The global Deckhouse settings are stored in the global parameter of the Deckhouse configuration.

The publicDomainTemplate parameter defines the template some Deckhouse modules use to create Ingress resources. To access them, you can either configure your DNS or add the DNS mappings locally (e.g., in the /etc/hosts file in Linux).

You can use the nip.io service (or similar) for testing if wildcard DNS records are unavailable to you for some reason. Pay attention to some nuances of ConfigMap deckhouse.

Parameters

  • highAvailabilityboolean

    A global switch to enable the high availability mode for modules that support it.

    If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

    Examples:

    highAvailability: true
    
    highAvailability: false
    
  • modulesobject

    Common parameters of Deckhouse modules.

    • httpsobject

      The HTTPS implementation used by the Deckhouse modules.

      Examples:

      https:
        certManager:
          clusterIssuerName: letsencrypt
        mode: CertManager
      
      https:
        mode: Disabled
      
      https:
        mode: OnlyInURI
      
      https:
        mode: CustomCertificate
        customCertificate:
          secretName: plainstring
      
      • certManagerobject
        • clusterIssuerNamestring

          Name of a ClusterIssuer to use for Deckhouse modules.

          The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.

          Default: "letsencrypt"

      • customCertificateobject
        • secretNamestring

          The name of the secret in the d8-system namespace to use with Deckhouse modules.

          This secret must have the kubernetes.io/tls format.

          Default: "false"

      • modestring

        The HTTPS usage mode:

        • CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
        • CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
        • Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
        • OnlyInURI — Deckhouse modules use HTTP (in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS).

        Default: "CertManager"

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • ingressClassstring

      The class of the Ingress controller (Ingress class) used for Deckhouse modules.

      Default: "nginx"

      Example:

      ingressClass: nginx
      
    • placementobject

      Parameters regulating the layout of Deckhouse module components.

      • customTolerationKeysarray of strings

        A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.

        Example:

        customTolerationKeys:
        - dedicated.example.com
        - node-dedicated.example.com/master
        
    • proxyobject

      Global proxy setup for modules.

      Example:

      proxy:
        httpProxy: http://1.2.3.4:80
        httpsProxy: https://1.2.3.4:443
        noProxy:
        - 127.0.0.1
        - 192.168.0.0/24
        - example.com
        - ".example.com"
      
      • httpProxystring

        Proxy URL for HTTP requests.

        Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

      • httpsProxystring

        Proxy URL for HTTPS requests.

        Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

      • noProxyarray of strings

        List of no proxy IP and domain entries.

        • Element of the arraystring

          Pattern: ^[a-z0-9\-\./]+$

    • publicDomainTemplatestring

      The template with the %s key as the dynamic string parameter.

      Deckhouse modules use this template for creating Ingress resources.

      E.g., if the template is %s.kube.company.my, the prometheus module will create an Ingress resource for the grafana.kube.company.my hosts to access Grafana.

      Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.

      If this parameter is omitted, no Ingress resources will be created.

      Pattern: .*%s.*

      Example:

      publicDomainTemplate: "%s.kube.company.my"
      
    • resourcesRequestsobject

      The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).

      More about resource units in Kubernetes.

      • controlPlaneobject

        The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).

        Example:

        controlPlane:
          cpu: 1000m
          memory: 500M
        
        • cpu

          The combined CPU requests for control-plane components on each master node.

        • memorystring

          The combined memory requests for control-plane components on each master node.

          Pattern: ^[0-9]+(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

      • everyNodeDeprecatedobject

        The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster.

        Example:

        everyNode:
          cpu: 100m
          memory: 150M
        
        • cpu

          The combined CPU requests for all the Deckhouse components on each node.

          Default: 300m

        • memorystring

          The combined memory requests for all the Deckhouse components on each node.

          Default: "512Mi"

          Pattern: ^[0-9]+(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

      • masterNodeDeprecatedobject

        The amount of resources (CPU and memory) allocated to Deckhouse components running on the master nodes (including control plane components, if they are managed by Deckhouse).

        Caution! Deckhouse may not manage control plane components in KaaS clusters (Kubernetes as a Service, managed Kubernetes service, etc.). In such cases, all the specified resources are allocated to the Deckhouse components except the control plane.

        Example:

        masterNode:
          cpu: '1'
          memory: 150Mi
        
        • cpu

          The combined CPU requests for Deckhouse components on master nodes in addition to everyNode.cpu.

          • For a Deckhouse-controlled cluster, the default value is calculated automatically: .status.allocatable.cpu of the smallest master node (no more than 4 (CPU cores)) minus everyNode.cpu.
          • For a managed cluster, the default value is 1 (CPU core) minus everyNode.cpu.
        • memorystring

          The total amount of memory allocated to Deckhouse components on master nodes in addition to everyNode.memory.

          • For a Deckhouse-managed cluster, the default value is calculated automatically: .status.allocatable.memory of the smallest master node (no more than 8Gi) minus everyNode.memory.
          • For a managed cluster, the default value is 1Gi minus everyNode.memory.

          Pattern: ^[0-9]+(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

  • storageClassstring

    The storage class to use with all Deckhouse components (Prometheus, Grafana, OpenVPN, etc.).

    • If not defined, components use cluster.defaultStorageClass (which is determined automatically) or emptyDir (if cluster.defaultStorageClass isn’t defined).
    • Use this parameter only in exceptional circumstances.

    Default: ""