Configuration | Deckhouse modules

The module is actively developed. It might significantly change in the future.

Virtualization module configuration example:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: virtualization
spec:
  # Enable the module.
  enabled: true
  version: 1
  settings:
    # List of subnets for virtual machines.
    virtualMachineCIDRs:
      - 10.10.10.0/24
      - 10.20.10.0/24
      - 10.30.10.0/24
      - 11.11.22.33/32
    # Virtual machine image storage settings.
    dvcr:
      storage:
        persistentVolumeClaim:
          size: 50G
        type: PersistentVolumeClaim

Schema version: 1

dvcr object
Options for settings up Deckhouse virtualization container registry. Internal service for storing all vms images.
- dvcr.storage object
  Required value
  
  Options for setting up storage.
  - dvcr.storage.objectStorage object
    Parameters for objectStorage.
    - dvcr.storage.objectStorage.s3 object
      Parameters for S3.
      - dvcr.storage.objectStorage.s3.accessKey string
        Required value
        
        accessKey must be base64 encoded. accessKey is a unique identifier that identifies you as a user with access to S3.
        
        Pattern: ^[A-Za-z0-9+/]*={0,2}$
        
        Example:
        accessKey: YWNjZXNzS2V5Cg==
      - dvcr.storage.objectStorage.s3.bucket string
        Required value
        
        Bucket in which you can store your files and data objects.
        
        Example:
        bucket: dvcr
      - dvcr.storage.objectStorage.s3.region string
        Required value
        
        Geographical area.
        
        Examples:
        region: us-east-2
        region: us-west-1
      - dvcr.storage.objectStorage.s3.regionEndpoint string
        Required value
        
        Endpoint for connect to service S3.
        
        Pattern: ^https?://[0-9a-zA-Z\.\-:@_]+$
        
        Example:
        regionEndpoint: s3.example.com
      - dvcr.storage.objectStorage.s3.secretKey string
        Required value
        
        secretKey must be base64 encoded. secretKey is a confidential secret key associated with your Access Key ID. Secret Access Key is used to sign HTTP requests to Amazon S3 to verify the authenticity of the request and ensure the security of your data.
        
        Pattern: ^[A-Za-z0-9+/]*={0,2}$
        
        Example:
        secretKey: c2VjcmV0S2V5Cg==
    - dvcr.storage.objectStorage.type string
      What ObjectStorage to use as store for dvcr.
      
      Allowed values: S3
  - dvcr.storage.persistentVolumeClaim object
    Parameters for PersistentVolumeClaim.
    - dvcr.storage.persistentVolumeClaim.size string
      Required value
      
      Persistentvolumeclaim size
      
      Example:
      size: 10Gi
    - dvcr.storage.persistentVolumeClaim.storageClassName string
      What StorageClass to use for creating persistentvolumeclaim.
      
      Examples:
      storageClassName: linstor
      storageClassName: nfs
  - dvcr.storage.type string
    The storage usage type:
    - persistentVolumeClaim — Use PersistentVolumeClaim as store for dvcr.
    - objectStorage — Use objectStorage as store for dvcr.
    Allowed values: PersistentVolumeClaim, ObjectStorage
highAvailability boolean
Manually enable the high availability mode.

By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

Examples:
```
highAvailability: true
```
```
highAvailability: false
```
https object
What certificate type to use.

This parameter completely overrides the global.modules.https settings.

Examples:
```
mode: Disabled
```
```
mode: OnlyInURI
```
```
customCertificate:
  secretName: foobar
mode: CustomCertificate
```
```
certManager:
  clusterIssuerName: letsencrypt
mode: CertManager
```
- https.certManager object
  Parameters for certmanager.
  - https.certManager.clusterIssuerName string
    What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own).
    
    Default: letsencrypt
    
    Examples:
```
clusterIssuerName: letsencrypt
```
```
clusterIssuerName: letsencrypt-staging
```
```
clusterIssuerName: selfsigned
```
- https.customCertificate object
  Parameters for custom certificate usage.
  
  Default: {}
  - https.customCertificate.secretName string
    The name of the secret in the d8-system namespace to use with CDI upload proxy.
    
    This secret must have the kubernetes.io/tls format.
- https.mode string
  The HTTPS usage mode:
  - CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter;
  - CustomCertificate — the web UI is accessed over HTTPS using a certificate from the d8-system namespace;
  - Disabled — in this mode, the documentation web UI can only be accessed over HTTP;
  - OnlyInURI — the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme.
  Default: CertManager
  
  Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI
ingressClass string
The Ingress class that will be used to upload images. By default, the modules.ingressClass global value is used.

Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
virtualMachineCIDRs array of strings
List of CIDRs used to allocate static IP addresses for Virtual Machines.

It is important to note that the subnet for virtual machines should not be the same as the subnet used for pods and the subnet used for services. Address conflicts can lead to unpredictable behavior and networking problems.

Example:
```
virtualMachineCIDRs:
- 10.10.10.0/24
- 10.10.20.0/24
```
vmCIDRsDeprecated array of strings
Since the parameter has been deprecated, use the virtualMachineCIDRs parameter.