Configuration

parameters

Schema version: 1

• settings

  object
  • settings.auth

    object

    Authentication configuration.

    Default: {}

    • settings.auth.allowedUserGroups

      array of strings

      An array of user groups that can access the web UI.

      This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

      Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

    • settings.auth.externalAuthentication

      object

      Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.

      Note! External authentication is enabled automatically if the user-authn module is enabled.

      Default: {}

      • settings.auth.externalAuthentication.authSignInURL

        string

        URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
      • settings.auth.externalAuthentication.authURL

        string

        URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
    • settings.auth.password

      Deprecated

      string

      This parameter is ignored and will be removed in future releases.

      It was used for http authorization of the admin user, if the user-authn module was disabled or the externalAuthentication parameter was not set.

      Now the external authentication is required for Deckhouse Commander to function properly.

    • settings.auth.whitelistSourceRanges

      array of strings

      An array if CIDRs that are allowed to authenticate.

      Example:

      
      

      whitelistSourceRanges:
      - 1.1.1.1/32
      

  • settings.billing

    object

    Billing configuration.

    Default: {}

    • settings.billing.prometheus

      object

      Default: {}

      • settings.billing.prometheus.diskSizeGigabytes

        integer

        Disk size for Prometheus metrics storage in gigabytes.

        You should manually specify the desired disk size for the Prometheus metrics storage, but you can increase it later if necessary.

        The extended-monitoring module automatically monitors the percentage of used disk space.

        CAUTION! If the Prometheus metrics storage becomes full, the billing may stop working.

        Default: 10

        Example:

        
        

        diskSizeGigabytes: "10"
        

      • settings.billing.prometheus.storageClass

        string

        The name of the StorageClass to use for Prometheus metrics storage.

        If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, the StorageClass will be used according to the global storageClass parameter setting.

        The storageClass parameter is only considered when the module is enabled. Changing the storageClass parameter while the module is enabled will not trigger disk re-provisioning.

        Example:

        
        

        storageClass: ceph-ssd
        

    • settings.billing.reports

      object

      Default: {}

      • settings.billing.reports.diskSizeGigabytes

        integer

        Disk size for reports storage in gigabytes.

        You should manually specify the desired disk size for the reports storage, but you can increase it later if necessary.

        The extended-monitoring module automatically monitors the percentage of used disk space.

        CAUTION! If the reports storage becomes full, the reports will be unavailable.

        Default: 2

        Example:

        
        

        diskSizeGigabytes: "2"
        

      • settings.billing.reports.storageClass

        string

        The name of the StorageClass to use for reports storage.

        If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, the StorageClass will be used according to the global storageClass parameter setting.

        The storageClass parameter is only considered when the module is enabled. Changing the storageClass parameter while the module is enabled will not trigger disk re-provisioning.

        Example:

        
        

        storageClass: ceph-ssd
        

  • settings.featureFlags

    object

    A parameter used to control experimental features.

    Default: {}

  • settings.highAvailability

    boolean

    Manually enable the high availability mode.

    By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

    Examples:

    
    

    highAvailability: true
    

    highAvailability: false
    

  • settings.https

    object

    What certificate type to use with the web UI.

    This parameter completely overrides the global.modules.https settings.

    Examples:

    
    

    customCertificate:
      secretName: foobar
    mode: CustomCertificate
    

    certManager:
      clusterIssuerName: letsencrypt
    mode: CertManager
    

    • settings.https.certManager

      object

      Default: {}

      • settings.https.certManager.clusterIssuerName

        string

        What ClusterIssuer to use for the web UI.

        Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

        Default: letsencrypt

    • settings.https.customCertificate

      object

      Default: {}

      • settings.https.customCertificate.secretName

        string

        The name of the secret in the d8-system namespace to use with the web UI.

        This secret must have the kubernetes.io/tls format.

