The module is available only in Deckhouse Enterprise Edition.
The module is actively developed. It might significantly change in the future.
Schema version: 1
-
auth
object
Authentication configuration.
Default:
{}
-
auth.allowedUserGroups
array of strings
An array of user groups that can access Grafana & Prometheus.
This parameter is used if the
user-authn
module is enabled or theexternalAuthentication
parameter is set.Caution! Note that you must add those groups to the appropriate field in the DexProvider config if this module is used together with the user-authn one.
-
auth.externalAuthentication
object
Parameters to enable external authentication. Uses Nginx Ingress external-auth mechanism which is based on the the Nginx auth_request module.
Default:
{}
-
auth.externalAuthentication.authSignInURL
string
URL to redirect the user for authentication (if the authentication service returned a non-200 HTTP response code).
-
auth.externalAuthentication.authURL
string
URL of the authentication service. If the user is authenticated, the service should return an HTTP 200 response code.
-
auth.externalAuthentication.useBearerTokens
boolean
The dashboard must use the user ID to work with the Kubernetes API (the authentication service must return the Authorization HTTP header that contains the bearer-token – the dashboard will use this token to make requests to the Kubernetes API server).
Default value is false.
Caution! For security reasons, this mode only works if
https.mode
(global or for a module) is not set toDisabled
;
-
auth.externalAuthentication.authSignInURL
string
-
auth.password
string
Password for http authorization of the
admin
user. It is generated automatically, but you can change it.This parameter is used if the
externalAuthentication
is not enabled. -
auth.whitelistSourceRanges
array of strings
An array if CIDRs that are allowed to authenticate.
Example:
whitelistSourceRanges: - 1.1.1.1/32
-
auth.allowedUserGroups
array of strings
-
backend
object
Default:
{}
-
backend.replicas
integer
Default:
1
-
backend.resources
object
Default:
{}
-
backend.resources.limits
object
Default:
{}
- backend.resources.limits.cpu
-
backend.resources.limits.memory
Default:
512Mi
-
backend.resources.requests
object
Default:
{}
-
backend.resources.requests.cpu
Default:
100m
-
backend.resources.requests.memory
Default:
512Mi
-
backend.resources.requests.cpu
-
backend.resources.limits
object
-
backend.replicas
integer
-
cable
object
Default:
{}
-
cable.replicas
integer
Default:
1
-
cable.resources
object
Default:
{}
-
cable.resources.limits
object
Default:
{}
- cable.resources.limits.cpu
-
cable.resources.limits.memory
Default:
512Mi
-
cable.resources.requests
object
Default:
{}
-
cable.resources.requests.cpu
Default:
100m
-
cable.resources.requests.memory
Default:
512Mi
-
cable.resources.requests.cpu
-
cable.resources.limits
object
-
cable.replicas
integer
-
clusterChecker
object
Default:
{}
-
clusterChecker.replicas
integer
Default:
1
-
clusterChecker.resources
object
Default:
{}
-
clusterChecker.resources.limits
object
Default:
{}
- clusterChecker.resources.limits.cpu
-
clusterChecker.resources.limits.memory
Default:
512Mi
-
clusterChecker.resources.requests
object
Default:
{}
-
clusterChecker.resources.requests.cpu
Default:
50m
-
clusterChecker.resources.requests.memory
Default:
512Mi
-
clusterChecker.resources.requests.cpu
-
clusterChecker.resources.limits
object
-
clusterChecker.replicas
integer
-
clusterManager
object
Default:
{}
-
clusterManager.replicas
integer
Default:
3
-
clusterManager.resources
object
Default:
{}
-
clusterManager.resources.limits
object
Default:
{}
- clusterManager.resources.limits.cpu
-
clusterManager.resources.limits.memory
Default:
128Mi
-
clusterManager.resources.requests
object
Default:
{}
-
clusterManager.resources.requests.cpu
