registry, etc.) to all resources not listed in thenoProxyparameter being made through a proxy. Note that thepodSubnetCIDRandserviceSubnetCIDRsubnets, as well as theclusterDomaindomain are added tonoProxyautomatically.Caution! To avoid using proxies in requests between pods and services located in the cluster node network, make sure you list all the host subnets in the noProxyparameter.- stringproxy.httpProxyAvailable in editions: BE, SE, SE+, EE Proxy URL for HTTP requests. If necessary, specify the proxy server’s username, password, and port. Pattern: ^https?://([!*'();&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+(\:[!*'();:@&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+)?@)?[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?$Examples: httpProxy: http://proxy.company.myhttpProxy: https://user:password@proxy.company.my:8443httpProxy: https://DOMAIN%5Cuser:password@proxy.company.my:8443httpProxy: https://user%40domain.local:password@proxy.company.my:8443
- stringproxy.httpsProxyAvailable in editions: BE, SE, SE+, EE Proxy URL for HTTPS requests. If necessary, specify the proxy server’s username, password, and port. Pattern: ^https?://([!*'();&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+(\:[!*'();:@&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+)?@)?[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?$Examples: httpsProxy: http://proxy.company.myhttpsProxy: https://user:password@proxy.company.my:8443httpsProxy: https://DOMAIN%5Cuser:password@proxy.company.my:8443httpsProxy: https://user%40domain.local:password@proxy.company.my:8443
- array of stringsproxy.noProxyAvailable in editions: BE, SE, SE+, EE List of no proxy IP and domain entries. For wildcard domains, use a domain name with a dot prefix, e.g., “.example.com”. Caution. If the cluster is supposed to have pods interacting with services located in the cluster node network, then specify the list of subnets that are used on the nodes. - stringElement of the arrayPattern: ^[a-z0-9\-\./]+$
 
 
- stringserviceSubnetCIDRRequired value Address space of the cluster’s services. Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag. 
DeckhouseRelease
Scope: Cluster
Version: v1alpha1
Defines the configuration for Deckhouse release.
- booleanapprovedAllows or disables manual updates. Ignored if the module’s update mode is set to Auto(update.mode: Auto).Default: false
- objectspecRequired value - stringspec.applyAfterMarks release as a part of canary release. This release will be delayed until this time. 
- objectspec.changelogRelease’s changelog for enabled modules. 
- stringspec.changelogLinkLink to site with full changelog for this release. 
- array of stringsspec.disruptionsDeprecatedDisruptive changes in the release. 
- objectspec.requirementsDeckhouse release requirements. 
- stringspec.versionRequired value Deckhouse version. Example: version: v1.24.20
 
InitConfiguration
Version: deckhouse.io/v1
Deckhouse configuration to start after installation.
Example:
apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  imagesRepo: nexus.company.my/deckhouse/ee
  registryDockerCfg: eyJhdXRocyI6IHsgIm5leHVzLmNvbXBhbnkubXkiOiB7InVzZXJuYW1lIjoibmV4dXMtdXNlciIsInBhc3N3b3JkIjoibmV4dXMtcEBzc3cwcmQiLCJhdXRoIjoiYm1WNGRYTXRkWE5sY2pwdVpYaDFjeTF3UUhOemR6QnlaQW89In19fQo=
  registryScheme: HTTPS
  registryCA: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
- stringapiVersionRequired value Version of the Deckhouse API. Allowed values: deckhouse.io/v1,deckhouse.io/v1alpha1
- objectdeckhouseRequired value Initial parameters required to install Deckhouse. - stringdeckhouse.devBranchDeprecatedThe parameter is used for development needs. Will be replaced with the CLI-tools. 
- stringdeckhouse.imagesRepoAddress of a container registry with Deckhouse images. Specify it if Deckhouse Enterprise Edition edition or third-party registry (e.g. proxy server in a closed environment) is used. The address matches the edition of Deckhouse used. The public container registry address for Deckhouse Enterprise Edition is registry.deckhouse.io/deckhouse/ee.Default: registry.deckhouse.io/deckhouse/cePattern: ^[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?(\/[0-9a-zA-Z\.\-\_\/]+)?$
- stringdeckhouse.registryCARoot CA certificate to validate the container registry’s HTTPS certificate (if self-signed certificates are used). 
- stringdeckhouse.registryDockerCfgA Base64-encoded string from the Docker client configuration file (in Linux it is usually $HOME/.docker/config.json), for accessing a third-party container registry.For example, to access the container registry registry.company.myunder the useruserwith the passwordP@ssw0rdit will beeyJhdXRocyI6eyJyZWdpc3RyeS5jb21wYW55Lm15Ijp7ImF1dGgiOiJkWE5sY2pwUVFITnpkekJ5WkFvPSJ9fX0K(string{"auths":{"registry.company.my":{"auth":"dXNlcjpQQHNzdzByZAo="}}}in Base64).Default: eyJhdXRocyI6IHsgInJlZ2lzdHJ5LmRlY2tob3VzZS5pbyI6IHt9fX0=
- stringdeckhouse.registrySchemeRegistry access scheme (HTTP or HTTPS). Default: HTTPSAllowed values: HTTP,HTTPS
 
