The global Deckhouse settings are stored in the ModuleConfig/global resource (see Deckhouse configuration).

The publicDomainTemplate parameter defines the DNS names template some Deckhouse modules use to create Ingress resources.

You can use the sslip.io service (or similar) for testing if wildcard DNS records are unavailable to you for some reason.

Domain used in the template must not match the domain specified in the clusterDomain parameter. For example, if clusterDomain is set to cluster.local (the default value), publicDomainTemplate cannot be set to %s.cluster.local.

Example of the ModuleConfig/global:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: global
spec:
  version: 1
  settings: # <-- Module parameters from the "Parameters" section below.
    modules:
      publicDomainTemplate: '%s.kube.company.my'
      resourcesRequests:
        controlPlane:
          cpu: 1000m
          memory: 500M      
      placement:
        customTolerationKeys:
        - dedicated.example.com
    storageClass: sc-fast

Parameters

Schema version: 1

  • highAvailability
    boolean

    A global switch to enable the high availability mode for modules that support it.

    If not defined, the value is determined automatically as true for clusters with more than one master node. Otherwise, it is determined asfalse.

    Examples:

    highAvailability: true
    
    highAvailability: false
    
  • modules
    object

    Common parameters of Deckhouse modules.

    • modules.https
      object

      The HTTPS implementation used by the Deckhouse modules.

      Examples:

      https:
        certManager:
          clusterIssuerName: letsencrypt
        mode: CertManager
      
      https:
        mode: Disabled
      
      https:
        mode: OnlyInURI
      
      https:
        mode: CustomCertificate
        customCertificate:
          secretName: plainstring
      
      • modules.https.certManager
        object
        • modules.https.certManager.clusterIssuerName
          string

          Name of a ClusterIssuer to use for Deckhouse modules.

          The cert-manager module offers the following ClusterIssuer: letsencrypt, letsencrypt-staging, selfsigned, clouddns, cloudflare, digitalocean, route53. Also, you can use your own ClusterIssuer.

          Default: "letsencrypt"

      • modules.https.customCertificate
        object
        • modules.https.customCertificate.secretName
          string

          The name of the secret in the d8-system namespace to use with Deckhouse modules.

          This secret must have the kubernetes.io/tls format.

          Default: "false"

      • modules.https.mode
        string

        The HTTPS usage mode:

        • CertManager — Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in the certManager.clusterIssuerName parameter;
        • CustomCertificate — Deckhouse modules use HTTPS using the certificate from the d8-system namespace;
        • Disabled — Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);
        • OnlyInURI — Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.

        Default: "CertManager"

        Allowed values: Disabled, CertManager, CustomCertificate, OnlyInURI

    • modules.ingressClass
      string

      The class of the Ingress controller (Ingress class) used for Deckhouse modules.

      Default: "nginx"

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Example:

      ingressClass: nginx
      
    • modules.placement
      object

      Parameters regulating the layout of Deckhouse module components.

      • modules.placement.customTolerationKeys
        array of strings

        A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.

        Example:

        customTolerationKeys:
        - dedicated.example.com
        - node-dedicated.example.com/master
        
    • modules.proxy
      Deprecated
      object

      Global proxy setup for modules.

      Example:

      proxy:
        httpProxy: http://1.2.3.4:80
        httpsProxy: https://1.2.3.4:443
        noProxy:
        - 127.0.0.1
        - 192.168.0.0/24
        - example.com
        - ".example.com"
      
      • modules.proxy.httpProxy
        Deprecated
        string

        Proxy URL for HTTP requests.

        Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

      • modules.proxy.httpsProxy
        Deprecated
        string

        Proxy URL for HTTPS requests.

        Pattern: ^(http|https)://[0-9a-zA-Z\.\-:]+$

      • modules.proxy.noProxy
        Deprecated
        array of strings

        List of no proxy IP and domain entries. Use a domain name with a dot prefix for wildcard domains (e.g., .example.com).

        • Element of the array
          string

          Pattern: ^[a-z0-9\-\./]+$

    • modules.publicDomainTemplate
      string

      The template with the %s key as the dynamic string parameter.

      Deckhouse modules use this template for creating Ingress resources.

      E.g., if the template is %s.kube.company.my, the prometheus module will create an Ingress resource for the grafana.kube.company.my hosts to access Grafana.

      Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.

      Pay attention to the following:

      • Domain must be different from clusterDomain!**
      • Domain used in the template must not match the domain specified in the clusterDomain parameter. For example, if clusterDomain is set to cluster.local (the default value), publicDomainTemplate cannot be set to %s.cluster.local.
      • Domain used in the template should not match the domain specified in the clusterDomain parameter and the internal service network zone. For example, if clusterDomain is set to cluster.local (default value) and the service network zone is ru-central1.internal, then publicDomainTemplate cannot be %s.cluster.local or %s.ru-central1.internal.
      • If this parameter is omitted, no Ingress resources will be created.

      Pattern: ^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$

      Examples:

      publicDomainTemplate: "%s.kube.company.my"
      
      publicDomainTemplate: kube-%s.company.my
      
    • modules.resourcesRequests
      object

      The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example, cni-flannel, monitoring-ping).

      More about resource units in Kubernetes.

      • modules.resourcesRequests.controlPlane
        object

        The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).

        Example:

        controlPlane:
          cpu: 1000m
          memory: 500M
        
        • modules.resourcesRequests.controlPlane.cpu

          The combined CPU requests for control-plane components on each master node.

        • modules.resourcesRequests.controlPlane.memory
          string

          The combined memory requests for control-plane components on each master node.

          Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

      • modules.resourcesRequests.everyNode
        Deprecated
        object

        The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster.

        Example:

        everyNode:
          cpu: 100m
          memory: 150M
        
        • modules.resourcesRequests.everyNode.cpu

          The combined CPU requests for all the Deckhouse components on each node.

          Default: 300m

        • modules.resourcesRequests.everyNode.memory
          string

          The combined memory requests for all the Deckhouse components on each node.

          Default: "512Mi"

          Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

      • modules.resourcesRequests.masterNode
        Deprecated
        object

        The amount of resources (CPU and memory) allocated to Deckhouse components running on the master nodes (including control plane components, if they are managed by Deckhouse).

        Caution! Deckhouse may not manage control plane components in KaaS clusters (Kubernetes as a Service, managed Kubernetes service, etc.). In such cases, all the specified resources are allocated to the Deckhouse components except the control plane.

        Example:

        masterNode:
          cpu: '1'
          memory: 150Mi
        
        • modules.resourcesRequests.masterNode.cpu

          The combined CPU requests for Deckhouse components on master nodes in addition to everyNode.cpu.

          • For a Deckhouse-controlled cluster, the default value is calculated automatically: .status.allocatable.cpu of the smallest master node (no more than 4 (CPU cores)) minus everyNode.cpu.
          • For a managed cluster, the default value is 1 (CPU core) minus everyNode.cpu.
        • modules.resourcesRequests.masterNode.memory
          string

          The total amount of memory allocated to Deckhouse components on master nodes in addition to everyNode.memory.

          • For a Deckhouse-managed cluster, the default value is calculated automatically: .status.allocatable.memory of the smallest master node (no more than 8Gi) minus everyNode.memory.
          • For a managed cluster, the default value is 1Gi minus everyNode.memory.

          Pattern: ^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$

  • storageClass
    string

    The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).

    • If the value is not specified, the default StorageClass set in the cluster is used.
    • Use this parameter only in exceptional circumstances.
    • This parameter is applied during module activation.

    Default: ""