The module lifecycle stagePreview
The module has requirements for installation

The Deckhouse Kubernetes Platform installs CRDs but does not remove them when a module is disabled. If you no longer need the created CRDs, delete them.

ALBInstance

Scope: Namespaced
Version: v1alpha1

Configuration for an ALB instance (in a user namespace).

A namespaced resource for application or project gateways.

Use it when:

  • a team should manage its own Gateway in its own namespace
  • the Gateway is dedicated to one project
  • LoadBalancer inlet mode is enough.
  • spec
    object
    • spec.acceptRequestsFrom
      array of strings
      Whitelist of sources allowed to send requests.
      • spec.acceptRequestsFrom.Element of the array
        string

        Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

    • spec.additionalHeaders
      object
      Additional headers to include in upstream requests.
    • spec.basicAuth
      object
      Specifies if basic authentication has to be enabled globally.
      • spec.basicAuth.enabled
        boolean
        Specifies whether basic authentication is enabled.
      • spec.basicAuth.secret
        object
        Specifies the secret name and namespace to use with basic authentication.
        • spec.basicAuth.secret.name
          string

          Required value

        • spec.basicAuth.secret.namespace
          string

          Required value

    • spec.controllerPodsAdditionalAnnotations
      object
      Additional annotations for controller/data plane pods.
    • spec.envoyLogLevel
      string
      Defines log level of Envoy proxies.

      Default: Warning

      Allowed values: Off, Critical, Error, Warning, Info, Debug, Trace

    • spec.gatewayName
      string

      Required value

      Name of the Gateway resource this instance belongs to.

      Minimal length: 1

    • spec.geoIP
      object
      GeoIP database downloader configuration for proxy pods.
      • spec.geoIP.headers
        object
        Response header names populated by the GeoIP filter.
        • spec.geoIP.headers.anon
          string
          Header name for anonymous IP traits.
        • spec.geoIP.headers.asn
          string
          Header name for ASN.
        • spec.geoIP.headers.city
          string
          Header name for city.
        • spec.geoIP.headers.country
          string
          Header name for country code.
        • spec.geoIP.headers.isp
          string
          Header name for ISP name.
        • spec.geoIP.headers.region
          string
          Header name for region or subdivision.
      • spec.geoIP.maxmindEditionIDs
        array of strings

        A list of database editions to download at startup.

        More info…

        Default: [ "GeoLite2-City" ]

        • spec.geoIP.maxmindEditionIDs.Element of the array
          string

          Allowed values: GeoIP2-Anonymous-IP, GeoIP2-City, GeoIP2-ISP, GeoIP2-ASN, GeoLite2-ASN, GeoLite2-City

      • spec.geoIP.maxmindMirror
        object

        Mirror configuration for downloading GeoIP databases. If no parameter is specified or the parameter has an empty value, the default value will be used, which is https://download.maxmind.com.

        If this mirror is used to host preloaded archives, the licenseKey parameter may be omitted.

        • spec.geoIP.maxmindMirror.insecureSkipVerify
          boolean
          Skip TLS certificate verification for the mirror, for example when using self-signed certificates.
        • spec.geoIP.maxmindMirror.url
          string

          Required value

          The URL for downloading GeoIP databases.

          Pattern: ^https?://.+$

          Examples: 


          url: https://mirror.local

          url: absolute path https://mirror.local/GeoLite2-City.tar.gz
    • spec.inlet
      object

      Required value

      Inlet defines how traffic enters the data plane.
      • spec.inlet.additionalPorts
        array of objects
        Additional Service ports published besides default 80/443.
        • spec.inlet.additionalPorts.port
          integer
          Additional Service port number.

          Allowed values: 1 <= X <= 65535

        • spec.inlet.additionalPorts.protocol
          string
          Network protocol for the additional Service port. Currently only TCP is supported.

          Allowed values: TCP

      • spec.inlet.loadBalancer
        object
        Settings for the LoadBalancer inlet.

        Default: {}

        • spec.inlet.loadBalancer.serviceAnnotations
          object
          Additional annotations for the LoadBalancer Service.
      • spec.inlet.type
        string

        Required value

        Supported inlet type.

        Allowed values: LoadBalancer

    • spec.istioSidecar
      object
      Settings for Istio sidecar injection into proxy pods.
      • spec.istioSidecar.enabled
        boolean
        Attaches annotations to the proxy pods to automatically inject Istio sidecar containers.
      • spec.istioSidecar.resources
        object
        Resource requests and limits for the injected Istio sidecar container.
        • spec.istioSidecar.resources.limits
          object
          Resource limits.
          • spec.istioSidecar.resources.limits.cpu
            string
            CPU limits.
          • spec.istioSidecar.resources.limits.memory
            string
            Memory limits.
        • spec.istioSidecar.resources.requests
          object
          Resource requests.
          • spec.istioSidecar.resources.requests.cpu
            string
            CPU requests.
          • spec.istioSidecar.resources.requests.memory
            string
            Memory requests.
    • spec.minReplicas
      integer
      Minimum number of Envoy Proxy replicas. If a value greater than 1 is set, a PodDisruptionBudged object is provided.