- stringkindRequired value Allowed values: InitConfiguration
Module
Scope: Cluster
Version: v1alpha1
Describes the module’s status in the cluster. The Module object is created automatically after configuring the ModuleSource and successfully completing synchronization.
- objectproperties- objectproperties.accessibilityModule accessibility settings. - objectproperties.accessibility.editionsModule operation settings in Deckhouse editions. 
 
- array of stringsproperties.availableSourcesAvailable sources for downloading the module. 
- booleanproperties.criticalIndicates whether the module critical or not. 
- objectproperties.disableOptionsParameters of module disable protection. - booleanproperties.disableOptions.confirmation
- stringproperties.disableOptions.message
 
- stringproperties.exclusiveGroupIndicates the group where only one module can be active at a time. 
- stringproperties.namespaceModule namespace. 
- stringproperties.releaseChannelModule release channel. 
- objectproperties.requirementsModule dependencies, a set of requirements that must be met for Deckhouse Kubernetes Platform (DKP) to run the module. - stringproperties.requirements.bootstrappedRequired cluster installation status (for built-in DKP modules only). 
- stringproperties.requirements.deckhouseRequired Deckhouse version. 
- stringproperties.requirements.kubernetesRequired Kubernetes version. 
- objectproperties.requirements.modulesA list of other enabled modules required for the module. 
 
- stringproperties.sourceSource the module was downloaded from (otherwise will be blank). 
- stringproperties.stageCurrent stage of the module lifecycle. 
- array of stringsproperties.subsystemsModule subsystems. 
- stringproperties.updatePolicyModule update policy. 
- stringproperties.versionModule version. 
- integerproperties.weightModule weight (priority). 
 
ModuleConfig
Scope: Cluster
Version: v1alpha1
Defines the configuration of the Deckhouse Kubernetes Platform module (module parameters). The name of the ModuleConfig resource must match the name of the module (for example, control-plane-manager for the control-plane-manager module).
Example:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: module-1
spec:
  enabled: true
  settings: {}
  version: 1
- objectspecRequired value - booleanspec.enabledEnables or disables the module. Example: enabled: 'false'
- stringspec.maintenanceDefines the module maintenance mode. - 
    NoResourceReconciliation: A mode for developing or tweaking the module.In this mode: - Configuration or hook changes are not reconciled, which prevents resources from being updated automatically.
- Resource monitoring is disabled, which prevents deleted resources from being restored.
- All the module’s resources are labeled with maintenance: NoResourceReconciliation.
- The ModuleIsInMaintenanceModealert is triggered.
 
 Allowed values: NoResourceReconciliationExample: maintenance: NoResourceReconciliation
- 
    
- objectspec.settingsModule settings. 
- stringspec.sourceThe source of the module it provided by one (otherwise empty). 
- stringspec.updatePolicyModule update policy. Example: updatePolicy: test-alpha
- numberspec.versionVersion of settings schema. Example: version: '1'
 
ModuleDocumentation
Scope: Cluster
Version: v1alpha1
Defines the rendering configuration of the Deckhouse module documentation.
Deckhouse creates ModuleDocumentation resources by itself.
- objectspecRequired value - stringspec.checksumModule version checksum. 
- stringspec.pathPath to the module version. 
- stringspec.versionRequired value Module version. Example: version: v1.0.0
 
