Deckhouse modules

admission-policy-engine

Enforces the security policies in the cluster according to the Kubernetes Pod Security Standards using the Gatekeeper solution.

policy security

cert-manager

Manages TLS certificates in the cluster. Supports automatic certificate provisioning from various CAs, certificate renewal, and monitoring of certificate validity.

core

chrony

Provides time synchronization on all cluster nodes using chrony. Ensures consistent time across all nodes for proper cluster operation.

core

cilium-hubble

Provides visualization of the cluster network stack when Cilium CNI is enabled. Requires Linux kernel version 5.8 or higher with eBPF support.

network observability web ui

cloud-provider-aws

Manages interaction with AWS cloud resources. Allows to use AWS resources for provisioning nodes.

cloud

cloud-provider-azure

Manages interaction with Azure cloud resources. Allows to use Azure resources for provisioning nodes.

cloud

cloud-provider-dvp

Manages interaction with Deckhouse Virtualization Platform resources. Allows to use DVP resources for provisioning nodes.

cloud virtualization

cloud-provider-dynamix

Manages interaction with Dynamix resources. Allows to use Dynamix resources for provisioning nodes.

bare metal cloud

cloud-provider-gcp

Manages interaction with Google cloud resources. Allows to use GCP resources for provisioning nodes.

cloud

cloud-provider-huaweicloud

Manages interaction with Huawei Cloud resources. Allows to use Huawei Cloud resources for provisioning nodes.

cloud

cloud-provider-openstack

Manages interaction with OpenStack-based cloud resources. Allows to use OpenStack resources for provisioning nodes.

cloud

cloud-provider-vcd

Manages interaction with VMware Cloud Director resources. Allows to use VMware Cloud Director resources for provisioning nodes.

cloud

cloud-provider-vsphere

Manages interaction with VMware vSphere-based cloud resources. Allows to use vSphere resources for provisioning nodes.

bare metal cloud

cloud-provider-yandex

Manages interaction with Yandex Cloud resources. Allows to use Yandex Cloud resources for provisioning nodes.

cloud

cloud-provider-zvirt

Manages interaction with zVirt resources. Allows to use zVirt resources for provisioning nodes.

bare metal cloud

cni-cilium

Provides networking in a Kubernetes cluster using the Cilium CNI with eBPF-based networking and security.

network security

cni-flannel

Provides a network between multiple nodes in a cluster using the flannel module.

network

cni-simple-bridge

Provides networking with limited functionality in Kubernetes clusters.

network

code

A unified solution for continuous software development and lifecycle management.

application web ui

commander

Allows to create DKP clusters based on a template, manage their configuration and lifecycle.

managing application web ui

commander-agent

Agent for communication with Deckhouse Commander.

helper

console

Deckhouse Kubernetes Platform Web Interface aiming the simplicity of control and the transparency of the state of the system

managing observability web ui

control-plane-manager

Manages the cluster's control plane components including certificates, configurations, and versions.

core

csi-ceph

Provides integration with Ceph clusters, allows dynamic storage management and the use of StorageClass based on RBD (RADOS Block Device) or CephFS.

storage

csi-hpe

CSI HPE module

storage

csi-huawei

Provides CSI for volume management using Huawei storage.

storage

csi-netapp

CSI NetApp module

storage

csi-nfs

Provides CSI for managing NFS volumes.

storage

csi-s3

Provides a CSI that manages S3-based volumes.

storage

csi-scsi-generic

CSI scsi generic module

storage

csi-vsphere

Provides CSI for for VMware vSphere environments.

storage

csi-yadro-tatlin-unified

CSI Yadro Tatlin Unified module

storage

deckhouse

Configures main Deckhouse parameters: logging level, set of modules enabled by default, and release channel.

core

deckhouse-tools

Creates a web UI with links to download Deckhouse CLI tool for various operating systems.

tools web ui

descheduler

Analyzes the cluster state every 15 minutes and performs pod eviction according to conditions described in active strategies. Evicted pods are rescheduled considering the current cluster state.

scheduling

development-platform

Deckhouse Development Platform module

documentation

Creates a documentation web UI for the Deckhouse version currently used in a cluster.

web ui

extended-monitoring

Extends cluster monitoring capabilities with additional metrics exporters, which allow you to identify potential problems before they affect the operation of services.

observability

ingress-nginx

Installs and manages Ingress NGINX Controller using Custom Resources. Supports multiple controllers and high availability mode for traffic routing and load balancing.

balancing network

istio

Implements Service Mesh for centralized management of network traffic in the cluster. Provides mutual TLS, authorization, traffic routing, load balancing, and observability.

balancing network security

keepalived

Configures keepalived clusters on nodes via custom resources. Does not work with the cilium module.

balancing bare metal network

kube-dns

Installs CoreDNS components for managing DNS in the Kubernetes cluster. Deletes all previously installed kubeadm Deployments, ConfigMaps and RBAC for CoreDNS.

network

kube-proxy

Manages kube-proxy components for service networking and load balancing in the cluster. Replaces kubeadm's kube-proxy with a custom implementation.

core

local-path-provisioner

Provides local storage on Kubernetes nodes using HostPath volumes. Creates StorageClass resources for managing local storage provisioning.

storage

log-shipper

Simplifies the configuration of log collection in Kubernetes. Allows organization of log collection from applications running in the cluster and from nodes themselves.

logging observability

loki

Deploys operational log storage based on Grafana Loki in the cluster. Provides centralized log collection and access via Grafana for short-term log retention.

logging observability

managed-memcached

An operator to manage Memcached instances in Deckhouse Kubernetes Platform.