      Default: 1

      Allowed values: 1 <= X

    • spec.nodeSelector
      object
      Node selector for pods.
    • spec.originalIPDetection
      object
      Defines if the Envoy Proxy has to detect original IP using headers.
      • spec.originalIPDetection.realIPHeader
        string
        Defines a header to use for original client IP detection.

        Default: X-Forwarded-For

        Example: 


        realIPHeader: X-Real-IP
      • spec.originalIPDetection.setRealIPFrom
        array of strings

        Required value

        Specifies CIDR ranges allowed to provide headers for origin IP detection.
        • spec.originalIPDetection.setRealIPFrom.Element of the array
          string

          Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

    • spec.resourcesManagement
      object
      CPU and memory request and limit settings for the controller Pods.
      • spec.resourcesManagement.mode
        string

        Required value

        Resource management mode.

        Default: VPA

        Allowed values: VPA, Static

      • spec.resourcesManagement.static
        object
        Static mode settings.
        • spec.resourcesManagement.static.limits
          object
          Resource limits.

          Default: {}

          • spec.resourcesManagement.static.limits.cpu
            string
            CPU limits.
          • spec.resourcesManagement.static.limits.memory
            string
            Memory limits.
        • spec.resourcesManagement.static.requests
          object
          Resource requests.

          Default: {}

          • spec.resourcesManagement.static.requests.cpu
            string
            CPU requests.

            Default: 350m

          • spec.resourcesManagement.static.requests.memory
            string
            Memory requests.

            Default: 500Mi

      • spec.resourcesManagement.vpa
        object
        Resource management settings for the VPA mode.
        • spec.resourcesManagement.vpa.cpu
          object
          CPU-related VPA settings.

          Default: {}

          • spec.resourcesManagement.vpa.cpu.limitRatio
            number

            The CPU limits/requests ratio.

            If set, the limits are calculated based on the requests and the specified ratio.

          • spec.resourcesManagement.vpa.cpu.max
            string
            Maximum value of allowed CPU requests to be submitted by the VPA.

            Default: 1500m

          • spec.resourcesManagement.vpa.cpu.min
            string
            Minimum value of allowed CPU requests to be submitted by the VPA.

            Default: 100m

        • spec.resourcesManagement.vpa.memory
          object
          Memory-related VPA settings.

          Default: {}

          • spec.resourcesManagement.vpa.memory.limitRatio
            number

            The memory limits/requests ratio.

            If set, the limits are calculated based on the requests and the specified ratio.

          • spec.resourcesManagement.vpa.memory.max
            string
            Maximum value of allowed memory requests to be submitted by the VPA.

            Default: 2000Mi

          • spec.resourcesManagement.vpa.memory.min
            string
            Minimum value of allowed memory requests to be submitted by the VPA.

            Default: 500Mi

        • spec.resourcesManagement.vpa.mode
          string
          VPA operating mode.

          Default: Initial

          Allowed values: Initial, InPlaceOrRecreate

    • spec.tolerations
      array of objects
      Pod tolerations.
      • spec.tolerations.effect
        string

        Allowed values: NoSchedule, PreferNoSchedule, NoExecute

      • spec.tolerations.key
        string
      • spec.tolerations.operator
        string

        Allowed values: Exists, Equal

      • spec.tolerations.tolerationSeconds
        integer

        Allowed values: 0 <= X

      • spec.tolerations.value
        string
    • spec.useProxyProtocol
      boolean
      Enable PROXY protocol support.
  • status
    object
    • status.conflictPorts
      boolean
      True when this instance additionalPorts are ignored because another older instance with the same gatewayName is authoritative.
    • status.conflictPortsOwner
      string
      Reference to the older instance that defines effective additionalPorts for this gatewayName.
    • status.gateway
      string
      Effective Gateway name served by this instance.
    • status.observedGeneration
      integer

      Allowed values: 0 <= X

    • status.ready
      boolean
      True when this instance is ready to serve traffic.
    • status.synced
      boolean
      True when desired and actual resources are in sync.

ClusterALBInstance

Scope: Cluster
Version: v1alpha1

Configuration for an ALB instance.

A cluster-scoped resource for shared or platform-level gateways in the system namespace.