ModulePullOverride
Scope: Cluster
Defines the resource configuration for downloading specific versions of Deckhouse modules.
Caution. This resource is intended for development and debugging environments only. Using it in production clusters is not recommended. Support for the resource might be removed in future Deckhouse Kubernetes Platform versions.
- objectspecRequired value - stringspec.imageTagRequired value Module container image tag, which will be pulled. 
- booleanspec.rollbackIndicates whether the module release should be rollback after deleting mpo. Default: false
- stringspec.scanIntervalScan interval for checking the image digest. If the digest changes, the module is updated. Default: 15s
 
Deprecated resource. Support for the resource might be removed in a later release.
Defines the configuration.
- objectspecRequired value - stringspec.imageTagRequired value Module container image tag, which will be pulled. 
- booleanspec.rollbackIndicates whether the module release should be rollback after deleting ModulePullOverride. Default: false
- stringspec.scanIntervalScan interval for checking the image digest. If the digest changes, the module is updated. Default: 15s
- stringspec.sourceRequired value Reference to the ModuleSource with the module. 
 
ModuleRelease
Scope: Cluster
Version: v1alpha1
Defines the configuration for a Deckhouse release.
ModuleRelease resources are created by Deckhouse.
- objectspecRequired value - stringspec.applyAfterTime until which the release will be delayed. 
- objectspec.changelogRelease’s changelog for the module. 
- stringspec.moduleNameRequired value Module name. 
- objectspec.requirementsRelease dependencies, a set of requirements that must be met for Deckhouse Kubernetes Platform to run the module release. - stringspec.requirements.deckhouseRequired Deckhouse version. 
- stringspec.requirements.kubernetesRequired Kubernetes version. 
- objectspec.requirements.modulesA list of other modules required for the module release. Ensure the modules are enabled. 
 
- objectspec.updateOptional transition rules. - array of objectsspec.update.versionsList of from→totransition rules that allow skipping step-by-step updates. If the current installed module version (statusDeployed) is not lower thanfrom, and the cluster has a release whose version matchesto, the controller will skip intermediate releases and update the module to the version fromto. Thetovalue can specify a minor line (X.Y— the latest availableX.Y.Zwill be selected). The rule is specified in the constrained release — the one whose version matchesto.- stringspec.update.versions.fromRequired value The minimum version from which the transition is allowed (format X.Y).
- stringspec.update.versions.toRequired value The end version of the range — a minor line ( X.Y).
 
 
- stringspec.versionRequired value Module version. Example: version: v1.0.0
- integerspec.weightModule weight (priority). 
 
ModuleSettingsDefinition
Scope: Cluster
Version: v1alpha1
It displays module settings. Defines a list of module settings versions.
- objectspecRequired value Specification of the module settings. - array of objectsspec.versionsList of module settings versions. Each version includes a name and a schema. - array of objectsspec.versions.conversionsList of conversion rules for this version. A single conversion rule with expressions and descriptions. - objectspec.versions.conversions.descriptionsLocalized descriptions of the conversion. - stringspec.versions.conversions.descriptions.enEnglish description of the conversion. 
- stringspec.versions.conversions.descriptions.ruRussian description of the conversion. 
 
- array of stringsspec.versions.conversions.exprArray of jq expressions to transform settings. 
 
- stringspec.versions.nameRequired value Module settings version. 
- objectspec.versions.schemaSettings schema for the given module version. 
 
 
ModuleSource
Scope: Cluster
Version: v1alpha1
Defines the configuration of a source of Deckhouse modules.
Example:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleSource
metadata:
  name: example
spec:
  registry:
    repo: registry.example.io/modules-source
    dockerCfg: "<base64 encoded credentials>"
- objectspecRequired value - objectspec.registryRequired value - stringspec.registry.caRoot CA certificate (PEM format) to validate the registry’s HTTPS certificate (if self-signed certificates are used). Creating a ModuleSource resource with the CA certificate spec will cause the container to restart on all nodes. 
- stringspec.registry.dockerCfgContainer registry access token in Base64. If using anonymous access to the container registry, do not fill in this field. 
- stringspec.registry.repoRequired value URL of the container registry. Example: repo: registry.example.io/deckhouse/modules
- stringspec.registry.schemeProtocol to access the registry. Default: HTTPSAllowed values: HTTP,HTTPS
 
- stringspec.releaseChannelDeprecatedDesirable default release channel for modules in the current source. 
 