database

managed-postgres

An operator to manage PG clusters in Kubernetes-native way.

database

managed-valkey

An operator to manage Valkeys services in Kubernetes-native way.

database

metallb

Implements LoadBalancer mechanism for services in bare metal clusters. Supports Layer 2 mode with improved load balancing and BGP mode based on MetalLB solution.

balancing bare metal network

monitoring-custom

Simplifies monitoring setup for custom applications by requiring only a specific label on Service or Pod. Enables collection of application metrics without manual Prometheus configuration.

observability

monitoring-deckhouse

Monitoring of Deckhouse Kubernetes Platform components and services.

observability

monitoring-kubernetes

Provides transparent and timely monitoring of the status of all cluster nodes and key infrastructure components.

observability

monitoring-kubernetes-control-plane

Monitors the Kubernetes control plane components. Safely scrapes metrics and provides basic monitoring rules for kube-apiserver, kube-controller-manager, kube-scheduler, and etcd.

observability

monitoring-ping

Monitors network connectivity between all cluster nodes using ICMP ping. Exports metrics and provides monitoring dashboards.

network observability

multitenancy-manager

Enables creation of isolated projects in a cluster. Projects provide resource quotas, network isolation, and security features beyond standard namespaces.

multitenancy security

namespace-configurator

Automatically assigns annotations and labels to namespaces based on configuration patterns. Monitors namespaces and applies labels and annotations from configuration to matching namespaces.

core

network-gateway

Creates a network gateway using Kubernetes nodes. It contains a DHCP server and a SNAT manager.

network

network-policy-engine

Manages network policies in the cluster. Do not use if the cilium module is enabled because it already has network policy management.

network security

neuvector

Description of the NeuVector module of the Deckhouse Kubernetes Platform, including the tasks it solves, architecture, as well as features of configuration and management.

security

node-local-dns

Deploys a caching DNS server on each cluster node and exports data to the monitoring system for analysis.

network

node-manager

Manages nodes in the Kubernetes cluster as a related group. Configures and updates cluster nodes, manages cluster scaling in the cloud, and manages local users on nodes.

core scaling

observability

Cluster observability module

observability

observability-platform

observability-platform module

observability web ui application

okmeter

Installs the Okmeter agent in the cluster.

observability proprietary

openvpn

Provides access to cluster resources via OpenVPN with certificate-based authentication. Includes a web interface for managing certificates and generating configuration files.

network security

operator-argo

operator-argo is a module of the Deckhouse Kubernetes Platform for deploying ArgoCD installations.

delivery

operator-prometheus

Manages the lifecycle of the monitoring system in the cluster.

observability

payload-registry

Payload Registry implements a custom container image registry within the Deckhouse Kubernetes platform.

registry

pod-reloader

Allows to automatically rollout in case of changes to certain ConfigMaps or Secrets.

core

prometheus

Provides ready-made alerts, dashboards, and the ability to customize monitoring system components, including data storage and visualization.

observability

prometheus-metrics-adapter

Enables HPA and VPA autoscalers to use monitoring metrics for scaling decisions. Implements Kubernetes resource metrics API, custom metrics API, and external metrics API.

observability

prometheus-pushgateway

Receives metrics from applications and transmits them to the monitoring system, providing centralized data collection.

observability

registry

Manages the configuration of the registry of Deckhouse components and provides an internal container registry.

core registry

registry-packages-proxy

Provides an in-cluster HTTP proxy service for accessing packages from container registries.

core

runtime-audit-engine

Implements a runtime threats detection engine.

security

sdn

Manages networking subsystem on cluster nodes.

network

sds-local-volume

SDS local volume

storage

sds-node-configurator

Manages block devices and LVM on cluster nodes.

storage

sds-replicated-volume

Manages replicated block storage based on DRBD.

storage

secret-copier

Automatically copies Secrets to all namespaces in the cluster. Simplifies distribution of shared secrets.

core

secrets-store-integration

Delivers secrets to the application pods in the Kubernetes cluster by mounting multiple secrets, keys, and certificates stored in external secret stores.

security

service-with-healthchecks

Provides an internal LoadBalancer with per-port healthchecks. Allows independent health checks for different ports, unlike the standard Kubernetes Service load balancer.

balancing network

snapshot-controller

This module enables snapshot support for compatible CSI-drivers in the Kubernetes cluster.

storage

state-snapshotter

State snapshotter module

static-routing-manager

The module is used to manage static routes and ip rule on cluster nodes.

network

storage-volume-data-manager

Enables secure HTTP-based export and import of persistent volume contents.

storage

stronghold

Provides secure storage and lifecycle management of confidential data. The storage of protected information is implemented in the key-value format and is compatible with the Hashicorp Vault API.

security web ui

terraform-manager

Provides tools for working with Terraform state in the Kubernetes cluster. Consists of two parts that check Terraform state and apply non-destructive changes or export cluster metrics.

cloud core scaling

upmeter

Monitors platform availability and cluster component status in real time. Provides dashboards and metrics for SLA monitoring and component health tracking.

observability

user-authn

Provides unified authentication system integrated with Kubernetes and web interfaces. Supports static users and external identity providers.

security

user-authz

Implements role-based access control. Creates cluster roles for managing user and group access to cluster resources.

security

vertical-pod-autoscaler

Automatically calculates and sets resource request parameters for pods based on actual consumption. Can recommend resource values or automatically adjust CPU and memory reservations.

scaling

virtualization

The Virtualization module allows you to run and manage virtual machines within the Deckhouse platform.

virtualization