Configuration

Available with limitations in: CE, BE, SE

Available without limitations in: SE+, EE

parameters

Schema version: 1

settings
object
- auth
  
  object
  Authentication configuration.
  
  Default: {}
  - auth.allowedUserGroups
    
    array of strings
    An array of user groups that can access the web UI.
    
    This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.
    
    Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.
  - auth.externalAuthentication
    
    object
    Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.
    
    Note! External authentication is enabled automatically if the user-authn module is enabled.
    
    Default: {}
    - auth.externalAuthentication.authSignInURL
      
      string
      URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
    - auth.externalAuthentication.authURL
      
      string
      URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
  - auth.password
    Deprecated
    string
    This parameter is ignored and will be removed in future releases.
    
    It was used for http authorization of the admin user, if the user-authn module was disabled or the externalAuthentication parameter was not set.
    
    Now the external authentication is required for Deckhouse Commander to function properly.
  - auth.whitelistSourceRanges
    
    array of strings
    An array if CIDRs that are allowed to authenticate.
    
    Example:
    whitelistSourceRanges: - 1.1.1.1/32
- featureFlags
  
  object
  A parameter used to control experimental features.
  
  Default: {}
- highAvailability
  
  boolean
  Manually enable the high availability mode.
  
  By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.
  
  Examples:
  highAvailability: true
  highAvailability: false
- https
  
  object
  What certificate type to use with the web UI.
  
  This parameter completely overrides the global.modules.https settings.
  
  Examples:
  customCertificate: secretName: foobar mode: CustomCertificate
  certManager: clusterIssuerName: letsencrypt mode: CertManager
  - https.certManager
    
    object
    
    Default: {}
    - https.certManager.clusterIssuerName
      
      string
      What ClusterIssuer to use for the web UI.
      
      Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.
      
      Default: letsencrypt
  - https.customCertificate
    
    object
    
    Default: {}
    - https.customCertificate.secretName
      
      string
      The name of the secret in the d8-system namespace to use with the web UI.
      
      This secret must have the kubernetes.io/tls format.
      
      Default: false
  - https.mode
    
    string
    The HTTPS usage mode:
    
    Disabled — in this mode, the web UI can only be accessed over HTTP. Caution! This mode is not supported. HTTPS is required for the module to function properly. If HTTPS is disabled, the web UI will be unavailable.
    
    CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
    
    CustomCertificate — the web UI is accessed over HTTPS using the certificate from the d8-system namespace.
    
    OnlyInURI — the web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme. Load balancer should provide a redirect from HTTP to HTTPS.
    Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI
- ingressClass
  
  string
  The class of the Ingress controller used for the web UI.
  
  An optional parameter. By default, the modules.ingressClass global value is used.
  
  Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
  
  Example:
  ingressClass: nginx
- nodeSelector
  
  object
  The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.
  
  If the parameter is omitted or false, it will be determined automatically.
  
  Example:
  disktype: ssd
- postgres
  
  object
  
  Default: {}
  - postgres.external
    
    object
    - postgres.external.db
      
      string
      Database name
    - postgres.external.host
      
      string
      Server address. You can specify multiple addresses separated by commas if your PostgreSQL cluster consists of multiple nodes. For example: host1,host2,host3. In this case, you will need to specify a separate port for each node.
    - postgres.external.password
      
      string
      User password
    - postgres.external.port
      
      string
      Server port. If your PostgreSQL cluster consists of multiple nodes and you have specified several nodes, you need to provide a port for each node, separated by commas. For example: 5432,5432,5433
    - postgres.external.ssl
      
      object
      - postgres.external.ssl.secretName
        
        string
        The name of the secret in the d8-commander namespace which contains client certificate for certificate authentication on the PostgreSQL server.
        
        Example of creating a secret: kubectl -n d8-commander create secret generic postgres-ssl --from-file=tls.crt=client.crt --from-file=tls.key=client.key --from-file=ca.crt=ca.crt
    - postgres.external.user
      
      string
      User name
  - postgres.internal
    
    object
    
    Default: {}
    - postgres.internal.diskSizeGigabytes
      
      integer
      Disk size for PostgreSQL database in gigabytes.
      
      You should manually specify the desired disk size for the PostgreSQL database, but you can increase it later if necessary.
      
      The extended-monitoring module automatically monitors the percentage of used disk space.
      
      CAUTION! If the PostgreSQL data storage becomes full, the application may stop working.
      
      Default: 2
    - postgres.internal.storageClass
      
      string
      The name of the StorageClass to use.
      
      If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, either the global StorageClass or global.discovery.defaultStorageClass is used.
      
      Refer to the documentation section Changing the storage class if you want to change this value.
      
      Examples:
      
      storageClass: ceph-ssd
      storageClass: network-ssd
  - postgres.mode
    
    string
    The PostgreSQL usage mode:
    
    Internal — PostgreSQL is deployed in a cluster and managed using the postgres-operator.
    
    This is not a recommended method for use in production environments. However, the use of operator-postgres is convenient for quick start with Deckhouse Commander or for environments where there are no high availability and support requirements.
    
    External - an external PostgreSQL installation managed by the user is used. This is the recommended way to use Deckhouse Commander in production environments.
    Default: Internal
    
    Allowed values: Internal, External
- tolerations
  
  array of objects
  The same as in the Pods’ spec.tolerations parameter in Kubernetes;
  
  If the parameter is omitted or false, it will be determined automatically.
  
  Example:
  tolerations: - effect: NoSchedule key: key1 operator: Equal value: value1
  - tolerations.effect
    
    string
  - tolerations.key
    
    string
  - tolerations.operator
    
    string
  - tolerations.tolerationSeconds
    
    integer
  - tolerations.value
    
    string

parameters

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error