Switching to Direct Mode

To switch an already running cluster to Direct mode, follow these steps:

  • During the first switch, the containerd v1 service will be restarted, as the switch to the new authorization configuration will take place.
  • When changing the registry mode or registry parameters, Deckhouse will be restarted.
  1. If the cluster is running with containerd v1, you need to prepare custom containerd configuration.

  2. Make sure all master nodes are in the Ready state and do not have the SchedulingDisabled status, using the following command:

    d8 k get nodes
    

    Example output:

    NAME       STATUS   ROLES                 ...
    master-0   Ready    control-plane,master  ...
    master-1   Ready    control-plane,master  ...
    master-2   Ready    control-plane,master  ...
    

    Example of output when the master node (master-2 in the example) is in the SchedulingDisabled status:

    NAME       STATUS                      ROLES                 ...
    master-0   Ready    control-plane,master  ...
    master-1   Ready    control-plane,master  ...
    master-2   Ready,SchedulingDisabled    control-plane,master  ...
    
  3. Make sure the registry module is enabled and running. To do this, execute the following command:

    d8 k get module registry -o wide
    

    Example output:

    NAME       WEIGHT ...  PHASE   ENABLED   DISABLED MESSAGE   READY
    registry   38     ...  Ready   True                         True
    
  4. Set the Direct mode configuration in the ModuleConfig deckhouse. If you’re using a registry other than registry.deckhouse.io, refer to the deckhouse module documentation for correct configuration.

    Configuration example:

    apiVersion: deckhouse.io/v1alpha1
    kind: ModuleConfig
    metadata:
      name: deckhouse
    spec:
      version: 1
      enabled: true
      settings:
        registry:
          mode: Direct
          direct:
            imagesRepo: registry.deckhouse.io/deckhouse/ee
            scheme: HTTPS
            license: <LICENSE_KEY> # Replace with your license key
    
  5. Check the registry switch status in the registry-state secret using this guide. Example output:

    conditions:
    # ...
      - lastTransitionTime: "..."
        message: ""
        reason: ""
        status: "True"
        type: Ready
    hash: ..
    mode: Direct
    target_mode: Direct
    

Switching to Unmanaged Mode

When changing the registry mode or registry parameters, Deckhouse will be restarted.

Switching to the Unmanaged mode is only available from Direct mode. Registry configuration parameters will be taken from the previously active mode.

To switch the cluster to Unmanaged mode, follow these steps:

  1. Make sure all master nodes are in the Ready state and do not have the SchedulingDisabled status, using the following command:

    d8 k get nodes
    

    Example output:

    NAME       STATUS   ROLES                 ...
    master-0   Ready    control-plane,master  ...
    master-1   Ready    control-plane,master  ...
    master-2   Ready    control-plane,master  ...
    

    Example of output when the master node (master-2 in the example) is in the SchedulingDisabled status:

    NAME       STATUS                      ROLES                 ...
    master-0   Ready    control-plane,master  ...
    master-1   Ready    control-plane,master  ...
    master-2   Ready,SchedulingDisabled    control-plane,master  ...
    
  2. Ensure that the registry module is running in Direct mode and the switch status to Direct is Ready. You can verify the state via the registry-state secret using this guide. Example output:

    conditions:
    # ...
      - lastTransitionTime: "..."
        message: ""
        reason: ""
        status: "True"
        type: Ready
    hash: ..
    mode: Direct
    target_mode: Direct
    
  3. Set the Unmanaged mode in the ModuleConfig deckhouse:

    apiVersion: deckhouse.io/v1alpha1
    kind: ModuleConfig
    metadata:
      name: deckhouse
    spec:
      version: 1
      enabled: true
      settings:
        registry:
          mode: Unmanaged
    
  4. Check the registry switch status in the registry-state secret using this guide. Example output:

    conditions:
    # ...
      - lastTransitionTime: "..."
        message: ""
        reason: ""
        status: "True"
        type: Ready
    hash: ..
    mode: Unmanaged
    target_mode: Unmanaged
    
  5. If you need to switch back to the previous containerd v1 auth configuration, refer to the instruction.

This containerd configuration format is deprecated.