Default:
100m
-
clusterManager.resources.requests.memory
Default:
128Mi
-
clusterManager.resources.requests.cpu
-
clusterManager.resources.limits
object
-
clusterManager.replicas
integer
-
clusterTaskChecker
object
Default:
{}
-
clusterTaskChecker.replicas
integer
Default:
1
-
clusterTaskChecker.resources
object
Default:
{}
-
clusterTaskChecker.resources.limits
object
Default:
{}
- clusterTaskChecker.resources.limits.cpu
-
clusterTaskChecker.resources.limits.memory
Default:
512Mi
-
clusterTaskChecker.resources.requests
object
Default:
{}
-
clusterTaskChecker.resources.requests.cpu
Default:
50m
-
clusterTaskChecker.resources.requests.memory
Default:
512Mi
-
clusterTaskChecker.resources.requests.cpu
-
clusterTaskChecker.resources.limits
object
-
clusterTaskChecker.replicas
integer
-
frontend
object
Default:
{}
-
frontend.replicas
integer
Default:
1
-
frontend.resources
object
Default:
{}
-
frontend.resources.limits
object
Default:
{}
- frontend.resources.limits.cpu
-
frontend.resources.limits.memory
Default:
256Mi
-
frontend.resources.requests
object
Default:
{}
-
frontend.resources.requests.cpu
Default:
50m
-
frontend.resources.requests.memory
Default:
256Mi
-
frontend.resources.requests.cpu
-
frontend.resources.limits
object
-
frontend.replicas
integer
-
https
object
What certificate type to use with frontend and status apps.
This parameter completely overrides the
global.modules.https
settings.Examples:
customCertificate: secretName: foobar mode: CustomCertificate
certManager: clusterIssuerName: letsencrypt mode: CertManager
-
https.certManager
object
Default:
{}
-
https.certManager.clusterIssuerName
string
What ClusterIssuer to use for frontend.
Currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available. Also, you can define your own.Default:
letsencrypt
-
https.certManager.clusterIssuerName
string
-
https.customCertificate
object
Default:
{}
-
https.customCertificate.secretName
string
The name of the secret in the
d8-system
namespace to use with frontend.This secret must have the kubernetes.io/tls format.
Default:
false
-
https.customCertificate.secretName
string
-
https.mode
string
The HTTPS usage mode:
Disabled
— frontend will work over HTTP only;CertManager
— frontend will use HTTPS and get a certificate from the clusterissuer defined in thecertManager.clusterIssuerName
parameter.CustomCertificate
— frontend will use HTTPS using the certificate from thed8-system
namespace.OnlyInURI
— frontend will work over HTTP (thinking that there is an external HTTPS load balancer in front that terminates HTTPS traffic). All the links in theuser-authn
will be generated using the HTTPS scheme.
Default:
Disabled
Allowed values:
Disabled
,CertManager
,CustomCertificate
,OnlyInURI
-
https.certManager
object
-
nodeSelector
object
Node selector for frontend and backend pods. The same as in the Pods’
spec.nodeSelector
parameter in Kubernetes.If the parameter is omitted or
false
, it will be determined automatically.Example:
disktype: ssd
-
postgres
object
Default:
{}
-
postgres.external
object
- postgres.external.db string
-
postgres.external.host
string
Required value
-
postgres.external.password
string
Required value
-
postgres.external.port
string
Required value
-
postgres.external.user
string
Required value
-
postgres.internal
object
Default:
{}
-
postgres.internal.nodeSelector
object
The same as in the Pods’
spec.nodeSelector
parameter in Kubernetes. If the parameter is omitted orfalse
,nodeSelector
will be determined automatically. -
postgres.internal.resources
object
Default:
{}
-
postgres.internal.resources.limits
object
Default:
{}
- postgres.internal.resources.limits.cpu
-
postgres.internal.resources.limits.memory
Default:
512Mi
-
postgres.internal.resources.requests
object
Default:
{}
-
postgres.internal.resources.requests.cpu
Default:
