The module lifecycle stageGeneral Availability

Available in:  EE

How to explicitly enable the module…

You may explicitly enable or disable the module in one of the following ways:

  • Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the runtime-audit-engine module and enable (or disable) the “Module enabled” toggle. Save changes.

    Example:

    Module enable/disable interface

  • Via Deckhouse CLI (d8).

    Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).

    Example of enabling the module:

    d8 system module enable runtime-audit-engine

  • Using ModuleConfig runtime-audit-engine.

    Set spec.enabled to true or false in ModuleConfig runtime-audit-engine (create it if necessary);

    Example of a manifest to enable module runtime-audit-engine:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: runtime-audit-engine
spec:
  enabled: true

How to configure the module…

You can configure the module in one of the following ways:

  • Via Deckhouse web UI.

    In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the runtime-audit-engine module and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.

    Example:

    Module Setup Interface

    You can also edit the ModuleConfig object runtime-audit-engine on the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the module runtime-audit-engine) by specifying the schema version in the spec.version parameter and the necessary module parameters in the spec.settings section.

  • Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).

    Edit the existing ModuleConfig runtime-audit-engine (for more details on configuring Deckhouse, see the documentation) by executing the following command:

    d8 k edit mc runtime-audit-engine

    Make the necessary changes in the spec.settings section. If necessary, specify the schema version in the spec.version parameter. Save the changes.

    You can also create a file with manifest for ModuleConfig runtime-audit-engine using the example below. Fill in the spec.settings section with the required module parameters. If necessary, specify the schema version in the spec.version parameter.

    Apply the manifest using the following command (indicate the manifest file name):

    d8 k apply -f <FILENAME>

    Example of a manifest for ModuleConfig runtime-audit-engine:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: runtime-audit-engine
spec:
  version: 1
  enabled: true
  settings: # Module parameters from the "Parameters" section below.

Requirements

To the Deckhouse version: 1.68 and above.

Parameters

Schema version: 1

  • settings
    object
    • settings.builtInRulesList
      array of strings
      List of enabled default rules. You can specify an empty list [] to disable built-in rules.

      Default: [ "Fstec" ]

      Examples: 


      builtInRulesList:
- Fstec

      builtInRulesList: []
      • settings.builtInRulesList.Element of the array
        string

        Allowed values: Fstec

    • settings.debugLogging
      boolean
      If true, all events will be duplicated to stdout.
    • settings.resourcesRequests
      object

      Max amounts of CPU and memory resources that the pod can request when selecting a node.

      If the vertical-pod-autoscaler module is disabled, then these values become the default ones.

      Default: {}

      Examples: 


      mode: VPA
vpa:
  cpu:
    max: 2
    min: 50m
  memory:
    max: 2Gi
    min: 256Mi
  mode: Auto

      mode: VPA
vpa:
  cpu:
    max: 3000m
    min: 1
  memory:
    max: 4096
    min: 1024
  mode: Initial

      mode: Static
static:
  cpu: 55m
  memory: 256Ki
      • settings.resourcesRequests.mode
        string

        Required value

        Resource request management mode:

        • Static is a classic one. In it, you explicitly specify requests. The parameters of this mode are defined in the static parameter section;
        • VPA mode uses VPA. You can configure this mode by modifying parameters in the vpa parameter section.

        Default: VPA

        Allowed values: VPA, Static

      • settings.resourcesRequests.static
        object
        Resource request management options for the Static mode.

        Default: {}

        • settings.resourcesRequests.static.cpu

          Required value

          Configuring CPU requests.

          Default: 50m

        • settings.resourcesRequests.static.memory

          Required value

          Configuring memory requests.

          Default: 64Mi

      • settings.resourcesRequests.vpa
        object
        Resource request management options for the VPA mode.

        Default: {}

        • settings.resourcesRequests.vpa.cpu
          object

          Required value

          CPU-related parameters.

          Default: {}

          • settings.resourcesRequests.vpa.cpu.max
            The maximum value that the VPA can set for the CPU requests.

            Default: 4000m

          • settings.resourcesRequests.vpa.cpu.min
            The minimum value that the VPA can set for the CPU requests.

            Default: 50m

        • settings.resourcesRequests.vpa.memory
          object

          Required value

          The amount of memory requested.

          Default: {}

          • settings.resourcesRequests.vpa.memory.max
            The maximum memory requests the VPA can set.

            Default: 5Gi

          • settings.resourcesRequests.vpa.memory.min
            The minimum memory requests the VPA can set.

            Default: 64Mi

        • settings.resourcesRequests.vpa.mode
          string

          Required value

          The VPA usage mode.

          Default: Initial

          Allowed values: Initial, Auto