The module is available only in Deckhouse Enterprise Edition.

The functionality of the module might significantly change. Compatibility with future versions is not guaranteed.

Schema version: 1

  • auth object
    Authentication configuration.

    Default: {}

    • auth.allowedUserGroups array of strings

      An array of user groups that can access Grafana & Prometheus.

      This parameter is used if the user-authn module is enabled or the externalAuthentication parameter is set.

      Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.

    • auth.externalAuthentication object
      Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.

      Default: {}

      • auth.externalAuthentication.authSignInURL string
        URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
      • auth.externalAuthentication.authURL string
        URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
      • auth.externalAuthentication.useBearerTokens boolean

        The dashboard must use the user ID to work with the Kubernetes API (the authentication service must return the Authorization HTTP header that contains the bearer-token – the dashboard will use this token to make requests to the Kubernetes API server).

        Default value is false.

        Caution! For security reasons, this mode only works if https.mode (global or for a module) is not set to Disabled;

    • auth.password string

      Password for http authorization of the admin user. It is generated automatically, but you can change it.

      This parameter is used if the externalAuthentication is not enabled.

    • auth.whitelistSourceRanges array of strings
      An array if CIDRs that are allowed to authenticate.

      Example:

      whitelistSourceRanges:
      - 1.1.1.1/32
      
  • backend object

    Default: {}

    • backend.replicas integer

      Default: 1

    • backend.resources object

      Default: {}

      • backend.resources.limits object

        Default: {}

        • backend.resources.limits.cpu
        • backend.resources.limits.memory

          Default: 512Mi

      • backend.resources.requests object

        Default: {}

        • backend.resources.requests.cpu

          Default: 100m

        • backend.resources.requests.memory

          Default: 512Mi

  • cable object

    Default: {}

    • cable.replicas integer

      Default: 1

    • cable.resources object

      Default: {}

      • cable.resources.limits object

        Default: {}

        • cable.resources.limits.cpu
        • cable.resources.limits.memory

          Default: 512Mi

      • cable.resources.requests object

        Default: {}

        • cable.resources.requests.cpu

          Default: 100m

        • cable.resources.requests.memory

          Default: 512Mi

  • clusterChecker object

    Default: {}

    • clusterChecker.replicas integer

      Default: 1

    • clusterChecker.resources object

      Default: {}

      • clusterChecker.resources.limits object

        Default: {}

        • clusterChecker.resources.limits.cpu
        • clusterChecker.resources.limits.memory

          Default: 512Mi

      • clusterChecker.resources.requests object

        Default: {}

        • clusterChecker.resources.requests.cpu

          Default: 50m

        • clusterChecker.resources.requests.memory

          Default: 512Mi

  • clusterManager object

    Default: {}

    • clusterManager.replicas integer

      Default: 3

    • clusterManager.resources object

      Default: {}

      • clusterManager.resources.limits object

        Default: {}

        • clusterManager.resources.limits.cpu
        • clusterManager.resources.limits.memory

          Default: 128Mi

      • clusterManager.resources.requests object

        Default: {}

        • clusterManager.resources.requests.cpu

          Default: 100m

        • clusterManager.resources.requests.memory

          Default: 128Mi

  • clusterTaskChecker object

    Default: {}

    • clusterTaskChecker.replicas integer

      Default: 1

    • clusterTaskChecker.resources object

      Default: {}

      • clusterTaskChecker.resources.limits object

        Default: {}

        • clusterTaskChecker.resources.limits.cpu
        • clusterTaskChecker.resources.limits.memory

          Default: 512Mi

      • clusterTaskChecker.resources.requests object

        Default: {}

        • clusterTaskChecker.resources.requests.cpu

          Default: 50m

        • clusterTaskChecker.resources.requests.memory

          Default: 512Mi

  • frontend object

    Default: {}

    • frontend.replicas integer

      Default: 1

    • frontend.resources object

      Default: {}

      • frontend.resources.limits object

        Default: {}

        • frontend.resources.limits.cpu
        • frontend.resources.limits.memory

          Default: 256Mi

      • frontend.resources.requests object

        Default: {}

        • frontend.resources.requests.cpu

          Default: 50m

        • frontend.resources.requests.memory

          Default: 256Mi

  • https object

    What certificate type to use with frontend and status apps.

    This parameter completely overrides the global.modules.https settings.

    Examples:

    customCertificate:
      secretName: foobar
    mode: CustomCertificate
    
    certManager:
      clusterIssuerName: letsencrypt
    mode: CertManager
    
    • https.certManager object

      Default: {}

      • https.certManager.clusterIssuerName string

        What ClusterIssuer to use for frontend.

        Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

        Default: letsencrypt

    • https.customCertificate object

      Default: {}

      • https.customCertificate.secretName string

        The name of the secret in the d8-system namespace to use with frontend.

        This secret must have the kubernetes.io/tls format.