100m
-
postgres.internal.resources.requests.memory
Default:
512Mi
-
postgres.internal.resources.requests.cpu
-
postgres.internal.resources.limits
object
-
postgres.internal.storage
object
Default:
{}
-
postgres.internal.storage.class
string
Default:
localpath-node
-
postgres.internal.storage.size
string
Default:
50Gi
-
postgres.internal.storage.class
string
-
postgres.internal.tolerations
array of objects
The same as in the Pods’
spec.tolerations
parameter in Kubernetes; If the parameter is omitted orfalse
,tolerations
will be determined automatically.- postgres.internal.tolerations.effect string
- postgres.internal.tolerations.key string
- postgres.internal.tolerations.operator string
- postgres.internal.tolerations.tolerationSeconds integer
- postgres.internal.tolerations.value string
-
postgres.internal.nodeSelector
object
-
postgres.mode
string
Default:
Internal
Allowed values:
Internal
,External
-
postgres.external
object
-
redis
object
Default:
{}
-
redis.replicas
number
Default:
1
-
redis.resources
object
Default:
{}
-
redis.resources.limits
object
Default:
{}
- redis.resources.limits.cpu
-
redis.resources.limits.memory
Default:
256Mi
-
redis.resources.requests
object
Default:
{}
-
redis.resources.requests.cpu
Default:
50m
-
redis.resources.requests.memory
Default:
256Mi
-
redis.resources.requests.cpu
-
redis.resources.limits
object
-
redis.replicas
number
-
redisSentinelProxy
object
Default:
{}
-
redisSentinelProxy.resources
object
Default:
{}
-
redisSentinelProxy.resources.limits
object
Default:
{}
- redisSentinelProxy.resources.limits.cpu
-
redisSentinelProxy.resources.limits.memory
Default:
256Mi
-
redisSentinelProxy.resources.requests
object
Default:
{}
-
redisSentinelProxy.resources.requests.cpu
Default:
50m
-
redisSentinelProxy.resources.requests.memory
Default:
256Mi
-
redisSentinelProxy.resources.requests.cpu
-
redisSentinelProxy.resources.limits
object
-
redisSentinelProxy.resources
object
-
renderer
object
Default:
{}
-
renderer.replicas
integer
Default:
1
-
renderer.resources
object
Default:
{}
-
renderer.resources.limits
object
Default:
{}
- renderer.resources.limits.cpu
-
renderer.resources.limits.memory
Default:
128Mi
-
renderer.resources.requests
object
Default:
{}
-
renderer.resources.requests.cpu
Default:
50m
-
renderer.resources.requests.memory
Default:
128Mi
-
renderer.resources.requests.cpu
-
renderer.resources.limits
object
-
renderer.replicas
integer
- secretKeyBase string
-
sentinel
object
Default:
{}
-
sentinel.resources
object
Default:
{}
-
sentinel.resources.limits
object
Default:
{}
- sentinel.resources.limits.cpu
-
sentinel.resources.limits.memory
Default:
256Mi
-
sentinel.resources.requests
object
Default:
{}
-
sentinel.resources.requests.cpu
Default:
50m
-
sentinel.resources.requests.memory
Default:
256Mi
-
sentinel.resources.requests.cpu
-
sentinel.resources.limits
object
-
sentinel.resources
object
-
sidekiq
object
Default:
{}
-
sidekiq.replicas
integer
Default:
1
-
sidekiq.resources
object
Default:
{}
-
sidekiq.resources.limits
object
Default:
{}
- sidekiq.resources.limits.cpu
-
sidekiq.resources.limits.memory
Default:
512Mi
-
sidekiq.resources.requests
object
Default:
{}
-
sidekiq.resources.requests.cpu
Default:
100m
-
sidekiq.resources.requests.memory
Default:
512Mi
-
sidekiq.resources.requests.cpu
-
sidekiq.resources.limits
object
-
sidekiq.replicas
integer
-
tolerations
array of objects
Node tolerations for frontend and backend pods. The same as in the Pods’
spec.tolerations
parameter in Kubernetes;If the parameter is omitted or
false
, it will be determined automatically.Example:
tolerations: - effect: NoSchedule key: key1 operator: Equal value: value1
- tolerations.effect string
- tolerations.key string
- tolerations.operator string
- tolerations.tolerationSeconds integer
- tolerations.value string