        Default: false

    • settings.https.mode

      string

      The HTTPS usage mode:

      • Disabled — in this mode, the web UI can only be accessed over HTTP. Caution! This mode is not supported. HTTPS is required for the module to function properly. If HTTPS is disabled, the web UI will be unavailable.
      • CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
      • CustomCertificate — the web UI is accessed over HTTPS using the certificate from the d8-system namespace.
      • OnlyInURI — the web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • settings.ingressClass

    string

    The class of the Ingress controller used for the web UI.

    An optional parameter. By default, the modules.ingressClass global value is used.

    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    Example:

    
    

    ingressClass: nginx
    

  • settings.nodeSelector

    object

    The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    
    

    disktype: ssd
    

  • settings.postgres

    object

    Default: {}

    • settings.postgres.external

      object
      • settings.postgres.external.credentials

        object

        Default: {}

        • settings.postgres.external.credentials.secretName

          string

          A username and password secret in namespace d8-commander. If specified, the user and password field is ignored.

          It is recommended to configure database credentials.

          Example of creating a secret: kubectl -n d8-commander create secret generic postgres-secret --from-literal=username=postgres --from-literal=password=postgres

          Example:

          
          

          secretName: postgres-secret
          

      • settings.postgres.external.db

        string

        Database name
      • settings.postgres.external.host

        string

        The server address or multiple addresses separated by commas if the PostgreSQL cluster consists of multiple hosts.

        Attention! Server ports are specified in the port parameter.

        Examples:

        
        

        host: host1
        

        host: host1,host2,host3
        

      • settings.postgres.external.password

        Deprecated

        string

        User password

        This parameter is deprecated, please use credentials.secretName, which is more secure.

      • settings.postgres.external.port

        string

        The server port or multiple ports are separated by commas if the PostgreSQL cluster consists of multiple hosts.

        Attention! Each server must specify its own port.

        Examples:

        
        

        port: "5432"
        

        port: 5432,5432,5433
        

      • settings.postgres.external.ssl

        object
        • settings.postgres.external.ssl.secretName

          string

          The name of the secret in the d8-commander namespace which contains client certificate for certificate authentication on the PostgreSQL server.

          Example of creating a secret: kubectl -n d8-commander create secret generic postgres-ssl --from-file=tls.crt=client.crt --from-file=tls.key=client.key --from-file=ca.crt=ca.crt

          Example:

          
          

          secretName: postgres-ssl
          

      • settings.postgres.external.user

        Deprecated

        string

        User name

        This parameter is deprecated, please use credentials.secretName, which is more secure.

        Example:

        
        

        user: postgres
        

    • settings.postgres.internal

      object

      Default: {}

      • settings.postgres.internal.diskSizeGigabytes

        integer

        Disk size for PostgreSQL database in gigabytes.

        You should manually specify the desired disk size for the PostgreSQL database, but you can increase it later if necessary.

        The extended-monitoring module automatically monitors the percentage of used disk space.

        CAUTION! If the PostgreSQL data storage becomes full, the application may stop working.

        Default: 10

      • settings.postgres.internal.storageClass

        string

        The name of the StorageClass to use.

        If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, either the global StorageClass or global.discovery.defaultStorageClass is used.

        Refer to the documentation section Changing the storage class if you want to change this value.

        Example:

        
        

        storageClass: ceph-ssd
        

    • settings.postgres.mode

      string

      The PostgreSQL usage mode:

      • Internal — PostgreSQL is deployed in a cluster and managed using the postgres-operator.

        This is not a recommended method for use in production environments. However, the use of operator-postgres is convenient for quick start with Deckhouse Commander or for environments where there are no high availability and support requirements.

      • External - an external PostgreSQL installation managed by the user is used. This is the recommended way to use Deckhouse Commander in production environments.

      Default: Internal

      Allowed values: Internal, External

  • settings.tolerations

    array of objects

    The same as in the Pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    
    

    tolerations:
    - effect: NoSchedule
      key: key1
      operator: Equal
      value: value1
    

    • settings.tolerations.effect

      string
    • settings.tolerations.key

      string
    • settings.tolerations.operator

      string
    • settings.tolerations.tolerationSeconds

      integer
    • settings.tolerations.value

      string