Available with limitations in:  CE

Available without limitations in:  SE+, EE

Generally available version. Ready to be used in production environments.

parameters

Schema version: 1

  • settings
    object
    • audit
      object
      Parameters for audit controller.
      • audit.enabled
        boolean
        Enable audit controlller.

        Default: false

    • dvcr
      object
      Options for settings up Deckhouse virtualization container registry. Internal service for storing all vms images.
      • dvcr.storage
        object

        Required value

        Options for setting up storage.
        • dvcr.storage.objectStorage
          object
          Parameters for objectStorage.
          • dvcr.storage.objectStorage.s3
            object
            Parameters for S3.
            • dvcr.storage.objectStorage.s3.accessKey
              string

              Required value

              accessKey must be base64 encoded. accessKey is a unique identifier that identifies you as a user with access to S3.

              Pattern: ^[A-Za-z0-9+/]*={0,2}$

              Example:


              accessKey: YWNjZXNzS2V5Cg==
              
            • dvcr.storage.objectStorage.s3.bucket
              string

              Required value

              Bucket in which you can store your files and data objects.

              Example:


              bucket: dvcr
              
            • dvcr.storage.objectStorage.s3.region
              string

              Required value

              Geographical area.

              Examples:


              region: us-east-2
              
              region: us-west-1
              
            • dvcr.storage.objectStorage.s3.regionEndpoint
              string

              Required value

              Endpoint for connect to service S3.

              Pattern: ^https?://[0-9a-zA-Z\.\-:@_]+$

              Example:


              regionEndpoint: s3.example.com
              
            • dvcr.storage.objectStorage.s3.secretKey
              string

              Required value

              secretKey must be base64 encoded. secretKey is a confidential secret key associated with your Access Key ID. Secret Access Key is used to sign HTTP requests to Amazon S3 to verify the authenticity of the request and ensure the security of your data.

              Pattern: ^[A-Za-z0-9+/]*={0,2}$

              Example:


              secretKey: c2VjcmV0S2V5Cg==
              
          • dvcr.storage.objectStorage.type
            string
            What ObjectStorage to use as store for dvcr.

            Allowed values: S3

        • dvcr.storage.persistentVolumeClaim
          object
          Parameters for PersistentVolumeClaim.
          • dvcr.storage.persistentVolumeClaim.size
            string

            Required value

            Persistentvolumeclaim size

            Example:


            size: 10Gi
            
          • dvcr.storage.persistentVolumeClaim.storageClassName
            string
            What StorageClass to use for creating persistentvolumeclaim. If not specified, the default StorageClass specified in the cluster will be used.

            Examples:


            storageClassName: linstor
            
            storageClassName: nfs
            
        • dvcr.storage.type
          string

          The storage usage type:

          • persistentVolumeClaim — Use PersistentVolumeClaim as store for dvcr.
          • objectStorage — Use objectStorage as store for dvcr.

          Allowed values: PersistentVolumeClaim, ObjectStorage

    • highAvailability
      boolean

      Manually enable the high availability mode.

      By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.

      Examples:


      highAvailability: true
      
      highAvailability: false
      
    • https
      object

      What certificate type to use.

      This parameter completely overrides the global.modules.https settings.

      Examples:


      mode: Disabled
      
      mode: OnlyInURI
      
      customCertificate:
        secretName: foobar
      mode: CustomCertificate
      
      certManager:
        clusterIssuerName: letsencrypt
      mode: CertManager
      
      • https.certManager
        object
        Parameters for certmanager.
        • https.certManager.clusterIssuerName
          string
          What ClusterIssuer to use for getting an SSL certificate (currently, letsencrypt, letsencrypt-staging, selfsigned are available; also, you can define your own).

          Default: letsencrypt

          Examples:


          clusterIssuerName: letsencrypt
          
          clusterIssuerName: letsencrypt-staging
          
          clusterIssuerName: selfsigned
          
      • https.customCertificate
        object
        Parameters for custom certificate usage.

        Default: {}

        • https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with CDI upload proxy.

          This secret must have the kubernetes.io/tls format.

      • https.mode
        string

        The HTTPS usage mode:

        • CertManager — the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in the certManager.clusterIssuerName parameter;
        • CustomCertificate — the web UI is accessed over HTTPS using a certificate from the d8-system namespace;
        • Disabled — in this mode, the documentation web UI can only be accessed over HTTP;
        • OnlyInURI — the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in the user-authn will be generated using the HTTPS scheme.

        Default: CertManager

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • ingressClass
      string
      The Ingress class that will be used to upload images. By default, the modules.ingressClass global value is used.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

    • logFormat
      string

      Sets a logging format.

      Working for this components:

      • virtualization-controller

      Allowed values: text, json

    • logLevel
      string

      Sets a logging level.

      Working for this components:

      • virtualization-api
      • virtualization-controller
      • kube-api-rewriter
      • vm-route-forge

      Allowed values: debug, info, warn, error

    • virtualDisks
      object
      Configuring storage class for virtual disks.
      • virtualDisks.allowedStorageClassSelector
        object
        Selector for allowed storage classes to be used for virtual disks.
        • virtualDisks.allowedStorageClassSelector.matchNames
          array of strings

          Examples:


          matchNames: sc-1
          
          matchNames: sc-2
          
      • virtualDisks.defaultStorageClassName
        string
        Specifies the name of the default storage class to be used for virtual disks.
    • virtualImages
      object
      Configuring storage class for virtual images on PVC.
      • virtualImages.allowedStorageClassSelector
        object
        Selector for allowed storage classes to be used for virtual images on PVC.
        • virtualImages.allowedStorageClassSelector.matchNames
          array of strings

          Examples:


          matchNames: sc-1
          
          matchNames: sc-2
          
      • virtualImages.defaultStorageClassName
        string
        Specifies the name of the default storage class to be used for virtual images on PVC.
      • virtualImages.storageClassName
        Deprecated
        string
        Since the parameter has been deprecated, use the defaultStorageClassName parameter.
    • virtualMachineCIDRs
      array of strings

      List of CIDRs used to allocate static IP addresses for Virtual Machines.

      Warning. The subnet for virtual machines should not be the same as the subnet used for pods, services and nodes. Address conflicts can lead to unpredictable behavior and networking problems.

      It is prohibited to delete subnets from which IP addresses have already been assigned to virtual machines.

      Example:


      virtualMachineCIDRs:
      - 10.10.10.0/24
      - 10.10.20.0/24