ModuleUpdatePolicy
Scope: Cluster
Defines the update settings for a module’s release.
Example:
apiVersion: deckhouse.io/v1alpha2
kind: ModuleUpdatePolicy
metadata:
  name: example-update-policy
spec:
  releaseChannel: Alpha
  update:
    mode: Auto
    windows:
    - days:
      - Mon
      - Wed
      from: '13:30'
      to: '14:00'
- objectspecRequired value - stringspec.releaseChannelDesirable module release channel. The order in which the stability of the release channel increases (from less stable to more stable): Alpha,Beta,EarlyAccess,Stable,RockSolid.Default: StableAllowed values: Alpha,Beta,EarlyAccess,Stable,RockSolid
- objectspec.updateRequired value Update settings for target modules. - stringspec.update.modeModules version update mode (release change). - 
    AutoPatch— automatic update mode for patch releases.To change a minor version (for example, from v1.15.*tov1.16.*), confirmation is required.A patch version update (for example, from v1.16.1tov1.16.2) is applied according to the update windows, if they are set.
- 
    Auto— all updates are applied automatically.Modules minor version updates (for example, from v1.15.*tov1.16.*) and patch version updates (for example, fromv1.16.1tov1.16.2) are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel;
- 
    Manual— confirmation is required for updating both minor and patch versions.
 To confirm the update, add the modules.deckhouse.io/approved="true"annotation to the corresponding ModuleRelease resource.Default: AutoAllowed values: Auto,Manual,AutoPatch
- 
    
- array of objectsspec.update.windowsModules update timetable. - array of stringsspec.update.windows.daysThe days of the week on which the update window is applied. Examples: days: Mondays: Wed- stringElement of the arrayDay of the week. Allowed values: Mon,Tue,Wed,Thu,Fri,Sat,SunExample: Mon
 
- stringspec.update.windows.fromRequired value Start time of the update window (UTC timezone). Should be less than the end time of the update window. Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$Example: from: '13:00'
- stringspec.update.windows.toRequired value End time of the update window (UTC timezone). Should be more than the start time of the update window. Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$Example: to: '18:30'
 
 
 
Deprecated resource. Support for the resource might be removed in a later release.
Defines the update settings for a module’s release.
Example:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleUpdatePolicy
metadata:
  name: example-update-policy
spec:
  moduleReleaseSelector:
    labelSelector:
      matchLabels:
        source: example
        module: module-1
  releaseChannel: Alpha
  update:
    mode: Auto
    windows:
    - days:
      - Mon
      - Wed
      from: '13:30'
      to: '14:00'
- objectspecRequired value - objectspec.moduleReleaseSelectorRequired value Selects target modules to apply update settings to. - objectspec.moduleReleaseSelector.labelSelectorRequired value Label-selector-based filter to match target modules. If both matchExpressionsandmatchLabelsparameters are set, their requirements are ANDed together — they must all be satisfied in order to match. If multiplematchExpressionconditions are provided, they all must be satisfied in order to match.- array of objectsspec.moduleReleaseSelector.labelSelector.matchExpressionsAn array of set-based expressions. - stringspec.moduleReleaseSelector.labelSelector.matchExpressions.keyRequired value A label name. 
- stringspec.moduleReleaseSelector.labelSelector.matchExpressions.operatorRequired value A comparison operator. Allowed values: In,NotIn,Exists,DoesNotExist
- array of stringsspec.moduleReleaseSelector.labelSelector.matchExpressions.valuesA label value. 
 
