The global Deckhouse settings are stored in the ModuleConfig/global
resource (see Deckhouse configuration).
The publicDomainTemplate parameter specifies a DNS name template used by some Deckhouse modules to create Ingress resources.
If you don’t have access to wildcard DNS records, you can use sslip.io or similar services for testing purposes.
The domain specified in the template must not match the domain set in the clusterDomain parameter, nor the domain of the internal service network zone.
For example, if clusterDomain
is set to cluster.local
and the internal zone is central1.internal
, then publicDomainTemplate must not be %s.cluster.local
.
Example of the ModuleConfig/global
:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: global
spec:
version: 2
settings: # <-- Module parameters from the "Parameters" section below.
defaultClusterStorageClass: 'default-fast'
modules:
publicDomainTemplate: '%s.kube.company.my'
resourcesRequests:
controlPlane:
cpu: 1000m
memory: 500M
placement:
customTolerationKeys:
- dedicated.example.com
storageClass: 'default-fast'
Conversions
Perform the following actions if you need to convert data from one version of the module parameter schema to another:
- From version 1 to 2:
Conversion description is missing.
Parameters
Schema version: 2
- settings
- settings.defaultClusterStorageClass
The name of the StorageClass that DKP will define as the default StorageClass used in the cluster.
DKP prohibits manually adding or modifying the default annotation (
storageclass.kubernetes.io/is-default-class='true'
) for StorageClass. Use the parameter to define or change the StorageClass that is used as the default in the cluster.If the parameter is omitted, the default StorageClass is either:
- A StorageClass in the cluster that has the default annotation (
storageclass.kubernetes.io/is-default-class='true'
); - The first (alphabetically) StorageClass created by the cloud provider module (if any cloud provider module is used).
Use this parameter to change the default StorageClass in the cluster, as manually adding the default annotation to a StorageClass is not allowed.
Default:
""
- A StorageClass in the cluster that has the default annotation (
- settings.highAvailability
A global switch to enable the high availability mode for modules that support it.
If not defined, the value is determined automatically as
true
for clusters with more than one master node. Otherwise, it is determined asfalse
.Examples:
highAvailability: true
highAvailability: false
- settings.modules
Common parameters of Deckhouse modules.
- settings.modules.https
The HTTPS implementation used by the Deckhouse modules.
Examples:
https: certManager: clusterIssuerName: letsencrypt mode: CertManager
https: mode: Disabled
https: mode: OnlyInURI
https: mode: CustomCertificate customCertificate: secretName: plainstring
- settings.modules.https.certManager
- settings.modules.https.certManager.clusterIssuerName
Name of a
ClusterIssuer
to use for Deckhouse modules.The cert-manager module offers the following
ClusterIssuer
:letsencrypt
,letsencrypt-staging
,selfsigned
,clouddns
,cloudflare
,digitalocean
,route53
. Also, you can use your ownClusterIssuer
.Default:
"letsencrypt"
- settings.modules.https.customCertificate
- settings.modules.https.customCertificate.secretName
The name of the secret in the
d8-system
namespace to use with Deckhouse modules.This secret must have the kubernetes.io/tls format.
Default:
"false"
- settings.modules.https.mode
The HTTPS usage mode:
CertManager
— Deckhouse modules use HTTPS and get a certificate from the ClusterIssuer defined in thecertManager.clusterIssuerName
parameter;CustomCertificate
— Deckhouse modules use HTTPS using the certificate from thed8-system
namespace;Disabled
— Deckhouse modules use HTTP only (some modules may not work, e.g., user-authn);OnlyInURI
— Deckhouse modules use HTTP in the expectation that an HTTPS load balancer runs in front of them and terminates HTTPS. Load balancer should provide a redirect from HTTP to HTTPS.
Default:
"CertManager"
Allowed values:
Disabled
,CertManager
,CustomCertificate
,OnlyInURI
- settings.modules.ingressClass
The class name of the Ingress controller (IngressClass) used for Deckhouse modules.
If the IngressClass name is set to
nginx
, the corresponding Ingress controller is automatically considered the default IngressClass for all modules. If any other Ingress controller name is used, it will not be used by default.Default:
"nginx"
Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Example:
ingressClass: nginx
- settings.modules.placement
Parameters regulating the layout of Deckhouse module components.
- settings.modules.placement.customTolerationKeys
A list of custom toleration keys; use them to allow the deployment of some critical add-ons (such as cni and csi) on dedicated nodes.
Example:
customTolerationKeys: - dedicated.example.com - node-dedicated.example.com/master
- settings.modules.publicDomainTemplate
The template with the
%s
key as the dynamic string parameter.Deckhouse modules use this template for creating Ingress resources.
E.g., if the template is
%s.kube.company.my
, the prometheus module will create an Ingress resource for thegrafana.kube.company.my
hosts to access Grafana.Do not use DNS names (nor do create Ingress resources) that match this template to avoid conflicts with the Ingress resources created by Deckhouse.
Pay attention to the following:
- Domain must be different from clusterDomain!**
- The domain specified in the template must not match the domain defined in the clusterDomain parameter.
- The domain used in the template must also not match the domain of the internal service network zone.
For example, if the internal zone iscentral1.internal
, then publicDomainTemplate must not be%s.central1.internal
. - If this parameter is omitted, no Ingress resources will be created.
Pattern:
^(%s([-a-z0-9]*[a-z0-9])?|[a-z0-9]([-a-z0-9]*)?%s([-a-z0-9]*)?[a-z0-9]|[a-z0-9]([-a-z0-9]*)?%s)(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
Examples:
publicDomainTemplate: "%s.kube.company.my"
publicDomainTemplate: kube-%s.company.my
- settings.modules.resourcesRequests
The amount of resources (CPU and memory) allocated to Deckhouse components running on each node of the cluster (usually these are DaemonSets, for example,
cni-flannel
,monitoring-ping
).More about resource units in Kubernetes.
- settings.modules.resourcesRequests.controlPlane
The amount of resources (CPU and memory) allocated to control-plane components on each master node. Do not work in clouds with not-managed control-plane (GKE for example).
Example:
controlPlane: cpu: 1000m memory: 500M
- settings.modules.resourcesRequests.controlPlane.cpu
The combined CPU requests for control-plane components on each master node.
- settings.modules.resourcesRequests.controlPlane.memory
The combined memory requests for control-plane components on each master node.
Pattern:
^[0-9]+(\.[0-9]+)?(E|P|T|G|M|K|Ei|Pi|Ti|Gi|Mi|Ki)?$
- settings.modules.storageClass
The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).
- If the value is not specified, the default StorageClass set in the cluster is used.
- Use this parameter only in exceptional circumstances.
- This parameter is applied during module activation.
Default:
""
- settings.storageClassDeprecated
Deprecated. Use settings.modules.storageClass instead.
The StorageClass to use with all Deckhouse Kubernetes Platform components (Prometheus, Grafana, OpenVPN, etc.).
- If the value is not specified, the default StorageClass set in the cluster is used.
- Use this parameter only in exceptional circumstances.
- This parameter is applied during module activation.
Default:
""