Use it when:

  • the Gateway should be located in the controller namespace
  • the gateway is shared between applications or teams
  • you need HostPort inlet mode
  • you need cluster-level features such as the default Deckhouse Gateway.
  • spec
    object
    • spec.acceptRequestsFrom
      array of strings
      Whitelist of sources allowed to send requests.
      • spec.acceptRequestsFrom.Element of the array
        string

        Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

    • spec.additionalHeaders
      object
      Additional HTTP headers to add.
    • spec.basicAuth
      object
      Specifies if basic authentication has to be enabled globally.
      • spec.basicAuth.enabled
        boolean
        Specifies whether basic authentication is enabled.
      • spec.basicAuth.secret
        object
        Specifies the secret name and namespace to use with basic authentication.
        • spec.basicAuth.secret.name
          string

          Required value

          Secret name.
        • spec.basicAuth.secret.namespace
          string

          Required value

          Namespace name.
    • spec.controllerPodsAdditionalAnnotations
      object
      Additional annotations for controller/data plane pods.
    • spec.defaultDeckhouseGateway
      boolean

      Marks the gateway as a default Deckhouse Gateway in the cluster. This gateway is used to serve Deckhouse HTTP/HTTPS endpoints.

      Warning. If more than one gateway is marked as a default, the oldest gateway is selected as the default gateway.

    • spec.envoyLogLevel
      string
      Defines log level of Envoy proxies.

      Default: Warning

      Allowed values: Off, Critical, Error, Warning, Info, Debug, Trace

    • spec.gatewayName
      string

      Required value

      Name of the Gateway resource this instance belongs to.

      Minimal length: 1

    • spec.geoIP
      object
      GeoIP database downloader configuration for proxy pods.
      • spec.geoIP.headers
        object
        Request header names populated by the GeoIP filter (added to requests forwarded upstream).
        • spec.geoIP.headers.anon
          string
          Header name for anonymous IP traits.
        • spec.geoIP.headers.asn
          string
          Header name for ASN.
        • spec.geoIP.headers.city
          string
          Header name for city.
        • spec.geoIP.headers.country
          string
          Header name for country code.
        • spec.geoIP.headers.isp
          string
          Header name for ISP name.
        • spec.geoIP.headers.region
          string
          Header name for region or subdivision.
      • spec.geoIP.maxmindEditionIDs
        array of strings

        A list of database editions to download at startup.

        More info…

        Default: [ "GeoLite2-City" ]

        • spec.geoIP.maxmindEditionIDs.Element of the array
          string

          Allowed values: GeoIP2-Anonymous-IP, GeoIP2-City, GeoIP2-ISP, GeoIP2-ASN, GeoLite2-ASN, GeoLite2-City

      • spec.geoIP.maxmindMirror
        object

        Mirror configuration for downloading GeoIP databases.

        If no parameter is specified or the parameter has an empty value, the default value will be used, which is https://download.maxmind.com.

        If this mirror is used to host preloaded archives, the licenseKey parameter may be omitted.

        • spec.geoIP.maxmindMirror.insecureSkipVerify
          boolean
          Skip TLS certificate verification for the mirror, for example when using self-signed certificates.
        • spec.geoIP.maxmindMirror.url
          string

          Required value

          The URL for downloading GeoIP databases.

          Pattern: ^https?://.+$

          Examples: 


          url: https://mirror.local

          url: https://mirror.local/GeoLite2-City.tar.gz
    • spec.inlet
      object

      Required value

      Inlet defines how traffic enters the data plane.
      • spec.inlet.additionalPorts
        array of objects
        Additional Service ports published besides default 80/443. For HostPort inlets these ports are also bound as Pod hostPorts on the managed DaemonSet.
        • spec.inlet.additionalPorts.port
          integer
          Additional Service port number.

          Allowed values: 1 <= X <= 65535

        • spec.inlet.additionalPorts.protocol
          string
          Network protocol for the additional Service port. Currently only TCP is supported.

          Allowed values: TCP

      • spec.inlet.hostPort
        object
        HostPort inlet settings.
        • spec.inlet.hostPort.httpPort
          integer

          Port for insecure HTTP connections.

          If the parameter is not set, the connection over HTTP cannot be established.

          This parameter is mandatory if httpsPort is not set.

        • spec.inlet.hostPort.httpsPort
          integer

          Port for secure HTTPS connections.

          If the parameter is not set, the connection over HTTPS cannot be established.

          This parameter is mandatory if httpPort is not set.

      • spec.inlet.loadBalancer
        object
        Settings for the LoadBalancer inlet.
        • spec.inlet.loadBalancer.serviceAnnotations
          object
          Additional annotations for the LoadBalancer Service.
      • spec.inlet.type
        string

        Required value

        Supported inlet type.