        Default: false

    • https.mode string

      The HTTPS usage mode:

      • Disabled — frontend will work over HTTP only;
      • CertManager — frontend will use HTTPS and get a certificate from the clusterissuer defined in the certManager.clusterIssuerName parameter.
      • CustomCertificate — frontend will use HTTPS using the certificate from the d8-system namespace.
      • OnlyInURI — frontend will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme.

      Default: Disabled

      Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

  • nodeSelector object

    Node selector for frontend and backend pods. The same as in the Pods’ spec.nodeSelector parameter in Kubernetes.

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    disktype: ssd
    
  • postgres object

    Default: {}

    • postgres.external object
      • postgres.external.db string
      • postgres.external.host string

        Required value

      • postgres.external.password string

        Required value

      • postgres.external.port string

        Required value

      • postgres.external.user string

        Required value

    • postgres.internal object

      Default: {}

      • postgres.internal.nodeSelector object
        The same as in the Pods’ spec.nodeSelector parameter in Kubernetes. If the parameter is omitted or false, nodeSelector will be determined automatically.
      • postgres.internal.resources object

        Default: {}

        • postgres.internal.resources.limits object

          Default: {}

          • postgres.internal.resources.limits.cpu
          • postgres.internal.resources.limits.memory

            Default: 512Mi

        • postgres.internal.resources.requests object

          Default: {}

          • postgres.internal.resources.requests.cpu

            Default: 100m

          • postgres.internal.resources.requests.memory

            Default: 512Mi

      • postgres.internal.storage object

        Default: {}

        • postgres.internal.storage.class string

          Default: localpath-node

        • postgres.internal.storage.size string

          Default: 50Gi

      • postgres.internal.tolerations array of objects
        The same as in the Pods’ spec.tolerations parameter in Kubernetes; If the parameter is omitted or false, tolerations will be determined automatically.
        • postgres.internal.tolerations.effect string
        • postgres.internal.tolerations.key string
        • postgres.internal.tolerations.operator string
        • postgres.internal.tolerations.tolerationSeconds integer
        • postgres.internal.tolerations.value string
    • postgres.mode string

      Default: Internal

      Allowed values: Internal, External

  • redis object

    Default: {}

    • redis.replicas number

      Default: 1

    • redis.resources object

      Default: {}

      • redis.resources.limits object

        Default: {}

        • redis.resources.limits.cpu
        • redis.resources.limits.memory

          Default: 256Mi

      • redis.resources.requests object

        Default: {}

        • redis.resources.requests.cpu

          Default: 50m

        • redis.resources.requests.memory

          Default: 256Mi

  • redisSentinelProxy object

    Default: {}

    • redisSentinelProxy.resources object

      Default: {}

      • redisSentinelProxy.resources.limits object

        Default: {}

        • redisSentinelProxy.resources.limits.cpu
        • redisSentinelProxy.resources.limits.memory

          Default: 256Mi

      • redisSentinelProxy.resources.requests object

        Default: {}

        • redisSentinelProxy.resources.requests.cpu

          Default: 50m

        • redisSentinelProxy.resources.requests.memory

          Default: 256Mi

  • renderer object

    Default: {}

    • renderer.replicas integer

      Default: 1

    • renderer.resources object

      Default: {}

      • renderer.resources.limits object

        Default: {}

        • renderer.resources.limits.cpu
        • renderer.resources.limits.memory

          Default: 128Mi

      • renderer.resources.requests object

        Default: {}

        • renderer.resources.requests.cpu

          Default: 50m

        • renderer.resources.requests.memory

          Default: 128Mi

  • secretKeyBase string
  • sentinel object

    Default: {}

    • sentinel.resources object

      Default: {}

      • sentinel.resources.limits object

        Default: {}

        • sentinel.resources.limits.cpu
        • sentinel.resources.limits.memory

          Default: 256Mi

      • sentinel.resources.requests object

        Default: {}

        • sentinel.resources.requests.cpu

          Default: 50m

        • sentinel.resources.requests.memory

          Default: 256Mi

  • sidekiq object

    Default: {}

    • sidekiq.replicas integer

      Default: 1

    • sidekiq.resources object

      Default: {}

      • sidekiq.resources.limits object

        Default: {}

        • sidekiq.resources.limits.cpu
        • sidekiq.resources.limits.memory

          Default: 512Mi

      • sidekiq.resources.requests object

        Default: {}

        • sidekiq.resources.requests.cpu

          Default: 100m

        • sidekiq.resources.requests.memory

          Default: 512Mi

  • tolerations array of objects

    Node tolerations for frontend and backend pods. The same as in the Pods’ spec.tolerations parameter in Kubernetes;

    If the parameter is omitted or false, it will be determined automatically.

    Example:

    tolerations:
    - effect: NoSchedule
      key: key1
      operator: Equal
      value: value1
    
    • tolerations.effect string
    • tolerations.key string
    • tolerations.operator string
    • tolerations.tolerationSeconds integer
    • tolerations.value string