The module lifecycle stagePreview

Available in:  EE

Requirements

To the Deckhouse version: 1.72 and above.

Conversions

The module is configured using the ModuleConfig resource, the schema of which contains a version number. When you apply an old version of the ModuleConfig schema in a cluster, automatic transformations are performed. To manually update the ModuleConfig schema version, the following steps must be completed sequentially for each version:

  • Updates from version 1 to 2:

    Replace .gc.skipThreshold with .gc.timeout.

parameters

Schema version: 2

  • settings
    object
    • settings.gc
      object
      Garbage collection settings.
      • settings.gc.enabled
        boolean
        Enable periodic garbage collection.

        Default: false

      • settings.gc.schedule
        string

        Сron schedule for the garbage collector. Supports predefined descriptors:

        • @yearly / @annually = 0 0 1 1 *
        • @monthly = 0 0 1 * *
        • @weekly = 0 0 * * 0
        • @daily = 0 0 * * *
        • @hourly = 0 * * * * Link for check: https://crontab.guru

        Examples: 


        schedule: 0 20 * * 1

        schedule: 5 3 * * *

        schedule: 0 2 * * *

        schedule: '@daily'
      • settings.gc.timeout
        string

        Defines the time interval within which the garbage collection task must be completed:

        • If the task does not start within the specified interval, its execution is postponed to the next scheduled time.
        • If the task runs longer than the specified interval, it is forcibly terminated. To enforce termination, the timeout value is set in the Kubernetes task under the spec.activeDeadlineSeconds field.

        If this parameter is empty, the time limit is considered disabled (default behavior).

        Supported units: h (hours), m (minutes), s (seconds). The minimum allowable value is 10 minutes.

        Pattern: ^(?:(\d+)h)?(?:(\d+)m)?(?:(\d+)s)?$

        Examples: 


        timeout: 30m

        timeout: 1h

        timeout: 2h30m
    • settings.https
      object

      What certificate type to use with the payload registry.

      This parameter completely overrides the global.modules.https settings.

      Examples: 


      customCertificate:
  secretName: foobar
mode: CustomCertificate

      certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
      • settings.https.certManager
        object

        Default: {}

        • settings.https.certManager.clusterIssuerName
          string

          What ClusterIssuer to use for the payload registry.

          Currently, letsencrypt, letsencrypt-staging, selfsigned are available. Also, you can define your own.

          Default: letsencrypt

      • settings.https.customCertificate
        object

        Default: {}

        • settings.https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with the payload registry.

          This secret must have the kubernetes.io/tls format.

          Default: false

      • settings.https.mode
        string

        The HTTPS usage mode:

        • Disabled — in this mode, the payload registry can only be accessed over HTTP. Caution! This mode is not supported. HTTPS is required for the module to function properly. If HTTPS is disabled, the payload registry will be unavailable.
        • CertManager — the payload registry is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter.
        • CustomCertificate — the payload registry is accessed over HTTPS using the certificate from the d8-system namespace.
        • OnlyInURI — the payload registry serves HTTP inside the cluster while an external HTTPS load balancer terminates TLS. All links will use the HTTPS scheme. The external load balancer must redirect HTTP to HTTPS.

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • settings.persistence
      object
      Configuration parameters for PersistentVolumeClaim

      Default: {}

      • settings.persistence.accessModes
        array of strings

        Access modes for the PersistentVolumeClaim. This field is immutable, and to change it, a new PersistentVolumeClaim must be created.

        To change the parameter, go to the section “How to create a new PVC?”.

        Default: [ "ReadWriteOnce" ]

        Examples: 


        accessModes:
- ReadWriteOnce

        accessModes:
- ReadWriteMany
        • settings.persistence.accessModes.Element of the array
          string

          Allowed values: ReadWriteOnce, ReadWriteMany

      • settings.persistence.name
        string
        The name of the PersistentVolumeClaim. Be careful: changing this field will result in the creation of a new PersistentVolumeClaim. The old PersistentVolumeClaim will remain in the namespace and must be manually deleted if it is no longer needed.

        Default: registry

        Length: 1..63

        Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

        Examples: 


        name: registry

        name: registry-hdd

        name: registry-network-ssd-2
      • settings.persistence.size
        string
        Disk size of the PersistentVolumeClaim. The minimum allowable value is 1Gi. Specify the desired disk size. You can increase the size later if necessary.

        Default: 10Gi

        Pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$

        Examples: 


        size: 10Gi

        size: 1500Mi
      • settings.persistence.storageClass
        string

        The name of the StorageClass to be set when initializing the PersistentVolumeClaim. If this field is omitted, the StorageClass of the existing PersistentVolumeClaim will be used. If there is no PersistentVolumeClaim yet, either the global StorageClass or global.discovery.defaultStorageClass will be used. This field is immutable, and to change it, a new PersistentVolumeClaim must be created.

        To change the parameter, go to the section “How to create a new PVC?”.

        Examples: 


        storageClass: ceph-ssd

        storageClass: network-hdd

        storageClass: network-ssd
    • settings.users
      object
      Configuration settings for user authorization within the payload registry.

      Default: {}

      Examples: 


      username-1:
  passwordHash: $2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2
  projects:
  - access: FULL
    name: project-1
    subPath: path-*
  - access: READ
    name: project-1
    subPath: '*'
  - access: FULL
    name: project-2
    subPath: test/*

      username-2:
  passwordHash: $2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2
      • settings.users.<KEY_NAME>
        object
        <KEY_NAME> — item (key) name.
        • settings.users.<KEY_NAME>.passwordHash
          string

          Required value

          The bcrypt hash of the user’s password for payload registry access. To generate a hash, use the following command:

          • echo -n '${PASSWORD}' | htpasswd -BinC 10 "" | cut -d: -f2 | tr -d '\n'; echo

          Example: 


          passwordHash: $2y$10$gQvak.0k9BBUeH/je7n.y.cyNFc3YKyDti3L6DuZpy75drzb2wWK2
        • settings.users.<KEY_NAME>.projects
          array of objects

          Default: []

          • settings.users.<KEY_NAME>.projects.access
            string
            Defines the level of access for the specified subPath: READ - permits pull operations. FULL - permits pull and push operations. Full access is granted only if the project namespace exists in Kubernetes. If not, READ access will be used.

            Allowed values: READ, FULL

          • settings.users.<KEY_NAME>.projects.name
            string
            The name of the project. For FULL access, the project name must be equivalent to the kubernetes namespace.

            Length: 1..63

            Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

            Example: 


            name: project-1
          • settings.users.<KEY_NAME>.projects.subPath
            string
            The specific path or wildcard pattern within the project. The aggregate path is represented as projectName/subPath.

            Pattern: ^([^/].*[^/]|[^/])$

            Examples: 


            subPath: path/*

            subPath: path-*

            subPath: path

            subPath: '*'