The global Deckhouse settings are stored in the ModuleConfig/global resource (see Deckhouse configuration).

The publicDomainTemplate parameter specifies a DNS name template used by some Deckhouse modules to create Ingress resources. If this parameter is not specified, Ingress resources will not be created.

If you don’t have access to wildcard DNS records, you can use sslip.io or similar services for testing purposes.

The domain specified in the template must not match or be a subdomain of the domain specified in the clusterDomain parameter. We do not recommend changing the clusterDomain value unless absolutely necessary.

For the template to work correctly, you must first configure DNS services both in the networks where the cluster nodes will be located and in the networks from which access to the service web interfaces is required.

If the template matches the domain of the node network (for example, if the nodes are in the zone company.my and the template is %s.company.my), use only the A records of the frontend node addresses to assign the platform’s web interfaces.

Example of the ModuleConfig/global:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: global
spec:
  version: 2
  settings: # <-- Module parameters from the "Parameters" section below.
    defaultClusterStorageClass: 'default-fast'
    modules:
      publicDomainTemplate: '%s.kube.company.my'
      resourcesRequests:
        controlPlane:
          cpu: 1000m
          memory: 500M
      placement:
        customTolerationKeys:
        - dedicated.example.com
      storageClass: 'default-fast'

Conversions

The module is configured using the ModuleConfig resource, the schema of which contains a version number. When you apply an old version of the ModuleConfig schema in a cluster, automatic transformations are performed. To manually update the ModuleConfig schema version, the following steps must be completed sequentially for each version :

  • Updates from version 1 to 2:

    Conversion description is missing.

    Actions performed by the conversion (jq syntax)...

    • if .storageClass and .modules.storageClass == null then .modules.storageClass = .storageClass end

    • del(.storageClass)

    • del(.modules.resourcesRequests.everyNode)

    • del(.modules.resourcesRequests.masterNode)

    • del(.modules.proxy)

Parameters

Schema version: 2

  • settings
    object
    • settings.defaultClusterStorageClass
      string

      The name of the StorageClass that DKP will define as the default StorageClass used in the cluster.

      DKP prohibits manually adding or modifying the default annotation (storageclass.kubernetes.io/is-default-class='true') for StorageClass. Use the parameter to define or change the StorageClass that is used as the default in the cluster.

      If the parameter is omitted, the default StorageClass is either:

      • A StorageClass in the cluster that has the default annotation (storageclass.kubernetes.io/is-default-class='true');
      • The first (alphabetically) StorageClass created by the cloud provider module (if any cloud provider module is used).

      Use this parameter to change the default StorageClass in the cluster, as manually adding the default annotation to a StorageClass is not allowed.

      Default: ""

    • settings.highAvailability
      boolean

      A global switch to enable the high availability mode for modules that support it.

      If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

      Examples:

      highAvailability: true

      highAvailability: false
    • settings.modules
      object

      Common parameters of Deckhouse modules.

      • settings.modules.https
        object

        The HTTPS implementation used by the Deckhouse modules.

        Examples:

        https:
  certManager:
    clusterIssuerName: letsencrypt
  mode: CertManager

        https:
  mode: Disabled

        https:
  mode: OnlyInURI

        https:
  mode: CustomCertificate
  customCertificate:
    secretName: plainstring
        • settings.modules.https.certManager
          object
          • settings.modules.https.certManager.clusterIssuerName
            string

            Name of a ClusterIssuer to use for Deckhouse modules.

            The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.

            Default: "letsencrypt"

        • settings.modules.https.customCertificate
          object
          • settings.modules.https.customCertificate.secretName
            string

            The name of the secret in the d8-system namespace to use with Deckhouse modules.

            This secret must have the kubernetes.io/tls format.

            Default: "false"

        • settings.modules.https.mode
          string

          The HTTPS usage mode:

          • CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
          • CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
          • Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
          • OnlyInURI — Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.

          Default: "CertManager"

          Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

      • settings.modules.ingressClass
        string

        The class name of the Ingress controller (IngressClass) used for Deckhouse modules.

        If the IngressClass name is set to nginx, the corresponding Ingress controller is automatically considered the default IngressClass for all modules. If any other Ingress controller name is used, it will not be used by default.

        Default: "nginx"

        Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

        Example:

        ingressClass: nginx
      • settings.modules.placement
        object

        Parameters regulating the layout of Deckhouse module components.

        • settings.modules.placement.customTolerationKeys
          array of strings

          A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.

          Example:

          customTolerationKeys:
- dedicated.example.com
- node-dedicated.example.com/master
      • settings.modules.publicDomainTemplate
        string

        A DNS name template with the %s key used as a dynamic part of the string.

        Deckhouse modules use this template when creating Ingress resources.

        For example, given the template %s.kube.company.my, the prometheus module will create an Ingress resource at the address grafana.kube.company.my to provide access to Grafana.

        Pay attention to the following:

        • If this parameter is not specified, Ingress resources will not be created.
        • The domain specified in the template must not match or be a subdomain of the domain specified in the clusterDomain parameter. It is not recommended to change the clusterDomain value unless absolutely necessary.
        • For the template to work correctly, you must first configure DNS services both in the networks where the cluster nodes will be located and in the networks from which access to the service web interfaces is required.
        • If the template matches the domain of the node network (for example, if the nodes are in the zone company.my and the template is %s.company.my), use only the A records of the frontend node addresses to assign the platform’s web interfaces.

        Pattern: ^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

        Examples:

        publicDomainTemplate: "%s.kube.company.my"

        publicDomainTemplate: kube-%s.company.my
      • settings.modules.resourcesRequests
        object

        The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).

        More about resource units in Kubernetes.

        • settings.modules.resourcesRequests.controlPlane
          object

          The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).

          Example:

          controlPlane:
  cpu: 1000m
  memory: 500M
          • settings.modules.resourcesRequests.controlPlane.cpu

            The combined CPU requests for control-plane components on each master node.

          • settings.modules.resourcesRequests.controlPlane.memory
            string

            The combined memory requests for control-plane components on each master node.

            Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

      • settings.modules.storageClass
        string

        The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).

        • If the value is not specified, the default StorageClass set in the cluster is used.
        • Use this parameter only in exceptional circumstances.
        • This parameter is applied during module activation.

        Default: ""

    • settings.storageClass
      Deprecated
      string

      Deprecated. Use settings.modules.storageClass instead.

      The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).

      • If the value is not specified, the default StorageClass set in the cluster is used.
      • Use this parameter only in exceptional circumstances.
      • This parameter is applied during module activation.

      Default: ""