Global configuration

Schema version: 1

• highAvailabilityboolean

  A global switch to enable the high availability mode for modules that support it.

  If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

  Examples:

  highAvailability: true
  

  highAvailability: false
  

• modulesobject

  Common parameters of Deckhouse modules.

  • modules.httpsobject

    The HTTPS implementation used by the Deckhouse modules.

    Examples:

    https:
      certManager:
        clusterIssuerName: letsencrypt
      mode: CertManager
    

    https:
      mode: Disabled
    

    https:
      mode: OnlyInURI
    

    https:
      mode: CustomCertificate
      customCertificate:
        secretName: plainstring
    

    • modules.https.certManagerobject
      • modules.https.certManager.clusterIssuerNamestring

        Name of a ClusterIssuer to use for Deckhouse modules.

        The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.

        Default: "letsencrypt"

    • modules.https.customCertificateobject
      • modules.https.customCertificate.secretNamestring

        The name of the secret in the d8-system namespace to use with Deckhouse modules.

        This secret must have the kubernetes.io/tls format.

        Default: "false"

    • modules.https.modestring

      The HTTPS usage mode:

      • CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
      • CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
      • Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
      • OnlyInURI — Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.

      Default: "CertManager"

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • modules.ingressClassstring

    The class of the Ingress controller (Ingress class) used for Deckhouse modules.

    Default: "nginx"

    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    Example:

    ingressClass: nginx
    

  • modules.placementobject

    Parameters regulating the layout of Deckhouse module components.

    • modules.placement.customTolerationKeysarray of strings

      A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.

      Example:

      customTolerationKeys:
      - dedicated.example.com
      - node-dedicated.example.com/master
      

  • modules.proxyDeprecatedobject

    Global proxy setup for modules.

    Example:

    proxy:
      httpProxy: http://1.2.3.4:80
      httpsProxy: https://1.2.3.4:443
      noProxy:
      - 127.0.0.1
      - 192.168.0.0/24
      - example.com
      - ".example.com"
    

    • modules.proxy.httpProxyDeprecatedstring

      Proxy URL for HTTP requests.

      Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

    • modules.proxy.httpsProxyDeprecatedstring

      Proxy URL for HTTPS requests.

      Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

    • modules.proxy.noProxyDeprecatedarray of strings

      List of no proxy IP and domain entries. Use a domain name with a dot prefix for wildcard domains (e.g., .example.com).

      • Element of the arraystring

        Pattern: ^[a-z0-9\-\./]+$

  • modules.publicDomainTemplatestring

    The template with the %s key as the dynamic string parameter.

    Deckhouse modules use this template for creating Ingress resources.

    E.g., if the template is %s.kube.company.my, the prometheus module will create an Ingress resource for the grafana.kube.company.my hosts to access Grafana.

    Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.

    Pay attention to the following:

    • Domain must be different from clusterDomain!**
    • Domain used in the template must not match the domain specified in the clusterDomain parameter. For example, if clusterDomain is set to cluster.local (the default value), publicDomainTemplate cannot be set to %s.cluster.local.

    If this parameter is omitted, no Ingress resources will be created.

    Pattern: ^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    Examples:

    publicDomainTemplate: "%s.kube.company.my"
    

    publicDomainTemplate: kube-%s.company.my
    

  • modules.resourcesRequestsobject

    The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).

    More about resource units in Kubernetes.

    • modules.resourcesRequests.controlPlaneobject

      The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).

      Example:

      controlPlane:
        cpu: 1000m
        memory: 500M
      

      • modules.resourcesRequests.controlPlane.cpu

        The combined CPU requests for control-plane components on each master node.

      • modules.resourcesRequests.controlPlane.memorystring

        The combined memory requests for control-plane components on each master node.

        Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

    • modules.resourcesRequests.everyNodeDeprecatedobject

      The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster.

      Example:

      everyNode:
        cpu: 100m
        memory: 150M
      

      • modules.resourcesRequests.everyNode.cpu

        The combined CPU requests for all the Deckhouse components on each node.

        Default: 300m

      • modules.resourcesRequests.everyNode.memorystring

        The combined memory requests for all the Deckhouse components on each node.

        Default: "512Mi"

        Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

    • modules.resourcesRequests.masterNodeDeprecatedobject

      The amount of resources (CPU and memory) allocated to Deckhouse components running on the master nodes (including control plane components, if they are managed by Deckhouse).

      Caution! Deckhouse may not manage control plane components in KaaS clusters (Kubernetes as a Service, managed Kubernetes service, etc.). In such cases, all the specified resources are allocated to the Deckhouse components except the control plane.

      Example:

      masterNode:
        cpu: '1'
        memory: 150Mi
      

      • modules.resourcesRequests.masterNode.cpu

        The combined CPU requests for Deckhouse components on master nodes in addition to everyNode.cpu.

        • For a Deckhouse-controlled cluster, the default value is calculated automatically: .status.allocatable.cpu of the smallest master node (no more than 4 (CPU cores)) minus everyNode.cpu.
        • For a managed cluster, the default value is 1 (CPU core) minus everyNode.cpu.
      • modules.resourcesRequests.masterNode.memorystring

        The total amount of memory allocated to Deckhouse components on master nodes in addition to everyNode.memory.

        • For a Deckhouse-managed cluster, the default value is calculated automatically: .status.allocatable.memory of the smallest master node (no more than 8Gi) minus everyNode.memory.
        • For a managed cluster, the default value is 1Gi minus everyNode.memory.

        Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

• storageClassstring

  The storage class to use with all Deckhouse components (Prometheus, Grafana, OpenVPN, etc.).

  • If not defined, components use global.discovery.defaultStorageClass (which is determined automatically) or emptyDir (if global.discovery.defaultStorageClass isn’t defined).
  • Use this parameter only in exceptional circumstances.
  • This parameter is applied during module activation.

  Default: ""