- objectspec.moduleReleaseSelector.labelSelector.matchLabelsA number of equality-based label filters. Example: matchLabels: source: deckhouse module: deckhouse-admin
 
 
- stringspec.releaseChannelDesirable module release channel. The order in which the stability of the release channel increases (from less stable to more stable): Alpha,Beta,EarlyAccess,Stable,RockSolid.Default: StableAllowed values: Alpha,Beta,EarlyAccess,Stable,RockSolid
- objectspec.updateRequired value Update settings for target modules. - stringspec.update.modeModules version update mode (release change). - 
    AutoPatch— automatic update mode for patch releases.To change a minor version (for example, from v1.15.*tov1.16.*), confirmation is required.A patch version update (for example, from v1.16.1tov1.16.2) is applied according to the update windows, if they are set.
- 
    Auto— all updates are applied automatically.Modules minor version updates (for example, from v1.15.*tov1.16.*) and patch version updates (for example, fromv1.16.1tov1.16.2) are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel;
- 
    Manual— confirmation is required for updating both minor and patch versions.
 To confirm the update, add the modules.deckhouse.io/approved="true"annotation to the corresponding ModuleRelease resource.- Ignore— updates are ignored.
 Default: AutoPatchAllowed values: Auto,Manual,Ignore,AutoPatch
- 
    
- array of objectsspec.update.windowsModules update timetable. - array of stringsspec.update.windows.daysThe days of the week on which the update window is applied. Examples: days: Mondays: Wed- stringElement of the arrayDay of the week. Allowed values: Mon,Tue,Wed,Thu,Fri,Sat,SunExample: Mon
 
- stringspec.update.windows.fromRequired value Start time of the update window (UTC timezone). Should be less than the end time of the update window. Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$Example: from: '13:00'
- stringspec.update.windows.toRequired value End time of the update window (UTC timezone). Should be more than the start time of the update window. Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$Example: to: '18:30'
 
 
 
StaticClusterConfiguration
Version: deckhouse.io/v1
Parameters of a static (bare metal) cluster.
To change the StaticClusterConfiguration resource in a running cluster, run the following command:
d8 p edit static-cluster-configuration
Example:
apiVersion: deckhouse.io/v1
kind: StaticClusterConfiguration
internalNetworkCIDRs:
- 10.244.0.0/16
- 10.50.0.0/16
- stringapiVersionRequired value Version of the Deckhouse API. Allowed values: deckhouse.io/v1,deckhouse.io/v1alpha1
- array of stringsinternalNetworkCIDRsList of internal cluster networks. Internal cluster networks connect Kubernetes components ( kube-apiserver,kubelet, etc.).The parameter is mandatory in the following cases: - Cluster nodes have more than one network interface
- The cluster is deployed inside a Deckhouse Virtualization Platform
 When changing the value, subnets in the new list must include IP addresses of currently joined nodes. Example: internalNetworkCIDRs: - 192.168.42.0/24 - 172.16.16.0/24- stringElement of the arrayPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$
 
- stringkindRequired value Allowed values: StaticClusterConfiguration
SSHConfig
Version: dhctl.deckhouse.io/v1
General dhctl SSH config.
Example:
apiVersion: dhctl.deckhouse.io/v1
kind: SSHConfig
sshUser: user
sshPort: 22
sshExtraArgs: "-vvv"
sshAgentPrivateKeys:
- key: "<ssh-private-key>"
- stringapiVersionVersion of the Deckhouse API. Allowed values: dhctl.deckhouse.io/v1
- stringkindAllowed values: SSHConfig
- booleanlegacyModeSwitch to legacy SSH mode (clissh). 
- booleanmodernModeSwitch to modern SSH mode (gossh). 
- array of objectssshAgentPrivateKeys- stringsshAgentPrivateKeys.keyRequired value Private SSH key. 
- stringsshAgentPrivateKeys.passphrasePassword for SSH key. 
 
- stringsshBastionHostSSH bastion host. 
- stringsshBastionPasswordA password for the bastion user. 
- integersshBastionPortPort of SSH bastion. 
- stringsshBastionUserUsername for bastion. 
- stringsshExtraArgsAdditional arguments for SSH connection. 
- integersshPortSSH port. 
- stringsshUserSSH username. 
- stringsudoPasswordA sudo password for the user. 
SSHHost
Version: dhctl.deckhouse.io/v1
General dhctl SSH host config.
Example:
apiVersion: dhctl.deckhouse.io/v1
kind: SSHHost
host: 172.16.0.0
- stringapiVersionRequired value Version of the Deckhouse API. Allowed values: dhctl.deckhouse.io/v1
- stringhostRequired value Host. 
- stringkindRequired value Allowed values: SSHHost