        Allowed values: LoadBalancer, HostPort

    • spec.istioSidecar
      object
      Settings for Istio sidecar injection into proxy pods.
      • spec.istioSidecar.enabled
        boolean
        Attaches annotations to the proxy pods to automatically inject Istio sidecar containers.
      • spec.istioSidecar.resources
        object
        Resource requests and limits for the injected Istio sidecar container.
        • spec.istioSidecar.resources.limits
          object
          Resource limits.
          • spec.istioSidecar.resources.limits.cpu
            string
            CPU limits.
          • spec.istioSidecar.resources.limits.memory
            string
            Memory limits.
        • spec.istioSidecar.resources.requests
          object
          Resource requests.
          • spec.istioSidecar.resources.requests.cpu
            string
            CPU requests.
          • spec.istioSidecar.resources.requests.memory
            string
            Memory requests.
    • spec.nodeSelector
      object
      Node selector for pods.
    • spec.originalIPDetection
      object
      Defines if the Envoy Proxy has to detect original IP using headers.
      • spec.originalIPDetection.realIPHeader
        string
        Defines a header to use for original client IP detection.

        Default: X-Forwarded-For

        Example: 


        realIPHeader: X-Real-IP
      • spec.originalIPDetection.setRealIPFrom
        array of strings

        Required value

        Specifies CIDR ranges allowed to provide headers for origin IP detection.
        • spec.originalIPDetection.setRealIPFrom.Element of the array
          string

          Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

    • spec.resourcesManagement
      object
      CPU and memory request and limit settings for the controller Pods.
      • spec.resourcesManagement.mode
        string

        Required value

        Resource management mode.

        Default: VPA

        Allowed values: VPA, Static

      • spec.resourcesManagement.static
        object
        Static mode settings.
        • spec.resourcesManagement.static.limits
          object
          Resource limits.

          Default: {}

          • spec.resourcesManagement.static.limits.cpu
            string
            CPU limits.
          • spec.resourcesManagement.static.limits.memory
            string
            Memory limits.
        • spec.resourcesManagement.static.requests
          object
          Resource requests.

          Default: {}

          • spec.resourcesManagement.static.requests.cpu
            string
            CPU requests.

            Default: 350m

          • spec.resourcesManagement.static.requests.memory
            string
            Memory requests.

            Default: 500Mi

      • spec.resourcesManagement.vpa
        object
        Resource management settings for the VPA mode.
        • spec.resourcesManagement.vpa.cpu
          object
          CPU-related VPA settings.

          Default: {}

          • spec.resourcesManagement.vpa.cpu.limitRatio
            number

            The CPU limits/requests ratio.

            If set, the limits are calculated based on the requests and the specified ratio.

          • spec.resourcesManagement.vpa.cpu.max
            string
            Maximum value of allowed CPU requests to be submitted by the VPA.

            Default: 1500m

          • spec.resourcesManagement.vpa.cpu.min
            string
            Minimum value of allowed CPU requests to be submitted by the VPA.

            Default: 100m

        • spec.resourcesManagement.vpa.memory
          object
          Memory-related VPA settings.

          Default: {}

          • spec.resourcesManagement.vpa.memory.limitRatio
            number

            The memory limits/requests ratio.

            If set, the limits are calculated based on the requests and the specified ratio.

          • spec.resourcesManagement.vpa.memory.max
            string
            Maximum value of allowed memory requests to be submitted by the VPA.

            Default: 2000Mi

          • spec.resourcesManagement.vpa.memory.min
            string
            Minimum value of allowed memory requests to be submitted by the VPA.

            Default: 500Mi

        • spec.resourcesManagement.vpa.mode
          string
          VPA operating mode.

          Default: Initial

          Allowed values: Initial, InPlaceOrRecreate

    • spec.tolerations
      array of objects
      Pod tolerations.
      • spec.tolerations.effect
        string

        Allowed values: NoSchedule, PreferNoSchedule, NoExecute

      • spec.tolerations.key
        string
      • spec.tolerations.operator
        string

        Allowed values: Exists, Equal

      • spec.tolerations.tolerationSeconds
        integer

        Allowed values: 0 <= X

      • spec.tolerations.value
        string
    • spec.useProxyProtocol
      boolean
      Enable PROXY protocol support.
  • status
    object
    • status.conflictPorts
      boolean
      True when this instance additionalPorts are ignored because another older instance with the same gatewayName is authoritative.
    • status.conflictPortsOwner
      string
      Reference to the older instance that defines effective additionalPorts for this gatewayName.
    • status.defaultGateway
      boolean
      True when this cluster ClusterALBInstance is selected as default gateway source.
    • status.gateway
      string
      Effective Gateway name served by this instance.
    • status.observedGeneration
      integer

      Allowed values: 0 <= X

    • status.ready
      boolean
      True when this instance is ready to serve traffic.
    • status.synced
      boolean
      True when desired and actual resources are in sync.